fiat-crypto-0.2.2/.cargo_vcs_info.json0000644000000001470000000000100133000ustar { "git": { "sha1": "6d86dbe6cc57d83c3e15c4a32df3b18e909a6095" }, "path_in_vcs": "fiat-rust" }fiat-crypto-0.2.2/AUTHORS000064400000000000000000000012101046102023000131300ustar 00000000000000# This is the official list of fiat-crypto authors for copyright purposes. # This file is distinct from the CONTRIBUTORS files. # See the latter for an explanation. # Names should be added to this file as one of # Organization's name # Individual's name # Individual's name # See CONTRIBUTORS for the meaning of multiple email addresses. # Please keep the list sorted. Andres Erbsen Google Inc. Jade Philipoom Massachusetts Institute of Technology Zoe Paraskevopoulou fiat-crypto-0.2.2/CONTRIBUTORS000064400000000000000000000022601046102023000137460ustar 00000000000000# This is the official list of people have contributed code to the # fiat-crypto repository. # # The AUTHORS file lists the copyright holders; this file # lists people. For example, Google employees are listed here # but not in AUTHORS, because Google holds the copyright. # # When adding J Random Contributor's name to this file, # either J's name or J's organization's name should be # added to the AUTHORS file, depending on who holds the copyright. # # Names should be added to this file like so: # Individual's name # Individual's name # # An entry with multiple email addresses specifies that the # first address should be used in the submit logs and # that the other addresses should be recognized as the # same person. # Please keep the list sorted. Adam Chlipala Andres Erbsen Daniel Ziegler David Benjamin Jade Philipoom Jason Gross Robert Sloan fiat-crypto-0.2.2/COPYRIGHT000064400000000000000000000005671046102023000133710ustar 00000000000000SPDX-License-Identifier: MIT OR Apache-2.0 OR BSD-1-Clause Fiat Cryptography is licensed under the MIT License or , the Apache License, Version 2.0 or , or the BSD 1-Clause License or , at your option. fiat-crypto-0.2.2/Cargo.toml0000644000000015370000000000100113020ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "fiat-crypto" version = "0.2.2" authors = ["Fiat Crypto library authors "] description = "Fiat-crypto generated Rust" homepage = "https://github.com/mit-plv/fiat-crypto" readme = "README.md" license = "MIT OR Apache-2.0 OR BSD-1-Clause" repository = "https://github.com/mit-plv/fiat-crypto" [dependencies] [features] default = ["std"] std = [] fiat-crypto-0.2.2/Cargo.toml.orig000064400000000000000000000007601046102023000147600ustar 00000000000000[package] name = "fiat-crypto" version = "0.2.2" authors = ["Fiat Crypto library authors "] edition = "2018" description = "Fiat-crypto generated Rust" homepage = "https://github.com/mit-plv/fiat-crypto" repository = "https://github.com/mit-plv/fiat-crypto" readme = "README.md" license = "MIT OR Apache-2.0 OR BSD-1-Clause" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] [features] default = [ "std" ] std = [] fiat-crypto-0.2.2/LICENSE-APACHE000064400000000000000000000011761046102023000140170ustar 00000000000000The Apache License, Version 2.0 (Apache-2.0) Copyright 2015-2020 the fiat-crypto authors (see the AUTHORS file) Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. fiat-crypto-0.2.2/LICENSE-BSD-1000064400000000000000000000022011046102023000136320ustar 00000000000000The BSD 1-Clause License (BSD-1-Clause) Copyright (c) 2015-2020 the fiat-crypto authors (see the AUTHORS file) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. THIS SOFTWARE IS PROVIDED BY the fiat-crypto authors "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. fiat-crypto-0.2.2/LICENSE-MIT000064400000000000000000000021371046102023000135250ustar 00000000000000The MIT License (MIT) Copyright (c) 2015-2020 the fiat-crypto authors (see the AUTHORS file). Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. fiat-crypto-0.2.2/README.md000064400000000000000000000007211046102023000133450ustar 00000000000000## Fiat-crypto This crate provides the extracted Rust code from the Coq [fiat-crypto](https://github.com/mit-plv/fiat-crypto) libraries. ## License This project is distributed under the terms of the MIT License, the Apache License (Version 2.0), and the BSD 1-Clause License; users may pick which license to apply. See [`COPYRIGHT`](COPYRIGHT), [`LICENSE-MIT`](LICENSE-MIT), [`LICENSE-APACHE`](LICENSE-APACHE), and [`LICENSE-BSD-1`](LICENSE-BSD-1) for details. fiat-crypto-0.2.2/src/curve25519_32.rs000064400000000000000000001237341046102023000152730ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline 25519 32 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax carry_scmul121666 //! curve description: 25519 //! machine_wordsize = 32 (from "32") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax, carry_scmul121666 //! n = 10 (from "(auto)") //! s-c = 2^255 - [(1, 19)] (from "2^255 - 19") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1] //! eval z = z[0] + (z[1] << 26) + (z[2] << 51) + (z[3] << 77) + (z[4] << 102) + (z[5] << 128) + (z[6] << 153) + (z[7] << 179) + (z[8] << 204) + (z[9] << 230) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! balance = [0x7ffffda, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_25519_u1 = u8; pub type fiat_25519_i1 = i8; pub type fiat_25519_u2 = u8; pub type fiat_25519_i2 = i8; /** The type fiat_25519_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] */ #[derive(Clone, Copy)] pub struct fiat_25519_loose_field_element(pub [u32; 10]); impl core::ops::Index for fiat_25519_loose_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_25519_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] */ #[derive(Clone, Copy)] pub struct fiat_25519_tight_field_element(pub [u32; 10]); impl core::ops::Index for fiat_25519_tight_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_25519_addcarryx_u26 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^26 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffff] /// arg3: [0x0 ~> 0x3ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_addcarryx_u26(out1: &mut u32, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0x3ffffff); let x3: fiat_25519_u1 = ((x1 >> 26) as fiat_25519_u1); *out1 = x2; *out2 = x3; } /// The function fiat_25519_subborrowx_u26 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^26 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffff] /// arg3: [0x0 ~> 0x3ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_subborrowx_u26(out1: &mut u32, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_25519_i1 = ((x1 >> 26) as fiat_25519_i1); let x3: u32 = (((x1 as i64) & (0x3ffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_25519_i2) - (x2 as fiat_25519_i2)) as fiat_25519_u1); } /// The function fiat_25519_addcarryx_u25 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^25 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^25⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x1ffffff] /// arg3: [0x0 ~> 0x1ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x1ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_addcarryx_u25(out1: &mut u32, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0x1ffffff); let x3: fiat_25519_u1 = ((x1 >> 25) as fiat_25519_u1); *out1 = x2; *out2 = x3; } /// The function fiat_25519_subborrowx_u25 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^25 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^25⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x1ffffff] /// arg3: [0x0 ~> 0x1ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x1ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_subborrowx_u25(out1: &mut u32, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_25519_i1 = ((x1 >> 25) as fiat_25519_i1); let x3: u32 = (((x1 as i64) & (0x1ffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_25519_i2) - (x2 as fiat_25519_i2)) as fiat_25519_u1); } /// The function fiat_25519_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_25519_cmovznz_u32(out1: &mut u32, arg1: fiat_25519_u1, arg2: u32, arg3: u32) { let x1: fiat_25519_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_25519_i2) - (x1 as fiat_25519_i2)) as fiat_25519_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_25519_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_25519_carry_mul(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element, arg2: &fiat_25519_loose_field_element) { let x1: u64 = (((arg1[9]) as u64) * (((arg2[9]) * 0x26) as u64)); let x2: u64 = (((arg1[9]) as u64) * (((arg2[8]) * 0x13) as u64)); let x3: u64 = (((arg1[9]) as u64) * (((arg2[7]) * 0x26) as u64)); let x4: u64 = (((arg1[9]) as u64) * (((arg2[6]) * 0x13) as u64)); let x5: u64 = (((arg1[9]) as u64) * (((arg2[5]) * 0x26) as u64)); let x6: u64 = (((arg1[9]) as u64) * (((arg2[4]) * 0x13) as u64)); let x7: u64 = (((arg1[9]) as u64) * (((arg2[3]) * 0x26) as u64)); let x8: u64 = (((arg1[9]) as u64) * (((arg2[2]) * 0x13) as u64)); let x9: u64 = (((arg1[9]) as u64) * (((arg2[1]) * 0x26) as u64)); let x10: u64 = (((arg1[8]) as u64) * (((arg2[9]) * 0x13) as u64)); let x11: u64 = (((arg1[8]) as u64) * (((arg2[8]) * 0x13) as u64)); let x12: u64 = (((arg1[8]) as u64) * (((arg2[7]) * 0x13) as u64)); let x13: u64 = (((arg1[8]) as u64) * (((arg2[6]) * 0x13) as u64)); let x14: u64 = (((arg1[8]) as u64) * (((arg2[5]) * 0x13) as u64)); let x15: u64 = (((arg1[8]) as u64) * (((arg2[4]) * 0x13) as u64)); let x16: u64 = (((arg1[8]) as u64) * (((arg2[3]) * 0x13) as u64)); let x17: u64 = (((arg1[8]) as u64) * (((arg2[2]) * 0x13) as u64)); let x18: u64 = (((arg1[7]) as u64) * (((arg2[9]) * 0x26) as u64)); let x19: u64 = (((arg1[7]) as u64) * (((arg2[8]) * 0x13) as u64)); let x20: u64 = (((arg1[7]) as u64) * (((arg2[7]) * 0x26) as u64)); let x21: u64 = (((arg1[7]) as u64) * (((arg2[6]) * 0x13) as u64)); let x22: u64 = (((arg1[7]) as u64) * (((arg2[5]) * 0x26) as u64)); let x23: u64 = (((arg1[7]) as u64) * (((arg2[4]) * 0x13) as u64)); let x24: u64 = (((arg1[7]) as u64) * (((arg2[3]) * 0x26) as u64)); let x25: u64 = (((arg1[6]) as u64) * (((arg2[9]) * 0x13) as u64)); let x26: u64 = (((arg1[6]) as u64) * (((arg2[8]) * 0x13) as u64)); let x27: u64 = (((arg1[6]) as u64) * (((arg2[7]) * 0x13) as u64)); let x28: u64 = (((arg1[6]) as u64) * (((arg2[6]) * 0x13) as u64)); let x29: u64 = (((arg1[6]) as u64) * (((arg2[5]) * 0x13) as u64)); let x30: u64 = (((arg1[6]) as u64) * (((arg2[4]) * 0x13) as u64)); let x31: u64 = (((arg1[5]) as u64) * (((arg2[9]) * 0x26) as u64)); let x32: u64 = (((arg1[5]) as u64) * (((arg2[8]) * 0x13) as u64)); let x33: u64 = (((arg1[5]) as u64) * (((arg2[7]) * 0x26) as u64)); let x34: u64 = (((arg1[5]) as u64) * (((arg2[6]) * 0x13) as u64)); let x35: u64 = (((arg1[5]) as u64) * (((arg2[5]) * 0x26) as u64)); let x36: u64 = (((arg1[4]) as u64) * (((arg2[9]) * 0x13) as u64)); let x37: u64 = (((arg1[4]) as u64) * (((arg2[8]) * 0x13) as u64)); let x38: u64 = (((arg1[4]) as u64) * (((arg2[7]) * 0x13) as u64)); let x39: u64 = (((arg1[4]) as u64) * (((arg2[6]) * 0x13) as u64)); let x40: u64 = (((arg1[3]) as u64) * (((arg2[9]) * 0x26) as u64)); let x41: u64 = (((arg1[3]) as u64) * (((arg2[8]) * 0x13) as u64)); let x42: u64 = (((arg1[3]) as u64) * (((arg2[7]) * 0x26) as u64)); let x43: u64 = (((arg1[2]) as u64) * (((arg2[9]) * 0x13) as u64)); let x44: u64 = (((arg1[2]) as u64) * (((arg2[8]) * 0x13) as u64)); let x45: u64 = (((arg1[1]) as u64) * (((arg2[9]) * 0x26) as u64)); let x46: u64 = (((arg1[9]) as u64) * ((arg2[0]) as u64)); let x47: u64 = (((arg1[8]) as u64) * ((arg2[1]) as u64)); let x48: u64 = (((arg1[8]) as u64) * ((arg2[0]) as u64)); let x49: u64 = (((arg1[7]) as u64) * ((arg2[2]) as u64)); let x50: u64 = (((arg1[7]) as u64) * (((arg2[1]) * 0x2) as u64)); let x51: u64 = (((arg1[7]) as u64) * ((arg2[0]) as u64)); let x52: u64 = (((arg1[6]) as u64) * ((arg2[3]) as u64)); let x53: u64 = (((arg1[6]) as u64) * ((arg2[2]) as u64)); let x54: u64 = (((arg1[6]) as u64) * ((arg2[1]) as u64)); let x55: u64 = (((arg1[6]) as u64) * ((arg2[0]) as u64)); let x56: u64 = (((arg1[5]) as u64) * ((arg2[4]) as u64)); let x57: u64 = (((arg1[5]) as u64) * (((arg2[3]) * 0x2) as u64)); let x58: u64 = (((arg1[5]) as u64) * ((arg2[2]) as u64)); let x59: u64 = (((arg1[5]) as u64) * (((arg2[1]) * 0x2) as u64)); let x60: u64 = (((arg1[5]) as u64) * ((arg2[0]) as u64)); let x61: u64 = (((arg1[4]) as u64) * ((arg2[5]) as u64)); let x62: u64 = (((arg1[4]) as u64) * ((arg2[4]) as u64)); let x63: u64 = (((arg1[4]) as u64) * ((arg2[3]) as u64)); let x64: u64 = (((arg1[4]) as u64) * ((arg2[2]) as u64)); let x65: u64 = (((arg1[4]) as u64) * ((arg2[1]) as u64)); let x66: u64 = (((arg1[4]) as u64) * ((arg2[0]) as u64)); let x67: u64 = (((arg1[3]) as u64) * ((arg2[6]) as u64)); let x68: u64 = (((arg1[3]) as u64) * (((arg2[5]) * 0x2) as u64)); let x69: u64 = (((arg1[3]) as u64) * ((arg2[4]) as u64)); let x70: u64 = (((arg1[3]) as u64) * (((arg2[3]) * 0x2) as u64)); let x71: u64 = (((arg1[3]) as u64) * ((arg2[2]) as u64)); let x72: u64 = (((arg1[3]) as u64) * (((arg2[1]) * 0x2) as u64)); let x73: u64 = (((arg1[3]) as u64) * ((arg2[0]) as u64)); let x74: u64 = (((arg1[2]) as u64) * ((arg2[7]) as u64)); let x75: u64 = (((arg1[2]) as u64) * ((arg2[6]) as u64)); let x76: u64 = (((arg1[2]) as u64) * ((arg2[5]) as u64)); let x77: u64 = (((arg1[2]) as u64) * ((arg2[4]) as u64)); let x78: u64 = (((arg1[2]) as u64) * ((arg2[3]) as u64)); let x79: u64 = (((arg1[2]) as u64) * ((arg2[2]) as u64)); let x80: u64 = (((arg1[2]) as u64) * ((arg2[1]) as u64)); let x81: u64 = (((arg1[2]) as u64) * ((arg2[0]) as u64)); let x82: u64 = (((arg1[1]) as u64) * ((arg2[8]) as u64)); let x83: u64 = (((arg1[1]) as u64) * (((arg2[7]) * 0x2) as u64)); let x84: u64 = (((arg1[1]) as u64) * ((arg2[6]) as u64)); let x85: u64 = (((arg1[1]) as u64) * (((arg2[5]) * 0x2) as u64)); let x86: u64 = (((arg1[1]) as u64) * ((arg2[4]) as u64)); let x87: u64 = (((arg1[1]) as u64) * (((arg2[3]) * 0x2) as u64)); let x88: u64 = (((arg1[1]) as u64) * ((arg2[2]) as u64)); let x89: u64 = (((arg1[1]) as u64) * (((arg2[1]) * 0x2) as u64)); let x90: u64 = (((arg1[1]) as u64) * ((arg2[0]) as u64)); let x91: u64 = (((arg1[0]) as u64) * ((arg2[9]) as u64)); let x92: u64 = (((arg1[0]) as u64) * ((arg2[8]) as u64)); let x93: u64 = (((arg1[0]) as u64) * ((arg2[7]) as u64)); let x94: u64 = (((arg1[0]) as u64) * ((arg2[6]) as u64)); let x95: u64 = (((arg1[0]) as u64) * ((arg2[5]) as u64)); let x96: u64 = (((arg1[0]) as u64) * ((arg2[4]) as u64)); let x97: u64 = (((arg1[0]) as u64) * ((arg2[3]) as u64)); let x98: u64 = (((arg1[0]) as u64) * ((arg2[2]) as u64)); let x99: u64 = (((arg1[0]) as u64) * ((arg2[1]) as u64)); let x100: u64 = (((arg1[0]) as u64) * ((arg2[0]) as u64)); let x101: u64 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9))))))))); let x102: u64 = (x101 >> 26); let x103: u32 = ((x101 & (0x3ffffff as u64)) as u32); let x104: u64 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46))))))))); let x105: u64 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1))))))))); let x106: u64 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2))))))))); let x107: u64 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3))))))))); let x108: u64 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4))))))))); let x109: u64 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5))))))))); let x110: u64 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6))))))))); let x111: u64 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7))))))))); let x112: u64 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8))))))))); let x113: u64 = (x102 + x112); let x114: u64 = (x113 >> 25); let x115: u32 = ((x113 & (0x1ffffff as u64)) as u32); let x116: u64 = (x114 + x111); let x117: u64 = (x116 >> 26); let x118: u32 = ((x116 & (0x3ffffff as u64)) as u32); let x119: u64 = (x117 + x110); let x120: u64 = (x119 >> 25); let x121: u32 = ((x119 & (0x1ffffff as u64)) as u32); let x122: u64 = (x120 + x109); let x123: u64 = (x122 >> 26); let x124: u32 = ((x122 & (0x3ffffff as u64)) as u32); let x125: u64 = (x123 + x108); let x126: u64 = (x125 >> 25); let x127: u32 = ((x125 & (0x1ffffff as u64)) as u32); let x128: u64 = (x126 + x107); let x129: u64 = (x128 >> 26); let x130: u32 = ((x128 & (0x3ffffff as u64)) as u32); let x131: u64 = (x129 + x106); let x132: u64 = (x131 >> 25); let x133: u32 = ((x131 & (0x1ffffff as u64)) as u32); let x134: u64 = (x132 + x105); let x135: u64 = (x134 >> 26); let x136: u32 = ((x134 & (0x3ffffff as u64)) as u32); let x137: u64 = (x135 + x104); let x138: u64 = (x137 >> 25); let x139: u32 = ((x137 & (0x1ffffff as u64)) as u32); let x140: u64 = (x138 * (0x13 as u64)); let x141: u64 = ((x103 as u64) + x140); let x142: u32 = ((x141 >> 26) as u32); let x143: u32 = ((x141 & (0x3ffffff as u64)) as u32); let x144: u32 = (x142 + x115); let x145: fiat_25519_u1 = ((x144 >> 25) as fiat_25519_u1); let x146: u32 = (x144 & 0x1ffffff); let x147: u32 = ((x145 as u32) + x118); out1[0] = x143; out1[1] = x146; out1[2] = x147; out1[3] = x121; out1[4] = x124; out1[5] = x127; out1[6] = x130; out1[7] = x133; out1[8] = x136; out1[9] = x139; } /// The function fiat_25519_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_25519_carry_square(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u32 = ((arg1[9]) * 0x13); let x2: u32 = (x1 * 0x2); let x3: u32 = ((arg1[9]) * 0x2); let x4: u32 = ((arg1[8]) * 0x13); let x5: u64 = ((x4 as u64) * (0x2 as u64)); let x6: u32 = ((arg1[8]) * 0x2); let x7: u32 = ((arg1[7]) * 0x13); let x8: u32 = (x7 * 0x2); let x9: u32 = ((arg1[7]) * 0x2); let x10: u32 = ((arg1[6]) * 0x13); let x11: u64 = ((x10 as u64) * (0x2 as u64)); let x12: u32 = ((arg1[6]) * 0x2); let x13: u32 = ((arg1[5]) * 0x13); let x14: u32 = ((arg1[5]) * 0x2); let x15: u32 = ((arg1[4]) * 0x2); let x16: u32 = ((arg1[3]) * 0x2); let x17: u32 = ((arg1[2]) * 0x2); let x18: u32 = ((arg1[1]) * 0x2); let x19: u64 = (((arg1[9]) as u64) * ((x1 * 0x2) as u64)); let x20: u64 = (((arg1[8]) as u64) * (x2 as u64)); let x21: u64 = (((arg1[8]) as u64) * (x4 as u64)); let x22: u64 = (((arg1[7]) as u64) * ((x2 as u64) * (0x2 as u64))); let x23: u64 = (((arg1[7]) as u64) * x5); let x24: u64 = (((arg1[7]) as u64) * ((x7 * 0x2) as u64)); let x25: u64 = (((arg1[6]) as u64) * (x2 as u64)); let x26: u64 = (((arg1[6]) as u64) * x5); let x27: u64 = (((arg1[6]) as u64) * (x8 as u64)); let x28: u64 = (((arg1[6]) as u64) * (x10 as u64)); let x29: u64 = (((arg1[5]) as u64) * ((x2 as u64) * (0x2 as u64))); let x30: u64 = (((arg1[5]) as u64) * x5); let x31: u64 = (((arg1[5]) as u64) * ((x8 as u64) * (0x2 as u64))); let x32: u64 = (((arg1[5]) as u64) * x11); let x33: u64 = (((arg1[5]) as u64) * ((x13 * 0x2) as u64)); let x34: u64 = (((arg1[4]) as u64) * (x2 as u64)); let x35: u64 = (((arg1[4]) as u64) * x5); let x36: u64 = (((arg1[4]) as u64) * (x8 as u64)); let x37: u64 = (((arg1[4]) as u64) * x11); let x38: u64 = (((arg1[4]) as u64) * (x14 as u64)); let x39: u64 = (((arg1[4]) as u64) * ((arg1[4]) as u64)); let x40: u64 = (((arg1[3]) as u64) * ((x2 as u64) * (0x2 as u64))); let x41: u64 = (((arg1[3]) as u64) * x5); let x42: u64 = (((arg1[3]) as u64) * ((x8 as u64) * (0x2 as u64))); let x43: u64 = (((arg1[3]) as u64) * (x12 as u64)); let x44: u64 = (((arg1[3]) as u64) * ((x14 * 0x2) as u64)); let x45: u64 = (((arg1[3]) as u64) * (x15 as u64)); let x46: u64 = (((arg1[3]) as u64) * (((arg1[3]) * 0x2) as u64)); let x47: u64 = (((arg1[2]) as u64) * (x2 as u64)); let x48: u64 = (((arg1[2]) as u64) * x5); let x49: u64 = (((arg1[2]) as u64) * (x9 as u64)); let x50: u64 = (((arg1[2]) as u64) * (x12 as u64)); let x51: u64 = (((arg1[2]) as u64) * (x14 as u64)); let x52: u64 = (((arg1[2]) as u64) * (x15 as u64)); let x53: u64 = (((arg1[2]) as u64) * (x16 as u64)); let x54: u64 = (((arg1[2]) as u64) * ((arg1[2]) as u64)); let x55: u64 = (((arg1[1]) as u64) * ((x2 as u64) * (0x2 as u64))); let x56: u64 = (((arg1[1]) as u64) * (x6 as u64)); let x57: u64 = (((arg1[1]) as u64) * ((x9 * 0x2) as u64)); let x58: u64 = (((arg1[1]) as u64) * (x12 as u64)); let x59: u64 = (((arg1[1]) as u64) * ((x14 * 0x2) as u64)); let x60: u64 = (((arg1[1]) as u64) * (x15 as u64)); let x61: u64 = (((arg1[1]) as u64) * ((x16 * 0x2) as u64)); let x62: u64 = (((arg1[1]) as u64) * (x17 as u64)); let x63: u64 = (((arg1[1]) as u64) * (((arg1[1]) * 0x2) as u64)); let x64: u64 = (((arg1[0]) as u64) * (x3 as u64)); let x65: u64 = (((arg1[0]) as u64) * (x6 as u64)); let x66: u64 = (((arg1[0]) as u64) * (x9 as u64)); let x67: u64 = (((arg1[0]) as u64) * (x12 as u64)); let x68: u64 = (((arg1[0]) as u64) * (x14 as u64)); let x69: u64 = (((arg1[0]) as u64) * (x15 as u64)); let x70: u64 = (((arg1[0]) as u64) * (x16 as u64)); let x71: u64 = (((arg1[0]) as u64) * (x17 as u64)); let x72: u64 = (((arg1[0]) as u64) * (x18 as u64)); let x73: u64 = (((arg1[0]) as u64) * ((arg1[0]) as u64)); let x74: u64 = (x73 + (x55 + (x48 + (x42 + (x37 + x33))))); let x75: u64 = (x74 >> 26); let x76: u32 = ((x74 & (0x3ffffff as u64)) as u32); let x77: u64 = (x64 + (x56 + (x49 + (x43 + x38)))); let x78: u64 = (x65 + (x57 + (x50 + (x44 + (x39 + x19))))); let x79: u64 = (x66 + (x58 + (x51 + (x45 + x20)))); let x80: u64 = (x67 + (x59 + (x52 + (x46 + (x22 + x21))))); let x81: u64 = (x68 + (x60 + (x53 + (x25 + x23)))); let x82: u64 = (x69 + (x61 + (x54 + (x29 + (x26 + x24))))); let x83: u64 = (x70 + (x62 + (x34 + (x30 + x27)))); let x84: u64 = (x71 + (x63 + (x40 + (x35 + (x31 + x28))))); let x85: u64 = (x72 + (x47 + (x41 + (x36 + x32)))); let x86: u64 = (x75 + x85); let x87: u64 = (x86 >> 25); let x88: u32 = ((x86 & (0x1ffffff as u64)) as u32); let x89: u64 = (x87 + x84); let x90: u64 = (x89 >> 26); let x91: u32 = ((x89 & (0x3ffffff as u64)) as u32); let x92: u64 = (x90 + x83); let x93: u64 = (x92 >> 25); let x94: u32 = ((x92 & (0x1ffffff as u64)) as u32); let x95: u64 = (x93 + x82); let x96: u64 = (x95 >> 26); let x97: u32 = ((x95 & (0x3ffffff as u64)) as u32); let x98: u64 = (x96 + x81); let x99: u64 = (x98 >> 25); let x100: u32 = ((x98 & (0x1ffffff as u64)) as u32); let x101: u64 = (x99 + x80); let x102: u64 = (x101 >> 26); let x103: u32 = ((x101 & (0x3ffffff as u64)) as u32); let x104: u64 = (x102 + x79); let x105: u64 = (x104 >> 25); let x106: u32 = ((x104 & (0x1ffffff as u64)) as u32); let x107: u64 = (x105 + x78); let x108: u64 = (x107 >> 26); let x109: u32 = ((x107 & (0x3ffffff as u64)) as u32); let x110: u64 = (x108 + x77); let x111: u64 = (x110 >> 25); let x112: u32 = ((x110 & (0x1ffffff as u64)) as u32); let x113: u64 = (x111 * (0x13 as u64)); let x114: u64 = ((x76 as u64) + x113); let x115: u32 = ((x114 >> 26) as u32); let x116: u32 = ((x114 & (0x3ffffff as u64)) as u32); let x117: u32 = (x115 + x88); let x118: fiat_25519_u1 = ((x117 >> 25) as fiat_25519_u1); let x119: u32 = (x117 & 0x1ffffff); let x120: u32 = ((x118 as u32) + x91); out1[0] = x116; out1[1] = x119; out1[2] = x120; out1[3] = x94; out1[4] = x97; out1[5] = x100; out1[6] = x103; out1[7] = x106; out1[8] = x109; out1[9] = x112; } /// The function fiat_25519_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_25519_carry(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = ((x1 >> 26) + (arg1[1])); let x3: u32 = ((x2 >> 25) + (arg1[2])); let x4: u32 = ((x3 >> 26) + (arg1[3])); let x5: u32 = ((x4 >> 25) + (arg1[4])); let x6: u32 = ((x5 >> 26) + (arg1[5])); let x7: u32 = ((x6 >> 25) + (arg1[6])); let x8: u32 = ((x7 >> 26) + (arg1[7])); let x9: u32 = ((x8 >> 25) + (arg1[8])); let x10: u32 = ((x9 >> 26) + (arg1[9])); let x11: u32 = ((x1 & 0x3ffffff) + ((x10 >> 25) * 0x13)); let x12: u32 = ((((x11 >> 26) as fiat_25519_u1) as u32) + (x2 & 0x1ffffff)); let x13: u32 = (x11 & 0x3ffffff); let x14: u32 = (x12 & 0x1ffffff); let x15: u32 = ((((x12 >> 25) as fiat_25519_u1) as u32) + (x3 & 0x3ffffff)); let x16: u32 = (x4 & 0x1ffffff); let x17: u32 = (x5 & 0x3ffffff); let x18: u32 = (x6 & 0x1ffffff); let x19: u32 = (x7 & 0x3ffffff); let x20: u32 = (x8 & 0x1ffffff); let x21: u32 = (x9 & 0x3ffffff); let x22: u32 = (x10 & 0x1ffffff); out1[0] = x13; out1[1] = x14; out1[2] = x15; out1[3] = x16; out1[4] = x17; out1[5] = x18; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x22; } /// The function fiat_25519_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_25519_add(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element, arg2: &fiat_25519_tight_field_element) { let x1: u32 = ((arg1[0]) + (arg2[0])); let x2: u32 = ((arg1[1]) + (arg2[1])); let x3: u32 = ((arg1[2]) + (arg2[2])); let x4: u32 = ((arg1[3]) + (arg2[3])); let x5: u32 = ((arg1[4]) + (arg2[4])); let x6: u32 = ((arg1[5]) + (arg2[5])); let x7: u32 = ((arg1[6]) + (arg2[6])); let x8: u32 = ((arg1[7]) + (arg2[7])); let x9: u32 = ((arg1[8]) + (arg2[8])); let x10: u32 = ((arg1[9]) + (arg2[9])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; } /// The function fiat_25519_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_25519_sub(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element, arg2: &fiat_25519_tight_field_element) { let x1: u32 = ((0x7ffffda + (arg1[0])) - (arg2[0])); let x2: u32 = ((0x3fffffe + (arg1[1])) - (arg2[1])); let x3: u32 = ((0x7fffffe + (arg1[2])) - (arg2[2])); let x4: u32 = ((0x3fffffe + (arg1[3])) - (arg2[3])); let x5: u32 = ((0x7fffffe + (arg1[4])) - (arg2[4])); let x6: u32 = ((0x3fffffe + (arg1[5])) - (arg2[5])); let x7: u32 = ((0x7fffffe + (arg1[6])) - (arg2[6])); let x8: u32 = ((0x3fffffe + (arg1[7])) - (arg2[7])); let x9: u32 = ((0x7fffffe + (arg1[8])) - (arg2[8])); let x10: u32 = ((0x3fffffe + (arg1[9])) - (arg2[9])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; } /// The function fiat_25519_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_25519_opp(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element) { let x1: u32 = (0x7ffffda - (arg1[0])); let x2: u32 = (0x3fffffe - (arg1[1])); let x3: u32 = (0x7fffffe - (arg1[2])); let x4: u32 = (0x3fffffe - (arg1[3])); let x5: u32 = (0x7fffffe - (arg1[4])); let x6: u32 = (0x3fffffe - (arg1[5])); let x7: u32 = (0x7fffffe - (arg1[6])); let x8: u32 = (0x3fffffe - (arg1[7])); let x9: u32 = (0x7fffffe - (arg1[8])); let x10: u32 = (0x3fffffe - (arg1[9])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; } /// The function fiat_25519_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_25519_selectznz(out1: &mut [u32; 10], arg1: fiat_25519_u1, arg2: &[u32; 10], arg3: &[u32; 10]) { let mut x1: u32 = 0; fiat_25519_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_25519_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_25519_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_25519_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_25519_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_25519_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_25519_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_25519_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u32 = 0; fiat_25519_cmovznz_u32(&mut x9, arg1, (arg2[8]), (arg3[8])); let mut x10: u32 = 0; fiat_25519_cmovznz_u32(&mut x10, arg1, (arg2[9]), (arg3[9])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; } /// The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] #[inline] pub fn fiat_25519_to_bytes(out1: &mut [u8; 32], arg1: &fiat_25519_tight_field_element) { let mut x1: u32 = 0; let mut x2: fiat_25519_u1 = 0; fiat_25519_subborrowx_u26(&mut x1, &mut x2, 0x0, (arg1[0]), 0x3ffffed); let mut x3: u32 = 0; let mut x4: fiat_25519_u1 = 0; fiat_25519_subborrowx_u25(&mut x3, &mut x4, x2, (arg1[1]), 0x1ffffff); let mut x5: u32 = 0; let mut x6: fiat_25519_u1 = 0; fiat_25519_subborrowx_u26(&mut x5, &mut x6, x4, (arg1[2]), 0x3ffffff); let mut x7: u32 = 0; let mut x8: fiat_25519_u1 = 0; fiat_25519_subborrowx_u25(&mut x7, &mut x8, x6, (arg1[3]), 0x1ffffff); let mut x9: u32 = 0; let mut x10: fiat_25519_u1 = 0; fiat_25519_subborrowx_u26(&mut x9, &mut x10, x8, (arg1[4]), 0x3ffffff); let mut x11: u32 = 0; let mut x12: fiat_25519_u1 = 0; fiat_25519_subborrowx_u25(&mut x11, &mut x12, x10, (arg1[5]), 0x1ffffff); let mut x13: u32 = 0; let mut x14: fiat_25519_u1 = 0; fiat_25519_subborrowx_u26(&mut x13, &mut x14, x12, (arg1[6]), 0x3ffffff); let mut x15: u32 = 0; let mut x16: fiat_25519_u1 = 0; fiat_25519_subborrowx_u25(&mut x15, &mut x16, x14, (arg1[7]), 0x1ffffff); let mut x17: u32 = 0; let mut x18: fiat_25519_u1 = 0; fiat_25519_subborrowx_u26(&mut x17, &mut x18, x16, (arg1[8]), 0x3ffffff); let mut x19: u32 = 0; let mut x20: fiat_25519_u1 = 0; fiat_25519_subborrowx_u25(&mut x19, &mut x20, x18, (arg1[9]), 0x1ffffff); let mut x21: u32 = 0; fiat_25519_cmovznz_u32(&mut x21, x20, (0x0 as u32), 0xffffffff); let mut x22: u32 = 0; let mut x23: fiat_25519_u1 = 0; fiat_25519_addcarryx_u26(&mut x22, &mut x23, 0x0, x1, (x21 & 0x3ffffed)); let mut x24: u32 = 0; let mut x25: fiat_25519_u1 = 0; fiat_25519_addcarryx_u25(&mut x24, &mut x25, x23, x3, (x21 & 0x1ffffff)); let mut x26: u32 = 0; let mut x27: fiat_25519_u1 = 0; fiat_25519_addcarryx_u26(&mut x26, &mut x27, x25, x5, (x21 & 0x3ffffff)); let mut x28: u32 = 0; let mut x29: fiat_25519_u1 = 0; fiat_25519_addcarryx_u25(&mut x28, &mut x29, x27, x7, (x21 & 0x1ffffff)); let mut x30: u32 = 0; let mut x31: fiat_25519_u1 = 0; fiat_25519_addcarryx_u26(&mut x30, &mut x31, x29, x9, (x21 & 0x3ffffff)); let mut x32: u32 = 0; let mut x33: fiat_25519_u1 = 0; fiat_25519_addcarryx_u25(&mut x32, &mut x33, x31, x11, (x21 & 0x1ffffff)); let mut x34: u32 = 0; let mut x35: fiat_25519_u1 = 0; fiat_25519_addcarryx_u26(&mut x34, &mut x35, x33, x13, (x21 & 0x3ffffff)); let mut x36: u32 = 0; let mut x37: fiat_25519_u1 = 0; fiat_25519_addcarryx_u25(&mut x36, &mut x37, x35, x15, (x21 & 0x1ffffff)); let mut x38: u32 = 0; let mut x39: fiat_25519_u1 = 0; fiat_25519_addcarryx_u26(&mut x38, &mut x39, x37, x17, (x21 & 0x3ffffff)); let mut x40: u32 = 0; let mut x41: fiat_25519_u1 = 0; fiat_25519_addcarryx_u25(&mut x40, &mut x41, x39, x19, (x21 & 0x1ffffff)); let x42: u32 = (x40 << 6); let x43: u32 = (x38 << 4); let x44: u32 = (x36 << 3); let x45: u32 = (x34 * (0x2 as u32)); let x46: u32 = (x30 << 6); let x47: u32 = (x28 << 5); let x48: u32 = (x26 << 3); let x49: u32 = (x24 << 2); let x50: u8 = ((x22 & (0xff as u32)) as u8); let x51: u32 = (x22 >> 8); let x52: u8 = ((x51 & (0xff as u32)) as u8); let x53: u32 = (x51 >> 8); let x54: u8 = ((x53 & (0xff as u32)) as u8); let x55: u8 = ((x53 >> 8) as u8); let x56: u32 = (x49 + (x55 as u32)); let x57: u8 = ((x56 & (0xff as u32)) as u8); let x58: u32 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u32)) as u8); let x60: u32 = (x58 >> 8); let x61: u8 = ((x60 & (0xff as u32)) as u8); let x62: u8 = ((x60 >> 8) as u8); let x63: u32 = (x48 + (x62 as u32)); let x64: u8 = ((x63 & (0xff as u32)) as u8); let x65: u32 = (x63 >> 8); let x66: u8 = ((x65 & (0xff as u32)) as u8); let x67: u32 = (x65 >> 8); let x68: u8 = ((x67 & (0xff as u32)) as u8); let x69: u8 = ((x67 >> 8) as u8); let x70: u32 = (x47 + (x69 as u32)); let x71: u8 = ((x70 & (0xff as u32)) as u8); let x72: u32 = (x70 >> 8); let x73: u8 = ((x72 & (0xff as u32)) as u8); let x74: u32 = (x72 >> 8); let x75: u8 = ((x74 & (0xff as u32)) as u8); let x76: u8 = ((x74 >> 8) as u8); let x77: u32 = (x46 + (x76 as u32)); let x78: u8 = ((x77 & (0xff as u32)) as u8); let x79: u32 = (x77 >> 8); let x80: u8 = ((x79 & (0xff as u32)) as u8); let x81: u32 = (x79 >> 8); let x82: u8 = ((x81 & (0xff as u32)) as u8); let x83: u8 = ((x81 >> 8) as u8); let x84: u8 = ((x32 & (0xff as u32)) as u8); let x85: u32 = (x32 >> 8); let x86: u8 = ((x85 & (0xff as u32)) as u8); let x87: u32 = (x85 >> 8); let x88: u8 = ((x87 & (0xff as u32)) as u8); let x89: fiat_25519_u1 = ((x87 >> 8) as fiat_25519_u1); let x90: u32 = (x45 + (x89 as u32)); let x91: u8 = ((x90 & (0xff as u32)) as u8); let x92: u32 = (x90 >> 8); let x93: u8 = ((x92 & (0xff as u32)) as u8); let x94: u32 = (x92 >> 8); let x95: u8 = ((x94 & (0xff as u32)) as u8); let x96: u8 = ((x94 >> 8) as u8); let x97: u32 = (x44 + (x96 as u32)); let x98: u8 = ((x97 & (0xff as u32)) as u8); let x99: u32 = (x97 >> 8); let x100: u8 = ((x99 & (0xff as u32)) as u8); let x101: u32 = (x99 >> 8); let x102: u8 = ((x101 & (0xff as u32)) as u8); let x103: u8 = ((x101 >> 8) as u8); let x104: u32 = (x43 + (x103 as u32)); let x105: u8 = ((x104 & (0xff as u32)) as u8); let x106: u32 = (x104 >> 8); let x107: u8 = ((x106 & (0xff as u32)) as u8); let x108: u32 = (x106 >> 8); let x109: u8 = ((x108 & (0xff as u32)) as u8); let x110: u8 = ((x108 >> 8) as u8); let x111: u32 = (x42 + (x110 as u32)); let x112: u8 = ((x111 & (0xff as u32)) as u8); let x113: u32 = (x111 >> 8); let x114: u8 = ((x113 & (0xff as u32)) as u8); let x115: u32 = (x113 >> 8); let x116: u8 = ((x115 & (0xff as u32)) as u8); let x117: u8 = ((x115 >> 8) as u8); out1[0] = x50; out1[1] = x52; out1[2] = x54; out1[3] = x57; out1[4] = x59; out1[5] = x61; out1[6] = x64; out1[7] = x66; out1[8] = x68; out1[9] = x71; out1[10] = x73; out1[11] = x75; out1[12] = x78; out1[13] = x80; out1[14] = x82; out1[15] = x83; out1[16] = x84; out1[17] = x86; out1[18] = x88; out1[19] = x91; out1[20] = x93; out1[21] = x95; out1[22] = x98; out1[23] = x100; out1[24] = x102; out1[25] = x105; out1[26] = x107; out1[27] = x109; out1[28] = x112; out1[29] = x114; out1[30] = x116; out1[31] = x117; } /// The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] #[inline] pub fn fiat_25519_from_bytes(out1: &mut fiat_25519_tight_field_element, arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 18); let x2: u32 = (((arg1[30]) as u32) << 10); let x3: u32 = (((arg1[29]) as u32) << 2); let x4: u32 = (((arg1[28]) as u32) << 20); let x5: u32 = (((arg1[27]) as u32) << 12); let x6: u32 = (((arg1[26]) as u32) << 4); let x7: u32 = (((arg1[25]) as u32) << 21); let x8: u32 = (((arg1[24]) as u32) << 13); let x9: u32 = (((arg1[23]) as u32) << 5); let x10: u32 = (((arg1[22]) as u32) << 23); let x11: u32 = (((arg1[21]) as u32) << 15); let x12: u32 = (((arg1[20]) as u32) << 7); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 18); let x18: u32 = (((arg1[14]) as u32) << 10); let x19: u32 = (((arg1[13]) as u32) << 2); let x20: u32 = (((arg1[12]) as u32) << 19); let x21: u32 = (((arg1[11]) as u32) << 11); let x22: u32 = (((arg1[10]) as u32) << 3); let x23: u32 = (((arg1[9]) as u32) << 21); let x24: u32 = (((arg1[8]) as u32) << 13); let x25: u32 = (((arg1[7]) as u32) << 5); let x26: u32 = (((arg1[6]) as u32) << 22); let x27: u32 = (((arg1[5]) as u32) << 14); let x28: u32 = (((arg1[4]) as u32) << 6); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x35 & 0x3ffffff); let x37: u8 = ((x35 >> 26) as u8); let x38: u32 = (x28 + (x37 as u32)); let x39: u32 = (x27 + x38); let x40: u32 = (x26 + x39); let x41: u32 = (x40 & 0x1ffffff); let x42: u8 = ((x40 >> 25) as u8); let x43: u32 = (x25 + (x42 as u32)); let x44: u32 = (x24 + x43); let x45: u32 = (x23 + x44); let x46: u32 = (x45 & 0x3ffffff); let x47: u8 = ((x45 >> 26) as u8); let x48: u32 = (x22 + (x47 as u32)); let x49: u32 = (x21 + x48); let x50: u32 = (x20 + x49); let x51: u32 = (x50 & 0x1ffffff); let x52: u8 = ((x50 >> 25) as u8); let x53: u32 = (x19 + (x52 as u32)); let x54: u32 = (x18 + x53); let x55: u32 = (x17 + x54); let x56: u32 = (x15 + (x16 as u32)); let x57: u32 = (x14 + x56); let x58: u32 = (x13 + x57); let x59: u32 = (x58 & 0x1ffffff); let x60: u8 = ((x58 >> 25) as u8); let x61: u32 = (x12 + (x60 as u32)); let x62: u32 = (x11 + x61); let x63: u32 = (x10 + x62); let x64: u32 = (x63 & 0x3ffffff); let x65: u8 = ((x63 >> 26) as u8); let x66: u32 = (x9 + (x65 as u32)); let x67: u32 = (x8 + x66); let x68: u32 = (x7 + x67); let x69: u32 = (x68 & 0x1ffffff); let x70: u8 = ((x68 >> 25) as u8); let x71: u32 = (x6 + (x70 as u32)); let x72: u32 = (x5 + x71); let x73: u32 = (x4 + x72); let x74: u32 = (x73 & 0x3ffffff); let x75: u8 = ((x73 >> 26) as u8); let x76: u32 = (x3 + (x75 as u32)); let x77: u32 = (x2 + x76); let x78: u32 = (x1 + x77); out1[0] = x36; out1[1] = x41; out1[2] = x46; out1[3] = x51; out1[4] = x55; out1[5] = x59; out1[6] = x64; out1[7] = x69; out1[8] = x74; out1[9] = x78; } /// The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_25519_relax(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = (arg1[1]); let x3: u32 = (arg1[2]); let x4: u32 = (arg1[3]); let x5: u32 = (arg1[4]); let x6: u32 = (arg1[5]); let x7: u32 = (arg1[6]); let x8: u32 = (arg1[7]); let x9: u32 = (arg1[8]); let x10: u32 = (arg1[9]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; } /// The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. /// /// Postconditions: /// eval out1 mod m = (121666 * eval arg1) mod m /// #[inline] pub fn fiat_25519_carry_scmul_121666(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u64 = ((0x1db42 as u64) * ((arg1[9]) as u64)); let x2: u64 = ((0x1db42 as u64) * ((arg1[8]) as u64)); let x3: u64 = ((0x1db42 as u64) * ((arg1[7]) as u64)); let x4: u64 = ((0x1db42 as u64) * ((arg1[6]) as u64)); let x5: u64 = ((0x1db42 as u64) * ((arg1[5]) as u64)); let x6: u64 = ((0x1db42 as u64) * ((arg1[4]) as u64)); let x7: u64 = ((0x1db42 as u64) * ((arg1[3]) as u64)); let x8: u64 = ((0x1db42 as u64) * ((arg1[2]) as u64)); let x9: u64 = ((0x1db42 as u64) * ((arg1[1]) as u64)); let x10: u64 = ((0x1db42 as u64) * ((arg1[0]) as u64)); let x11: u32 = ((x10 >> 26) as u32); let x12: u32 = ((x10 & (0x3ffffff as u64)) as u32); let x13: u64 = ((x11 as u64) + x9); let x14: u32 = ((x13 >> 25) as u32); let x15: u32 = ((x13 & (0x1ffffff as u64)) as u32); let x16: u64 = ((x14 as u64) + x8); let x17: u32 = ((x16 >> 26) as u32); let x18: u32 = ((x16 & (0x3ffffff as u64)) as u32); let x19: u64 = ((x17 as u64) + x7); let x20: u32 = ((x19 >> 25) as u32); let x21: u32 = ((x19 & (0x1ffffff as u64)) as u32); let x22: u64 = ((x20 as u64) + x6); let x23: u32 = ((x22 >> 26) as u32); let x24: u32 = ((x22 & (0x3ffffff as u64)) as u32); let x25: u64 = ((x23 as u64) + x5); let x26: u32 = ((x25 >> 25) as u32); let x27: u32 = ((x25 & (0x1ffffff as u64)) as u32); let x28: u64 = ((x26 as u64) + x4); let x29: u32 = ((x28 >> 26) as u32); let x30: u32 = ((x28 & (0x3ffffff as u64)) as u32); let x31: u64 = ((x29 as u64) + x3); let x32: u32 = ((x31 >> 25) as u32); let x33: u32 = ((x31 & (0x1ffffff as u64)) as u32); let x34: u64 = ((x32 as u64) + x2); let x35: u32 = ((x34 >> 26) as u32); let x36: u32 = ((x34 & (0x3ffffff as u64)) as u32); let x37: u64 = ((x35 as u64) + x1); let x38: u32 = ((x37 >> 25) as u32); let x39: u32 = ((x37 & (0x1ffffff as u64)) as u32); let x40: u32 = (x38 * 0x13); let x41: u32 = (x12 + x40); let x42: fiat_25519_u1 = ((x41 >> 26) as fiat_25519_u1); let x43: u32 = (x41 & 0x3ffffff); let x44: u32 = ((x42 as u32) + x15); let x45: fiat_25519_u1 = ((x44 >> 25) as fiat_25519_u1); let x46: u32 = (x44 & 0x1ffffff); let x47: u32 = ((x45 as u32) + x18); out1[0] = x43; out1[1] = x46; out1[2] = x47; out1[3] = x21; out1[4] = x24; out1[5] = x27; out1[6] = x30; out1[7] = x33; out1[8] = x36; out1[9] = x39; } fiat-crypto-0.2.2/src/curve25519_64.rs000064400000000000000000000635411046102023000152770ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline 25519 64 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax carry_scmul121666 //! curve description: 25519 //! machine_wordsize = 64 (from "64") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax, carry_scmul121666 //! n = 5 (from "(auto)") //! s-c = 2^255 - [(1, 19)] (from "2^255 - 19") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 3, 4, 0, 1] //! eval z = z[0] + (z[1] << 51) + (z[2] << 102) + (z[3] << 153) + (z[4] << 204) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! balance = [0xfffffffffffda, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_25519_u1 = u8; pub type fiat_25519_i1 = i8; pub type fiat_25519_u2 = u8; pub type fiat_25519_i2 = i8; /** The type fiat_25519_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_25519_loose_field_element(pub [u64; 5]); impl core::ops::Index for fiat_25519_loose_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_25519_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_25519_tight_field_element(pub [u64; 5]); impl core::ops::Index for fiat_25519_tight_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_25519_addcarryx_u51 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^51 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^51⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffffffffff] /// arg3: [0x0 ~> 0x7ffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_addcarryx_u51(out1: &mut u64, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0x7ffffffffffff); let x3: fiat_25519_u1 = ((x1 >> 51) as fiat_25519_u1); *out1 = x2; *out2 = x3; } /// The function fiat_25519_subborrowx_u51 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^51 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^51⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffffffffff] /// arg3: [0x0 ~> 0x7ffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_subborrowx_u51(out1: &mut u64, out2: &mut fiat_25519_u1, arg1: fiat_25519_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_25519_i1 = ((x1 >> 51) as fiat_25519_i1); let x3: u64 = (((x1 as i128) & (0x7ffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_25519_i2) - (x2 as fiat_25519_i2)) as fiat_25519_u1); } /// The function fiat_25519_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_25519_cmovznz_u64(out1: &mut u64, arg1: fiat_25519_u1, arg2: u64, arg3: u64) { let x1: fiat_25519_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_25519_i2) - (x1 as fiat_25519_i2)) as fiat_25519_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_25519_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_25519_carry_mul(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element, arg2: &fiat_25519_loose_field_element) { let x1: u128 = (((arg1[4]) as u128) * (((arg2[4]) * 0x13) as u128)); let x2: u128 = (((arg1[4]) as u128) * (((arg2[3]) * 0x13) as u128)); let x3: u128 = (((arg1[4]) as u128) * (((arg2[2]) * 0x13) as u128)); let x4: u128 = (((arg1[4]) as u128) * (((arg2[1]) * 0x13) as u128)); let x5: u128 = (((arg1[3]) as u128) * (((arg2[4]) * 0x13) as u128)); let x6: u128 = (((arg1[3]) as u128) * (((arg2[3]) * 0x13) as u128)); let x7: u128 = (((arg1[3]) as u128) * (((arg2[2]) * 0x13) as u128)); let x8: u128 = (((arg1[2]) as u128) * (((arg2[4]) * 0x13) as u128)); let x9: u128 = (((arg1[2]) as u128) * (((arg2[3]) * 0x13) as u128)); let x10: u128 = (((arg1[1]) as u128) * (((arg2[4]) * 0x13) as u128)); let x11: u128 = (((arg1[4]) as u128) * ((arg2[0]) as u128)); let x12: u128 = (((arg1[3]) as u128) * ((arg2[1]) as u128)); let x13: u128 = (((arg1[3]) as u128) * ((arg2[0]) as u128)); let x14: u128 = (((arg1[2]) as u128) * ((arg2[2]) as u128)); let x15: u128 = (((arg1[2]) as u128) * ((arg2[1]) as u128)); let x16: u128 = (((arg1[2]) as u128) * ((arg2[0]) as u128)); let x17: u128 = (((arg1[1]) as u128) * ((arg2[3]) as u128)); let x18: u128 = (((arg1[1]) as u128) * ((arg2[2]) as u128)); let x19: u128 = (((arg1[1]) as u128) * ((arg2[1]) as u128)); let x20: u128 = (((arg1[1]) as u128) * ((arg2[0]) as u128)); let x21: u128 = (((arg1[0]) as u128) * ((arg2[4]) as u128)); let x22: u128 = (((arg1[0]) as u128) * ((arg2[3]) as u128)); let x23: u128 = (((arg1[0]) as u128) * ((arg2[2]) as u128)); let x24: u128 = (((arg1[0]) as u128) * ((arg2[1]) as u128)); let x25: u128 = (((arg1[0]) as u128) * ((arg2[0]) as u128)); let x26: u128 = (x25 + (x10 + (x9 + (x7 + x4)))); let x27: u64 = ((x26 >> 51) as u64); let x28: u64 = ((x26 & (0x7ffffffffffff as u128)) as u64); let x29: u128 = (x21 + (x17 + (x14 + (x12 + x11)))); let x30: u128 = (x22 + (x18 + (x15 + (x13 + x1)))); let x31: u128 = (x23 + (x19 + (x16 + (x5 + x2)))); let x32: u128 = (x24 + (x20 + (x8 + (x6 + x3)))); let x33: u128 = ((x27 as u128) + x32); let x34: u64 = ((x33 >> 51) as u64); let x35: u64 = ((x33 & (0x7ffffffffffff as u128)) as u64); let x36: u128 = ((x34 as u128) + x31); let x37: u64 = ((x36 >> 51) as u64); let x38: u64 = ((x36 & (0x7ffffffffffff as u128)) as u64); let x39: u128 = ((x37 as u128) + x30); let x40: u64 = ((x39 >> 51) as u64); let x41: u64 = ((x39 & (0x7ffffffffffff as u128)) as u64); let x42: u128 = ((x40 as u128) + x29); let x43: u64 = ((x42 >> 51) as u64); let x44: u64 = ((x42 & (0x7ffffffffffff as u128)) as u64); let x45: u64 = (x43 * 0x13); let x46: u64 = (x28 + x45); let x47: u64 = (x46 >> 51); let x48: u64 = (x46 & 0x7ffffffffffff); let x49: u64 = (x47 + x35); let x50: fiat_25519_u1 = ((x49 >> 51) as fiat_25519_u1); let x51: u64 = (x49 & 0x7ffffffffffff); let x52: u64 = ((x50 as u64) + x38); out1[0] = x48; out1[1] = x51; out1[2] = x52; out1[3] = x41; out1[4] = x44; } /// The function fiat_25519_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_25519_carry_square(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u64 = ((arg1[4]) * 0x13); let x2: u64 = (x1 * 0x2); let x3: u64 = ((arg1[4]) * 0x2); let x4: u64 = ((arg1[3]) * 0x13); let x5: u64 = (x4 * 0x2); let x6: u64 = ((arg1[3]) * 0x2); let x7: u64 = ((arg1[2]) * 0x2); let x8: u64 = ((arg1[1]) * 0x2); let x9: u128 = (((arg1[4]) as u128) * (x1 as u128)); let x10: u128 = (((arg1[3]) as u128) * (x2 as u128)); let x11: u128 = (((arg1[3]) as u128) * (x4 as u128)); let x12: u128 = (((arg1[2]) as u128) * (x2 as u128)); let x13: u128 = (((arg1[2]) as u128) * (x5 as u128)); let x14: u128 = (((arg1[2]) as u128) * ((arg1[2]) as u128)); let x15: u128 = (((arg1[1]) as u128) * (x2 as u128)); let x16: u128 = (((arg1[1]) as u128) * (x6 as u128)); let x17: u128 = (((arg1[1]) as u128) * (x7 as u128)); let x18: u128 = (((arg1[1]) as u128) * ((arg1[1]) as u128)); let x19: u128 = (((arg1[0]) as u128) * (x3 as u128)); let x20: u128 = (((arg1[0]) as u128) * (x6 as u128)); let x21: u128 = (((arg1[0]) as u128) * (x7 as u128)); let x22: u128 = (((arg1[0]) as u128) * (x8 as u128)); let x23: u128 = (((arg1[0]) as u128) * ((arg1[0]) as u128)); let x24: u128 = (x23 + (x15 + x13)); let x25: u64 = ((x24 >> 51) as u64); let x26: u64 = ((x24 & (0x7ffffffffffff as u128)) as u64); let x27: u128 = (x19 + (x16 + x14)); let x28: u128 = (x20 + (x17 + x9)); let x29: u128 = (x21 + (x18 + x10)); let x30: u128 = (x22 + (x12 + x11)); let x31: u128 = ((x25 as u128) + x30); let x32: u64 = ((x31 >> 51) as u64); let x33: u64 = ((x31 & (0x7ffffffffffff as u128)) as u64); let x34: u128 = ((x32 as u128) + x29); let x35: u64 = ((x34 >> 51) as u64); let x36: u64 = ((x34 & (0x7ffffffffffff as u128)) as u64); let x37: u128 = ((x35 as u128) + x28); let x38: u64 = ((x37 >> 51) as u64); let x39: u64 = ((x37 & (0x7ffffffffffff as u128)) as u64); let x40: u128 = ((x38 as u128) + x27); let x41: u64 = ((x40 >> 51) as u64); let x42: u64 = ((x40 & (0x7ffffffffffff as u128)) as u64); let x43: u64 = (x41 * 0x13); let x44: u64 = (x26 + x43); let x45: u64 = (x44 >> 51); let x46: u64 = (x44 & 0x7ffffffffffff); let x47: u64 = (x45 + x33); let x48: fiat_25519_u1 = ((x47 >> 51) as fiat_25519_u1); let x49: u64 = (x47 & 0x7ffffffffffff); let x50: u64 = ((x48 as u64) + x36); out1[0] = x46; out1[1] = x49; out1[2] = x50; out1[3] = x39; out1[4] = x42; } /// The function fiat_25519_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_25519_carry(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = ((x1 >> 51) + (arg1[1])); let x3: u64 = ((x2 >> 51) + (arg1[2])); let x4: u64 = ((x3 >> 51) + (arg1[3])); let x5: u64 = ((x4 >> 51) + (arg1[4])); let x6: u64 = ((x1 & 0x7ffffffffffff) + ((x5 >> 51) * 0x13)); let x7: u64 = ((((x6 >> 51) as fiat_25519_u1) as u64) + (x2 & 0x7ffffffffffff)); let x8: u64 = (x6 & 0x7ffffffffffff); let x9: u64 = (x7 & 0x7ffffffffffff); let x10: u64 = ((((x7 >> 51) as fiat_25519_u1) as u64) + (x3 & 0x7ffffffffffff)); let x11: u64 = (x4 & 0x7ffffffffffff); let x12: u64 = (x5 & 0x7ffffffffffff); out1[0] = x8; out1[1] = x9; out1[2] = x10; out1[3] = x11; out1[4] = x12; } /// The function fiat_25519_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_25519_add(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element, arg2: &fiat_25519_tight_field_element) { let x1: u64 = ((arg1[0]) + (arg2[0])); let x2: u64 = ((arg1[1]) + (arg2[1])); let x3: u64 = ((arg1[2]) + (arg2[2])); let x4: u64 = ((arg1[3]) + (arg2[3])); let x5: u64 = ((arg1[4]) + (arg2[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_25519_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_25519_sub(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element, arg2: &fiat_25519_tight_field_element) { let x1: u64 = ((0xfffffffffffda + (arg1[0])) - (arg2[0])); let x2: u64 = ((0xffffffffffffe + (arg1[1])) - (arg2[1])); let x3: u64 = ((0xffffffffffffe + (arg1[2])) - (arg2[2])); let x4: u64 = ((0xffffffffffffe + (arg1[3])) - (arg2[3])); let x5: u64 = ((0xffffffffffffe + (arg1[4])) - (arg2[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_25519_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_25519_opp(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element) { let x1: u64 = (0xfffffffffffda - (arg1[0])); let x2: u64 = (0xffffffffffffe - (arg1[1])); let x3: u64 = (0xffffffffffffe - (arg1[2])); let x4: u64 = (0xffffffffffffe - (arg1[3])); let x5: u64 = (0xffffffffffffe - (arg1[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_25519_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_25519_selectznz(out1: &mut [u64; 5], arg1: fiat_25519_u1, arg2: &[u64; 5], arg3: &[u64; 5]) { let mut x1: u64 = 0; fiat_25519_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_25519_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_25519_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_25519_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_25519_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] #[inline] pub fn fiat_25519_to_bytes(out1: &mut [u8; 32], arg1: &fiat_25519_tight_field_element) { let mut x1: u64 = 0; let mut x2: fiat_25519_u1 = 0; fiat_25519_subborrowx_u51(&mut x1, &mut x2, 0x0, (arg1[0]), 0x7ffffffffffed); let mut x3: u64 = 0; let mut x4: fiat_25519_u1 = 0; fiat_25519_subborrowx_u51(&mut x3, &mut x4, x2, (arg1[1]), 0x7ffffffffffff); let mut x5: u64 = 0; let mut x6: fiat_25519_u1 = 0; fiat_25519_subborrowx_u51(&mut x5, &mut x6, x4, (arg1[2]), 0x7ffffffffffff); let mut x7: u64 = 0; let mut x8: fiat_25519_u1 = 0; fiat_25519_subborrowx_u51(&mut x7, &mut x8, x6, (arg1[3]), 0x7ffffffffffff); let mut x9: u64 = 0; let mut x10: fiat_25519_u1 = 0; fiat_25519_subborrowx_u51(&mut x9, &mut x10, x8, (arg1[4]), 0x7ffffffffffff); let mut x11: u64 = 0; fiat_25519_cmovznz_u64(&mut x11, x10, (0x0 as u64), 0xffffffffffffffff); let mut x12: u64 = 0; let mut x13: fiat_25519_u1 = 0; fiat_25519_addcarryx_u51(&mut x12, &mut x13, 0x0, x1, (x11 & 0x7ffffffffffed)); let mut x14: u64 = 0; let mut x15: fiat_25519_u1 = 0; fiat_25519_addcarryx_u51(&mut x14, &mut x15, x13, x3, (x11 & 0x7ffffffffffff)); let mut x16: u64 = 0; let mut x17: fiat_25519_u1 = 0; fiat_25519_addcarryx_u51(&mut x16, &mut x17, x15, x5, (x11 & 0x7ffffffffffff)); let mut x18: u64 = 0; let mut x19: fiat_25519_u1 = 0; fiat_25519_addcarryx_u51(&mut x18, &mut x19, x17, x7, (x11 & 0x7ffffffffffff)); let mut x20: u64 = 0; let mut x21: fiat_25519_u1 = 0; fiat_25519_addcarryx_u51(&mut x20, &mut x21, x19, x9, (x11 & 0x7ffffffffffff)); let x22: u64 = (x20 << 4); let x23: u64 = (x18 * (0x2 as u64)); let x24: u64 = (x16 << 6); let x25: u64 = (x14 << 3); let x26: u8 = ((x12 & (0xff as u64)) as u8); let x27: u64 = (x12 >> 8); let x28: u8 = ((x27 & (0xff as u64)) as u8); let x29: u64 = (x27 >> 8); let x30: u8 = ((x29 & (0xff as u64)) as u8); let x31: u64 = (x29 >> 8); let x32: u8 = ((x31 & (0xff as u64)) as u8); let x33: u64 = (x31 >> 8); let x34: u8 = ((x33 & (0xff as u64)) as u8); let x35: u64 = (x33 >> 8); let x36: u8 = ((x35 & (0xff as u64)) as u8); let x37: u8 = ((x35 >> 8) as u8); let x38: u64 = (x25 + (x37 as u64)); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u64 = (x44 >> 8); let x47: u8 = ((x46 & (0xff as u64)) as u8); let x48: u64 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u64 = (x24 + (x50 as u64)); let x52: u8 = ((x51 & (0xff as u64)) as u8); let x53: u64 = (x51 >> 8); let x54: u8 = ((x53 & (0xff as u64)) as u8); let x55: u64 = (x53 >> 8); let x56: u8 = ((x55 & (0xff as u64)) as u8); let x57: u64 = (x55 >> 8); let x58: u8 = ((x57 & (0xff as u64)) as u8); let x59: u64 = (x57 >> 8); let x60: u8 = ((x59 & (0xff as u64)) as u8); let x61: u64 = (x59 >> 8); let x62: u8 = ((x61 & (0xff as u64)) as u8); let x63: u64 = (x61 >> 8); let x64: u8 = ((x63 & (0xff as u64)) as u8); let x65: fiat_25519_u1 = ((x63 >> 8) as fiat_25519_u1); let x66: u64 = (x23 + (x65 as u64)); let x67: u8 = ((x66 & (0xff as u64)) as u8); let x68: u64 = (x66 >> 8); let x69: u8 = ((x68 & (0xff as u64)) as u8); let x70: u64 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u64)) as u8); let x72: u64 = (x70 >> 8); let x73: u8 = ((x72 & (0xff as u64)) as u8); let x74: u64 = (x72 >> 8); let x75: u8 = ((x74 & (0xff as u64)) as u8); let x76: u64 = (x74 >> 8); let x77: u8 = ((x76 & (0xff as u64)) as u8); let x78: u8 = ((x76 >> 8) as u8); let x79: u64 = (x22 + (x78 as u64)); let x80: u8 = ((x79 & (0xff as u64)) as u8); let x81: u64 = (x79 >> 8); let x82: u8 = ((x81 & (0xff as u64)) as u8); let x83: u64 = (x81 >> 8); let x84: u8 = ((x83 & (0xff as u64)) as u8); let x85: u64 = (x83 >> 8); let x86: u8 = ((x85 & (0xff as u64)) as u8); let x87: u64 = (x85 >> 8); let x88: u8 = ((x87 & (0xff as u64)) as u8); let x89: u64 = (x87 >> 8); let x90: u8 = ((x89 & (0xff as u64)) as u8); let x91: u8 = ((x89 >> 8) as u8); out1[0] = x26; out1[1] = x28; out1[2] = x30; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x39; out1[7] = x41; out1[8] = x43; out1[9] = x45; out1[10] = x47; out1[11] = x49; out1[12] = x52; out1[13] = x54; out1[14] = x56; out1[15] = x58; out1[16] = x60; out1[17] = x62; out1[18] = x64; out1[19] = x67; out1[20] = x69; out1[21] = x71; out1[22] = x73; out1[23] = x75; out1[24] = x77; out1[25] = x80; out1[26] = x82; out1[27] = x84; out1[28] = x86; out1[29] = x88; out1[30] = x90; out1[31] = x91; } /// The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] #[inline] pub fn fiat_25519_from_bytes(out1: &mut fiat_25519_tight_field_element, arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 44); let x2: u64 = (((arg1[30]) as u64) << 36); let x3: u64 = (((arg1[29]) as u64) << 28); let x4: u64 = (((arg1[28]) as u64) << 20); let x5: u64 = (((arg1[27]) as u64) << 12); let x6: u64 = (((arg1[26]) as u64) << 4); let x7: u64 = (((arg1[25]) as u64) << 47); let x8: u64 = (((arg1[24]) as u64) << 39); let x9: u64 = (((arg1[23]) as u64) << 31); let x10: u64 = (((arg1[22]) as u64) << 23); let x11: u64 = (((arg1[21]) as u64) << 15); let x12: u64 = (((arg1[20]) as u64) << 7); let x13: u64 = (((arg1[19]) as u64) << 50); let x14: u64 = (((arg1[18]) as u64) << 42); let x15: u64 = (((arg1[17]) as u64) << 34); let x16: u64 = (((arg1[16]) as u64) << 26); let x17: u64 = (((arg1[15]) as u64) << 18); let x18: u64 = (((arg1[14]) as u64) << 10); let x19: u64 = (((arg1[13]) as u64) << 2); let x20: u64 = (((arg1[12]) as u64) << 45); let x21: u64 = (((arg1[11]) as u64) << 37); let x22: u64 = (((arg1[10]) as u64) << 29); let x23: u64 = (((arg1[9]) as u64) << 21); let x24: u64 = (((arg1[8]) as u64) << 13); let x25: u64 = (((arg1[7]) as u64) << 5); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x38 & 0x7ffffffffffff); let x40: u8 = ((x38 >> 51) as u8); let x41: u64 = (x25 + (x40 as u64)); let x42: u64 = (x24 + x41); let x43: u64 = (x23 + x42); let x44: u64 = (x22 + x43); let x45: u64 = (x21 + x44); let x46: u64 = (x20 + x45); let x47: u64 = (x46 & 0x7ffffffffffff); let x48: u8 = ((x46 >> 51) as u8); let x49: u64 = (x19 + (x48 as u64)); let x50: u64 = (x18 + x49); let x51: u64 = (x17 + x50); let x52: u64 = (x16 + x51); let x53: u64 = (x15 + x52); let x54: u64 = (x14 + x53); let x55: u64 = (x13 + x54); let x56: u64 = (x55 & 0x7ffffffffffff); let x57: u8 = ((x55 >> 51) as u8); let x58: u64 = (x12 + (x57 as u64)); let x59: u64 = (x11 + x58); let x60: u64 = (x10 + x59); let x61: u64 = (x9 + x60); let x62: u64 = (x8 + x61); let x63: u64 = (x7 + x62); let x64: u64 = (x63 & 0x7ffffffffffff); let x65: u8 = ((x63 >> 51) as u8); let x66: u64 = (x6 + (x65 as u64)); let x67: u64 = (x5 + x66); let x68: u64 = (x4 + x67); let x69: u64 = (x3 + x68); let x70: u64 = (x2 + x69); let x71: u64 = (x1 + x70); out1[0] = x39; out1[1] = x47; out1[2] = x56; out1[3] = x64; out1[4] = x71; } /// The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_25519_relax(out1: &mut fiat_25519_loose_field_element, arg1: &fiat_25519_tight_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = (arg1[1]); let x3: u64 = (arg1[2]); let x4: u64 = (arg1[3]); let x5: u64 = (arg1[4]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. /// /// Postconditions: /// eval out1 mod m = (121666 * eval arg1) mod m /// #[inline] pub fn fiat_25519_carry_scmul_121666(out1: &mut fiat_25519_tight_field_element, arg1: &fiat_25519_loose_field_element) { let x1: u128 = ((0x1db42 as u128) * ((arg1[4]) as u128)); let x2: u128 = ((0x1db42 as u128) * ((arg1[3]) as u128)); let x3: u128 = ((0x1db42 as u128) * ((arg1[2]) as u128)); let x4: u128 = ((0x1db42 as u128) * ((arg1[1]) as u128)); let x5: u128 = ((0x1db42 as u128) * ((arg1[0]) as u128)); let x6: u64 = ((x5 >> 51) as u64); let x7: u64 = ((x5 & (0x7ffffffffffff as u128)) as u64); let x8: u128 = ((x6 as u128) + x4); let x9: u64 = ((x8 >> 51) as u64); let x10: u64 = ((x8 & (0x7ffffffffffff as u128)) as u64); let x11: u128 = ((x9 as u128) + x3); let x12: u64 = ((x11 >> 51) as u64); let x13: u64 = ((x11 & (0x7ffffffffffff as u128)) as u64); let x14: u128 = ((x12 as u128) + x2); let x15: u64 = ((x14 >> 51) as u64); let x16: u64 = ((x14 & (0x7ffffffffffff as u128)) as u64); let x17: u128 = ((x15 as u128) + x1); let x18: u64 = ((x17 >> 51) as u64); let x19: u64 = ((x17 & (0x7ffffffffffff as u128)) as u64); let x20: u64 = (x18 * 0x13); let x21: u64 = (x7 + x20); let x22: fiat_25519_u1 = ((x21 >> 51) as fiat_25519_u1); let x23: u64 = (x21 & 0x7ffffffffffff); let x24: u64 = ((x22 as u64) + x10); let x25: fiat_25519_u1 = ((x24 >> 51) as fiat_25519_u1); let x26: u64 = (x24 & 0x7ffffffffffff); let x27: u64 = ((x25 as u64) + x13); out1[0] = x23; out1[1] = x26; out1[2] = x27; out1[3] = x16; out1[4] = x19; } fiat-crypto-0.2.2/src/curve25519_scalar_32.rs000064400000000000000000006435651046102023000166310ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline 25519_scalar 32 '2^252 + 27742317777372353535851937790883648493' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: 25519_scalar //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed (from "2^252 + 27742317777372353535851937790883648493") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_25519_scalar_u1 = u8; pub type fiat_25519_scalar_i1 = i8; pub type fiat_25519_scalar_u2 = u8; pub type fiat_25519_scalar_i2 = i8; /** The type fiat_25519_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_25519_scalar_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_25519_scalar_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_25519_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_25519_scalar_non_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_25519_scalar_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_25519_scalar_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_scalar_addcarryx_u32(out1: &mut u32, out2: &mut fiat_25519_scalar_u1, arg1: fiat_25519_scalar_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_25519_scalar_u1 = ((x1 >> 32) as fiat_25519_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_25519_scalar_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_scalar_subborrowx_u32(out1: &mut u32, out2: &mut fiat_25519_scalar_u1, arg1: fiat_25519_scalar_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_25519_scalar_i1 = ((x1 >> 32) as fiat_25519_scalar_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_25519_scalar_i2) - (x2 as fiat_25519_scalar_i2)) as fiat_25519_scalar_u1); } /// The function fiat_25519_scalar_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_25519_scalar_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_25519_scalar_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_25519_scalar_cmovznz_u32(out1: &mut u32, arg1: fiat_25519_scalar_u1, arg2: u32, arg3: u32) { let x1: fiat_25519_scalar_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_25519_scalar_i2) - (x1 as fiat_25519_scalar_i2)) as fiat_25519_scalar_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_25519_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_mul(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg2[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg2[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg2[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg2[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg2[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg2[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg2[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg2[0])); let mut x25: u32 = 0; let mut x26: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x40, &mut x41, x23, 0x12547e1b); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x42, &mut x43, x40, 0x10000000); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x44, &mut x45, x40, 0x14def9de); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xa2f79cd6); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x48, &mut x49, x40, 0x5812631a); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x50, &mut x51, x40, 0x5cf5d3ed); let mut x52: u32 = 0; let mut x53: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x52, &mut x53, 0x0, x51, x48); let mut x54: u32 = 0; let mut x55: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x54, &mut x55, x53, x49, x46); let mut x56: u32 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x56, &mut x57, x55, x47, x44); let x58: u32 = ((x57 as u32) + x45); let mut x59: u32 = 0; let mut x60: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x59, &mut x60, 0x0, x23, x50); let mut x61: u32 = 0; let mut x62: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x25, x52); let mut x63: u32 = 0; let mut x64: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x27, x54); let mut x65: u32 = 0; let mut x66: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x29, x56); let mut x67: u32 = 0; let mut x68: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x67, &mut x68, x66, x31, x58); let mut x69: u32 = 0; let mut x70: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x33, (0x0 as u32)); let mut x71: u32 = 0; let mut x72: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x35, (0x0 as u32)); let mut x73: u32 = 0; let mut x74: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x37, x42); let mut x75: u32 = 0; let mut x76: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x39, x43); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x77, &mut x78, x1, (arg2[7])); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x79, &mut x80, x1, (arg2[6])); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x81, &mut x82, x1, (arg2[5])); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x83, &mut x84, x1, (arg2[4])); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x85, &mut x86, x1, (arg2[3])); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x87, &mut x88, x1, (arg2[2])); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x89, &mut x90, x1, (arg2[1])); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg2[0])); let mut x93: u32 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x93, &mut x94, 0x0, x92, x89); let mut x95: u32 = 0; let mut x96: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x95, &mut x96, x94, x90, x87); let mut x97: u32 = 0; let mut x98: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x97, &mut x98, x96, x88, x85); let mut x99: u32 = 0; let mut x100: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x99, &mut x100, x98, x86, x83); let mut x101: u32 = 0; let mut x102: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x101, &mut x102, x100, x84, x81); let mut x103: u32 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x82, x79); let mut x105: u32 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x80, x77); let x107: u32 = ((x106 as u32) + x78); let mut x108: u32 = 0; let mut x109: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x108, &mut x109, 0x0, x61, x91); let mut x110: u32 = 0; let mut x111: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x110, &mut x111, x109, x63, x93); let mut x112: u32 = 0; let mut x113: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x65, x95); let mut x114: u32 = 0; let mut x115: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x67, x97); let mut x116: u32 = 0; let mut x117: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x71, x101); let mut x120: u32 = 0; let mut x121: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x73, x103); let mut x122: u32 = 0; let mut x123: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x124, &mut x125, x123, (x76 as u32), x107); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x126, &mut x127, x108, 0x12547e1b); let mut x128: u32 = 0; let mut x129: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x128, &mut x129, x126, 0x10000000); let mut x130: u32 = 0; let mut x131: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x130, &mut x131, x126, 0x14def9de); let mut x132: u32 = 0; let mut x133: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x132, &mut x133, x126, 0xa2f79cd6); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x134, &mut x135, x126, 0x5812631a); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x136, &mut x137, x126, 0x5cf5d3ed); let mut x138: u32 = 0; let mut x139: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x138, &mut x139, 0x0, x137, x134); let mut x140: u32 = 0; let mut x141: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x140, &mut x141, x139, x135, x132); let mut x142: u32 = 0; let mut x143: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x142, &mut x143, x141, x133, x130); let x144: u32 = ((x143 as u32) + x131); let mut x145: u32 = 0; let mut x146: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x145, &mut x146, 0x0, x108, x136); let mut x147: u32 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x147, &mut x148, x146, x110, x138); let mut x149: u32 = 0; let mut x150: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x149, &mut x150, x148, x112, x140); let mut x151: u32 = 0; let mut x152: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x151, &mut x152, x150, x114, x142); let mut x153: u32 = 0; let mut x154: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x153, &mut x154, x152, x116, x144); let mut x155: u32 = 0; let mut x156: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x155, &mut x156, x154, x118, (0x0 as u32)); let mut x157: u32 = 0; let mut x158: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x157, &mut x158, x156, x120, (0x0 as u32)); let mut x159: u32 = 0; let mut x160: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x159, &mut x160, x158, x122, x128); let mut x161: u32 = 0; let mut x162: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x124, x129); let x163: u32 = ((x162 as u32) + (x125 as u32)); let mut x164: u32 = 0; let mut x165: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x164, &mut x165, x2, (arg2[7])); let mut x166: u32 = 0; let mut x167: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x166, &mut x167, x2, (arg2[6])); let mut x168: u32 = 0; let mut x169: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x168, &mut x169, x2, (arg2[5])); let mut x170: u32 = 0; let mut x171: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x170, &mut x171, x2, (arg2[4])); let mut x172: u32 = 0; let mut x173: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x172, &mut x173, x2, (arg2[3])); let mut x174: u32 = 0; let mut x175: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x174, &mut x175, x2, (arg2[2])); let mut x176: u32 = 0; let mut x177: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x176, &mut x177, x2, (arg2[1])); let mut x178: u32 = 0; let mut x179: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x178, &mut x179, x2, (arg2[0])); let mut x180: u32 = 0; let mut x181: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x180, &mut x181, 0x0, x179, x176); let mut x182: u32 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x177, x174); let mut x184: u32 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x175, x172); let mut x186: u32 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x173, x170); let mut x188: u32 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x171, x168); let mut x190: u32 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x169, x166); let mut x192: u32 = 0; let mut x193: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x167, x164); let x194: u32 = ((x193 as u32) + x165); let mut x195: u32 = 0; let mut x196: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x195, &mut x196, 0x0, x147, x178); let mut x197: u32 = 0; let mut x198: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x197, &mut x198, x196, x149, x180); let mut x199: u32 = 0; let mut x200: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x199, &mut x200, x198, x151, x182); let mut x201: u32 = 0; let mut x202: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x201, &mut x202, x200, x153, x184); let mut x203: u32 = 0; let mut x204: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x203, &mut x204, x202, x155, x186); let mut x205: u32 = 0; let mut x206: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x205, &mut x206, x204, x157, x188); let mut x207: u32 = 0; let mut x208: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x207, &mut x208, x206, x159, x190); let mut x209: u32 = 0; let mut x210: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x209, &mut x210, x208, x161, x192); let mut x211: u32 = 0; let mut x212: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x211, &mut x212, x210, x163, x194); let mut x213: u32 = 0; let mut x214: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x213, &mut x214, x195, 0x12547e1b); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x215, &mut x216, x213, 0x10000000); let mut x217: u32 = 0; let mut x218: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x217, &mut x218, x213, 0x14def9de); let mut x219: u32 = 0; let mut x220: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x219, &mut x220, x213, 0xa2f79cd6); let mut x221: u32 = 0; let mut x222: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x221, &mut x222, x213, 0x5812631a); let mut x223: u32 = 0; let mut x224: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x223, &mut x224, x213, 0x5cf5d3ed); let mut x225: u32 = 0; let mut x226: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x225, &mut x226, 0x0, x224, x221); let mut x227: u32 = 0; let mut x228: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x222, x219); let mut x229: u32 = 0; let mut x230: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x220, x217); let x231: u32 = ((x230 as u32) + x218); let mut x232: u32 = 0; let mut x233: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x232, &mut x233, 0x0, x195, x223); let mut x234: u32 = 0; let mut x235: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x197, x225); let mut x236: u32 = 0; let mut x237: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x199, x227); let mut x238: u32 = 0; let mut x239: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x201, x229); let mut x240: u32 = 0; let mut x241: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x203, x231); let mut x242: u32 = 0; let mut x243: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x205, (0x0 as u32)); let mut x244: u32 = 0; let mut x245: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x207, (0x0 as u32)); let mut x246: u32 = 0; let mut x247: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x246, &mut x247, x245, x209, x215); let mut x248: u32 = 0; let mut x249: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x211, x216); let x250: u32 = ((x249 as u32) + (x212 as u32)); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x251, &mut x252, x3, (arg2[7])); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x253, &mut x254, x3, (arg2[6])); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x255, &mut x256, x3, (arg2[5])); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x257, &mut x258, x3, (arg2[4])); let mut x259: u32 = 0; let mut x260: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x259, &mut x260, x3, (arg2[3])); let mut x261: u32 = 0; let mut x262: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x261, &mut x262, x3, (arg2[2])); let mut x263: u32 = 0; let mut x264: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x263, &mut x264, x3, (arg2[1])); let mut x265: u32 = 0; let mut x266: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x265, &mut x266, x3, (arg2[0])); let mut x267: u32 = 0; let mut x268: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x267, &mut x268, 0x0, x266, x263); let mut x269: u32 = 0; let mut x270: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x264, x261); let mut x271: u32 = 0; let mut x272: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x262, x259); let mut x273: u32 = 0; let mut x274: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x260, x257); let mut x275: u32 = 0; let mut x276: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x258, x255); let mut x277: u32 = 0; let mut x278: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x277, &mut x278, x276, x256, x253); let mut x279: u32 = 0; let mut x280: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x279, &mut x280, x278, x254, x251); let x281: u32 = ((x280 as u32) + x252); let mut x282: u32 = 0; let mut x283: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x282, &mut x283, 0x0, x234, x265); let mut x284: u32 = 0; let mut x285: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x236, x267); let mut x286: u32 = 0; let mut x287: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x238, x269); let mut x288: u32 = 0; let mut x289: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x240, x271); let mut x290: u32 = 0; let mut x291: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x242, x273); let mut x292: u32 = 0; let mut x293: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x244, x275); let mut x294: u32 = 0; let mut x295: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x294, &mut x295, x293, x246, x277); let mut x296: u32 = 0; let mut x297: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x296, &mut x297, x295, x248, x279); let mut x298: u32 = 0; let mut x299: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x298, &mut x299, x297, x250, x281); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x300, &mut x301, x282, 0x12547e1b); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x302, &mut x303, x300, 0x10000000); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x304, &mut x305, x300, 0x14def9de); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x306, &mut x307, x300, 0xa2f79cd6); let mut x308: u32 = 0; let mut x309: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x308, &mut x309, x300, 0x5812631a); let mut x310: u32 = 0; let mut x311: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x310, &mut x311, x300, 0x5cf5d3ed); let mut x312: u32 = 0; let mut x313: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u32 = 0; let mut x315: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x309, x306); let mut x316: u32 = 0; let mut x317: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x307, x304); let x318: u32 = ((x317 as u32) + x305); let mut x319: u32 = 0; let mut x320: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x319, &mut x320, 0x0, x282, x310); let mut x321: u32 = 0; let mut x322: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x284, x312); let mut x323: u32 = 0; let mut x324: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x323, &mut x324, x322, x286, x314); let mut x325: u32 = 0; let mut x326: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x325, &mut x326, x324, x288, x316); let mut x327: u32 = 0; let mut x328: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x327, &mut x328, x326, x290, x318); let mut x329: u32 = 0; let mut x330: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x329, &mut x330, x328, x292, (0x0 as u32)); let mut x331: u32 = 0; let mut x332: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x331, &mut x332, x330, x294, (0x0 as u32)); let mut x333: u32 = 0; let mut x334: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x296, x302); let mut x335: u32 = 0; let mut x336: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x298, x303); let x337: u32 = ((x336 as u32) + (x299 as u32)); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x338, &mut x339, x4, (arg2[7])); let mut x340: u32 = 0; let mut x341: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x340, &mut x341, x4, (arg2[6])); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x342, &mut x343, x4, (arg2[5])); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x344, &mut x345, x4, (arg2[4])); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x346, &mut x347, x4, (arg2[3])); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x348, &mut x349, x4, (arg2[2])); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x350, &mut x351, x4, (arg2[1])); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x352, &mut x353, x4, (arg2[0])); let mut x354: u32 = 0; let mut x355: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x354, &mut x355, 0x0, x353, x350); let mut x356: u32 = 0; let mut x357: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x356, &mut x357, x355, x351, x348); let mut x358: u32 = 0; let mut x359: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x358, &mut x359, x357, x349, x346); let mut x360: u32 = 0; let mut x361: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x360, &mut x361, x359, x347, x344); let mut x362: u32 = 0; let mut x363: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x345, x342); let mut x364: u32 = 0; let mut x365: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x364, &mut x365, x363, x343, x340); let mut x366: u32 = 0; let mut x367: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x341, x338); let x368: u32 = ((x367 as u32) + x339); let mut x369: u32 = 0; let mut x370: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x369, &mut x370, 0x0, x321, x352); let mut x371: u32 = 0; let mut x372: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x371, &mut x372, x370, x323, x354); let mut x373: u32 = 0; let mut x374: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x373, &mut x374, x372, x325, x356); let mut x375: u32 = 0; let mut x376: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x375, &mut x376, x374, x327, x358); let mut x377: u32 = 0; let mut x378: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x329, x360); let mut x379: u32 = 0; let mut x380: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x331, x362); let mut x381: u32 = 0; let mut x382: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x333, x364); let mut x383: u32 = 0; let mut x384: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x335, x366); let mut x385: u32 = 0; let mut x386: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x337, x368); let mut x387: u32 = 0; let mut x388: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x387, &mut x388, x369, 0x12547e1b); let mut x389: u32 = 0; let mut x390: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x389, &mut x390, x387, 0x10000000); let mut x391: u32 = 0; let mut x392: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x391, &mut x392, x387, 0x14def9de); let mut x393: u32 = 0; let mut x394: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x393, &mut x394, x387, 0xa2f79cd6); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x395, &mut x396, x387, 0x5812631a); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x397, &mut x398, x387, 0x5cf5d3ed); let mut x399: u32 = 0; let mut x400: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x399, &mut x400, 0x0, x398, x395); let mut x401: u32 = 0; let mut x402: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x396, x393); let mut x403: u32 = 0; let mut x404: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x394, x391); let x405: u32 = ((x404 as u32) + x392); let mut x406: u32 = 0; let mut x407: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x406, &mut x407, 0x0, x369, x397); let mut x408: u32 = 0; let mut x409: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x408, &mut x409, x407, x371, x399); let mut x410: u32 = 0; let mut x411: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x410, &mut x411, x409, x373, x401); let mut x412: u32 = 0; let mut x413: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x375, x403); let mut x414: u32 = 0; let mut x415: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x377, x405); let mut x416: u32 = 0; let mut x417: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x379, (0x0 as u32)); let mut x418: u32 = 0; let mut x419: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x381, (0x0 as u32)); let mut x420: u32 = 0; let mut x421: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x383, x389); let mut x422: u32 = 0; let mut x423: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x385, x390); let x424: u32 = ((x423 as u32) + (x386 as u32)); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x425, &mut x426, x5, (arg2[7])); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x427, &mut x428, x5, (arg2[6])); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x429, &mut x430, x5, (arg2[5])); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x431, &mut x432, x5, (arg2[4])); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x433, &mut x434, x5, (arg2[3])); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x435, &mut x436, x5, (arg2[2])); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x437, &mut x438, x5, (arg2[1])); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x439, &mut x440, x5, (arg2[0])); let mut x441: u32 = 0; let mut x442: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x441, &mut x442, 0x0, x440, x437); let mut x443: u32 = 0; let mut x444: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x443, &mut x444, x442, x438, x435); let mut x445: u32 = 0; let mut x446: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x445, &mut x446, x444, x436, x433); let mut x447: u32 = 0; let mut x448: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x447, &mut x448, x446, x434, x431); let mut x449: u32 = 0; let mut x450: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x449, &mut x450, x448, x432, x429); let mut x451: u32 = 0; let mut x452: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x451, &mut x452, x450, x430, x427); let mut x453: u32 = 0; let mut x454: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x453, &mut x454, x452, x428, x425); let x455: u32 = ((x454 as u32) + x426); let mut x456: u32 = 0; let mut x457: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x456, &mut x457, 0x0, x408, x439); let mut x458: u32 = 0; let mut x459: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x410, x441); let mut x460: u32 = 0; let mut x461: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x412, x443); let mut x462: u32 = 0; let mut x463: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x414, x445); let mut x464: u32 = 0; let mut x465: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x464, &mut x465, x463, x416, x447); let mut x466: u32 = 0; let mut x467: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x466, &mut x467, x465, x418, x449); let mut x468: u32 = 0; let mut x469: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x468, &mut x469, x467, x420, x451); let mut x470: u32 = 0; let mut x471: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x470, &mut x471, x469, x422, x453); let mut x472: u32 = 0; let mut x473: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x472, &mut x473, x471, x424, x455); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x474, &mut x475, x456, 0x12547e1b); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x476, &mut x477, x474, 0x10000000); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x478, &mut x479, x474, 0x14def9de); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x480, &mut x481, x474, 0xa2f79cd6); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x482, &mut x483, x474, 0x5812631a); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x484, &mut x485, x474, 0x5cf5d3ed); let mut x486: u32 = 0; let mut x487: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x486, &mut x487, 0x0, x485, x482); let mut x488: u32 = 0; let mut x489: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x483, x480); let mut x490: u32 = 0; let mut x491: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x481, x478); let x492: u32 = ((x491 as u32) + x479); let mut x493: u32 = 0; let mut x494: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x493, &mut x494, 0x0, x456, x484); let mut x495: u32 = 0; let mut x496: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x495, &mut x496, x494, x458, x486); let mut x497: u32 = 0; let mut x498: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x497, &mut x498, x496, x460, x488); let mut x499: u32 = 0; let mut x500: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x499, &mut x500, x498, x462, x490); let mut x501: u32 = 0; let mut x502: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x501, &mut x502, x500, x464, x492); let mut x503: u32 = 0; let mut x504: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x503, &mut x504, x502, x466, (0x0 as u32)); let mut x505: u32 = 0; let mut x506: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x505, &mut x506, x504, x468, (0x0 as u32)); let mut x507: u32 = 0; let mut x508: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x507, &mut x508, x506, x470, x476); let mut x509: u32 = 0; let mut x510: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x509, &mut x510, x508, x472, x477); let x511: u32 = ((x510 as u32) + (x473 as u32)); let mut x512: u32 = 0; let mut x513: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x512, &mut x513, x6, (arg2[7])); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x514, &mut x515, x6, (arg2[6])); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x516, &mut x517, x6, (arg2[5])); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x518, &mut x519, x6, (arg2[4])); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x520, &mut x521, x6, (arg2[3])); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x522, &mut x523, x6, (arg2[2])); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x524, &mut x525, x6, (arg2[1])); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x526, &mut x527, x6, (arg2[0])); let mut x528: u32 = 0; let mut x529: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x528, &mut x529, 0x0, x527, x524); let mut x530: u32 = 0; let mut x531: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x530, &mut x531, x529, x525, x522); let mut x532: u32 = 0; let mut x533: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x523, x520); let mut x534: u32 = 0; let mut x535: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x521, x518); let mut x536: u32 = 0; let mut x537: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x519, x516); let mut x538: u32 = 0; let mut x539: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x517, x514); let mut x540: u32 = 0; let mut x541: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x515, x512); let x542: u32 = ((x541 as u32) + x513); let mut x543: u32 = 0; let mut x544: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x543, &mut x544, 0x0, x495, x526); let mut x545: u32 = 0; let mut x546: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x497, x528); let mut x547: u32 = 0; let mut x548: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x499, x530); let mut x549: u32 = 0; let mut x550: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x501, x532); let mut x551: u32 = 0; let mut x552: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x503, x534); let mut x553: u32 = 0; let mut x554: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x505, x536); let mut x555: u32 = 0; let mut x556: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x507, x538); let mut x557: u32 = 0; let mut x558: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x509, x540); let mut x559: u32 = 0; let mut x560: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x511, x542); let mut x561: u32 = 0; let mut x562: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x561, &mut x562, x543, 0x12547e1b); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x563, &mut x564, x561, 0x10000000); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x565, &mut x566, x561, 0x14def9de); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x567, &mut x568, x561, 0xa2f79cd6); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x569, &mut x570, x561, 0x5812631a); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x571, &mut x572, x561, 0x5cf5d3ed); let mut x573: u32 = 0; let mut x574: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x573, &mut x574, 0x0, x572, x569); let mut x575: u32 = 0; let mut x576: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x570, x567); let mut x577: u32 = 0; let mut x578: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x568, x565); let x579: u32 = ((x578 as u32) + x566); let mut x580: u32 = 0; let mut x581: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x580, &mut x581, 0x0, x543, x571); let mut x582: u32 = 0; let mut x583: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x582, &mut x583, x581, x545, x573); let mut x584: u32 = 0; let mut x585: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x584, &mut x585, x583, x547, x575); let mut x586: u32 = 0; let mut x587: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x586, &mut x587, x585, x549, x577); let mut x588: u32 = 0; let mut x589: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x588, &mut x589, x587, x551, x579); let mut x590: u32 = 0; let mut x591: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x590, &mut x591, x589, x553, (0x0 as u32)); let mut x592: u32 = 0; let mut x593: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x592, &mut x593, x591, x555, (0x0 as u32)); let mut x594: u32 = 0; let mut x595: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x594, &mut x595, x593, x557, x563); let mut x596: u32 = 0; let mut x597: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x596, &mut x597, x595, x559, x564); let x598: u32 = ((x597 as u32) + (x560 as u32)); let mut x599: u32 = 0; let mut x600: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x599, &mut x600, x7, (arg2[7])); let mut x601: u32 = 0; let mut x602: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x601, &mut x602, x7, (arg2[6])); let mut x603: u32 = 0; let mut x604: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x603, &mut x604, x7, (arg2[5])); let mut x605: u32 = 0; let mut x606: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x605, &mut x606, x7, (arg2[4])); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x607, &mut x608, x7, (arg2[3])); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x609, &mut x610, x7, (arg2[2])); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x611, &mut x612, x7, (arg2[1])); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x613, &mut x614, x7, (arg2[0])); let mut x615: u32 = 0; let mut x616: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x615, &mut x616, 0x0, x614, x611); let mut x617: u32 = 0; let mut x618: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x617, &mut x618, x616, x612, x609); let mut x619: u32 = 0; let mut x620: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x619, &mut x620, x618, x610, x607); let mut x621: u32 = 0; let mut x622: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x621, &mut x622, x620, x608, x605); let mut x623: u32 = 0; let mut x624: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x623, &mut x624, x622, x606, x603); let mut x625: u32 = 0; let mut x626: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x625, &mut x626, x624, x604, x601); let mut x627: u32 = 0; let mut x628: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x602, x599); let x629: u32 = ((x628 as u32) + x600); let mut x630: u32 = 0; let mut x631: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x630, &mut x631, 0x0, x582, x613); let mut x632: u32 = 0; let mut x633: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x632, &mut x633, x631, x584, x615); let mut x634: u32 = 0; let mut x635: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x634, &mut x635, x633, x586, x617); let mut x636: u32 = 0; let mut x637: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x636, &mut x637, x635, x588, x619); let mut x638: u32 = 0; let mut x639: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x638, &mut x639, x637, x590, x621); let mut x640: u32 = 0; let mut x641: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x640, &mut x641, x639, x592, x623); let mut x642: u32 = 0; let mut x643: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x642, &mut x643, x641, x594, x625); let mut x644: u32 = 0; let mut x645: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x644, &mut x645, x643, x596, x627); let mut x646: u32 = 0; let mut x647: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x646, &mut x647, x645, x598, x629); let mut x648: u32 = 0; let mut x649: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x648, &mut x649, x630, 0x12547e1b); let mut x650: u32 = 0; let mut x651: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x650, &mut x651, x648, 0x10000000); let mut x652: u32 = 0; let mut x653: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x652, &mut x653, x648, 0x14def9de); let mut x654: u32 = 0; let mut x655: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x654, &mut x655, x648, 0xa2f79cd6); let mut x656: u32 = 0; let mut x657: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x656, &mut x657, x648, 0x5812631a); let mut x658: u32 = 0; let mut x659: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x658, &mut x659, x648, 0x5cf5d3ed); let mut x660: u32 = 0; let mut x661: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x660, &mut x661, 0x0, x659, x656); let mut x662: u32 = 0; let mut x663: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x662, &mut x663, x661, x657, x654); let mut x664: u32 = 0; let mut x665: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x664, &mut x665, x663, x655, x652); let x666: u32 = ((x665 as u32) + x653); let mut x667: u32 = 0; let mut x668: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x667, &mut x668, 0x0, x630, x658); let mut x669: u32 = 0; let mut x670: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x669, &mut x670, x668, x632, x660); let mut x671: u32 = 0; let mut x672: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x671, &mut x672, x670, x634, x662); let mut x673: u32 = 0; let mut x674: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x636, x664); let mut x675: u32 = 0; let mut x676: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x638, x666); let mut x677: u32 = 0; let mut x678: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x677, &mut x678, x676, x640, (0x0 as u32)); let mut x679: u32 = 0; let mut x680: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x679, &mut x680, x678, x642, (0x0 as u32)); let mut x681: u32 = 0; let mut x682: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x681, &mut x682, x680, x644, x650); let mut x683: u32 = 0; let mut x684: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x646, x651); let x685: u32 = ((x684 as u32) + (x647 as u32)); let mut x686: u32 = 0; let mut x687: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x686, &mut x687, 0x0, x669, 0x5cf5d3ed); let mut x688: u32 = 0; let mut x689: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x688, &mut x689, x687, x671, 0x5812631a); let mut x690: u32 = 0; let mut x691: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x690, &mut x691, x689, x673, 0xa2f79cd6); let mut x692: u32 = 0; let mut x693: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x692, &mut x693, x691, x675, 0x14def9de); let mut x694: u32 = 0; let mut x695: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x694, &mut x695, x693, x677, (0x0 as u32)); let mut x696: u32 = 0; let mut x697: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x696, &mut x697, x695, x679, (0x0 as u32)); let mut x698: u32 = 0; let mut x699: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x698, &mut x699, x697, x681, (0x0 as u32)); let mut x700: u32 = 0; let mut x701: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x700, &mut x701, x699, x683, 0x10000000); let mut x702: u32 = 0; let mut x703: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x702, &mut x703, x701, x685, (0x0 as u32)); let mut x704: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x704, x703, x686, x669); let mut x705: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x705, x703, x688, x671); let mut x706: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x706, x703, x690, x673); let mut x707: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x707, x703, x692, x675); let mut x708: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x708, x703, x694, x677); let mut x709: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x709, x703, x696, x679); let mut x710: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x710, x703, x698, x681); let mut x711: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x711, x703, x700, x683); out1[0] = x704; out1[1] = x705; out1[2] = x706; out1[3] = x707; out1[4] = x708; out1[5] = x709; out1[6] = x710; out1[7] = x711; } /// The function fiat_25519_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_square(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg1[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg1[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg1[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg1[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg1[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg1[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg1[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg1[0])); let mut x25: u32 = 0; let mut x26: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x40, &mut x41, x23, 0x12547e1b); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x42, &mut x43, x40, 0x10000000); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x44, &mut x45, x40, 0x14def9de); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xa2f79cd6); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x48, &mut x49, x40, 0x5812631a); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x50, &mut x51, x40, 0x5cf5d3ed); let mut x52: u32 = 0; let mut x53: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x52, &mut x53, 0x0, x51, x48); let mut x54: u32 = 0; let mut x55: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x54, &mut x55, x53, x49, x46); let mut x56: u32 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x56, &mut x57, x55, x47, x44); let x58: u32 = ((x57 as u32) + x45); let mut x59: u32 = 0; let mut x60: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x59, &mut x60, 0x0, x23, x50); let mut x61: u32 = 0; let mut x62: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x25, x52); let mut x63: u32 = 0; let mut x64: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x27, x54); let mut x65: u32 = 0; let mut x66: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x29, x56); let mut x67: u32 = 0; let mut x68: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x67, &mut x68, x66, x31, x58); let mut x69: u32 = 0; let mut x70: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x33, (0x0 as u32)); let mut x71: u32 = 0; let mut x72: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x35, (0x0 as u32)); let mut x73: u32 = 0; let mut x74: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x37, x42); let mut x75: u32 = 0; let mut x76: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x39, x43); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x77, &mut x78, x1, (arg1[7])); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x79, &mut x80, x1, (arg1[6])); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x81, &mut x82, x1, (arg1[5])); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x83, &mut x84, x1, (arg1[4])); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x85, &mut x86, x1, (arg1[3])); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x87, &mut x88, x1, (arg1[2])); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x89, &mut x90, x1, (arg1[1])); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg1[0])); let mut x93: u32 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x93, &mut x94, 0x0, x92, x89); let mut x95: u32 = 0; let mut x96: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x95, &mut x96, x94, x90, x87); let mut x97: u32 = 0; let mut x98: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x97, &mut x98, x96, x88, x85); let mut x99: u32 = 0; let mut x100: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x99, &mut x100, x98, x86, x83); let mut x101: u32 = 0; let mut x102: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x101, &mut x102, x100, x84, x81); let mut x103: u32 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x82, x79); let mut x105: u32 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x80, x77); let x107: u32 = ((x106 as u32) + x78); let mut x108: u32 = 0; let mut x109: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x108, &mut x109, 0x0, x61, x91); let mut x110: u32 = 0; let mut x111: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x110, &mut x111, x109, x63, x93); let mut x112: u32 = 0; let mut x113: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x65, x95); let mut x114: u32 = 0; let mut x115: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x67, x97); let mut x116: u32 = 0; let mut x117: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x71, x101); let mut x120: u32 = 0; let mut x121: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x73, x103); let mut x122: u32 = 0; let mut x123: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x124, &mut x125, x123, (x76 as u32), x107); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x126, &mut x127, x108, 0x12547e1b); let mut x128: u32 = 0; let mut x129: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x128, &mut x129, x126, 0x10000000); let mut x130: u32 = 0; let mut x131: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x130, &mut x131, x126, 0x14def9de); let mut x132: u32 = 0; let mut x133: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x132, &mut x133, x126, 0xa2f79cd6); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x134, &mut x135, x126, 0x5812631a); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x136, &mut x137, x126, 0x5cf5d3ed); let mut x138: u32 = 0; let mut x139: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x138, &mut x139, 0x0, x137, x134); let mut x140: u32 = 0; let mut x141: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x140, &mut x141, x139, x135, x132); let mut x142: u32 = 0; let mut x143: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x142, &mut x143, x141, x133, x130); let x144: u32 = ((x143 as u32) + x131); let mut x145: u32 = 0; let mut x146: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x145, &mut x146, 0x0, x108, x136); let mut x147: u32 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x147, &mut x148, x146, x110, x138); let mut x149: u32 = 0; let mut x150: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x149, &mut x150, x148, x112, x140); let mut x151: u32 = 0; let mut x152: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x151, &mut x152, x150, x114, x142); let mut x153: u32 = 0; let mut x154: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x153, &mut x154, x152, x116, x144); let mut x155: u32 = 0; let mut x156: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x155, &mut x156, x154, x118, (0x0 as u32)); let mut x157: u32 = 0; let mut x158: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x157, &mut x158, x156, x120, (0x0 as u32)); let mut x159: u32 = 0; let mut x160: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x159, &mut x160, x158, x122, x128); let mut x161: u32 = 0; let mut x162: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x124, x129); let x163: u32 = ((x162 as u32) + (x125 as u32)); let mut x164: u32 = 0; let mut x165: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x164, &mut x165, x2, (arg1[7])); let mut x166: u32 = 0; let mut x167: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x166, &mut x167, x2, (arg1[6])); let mut x168: u32 = 0; let mut x169: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x168, &mut x169, x2, (arg1[5])); let mut x170: u32 = 0; let mut x171: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x170, &mut x171, x2, (arg1[4])); let mut x172: u32 = 0; let mut x173: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x172, &mut x173, x2, (arg1[3])); let mut x174: u32 = 0; let mut x175: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x174, &mut x175, x2, (arg1[2])); let mut x176: u32 = 0; let mut x177: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x176, &mut x177, x2, (arg1[1])); let mut x178: u32 = 0; let mut x179: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x178, &mut x179, x2, (arg1[0])); let mut x180: u32 = 0; let mut x181: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x180, &mut x181, 0x0, x179, x176); let mut x182: u32 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x177, x174); let mut x184: u32 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x175, x172); let mut x186: u32 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x173, x170); let mut x188: u32 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x171, x168); let mut x190: u32 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x169, x166); let mut x192: u32 = 0; let mut x193: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x167, x164); let x194: u32 = ((x193 as u32) + x165); let mut x195: u32 = 0; let mut x196: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x195, &mut x196, 0x0, x147, x178); let mut x197: u32 = 0; let mut x198: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x197, &mut x198, x196, x149, x180); let mut x199: u32 = 0; let mut x200: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x199, &mut x200, x198, x151, x182); let mut x201: u32 = 0; let mut x202: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x201, &mut x202, x200, x153, x184); let mut x203: u32 = 0; let mut x204: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x203, &mut x204, x202, x155, x186); let mut x205: u32 = 0; let mut x206: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x205, &mut x206, x204, x157, x188); let mut x207: u32 = 0; let mut x208: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x207, &mut x208, x206, x159, x190); let mut x209: u32 = 0; let mut x210: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x209, &mut x210, x208, x161, x192); let mut x211: u32 = 0; let mut x212: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x211, &mut x212, x210, x163, x194); let mut x213: u32 = 0; let mut x214: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x213, &mut x214, x195, 0x12547e1b); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x215, &mut x216, x213, 0x10000000); let mut x217: u32 = 0; let mut x218: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x217, &mut x218, x213, 0x14def9de); let mut x219: u32 = 0; let mut x220: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x219, &mut x220, x213, 0xa2f79cd6); let mut x221: u32 = 0; let mut x222: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x221, &mut x222, x213, 0x5812631a); let mut x223: u32 = 0; let mut x224: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x223, &mut x224, x213, 0x5cf5d3ed); let mut x225: u32 = 0; let mut x226: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x225, &mut x226, 0x0, x224, x221); let mut x227: u32 = 0; let mut x228: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x222, x219); let mut x229: u32 = 0; let mut x230: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x220, x217); let x231: u32 = ((x230 as u32) + x218); let mut x232: u32 = 0; let mut x233: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x232, &mut x233, 0x0, x195, x223); let mut x234: u32 = 0; let mut x235: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x197, x225); let mut x236: u32 = 0; let mut x237: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x199, x227); let mut x238: u32 = 0; let mut x239: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x201, x229); let mut x240: u32 = 0; let mut x241: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x203, x231); let mut x242: u32 = 0; let mut x243: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x205, (0x0 as u32)); let mut x244: u32 = 0; let mut x245: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x207, (0x0 as u32)); let mut x246: u32 = 0; let mut x247: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x246, &mut x247, x245, x209, x215); let mut x248: u32 = 0; let mut x249: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x211, x216); let x250: u32 = ((x249 as u32) + (x212 as u32)); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x251, &mut x252, x3, (arg1[7])); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x253, &mut x254, x3, (arg1[6])); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x255, &mut x256, x3, (arg1[5])); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x257, &mut x258, x3, (arg1[4])); let mut x259: u32 = 0; let mut x260: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x259, &mut x260, x3, (arg1[3])); let mut x261: u32 = 0; let mut x262: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x261, &mut x262, x3, (arg1[2])); let mut x263: u32 = 0; let mut x264: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x263, &mut x264, x3, (arg1[1])); let mut x265: u32 = 0; let mut x266: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x265, &mut x266, x3, (arg1[0])); let mut x267: u32 = 0; let mut x268: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x267, &mut x268, 0x0, x266, x263); let mut x269: u32 = 0; let mut x270: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x264, x261); let mut x271: u32 = 0; let mut x272: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x262, x259); let mut x273: u32 = 0; let mut x274: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x260, x257); let mut x275: u32 = 0; let mut x276: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x258, x255); let mut x277: u32 = 0; let mut x278: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x277, &mut x278, x276, x256, x253); let mut x279: u32 = 0; let mut x280: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x279, &mut x280, x278, x254, x251); let x281: u32 = ((x280 as u32) + x252); let mut x282: u32 = 0; let mut x283: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x282, &mut x283, 0x0, x234, x265); let mut x284: u32 = 0; let mut x285: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x236, x267); let mut x286: u32 = 0; let mut x287: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x238, x269); let mut x288: u32 = 0; let mut x289: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x240, x271); let mut x290: u32 = 0; let mut x291: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x242, x273); let mut x292: u32 = 0; let mut x293: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x244, x275); let mut x294: u32 = 0; let mut x295: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x294, &mut x295, x293, x246, x277); let mut x296: u32 = 0; let mut x297: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x296, &mut x297, x295, x248, x279); let mut x298: u32 = 0; let mut x299: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x298, &mut x299, x297, x250, x281); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x300, &mut x301, x282, 0x12547e1b); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x302, &mut x303, x300, 0x10000000); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x304, &mut x305, x300, 0x14def9de); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x306, &mut x307, x300, 0xa2f79cd6); let mut x308: u32 = 0; let mut x309: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x308, &mut x309, x300, 0x5812631a); let mut x310: u32 = 0; let mut x311: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x310, &mut x311, x300, 0x5cf5d3ed); let mut x312: u32 = 0; let mut x313: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u32 = 0; let mut x315: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x309, x306); let mut x316: u32 = 0; let mut x317: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x307, x304); let x318: u32 = ((x317 as u32) + x305); let mut x319: u32 = 0; let mut x320: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x319, &mut x320, 0x0, x282, x310); let mut x321: u32 = 0; let mut x322: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x284, x312); let mut x323: u32 = 0; let mut x324: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x323, &mut x324, x322, x286, x314); let mut x325: u32 = 0; let mut x326: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x325, &mut x326, x324, x288, x316); let mut x327: u32 = 0; let mut x328: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x327, &mut x328, x326, x290, x318); let mut x329: u32 = 0; let mut x330: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x329, &mut x330, x328, x292, (0x0 as u32)); let mut x331: u32 = 0; let mut x332: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x331, &mut x332, x330, x294, (0x0 as u32)); let mut x333: u32 = 0; let mut x334: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x296, x302); let mut x335: u32 = 0; let mut x336: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x298, x303); let x337: u32 = ((x336 as u32) + (x299 as u32)); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x338, &mut x339, x4, (arg1[7])); let mut x340: u32 = 0; let mut x341: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x340, &mut x341, x4, (arg1[6])); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x342, &mut x343, x4, (arg1[5])); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x344, &mut x345, x4, (arg1[4])); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x346, &mut x347, x4, (arg1[3])); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x348, &mut x349, x4, (arg1[2])); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x350, &mut x351, x4, (arg1[1])); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x352, &mut x353, x4, (arg1[0])); let mut x354: u32 = 0; let mut x355: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x354, &mut x355, 0x0, x353, x350); let mut x356: u32 = 0; let mut x357: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x356, &mut x357, x355, x351, x348); let mut x358: u32 = 0; let mut x359: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x358, &mut x359, x357, x349, x346); let mut x360: u32 = 0; let mut x361: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x360, &mut x361, x359, x347, x344); let mut x362: u32 = 0; let mut x363: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x345, x342); let mut x364: u32 = 0; let mut x365: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x364, &mut x365, x363, x343, x340); let mut x366: u32 = 0; let mut x367: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x341, x338); let x368: u32 = ((x367 as u32) + x339); let mut x369: u32 = 0; let mut x370: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x369, &mut x370, 0x0, x321, x352); let mut x371: u32 = 0; let mut x372: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x371, &mut x372, x370, x323, x354); let mut x373: u32 = 0; let mut x374: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x373, &mut x374, x372, x325, x356); let mut x375: u32 = 0; let mut x376: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x375, &mut x376, x374, x327, x358); let mut x377: u32 = 0; let mut x378: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x329, x360); let mut x379: u32 = 0; let mut x380: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x331, x362); let mut x381: u32 = 0; let mut x382: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x333, x364); let mut x383: u32 = 0; let mut x384: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x335, x366); let mut x385: u32 = 0; let mut x386: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x337, x368); let mut x387: u32 = 0; let mut x388: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x387, &mut x388, x369, 0x12547e1b); let mut x389: u32 = 0; let mut x390: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x389, &mut x390, x387, 0x10000000); let mut x391: u32 = 0; let mut x392: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x391, &mut x392, x387, 0x14def9de); let mut x393: u32 = 0; let mut x394: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x393, &mut x394, x387, 0xa2f79cd6); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x395, &mut x396, x387, 0x5812631a); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x397, &mut x398, x387, 0x5cf5d3ed); let mut x399: u32 = 0; let mut x400: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x399, &mut x400, 0x0, x398, x395); let mut x401: u32 = 0; let mut x402: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x396, x393); let mut x403: u32 = 0; let mut x404: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x394, x391); let x405: u32 = ((x404 as u32) + x392); let mut x406: u32 = 0; let mut x407: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x406, &mut x407, 0x0, x369, x397); let mut x408: u32 = 0; let mut x409: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x408, &mut x409, x407, x371, x399); let mut x410: u32 = 0; let mut x411: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x410, &mut x411, x409, x373, x401); let mut x412: u32 = 0; let mut x413: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x375, x403); let mut x414: u32 = 0; let mut x415: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x377, x405); let mut x416: u32 = 0; let mut x417: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x379, (0x0 as u32)); let mut x418: u32 = 0; let mut x419: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x381, (0x0 as u32)); let mut x420: u32 = 0; let mut x421: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x383, x389); let mut x422: u32 = 0; let mut x423: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x385, x390); let x424: u32 = ((x423 as u32) + (x386 as u32)); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x425, &mut x426, x5, (arg1[7])); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x427, &mut x428, x5, (arg1[6])); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x429, &mut x430, x5, (arg1[5])); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x431, &mut x432, x5, (arg1[4])); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x433, &mut x434, x5, (arg1[3])); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x435, &mut x436, x5, (arg1[2])); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x437, &mut x438, x5, (arg1[1])); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x439, &mut x440, x5, (arg1[0])); let mut x441: u32 = 0; let mut x442: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x441, &mut x442, 0x0, x440, x437); let mut x443: u32 = 0; let mut x444: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x443, &mut x444, x442, x438, x435); let mut x445: u32 = 0; let mut x446: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x445, &mut x446, x444, x436, x433); let mut x447: u32 = 0; let mut x448: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x447, &mut x448, x446, x434, x431); let mut x449: u32 = 0; let mut x450: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x449, &mut x450, x448, x432, x429); let mut x451: u32 = 0; let mut x452: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x451, &mut x452, x450, x430, x427); let mut x453: u32 = 0; let mut x454: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x453, &mut x454, x452, x428, x425); let x455: u32 = ((x454 as u32) + x426); let mut x456: u32 = 0; let mut x457: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x456, &mut x457, 0x0, x408, x439); let mut x458: u32 = 0; let mut x459: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x410, x441); let mut x460: u32 = 0; let mut x461: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x412, x443); let mut x462: u32 = 0; let mut x463: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x414, x445); let mut x464: u32 = 0; let mut x465: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x464, &mut x465, x463, x416, x447); let mut x466: u32 = 0; let mut x467: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x466, &mut x467, x465, x418, x449); let mut x468: u32 = 0; let mut x469: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x468, &mut x469, x467, x420, x451); let mut x470: u32 = 0; let mut x471: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x470, &mut x471, x469, x422, x453); let mut x472: u32 = 0; let mut x473: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x472, &mut x473, x471, x424, x455); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x474, &mut x475, x456, 0x12547e1b); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x476, &mut x477, x474, 0x10000000); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x478, &mut x479, x474, 0x14def9de); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x480, &mut x481, x474, 0xa2f79cd6); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x482, &mut x483, x474, 0x5812631a); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x484, &mut x485, x474, 0x5cf5d3ed); let mut x486: u32 = 0; let mut x487: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x486, &mut x487, 0x0, x485, x482); let mut x488: u32 = 0; let mut x489: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x483, x480); let mut x490: u32 = 0; let mut x491: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x481, x478); let x492: u32 = ((x491 as u32) + x479); let mut x493: u32 = 0; let mut x494: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x493, &mut x494, 0x0, x456, x484); let mut x495: u32 = 0; let mut x496: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x495, &mut x496, x494, x458, x486); let mut x497: u32 = 0; let mut x498: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x497, &mut x498, x496, x460, x488); let mut x499: u32 = 0; let mut x500: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x499, &mut x500, x498, x462, x490); let mut x501: u32 = 0; let mut x502: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x501, &mut x502, x500, x464, x492); let mut x503: u32 = 0; let mut x504: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x503, &mut x504, x502, x466, (0x0 as u32)); let mut x505: u32 = 0; let mut x506: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x505, &mut x506, x504, x468, (0x0 as u32)); let mut x507: u32 = 0; let mut x508: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x507, &mut x508, x506, x470, x476); let mut x509: u32 = 0; let mut x510: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x509, &mut x510, x508, x472, x477); let x511: u32 = ((x510 as u32) + (x473 as u32)); let mut x512: u32 = 0; let mut x513: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x512, &mut x513, x6, (arg1[7])); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x514, &mut x515, x6, (arg1[6])); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x516, &mut x517, x6, (arg1[5])); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x518, &mut x519, x6, (arg1[4])); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x520, &mut x521, x6, (arg1[3])); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x522, &mut x523, x6, (arg1[2])); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x524, &mut x525, x6, (arg1[1])); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x526, &mut x527, x6, (arg1[0])); let mut x528: u32 = 0; let mut x529: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x528, &mut x529, 0x0, x527, x524); let mut x530: u32 = 0; let mut x531: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x530, &mut x531, x529, x525, x522); let mut x532: u32 = 0; let mut x533: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x523, x520); let mut x534: u32 = 0; let mut x535: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x521, x518); let mut x536: u32 = 0; let mut x537: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x519, x516); let mut x538: u32 = 0; let mut x539: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x517, x514); let mut x540: u32 = 0; let mut x541: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x515, x512); let x542: u32 = ((x541 as u32) + x513); let mut x543: u32 = 0; let mut x544: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x543, &mut x544, 0x0, x495, x526); let mut x545: u32 = 0; let mut x546: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x497, x528); let mut x547: u32 = 0; let mut x548: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x499, x530); let mut x549: u32 = 0; let mut x550: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x501, x532); let mut x551: u32 = 0; let mut x552: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x503, x534); let mut x553: u32 = 0; let mut x554: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x505, x536); let mut x555: u32 = 0; let mut x556: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x507, x538); let mut x557: u32 = 0; let mut x558: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x509, x540); let mut x559: u32 = 0; let mut x560: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x511, x542); let mut x561: u32 = 0; let mut x562: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x561, &mut x562, x543, 0x12547e1b); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x563, &mut x564, x561, 0x10000000); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x565, &mut x566, x561, 0x14def9de); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x567, &mut x568, x561, 0xa2f79cd6); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x569, &mut x570, x561, 0x5812631a); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x571, &mut x572, x561, 0x5cf5d3ed); let mut x573: u32 = 0; let mut x574: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x573, &mut x574, 0x0, x572, x569); let mut x575: u32 = 0; let mut x576: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x570, x567); let mut x577: u32 = 0; let mut x578: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x568, x565); let x579: u32 = ((x578 as u32) + x566); let mut x580: u32 = 0; let mut x581: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x580, &mut x581, 0x0, x543, x571); let mut x582: u32 = 0; let mut x583: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x582, &mut x583, x581, x545, x573); let mut x584: u32 = 0; let mut x585: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x584, &mut x585, x583, x547, x575); let mut x586: u32 = 0; let mut x587: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x586, &mut x587, x585, x549, x577); let mut x588: u32 = 0; let mut x589: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x588, &mut x589, x587, x551, x579); let mut x590: u32 = 0; let mut x591: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x590, &mut x591, x589, x553, (0x0 as u32)); let mut x592: u32 = 0; let mut x593: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x592, &mut x593, x591, x555, (0x0 as u32)); let mut x594: u32 = 0; let mut x595: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x594, &mut x595, x593, x557, x563); let mut x596: u32 = 0; let mut x597: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x596, &mut x597, x595, x559, x564); let x598: u32 = ((x597 as u32) + (x560 as u32)); let mut x599: u32 = 0; let mut x600: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x599, &mut x600, x7, (arg1[7])); let mut x601: u32 = 0; let mut x602: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x601, &mut x602, x7, (arg1[6])); let mut x603: u32 = 0; let mut x604: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x603, &mut x604, x7, (arg1[5])); let mut x605: u32 = 0; let mut x606: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x605, &mut x606, x7, (arg1[4])); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x607, &mut x608, x7, (arg1[3])); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x609, &mut x610, x7, (arg1[2])); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x611, &mut x612, x7, (arg1[1])); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x613, &mut x614, x7, (arg1[0])); let mut x615: u32 = 0; let mut x616: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x615, &mut x616, 0x0, x614, x611); let mut x617: u32 = 0; let mut x618: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x617, &mut x618, x616, x612, x609); let mut x619: u32 = 0; let mut x620: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x619, &mut x620, x618, x610, x607); let mut x621: u32 = 0; let mut x622: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x621, &mut x622, x620, x608, x605); let mut x623: u32 = 0; let mut x624: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x623, &mut x624, x622, x606, x603); let mut x625: u32 = 0; let mut x626: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x625, &mut x626, x624, x604, x601); let mut x627: u32 = 0; let mut x628: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x602, x599); let x629: u32 = ((x628 as u32) + x600); let mut x630: u32 = 0; let mut x631: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x630, &mut x631, 0x0, x582, x613); let mut x632: u32 = 0; let mut x633: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x632, &mut x633, x631, x584, x615); let mut x634: u32 = 0; let mut x635: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x634, &mut x635, x633, x586, x617); let mut x636: u32 = 0; let mut x637: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x636, &mut x637, x635, x588, x619); let mut x638: u32 = 0; let mut x639: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x638, &mut x639, x637, x590, x621); let mut x640: u32 = 0; let mut x641: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x640, &mut x641, x639, x592, x623); let mut x642: u32 = 0; let mut x643: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x642, &mut x643, x641, x594, x625); let mut x644: u32 = 0; let mut x645: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x644, &mut x645, x643, x596, x627); let mut x646: u32 = 0; let mut x647: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x646, &mut x647, x645, x598, x629); let mut x648: u32 = 0; let mut x649: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x648, &mut x649, x630, 0x12547e1b); let mut x650: u32 = 0; let mut x651: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x650, &mut x651, x648, 0x10000000); let mut x652: u32 = 0; let mut x653: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x652, &mut x653, x648, 0x14def9de); let mut x654: u32 = 0; let mut x655: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x654, &mut x655, x648, 0xa2f79cd6); let mut x656: u32 = 0; let mut x657: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x656, &mut x657, x648, 0x5812631a); let mut x658: u32 = 0; let mut x659: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x658, &mut x659, x648, 0x5cf5d3ed); let mut x660: u32 = 0; let mut x661: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x660, &mut x661, 0x0, x659, x656); let mut x662: u32 = 0; let mut x663: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x662, &mut x663, x661, x657, x654); let mut x664: u32 = 0; let mut x665: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x664, &mut x665, x663, x655, x652); let x666: u32 = ((x665 as u32) + x653); let mut x667: u32 = 0; let mut x668: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x667, &mut x668, 0x0, x630, x658); let mut x669: u32 = 0; let mut x670: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x669, &mut x670, x668, x632, x660); let mut x671: u32 = 0; let mut x672: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x671, &mut x672, x670, x634, x662); let mut x673: u32 = 0; let mut x674: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x636, x664); let mut x675: u32 = 0; let mut x676: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x638, x666); let mut x677: u32 = 0; let mut x678: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x677, &mut x678, x676, x640, (0x0 as u32)); let mut x679: u32 = 0; let mut x680: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x679, &mut x680, x678, x642, (0x0 as u32)); let mut x681: u32 = 0; let mut x682: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x681, &mut x682, x680, x644, x650); let mut x683: u32 = 0; let mut x684: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x646, x651); let x685: u32 = ((x684 as u32) + (x647 as u32)); let mut x686: u32 = 0; let mut x687: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x686, &mut x687, 0x0, x669, 0x5cf5d3ed); let mut x688: u32 = 0; let mut x689: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x688, &mut x689, x687, x671, 0x5812631a); let mut x690: u32 = 0; let mut x691: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x690, &mut x691, x689, x673, 0xa2f79cd6); let mut x692: u32 = 0; let mut x693: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x692, &mut x693, x691, x675, 0x14def9de); let mut x694: u32 = 0; let mut x695: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x694, &mut x695, x693, x677, (0x0 as u32)); let mut x696: u32 = 0; let mut x697: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x696, &mut x697, x695, x679, (0x0 as u32)); let mut x698: u32 = 0; let mut x699: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x698, &mut x699, x697, x681, (0x0 as u32)); let mut x700: u32 = 0; let mut x701: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x700, &mut x701, x699, x683, 0x10000000); let mut x702: u32 = 0; let mut x703: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x702, &mut x703, x701, x685, (0x0 as u32)); let mut x704: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x704, x703, x686, x669); let mut x705: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x705, x703, x688, x671); let mut x706: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x706, x703, x690, x673); let mut x707: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x707, x703, x692, x675); let mut x708: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x708, x703, x694, x677); let mut x709: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x709, x703, x696, x679); let mut x710: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x710, x703, x698, x681); let mut x711: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x711, x703, x700, x683); out1[0] = x704; out1[1] = x705; out1[2] = x706; out1[3] = x707; out1[4] = x708; out1[5] = x709; out1[6] = x710; out1[7] = x711; } /// The function fiat_25519_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_add(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x17, &mut x18, 0x0, x1, 0x5cf5d3ed); let mut x19: u32 = 0; let mut x20: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x19, &mut x20, x18, x3, 0x5812631a); let mut x21: u32 = 0; let mut x22: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x21, &mut x22, x20, x5, 0xa2f79cd6); let mut x23: u32 = 0; let mut x24: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x23, &mut x24, x22, x7, 0x14def9de); let mut x25: u32 = 0; let mut x26: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x25, &mut x26, x24, x9, (0x0 as u32)); let mut x27: u32 = 0; let mut x28: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x27, &mut x28, x26, x11, (0x0 as u32)); let mut x29: u32 = 0; let mut x30: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x29, &mut x30, x28, x13, (0x0 as u32)); let mut x31: u32 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x31, &mut x32, x30, x15, 0x10000000); let mut x33: u32 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x33, &mut x34, x32, (x16 as u32), (0x0 as u32)); let mut x35: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x35, x34, x17, x1); let mut x36: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x36, x34, x19, x3); let mut x37: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x37, x34, x21, x5); let mut x38: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x38, x34, x23, x7); let mut x39: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x39, x34, x25, x9); let mut x40: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x40, x34, x27, x11); let mut x41: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x41, x34, x29, x13); let mut x42: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x42, x34, x31, x15); out1[0] = x35; out1[1] = x36; out1[2] = x37; out1[3] = x38; out1[4] = x39; out1[5] = x40; out1[6] = x41; out1[7] = x42; } /// The function fiat_25519_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_sub(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0x5cf5d3ed)); let mut x20: u32 = 0; let mut x21: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0x5812631a)); let mut x22: u32 = 0; let mut x23: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xa2f79cd6)); let mut x24: u32 = 0; let mut x25: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0x14def9de)); let mut x26: u32 = 0; let mut x27: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, (0x0 as u32)); let mut x28: u32 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, (x17 & 0x10000000)); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_25519_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_opp(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0x5cf5d3ed)); let mut x20: u32 = 0; let mut x21: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0x5812631a)); let mut x22: u32 = 0; let mut x23: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xa2f79cd6)); let mut x24: u32 = 0; let mut x25: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0x14def9de)); let mut x26: u32 = 0; let mut x27: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, (0x0 as u32)); let mut x28: u32 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, (x17 & 0x10000000)); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_25519_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_from_montgomery(out1: &mut fiat_25519_scalar_non_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x2, &mut x3, x1, 0x12547e1b); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x4, &mut x5, x2, 0x10000000); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x6, &mut x7, x2, 0x14def9de); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x8, &mut x9, x2, 0xa2f79cd6); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x10, &mut x11, x2, 0x5812631a); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x12, &mut x13, x2, 0x5cf5d3ed); let mut x14: u32 = 0; let mut x15: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x14, &mut x15, 0x0, x13, x10); let mut x16: u32 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x16, &mut x17, x15, x11, x8); let mut x18: u32 = 0; let mut x19: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x18, &mut x19, x17, x9, x6); let mut x20: u32 = 0; let mut x21: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x20, &mut x21, 0x0, x1, x12); let mut x22: u32 = 0; let mut x23: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), x14); let mut x24: u32 = 0; let mut x25: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), x16); let mut x26: u32 = 0; let mut x27: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), x18); let mut x28: u32 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x28, &mut x29, 0x0, x22, (arg1[1])); let mut x30: u32 = 0; let mut x31: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x24, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x26, (0x0 as u32)); let mut x34: u32 = 0; let mut x35: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x34, &mut x35, x28, 0x12547e1b); let mut x36: u32 = 0; let mut x37: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x36, &mut x37, x34, 0x10000000); let mut x38: u32 = 0; let mut x39: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x38, &mut x39, x34, 0x14def9de); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x40, &mut x41, x34, 0xa2f79cd6); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x42, &mut x43, x34, 0x5812631a); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x44, &mut x45, x34, 0x5cf5d3ed); let mut x46: u32 = 0; let mut x47: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x46, &mut x47, 0x0, x45, x42); let mut x48: u32 = 0; let mut x49: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x48, &mut x49, x47, x43, x40); let mut x50: u32 = 0; let mut x51: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x50, &mut x51, x49, x41, x38); let mut x52: u32 = 0; let mut x53: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x52, &mut x53, 0x0, x28, x44); let mut x54: u32 = 0; let mut x55: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x54, &mut x55, x53, x30, x46); let mut x56: u32 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x56, &mut x57, x55, x32, x48); let mut x58: u32 = 0; let mut x59: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x58, &mut x59, x57, ((x33 as u32) + ((x27 as u32) + ((x19 as u32) + x7))), x50); let mut x60: u32 = 0; let mut x61: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x60, &mut x61, 0x0, x5, x36); let mut x62: u32 = 0; let mut x63: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x62, &mut x63, 0x0, x54, (arg1[2])); let mut x64: u32 = 0; let mut x65: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x56, (0x0 as u32)); let mut x66: u32 = 0; let mut x67: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x66, &mut x67, x65, x58, (0x0 as u32)); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x68, &mut x69, x62, 0x12547e1b); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x70, &mut x71, x68, 0x10000000); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x72, &mut x73, x68, 0x14def9de); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x74, &mut x75, x68, 0xa2f79cd6); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x76, &mut x77, x68, 0x5812631a); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x78, &mut x79, x68, 0x5cf5d3ed); let mut x80: u32 = 0; let mut x81: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x80, &mut x81, 0x0, x79, x76); let mut x82: u32 = 0; let mut x83: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x82, &mut x83, x81, x77, x74); let mut x84: u32 = 0; let mut x85: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x84, &mut x85, x83, x75, x72); let mut x86: u32 = 0; let mut x87: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x86, &mut x87, 0x0, x62, x78); let mut x88: u32 = 0; let mut x89: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x64, x80); let mut x90: u32 = 0; let mut x91: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x66, x82); let mut x92: u32 = 0; let mut x93: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x92, &mut x93, x91, ((x67 as u32) + ((x59 as u32) + ((x51 as u32) + x39))), x84); let mut x94: u32 = 0; let mut x95: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x94, &mut x95, 0x0, ((x61 as u32) + x37), x70); let mut x96: u32 = 0; let mut x97: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x96, &mut x97, 0x0, x88, (arg1[3])); let mut x98: u32 = 0; let mut x99: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x90, (0x0 as u32)); let mut x100: u32 = 0; let mut x101: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x100, &mut x101, x99, x92, (0x0 as u32)); let mut x102: u32 = 0; let mut x103: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x102, &mut x103, x96, 0x12547e1b); let mut x104: u32 = 0; let mut x105: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x104, &mut x105, x102, 0x10000000); let mut x106: u32 = 0; let mut x107: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x106, &mut x107, x102, 0x14def9de); let mut x108: u32 = 0; let mut x109: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x108, &mut x109, x102, 0xa2f79cd6); let mut x110: u32 = 0; let mut x111: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x110, &mut x111, x102, 0x5812631a); let mut x112: u32 = 0; let mut x113: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x112, &mut x113, x102, 0x5cf5d3ed); let mut x114: u32 = 0; let mut x115: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x114, &mut x115, 0x0, x113, x110); let mut x116: u32 = 0; let mut x117: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x111, x108); let mut x118: u32 = 0; let mut x119: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x109, x106); let mut x120: u32 = 0; let mut x121: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x120, &mut x121, 0x0, x96, x112); let mut x122: u32 = 0; let mut x123: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x98, x114); let mut x124: u32 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x100, x116); let mut x126: u32 = 0; let mut x127: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x126, &mut x127, x125, ((x101 as u32) + ((x93 as u32) + ((x85 as u32) + x73))), x118); let mut x128: u32 = 0; let mut x129: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x4, ((x119 as u32) + x107)); let mut x130: u32 = 0; let mut x131: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x60, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x132, &mut x133, x131, x94, (0x0 as u32)); let mut x134: u32 = 0; let mut x135: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x134, &mut x135, x133, ((x95 as u32) + x71), x104); let mut x136: u32 = 0; let mut x137: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x136, &mut x137, 0x0, x122, (arg1[4])); let mut x138: u32 = 0; let mut x139: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x138, &mut x139, x137, x124, (0x0 as u32)); let mut x140: u32 = 0; let mut x141: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x140, &mut x141, x139, x126, (0x0 as u32)); let mut x142: u32 = 0; let mut x143: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x142, &mut x143, x141, x128, (0x0 as u32)); let mut x144: u32 = 0; let mut x145: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x144, &mut x145, x143, x130, (0x0 as u32)); let mut x146: u32 = 0; let mut x147: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x146, &mut x147, x145, x132, (0x0 as u32)); let mut x148: u32 = 0; let mut x149: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x148, &mut x149, x147, x134, (0x0 as u32)); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x150, &mut x151, x136, 0x12547e1b); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x152, &mut x153, x150, 0x10000000); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x154, &mut x155, x150, 0x14def9de); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x156, &mut x157, x150, 0xa2f79cd6); let mut x158: u32 = 0; let mut x159: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x158, &mut x159, x150, 0x5812631a); let mut x160: u32 = 0; let mut x161: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x160, &mut x161, x150, 0x5cf5d3ed); let mut x162: u32 = 0; let mut x163: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x162, &mut x163, 0x0, x161, x158); let mut x164: u32 = 0; let mut x165: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x159, x156); let mut x166: u32 = 0; let mut x167: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x157, x154); let mut x168: u32 = 0; let mut x169: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x168, &mut x169, 0x0, x136, x160); let mut x170: u32 = 0; let mut x171: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x138, x162); let mut x172: u32 = 0; let mut x173: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x140, x164); let mut x174: u32 = 0; let mut x175: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x142, x166); let mut x176: u32 = 0; let mut x177: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x144, ((x167 as u32) + x155)); let mut x178: u32 = 0; let mut x179: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x146, (0x0 as u32)); let mut x180: u32 = 0; let mut x181: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x148, (0x0 as u32)); let mut x182: u32 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x182, &mut x183, x181, ((x149 as u32) + ((x135 as u32) + x105)), x152); let mut x184: u32 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x184, &mut x185, 0x0, x170, (arg1[5])); let mut x186: u32 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x172, (0x0 as u32)); let mut x188: u32 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x174, (0x0 as u32)); let mut x190: u32 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x176, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x178, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x194, &mut x195, x193, x180, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x196, &mut x197, x195, x182, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x198, &mut x199, x184, 0x12547e1b); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x200, &mut x201, x198, 0x10000000); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x202, &mut x203, x198, 0x14def9de); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x204, &mut x205, x198, 0xa2f79cd6); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x206, &mut x207, x198, 0x5812631a); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x208, &mut x209, x198, 0x5cf5d3ed); let mut x210: u32 = 0; let mut x211: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x210, &mut x211, 0x0, x209, x206); let mut x212: u32 = 0; let mut x213: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x212, &mut x213, x211, x207, x204); let mut x214: u32 = 0; let mut x215: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x214, &mut x215, x213, x205, x202); let mut x216: u32 = 0; let mut x217: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x216, &mut x217, 0x0, x184, x208); let mut x218: u32 = 0; let mut x219: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x218, &mut x219, x217, x186, x210); let mut x220: u32 = 0; let mut x221: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x188, x212); let mut x222: u32 = 0; let mut x223: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x222, &mut x223, x221, x190, x214); let mut x224: u32 = 0; let mut x225: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x224, &mut x225, x223, x192, ((x215 as u32) + x203)); let mut x226: u32 = 0; let mut x227: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x226, &mut x227, x225, x194, (0x0 as u32)); let mut x228: u32 = 0; let mut x229: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x228, &mut x229, x227, x196, (0x0 as u32)); let mut x230: u32 = 0; let mut x231: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x230, &mut x231, x229, ((x197 as u32) + ((x183 as u32) + x153)), x200); let mut x232: u32 = 0; let mut x233: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x232, &mut x233, 0x0, x218, (arg1[6])); let mut x234: u32 = 0; let mut x235: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x220, (0x0 as u32)); let mut x236: u32 = 0; let mut x237: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x222, (0x0 as u32)); let mut x238: u32 = 0; let mut x239: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x224, (0x0 as u32)); let mut x240: u32 = 0; let mut x241: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x226, (0x0 as u32)); let mut x242: u32 = 0; let mut x243: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x228, (0x0 as u32)); let mut x244: u32 = 0; let mut x245: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x230, (0x0 as u32)); let mut x246: u32 = 0; let mut x247: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x246, &mut x247, x232, 0x12547e1b); let mut x248: u32 = 0; let mut x249: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x248, &mut x249, x246, 0x10000000); let mut x250: u32 = 0; let mut x251: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x250, &mut x251, x246, 0x14def9de); let mut x252: u32 = 0; let mut x253: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x252, &mut x253, x246, 0xa2f79cd6); let mut x254: u32 = 0; let mut x255: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x254, &mut x255, x246, 0x5812631a); let mut x256: u32 = 0; let mut x257: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x256, &mut x257, x246, 0x5cf5d3ed); let mut x258: u32 = 0; let mut x259: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x258, &mut x259, 0x0, x257, x254); let mut x260: u32 = 0; let mut x261: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x255, x252); let mut x262: u32 = 0; let mut x263: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x253, x250); let mut x264: u32 = 0; let mut x265: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x264, &mut x265, 0x0, x232, x256); let mut x266: u32 = 0; let mut x267: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x266, &mut x267, x265, x234, x258); let mut x268: u32 = 0; let mut x269: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x236, x260); let mut x270: u32 = 0; let mut x271: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x270, &mut x271, x269, x238, x262); let mut x272: u32 = 0; let mut x273: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x272, &mut x273, x271, x240, ((x263 as u32) + x251)); let mut x274: u32 = 0; let mut x275: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x274, &mut x275, x273, x242, (0x0 as u32)); let mut x276: u32 = 0; let mut x277: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x276, &mut x277, x275, x244, (0x0 as u32)); let mut x278: u32 = 0; let mut x279: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x278, &mut x279, x277, ((x245 as u32) + ((x231 as u32) + x201)), x248); let mut x280: u32 = 0; let mut x281: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x280, &mut x281, 0x0, x266, (arg1[7])); let mut x282: u32 = 0; let mut x283: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x282, &mut x283, x281, x268, (0x0 as u32)); let mut x284: u32 = 0; let mut x285: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x270, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x272, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x274, (0x0 as u32)); let mut x290: u32 = 0; let mut x291: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x276, (0x0 as u32)); let mut x292: u32 = 0; let mut x293: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x278, (0x0 as u32)); let mut x294: u32 = 0; let mut x295: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x294, &mut x295, x280, 0x12547e1b); let mut x296: u32 = 0; let mut x297: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x296, &mut x297, x294, 0x10000000); let mut x298: u32 = 0; let mut x299: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x298, &mut x299, x294, 0x14def9de); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x300, &mut x301, x294, 0xa2f79cd6); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x302, &mut x303, x294, 0x5812631a); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x304, &mut x305, x294, 0x5cf5d3ed); let mut x306: u32 = 0; let mut x307: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x306, &mut x307, 0x0, x305, x302); let mut x308: u32 = 0; let mut x309: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x308, &mut x309, x307, x303, x300); let mut x310: u32 = 0; let mut x311: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x301, x298); let mut x312: u32 = 0; let mut x313: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x312, &mut x313, 0x0, x280, x304); let mut x314: u32 = 0; let mut x315: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x282, x306); let mut x316: u32 = 0; let mut x317: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x284, x308); let mut x318: u32 = 0; let mut x319: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x286, x310); let mut x320: u32 = 0; let mut x321: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x288, ((x311 as u32) + x299)); let mut x322: u32 = 0; let mut x323: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x290, (0x0 as u32)); let mut x324: u32 = 0; let mut x325: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x292, (0x0 as u32)); let mut x326: u32 = 0; let mut x327: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x326, &mut x327, x325, ((x293 as u32) + ((x279 as u32) + x249)), x296); let x328: u32 = ((x327 as u32) + x297); let mut x329: u32 = 0; let mut x330: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x329, &mut x330, 0x0, x314, 0x5cf5d3ed); let mut x331: u32 = 0; let mut x332: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x331, &mut x332, x330, x316, 0x5812631a); let mut x333: u32 = 0; let mut x334: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x333, &mut x334, x332, x318, 0xa2f79cd6); let mut x335: u32 = 0; let mut x336: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x335, &mut x336, x334, x320, 0x14def9de); let mut x337: u32 = 0; let mut x338: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x337, &mut x338, x336, x322, (0x0 as u32)); let mut x339: u32 = 0; let mut x340: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x339, &mut x340, x338, x324, (0x0 as u32)); let mut x341: u32 = 0; let mut x342: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x341, &mut x342, x340, x326, (0x0 as u32)); let mut x343: u32 = 0; let mut x344: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x343, &mut x344, x342, x328, 0x10000000); let mut x345: u32 = 0; let mut x346: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x345, &mut x346, x344, (0x0 as u32), (0x0 as u32)); let mut x347: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x347, x346, x329, x314); let mut x348: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x348, x346, x331, x316); let mut x349: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x349, x346, x333, x318); let mut x350: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x350, x346, x335, x320); let mut x351: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x351, x346, x337, x322); let mut x352: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x352, x346, x339, x324); let mut x353: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x353, x346, x341, x326); let mut x354: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x354, x346, x343, x328); out1[0] = x347; out1[1] = x348; out1[2] = x349; out1[3] = x350; out1[4] = x351; out1[5] = x352; out1[6] = x353; out1[7] = x354; } /// The function fiat_25519_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_to_montgomery(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x9, &mut x10, x8, 0x399411b); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x11, &mut x12, x8, 0x7c309a3d); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x13, &mut x14, x8, 0xceec73d2); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x15, &mut x16, x8, 0x17f5be65); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x17, &mut x18, x8, 0xd00e1ba7); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x19, &mut x20, x8, 0x68859347); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x21, &mut x22, x8, 0xa40611e3); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x23, &mut x24, x8, 0x449c0f01); let mut x25: u32 = 0; let mut x26: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x39, &mut x40, x23, 0x12547e1b); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x41, &mut x42, x39, 0x10000000); let mut x43: u32 = 0; let mut x44: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x43, &mut x44, x39, 0x14def9de); let mut x45: u32 = 0; let mut x46: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x45, &mut x46, x39, 0xa2f79cd6); let mut x47: u32 = 0; let mut x48: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x47, &mut x48, x39, 0x5812631a); let mut x49: u32 = 0; let mut x50: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x49, &mut x50, x39, 0x5cf5d3ed); let mut x51: u32 = 0; let mut x52: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x51, &mut x52, 0x0, x50, x47); let mut x53: u32 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x48, x45); let mut x55: u32 = 0; let mut x56: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x46, x43); let mut x57: u32 = 0; let mut x58: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x57, &mut x58, 0x0, x23, x49); let mut x59: u32 = 0; let mut x60: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x25, x51); let mut x61: u32 = 0; let mut x62: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x27, x53); let mut x63: u32 = 0; let mut x64: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x29, x55); let mut x65: u32 = 0; let mut x66: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x31, ((x56 as u32) + x44)); let mut x67: u32 = 0; let mut x68: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x67, &mut x68, x66, x33, (0x0 as u32)); let mut x69: u32 = 0; let mut x70: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x35, (0x0 as u32)); let mut x71: u32 = 0; let mut x72: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x37, x41); let mut x73: u32 = 0; let mut x74: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x73, &mut x74, x1, 0x399411b); let mut x75: u32 = 0; let mut x76: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x75, &mut x76, x1, 0x7c309a3d); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x77, &mut x78, x1, 0xceec73d2); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x79, &mut x80, x1, 0x17f5be65); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x81, &mut x82, x1, 0xd00e1ba7); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x83, &mut x84, x1, 0x68859347); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x85, &mut x86, x1, 0xa40611e3); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x87, &mut x88, x1, 0x449c0f01); let mut x89: u32 = 0; let mut x90: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x89, &mut x90, 0x0, x88, x85); let mut x91: u32 = 0; let mut x92: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x91, &mut x92, x90, x86, x83); let mut x93: u32 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x93, &mut x94, x92, x84, x81); let mut x95: u32 = 0; let mut x96: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x95, &mut x96, x94, x82, x79); let mut x97: u32 = 0; let mut x98: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x97, &mut x98, x96, x80, x77); let mut x99: u32 = 0; let mut x100: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x99, &mut x100, x98, x78, x75); let mut x101: u32 = 0; let mut x102: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x101, &mut x102, x100, x76, x73); let mut x103: u32 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x103, &mut x104, 0x0, x59, x87); let mut x105: u32 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x61, x89); let mut x107: u32 = 0; let mut x108: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x107, &mut x108, x106, x63, x91); let mut x109: u32 = 0; let mut x110: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x65, x93); let mut x111: u32 = 0; let mut x112: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x67, x95); let mut x113: u32 = 0; let mut x114: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x69, x97); let mut x115: u32 = 0; let mut x116: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x71, x99); let mut x117: u32 = 0; let mut x118: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x117, &mut x118, x116, (((x72 as u32) + ((x38 as u32) + x10)) + x42), x101); let mut x119: u32 = 0; let mut x120: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x119, &mut x120, x103, 0x12547e1b); let mut x121: u32 = 0; let mut x122: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x121, &mut x122, x119, 0x10000000); let mut x123: u32 = 0; let mut x124: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x123, &mut x124, x119, 0x14def9de); let mut x125: u32 = 0; let mut x126: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x125, &mut x126, x119, 0xa2f79cd6); let mut x127: u32 = 0; let mut x128: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x127, &mut x128, x119, 0x5812631a); let mut x129: u32 = 0; let mut x130: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x129, &mut x130, x119, 0x5cf5d3ed); let mut x131: u32 = 0; let mut x132: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x131, &mut x132, 0x0, x130, x127); let mut x133: u32 = 0; let mut x134: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x133, &mut x134, x132, x128, x125); let mut x135: u32 = 0; let mut x136: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x135, &mut x136, x134, x126, x123); let mut x137: u32 = 0; let mut x138: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x137, &mut x138, 0x0, x103, x129); let mut x139: u32 = 0; let mut x140: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x139, &mut x140, x138, x105, x131); let mut x141: u32 = 0; let mut x142: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x141, &mut x142, x140, x107, x133); let mut x143: u32 = 0; let mut x144: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x143, &mut x144, x142, x109, x135); let mut x145: u32 = 0; let mut x146: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x145, &mut x146, x144, x111, ((x136 as u32) + x124)); let mut x147: u32 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x147, &mut x148, x146, x113, (0x0 as u32)); let mut x149: u32 = 0; let mut x150: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x149, &mut x150, x148, x115, (0x0 as u32)); let mut x151: u32 = 0; let mut x152: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x151, &mut x152, x150, x117, x121); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x153, &mut x154, x2, 0x399411b); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x155, &mut x156, x2, 0x7c309a3d); let mut x157: u32 = 0; let mut x158: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x157, &mut x158, x2, 0xceec73d2); let mut x159: u32 = 0; let mut x160: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x159, &mut x160, x2, 0x17f5be65); let mut x161: u32 = 0; let mut x162: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x161, &mut x162, x2, 0xd00e1ba7); let mut x163: u32 = 0; let mut x164: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x163, &mut x164, x2, 0x68859347); let mut x165: u32 = 0; let mut x166: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x165, &mut x166, x2, 0xa40611e3); let mut x167: u32 = 0; let mut x168: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x167, &mut x168, x2, 0x449c0f01); let mut x169: u32 = 0; let mut x170: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x169, &mut x170, 0x0, x168, x165); let mut x171: u32 = 0; let mut x172: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x166, x163); let mut x173: u32 = 0; let mut x174: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x164, x161); let mut x175: u32 = 0; let mut x176: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x162, x159); let mut x177: u32 = 0; let mut x178: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x160, x157); let mut x179: u32 = 0; let mut x180: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x158, x155); let mut x181: u32 = 0; let mut x182: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x181, &mut x182, x180, x156, x153); let mut x183: u32 = 0; let mut x184: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x183, &mut x184, 0x0, x139, x167); let mut x185: u32 = 0; let mut x186: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x185, &mut x186, x184, x141, x169); let mut x187: u32 = 0; let mut x188: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x187, &mut x188, x186, x143, x171); let mut x189: u32 = 0; let mut x190: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x189, &mut x190, x188, x145, x173); let mut x191: u32 = 0; let mut x192: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x191, &mut x192, x190, x147, x175); let mut x193: u32 = 0; let mut x194: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x193, &mut x194, x192, x149, x177); let mut x195: u32 = 0; let mut x196: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x195, &mut x196, x194, x151, x179); let mut x197: u32 = 0; let mut x198: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x197, &mut x198, x196, (((x152 as u32) + ((x118 as u32) + ((x102 as u32) + x74))) + x122), x181); let mut x199: u32 = 0; let mut x200: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x199, &mut x200, x183, 0x12547e1b); let mut x201: u32 = 0; let mut x202: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x201, &mut x202, x199, 0x10000000); let mut x203: u32 = 0; let mut x204: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x203, &mut x204, x199, 0x14def9de); let mut x205: u32 = 0; let mut x206: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x205, &mut x206, x199, 0xa2f79cd6); let mut x207: u32 = 0; let mut x208: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x207, &mut x208, x199, 0x5812631a); let mut x209: u32 = 0; let mut x210: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x209, &mut x210, x199, 0x5cf5d3ed); let mut x211: u32 = 0; let mut x212: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x211, &mut x212, 0x0, x210, x207); let mut x213: u32 = 0; let mut x214: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x213, &mut x214, x212, x208, x205); let mut x215: u32 = 0; let mut x216: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x215, &mut x216, x214, x206, x203); let mut x217: u32 = 0; let mut x218: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x217, &mut x218, 0x0, x183, x209); let mut x219: u32 = 0; let mut x220: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x219, &mut x220, x218, x185, x211); let mut x221: u32 = 0; let mut x222: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x221, &mut x222, x220, x187, x213); let mut x223: u32 = 0; let mut x224: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x223, &mut x224, x222, x189, x215); let mut x225: u32 = 0; let mut x226: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x191, ((x216 as u32) + x204)); let mut x227: u32 = 0; let mut x228: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x193, (0x0 as u32)); let mut x229: u32 = 0; let mut x230: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x195, (0x0 as u32)); let mut x231: u32 = 0; let mut x232: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x231, &mut x232, x230, x197, x201); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x233, &mut x234, x3, 0x399411b); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x235, &mut x236, x3, 0x7c309a3d); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x237, &mut x238, x3, 0xceec73d2); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x239, &mut x240, x3, 0x17f5be65); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x241, &mut x242, x3, 0xd00e1ba7); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x243, &mut x244, x3, 0x68859347); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x245, &mut x246, x3, 0xa40611e3); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x247, &mut x248, x3, 0x449c0f01); let mut x249: u32 = 0; let mut x250: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x249, &mut x250, 0x0, x248, x245); let mut x251: u32 = 0; let mut x252: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x251, &mut x252, x250, x246, x243); let mut x253: u32 = 0; let mut x254: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x244, x241); let mut x255: u32 = 0; let mut x256: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x255, &mut x256, x254, x242, x239); let mut x257: u32 = 0; let mut x258: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x257, &mut x258, x256, x240, x237); let mut x259: u32 = 0; let mut x260: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x238, x235); let mut x261: u32 = 0; let mut x262: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x236, x233); let mut x263: u32 = 0; let mut x264: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x263, &mut x264, 0x0, x219, x247); let mut x265: u32 = 0; let mut x266: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x221, x249); let mut x267: u32 = 0; let mut x268: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x223, x251); let mut x269: u32 = 0; let mut x270: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x225, x253); let mut x271: u32 = 0; let mut x272: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x227, x255); let mut x273: u32 = 0; let mut x274: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x229, x257); let mut x275: u32 = 0; let mut x276: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x231, x259); let mut x277: u32 = 0; let mut x278: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x277, &mut x278, x276, (((x232 as u32) + ((x198 as u32) + ((x182 as u32) + x154))) + x202), x261); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x279, &mut x280, x263, 0x12547e1b); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x281, &mut x282, x279, 0x10000000); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x283, &mut x284, x279, 0x14def9de); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x285, &mut x286, x279, 0xa2f79cd6); let mut x287: u32 = 0; let mut x288: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x287, &mut x288, x279, 0x5812631a); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x289, &mut x290, x279, 0x5cf5d3ed); let mut x291: u32 = 0; let mut x292: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x291, &mut x292, 0x0, x290, x287); let mut x293: u32 = 0; let mut x294: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x293, &mut x294, x292, x288, x285); let mut x295: u32 = 0; let mut x296: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x295, &mut x296, x294, x286, x283); let mut x297: u32 = 0; let mut x298: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x297, &mut x298, 0x0, x263, x289); let mut x299: u32 = 0; let mut x300: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x299, &mut x300, x298, x265, x291); let mut x301: u32 = 0; let mut x302: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x301, &mut x302, x300, x267, x293); let mut x303: u32 = 0; let mut x304: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x269, x295); let mut x305: u32 = 0; let mut x306: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x305, &mut x306, x304, x271, ((x296 as u32) + x284)); let mut x307: u32 = 0; let mut x308: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x307, &mut x308, x306, x273, (0x0 as u32)); let mut x309: u32 = 0; let mut x310: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x309, &mut x310, x308, x275, (0x0 as u32)); let mut x311: u32 = 0; let mut x312: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x311, &mut x312, x310, x277, x281); let mut x313: u32 = 0; let mut x314: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x313, &mut x314, x4, 0x399411b); let mut x315: u32 = 0; let mut x316: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x315, &mut x316, x4, 0x7c309a3d); let mut x317: u32 = 0; let mut x318: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x317, &mut x318, x4, 0xceec73d2); let mut x319: u32 = 0; let mut x320: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x319, &mut x320, x4, 0x17f5be65); let mut x321: u32 = 0; let mut x322: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x321, &mut x322, x4, 0xd00e1ba7); let mut x323: u32 = 0; let mut x324: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x323, &mut x324, x4, 0x68859347); let mut x325: u32 = 0; let mut x326: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x325, &mut x326, x4, 0xa40611e3); let mut x327: u32 = 0; let mut x328: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x327, &mut x328, x4, 0x449c0f01); let mut x329: u32 = 0; let mut x330: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x329, &mut x330, 0x0, x328, x325); let mut x331: u32 = 0; let mut x332: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x331, &mut x332, x330, x326, x323); let mut x333: u32 = 0; let mut x334: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x324, x321); let mut x335: u32 = 0; let mut x336: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x322, x319); let mut x337: u32 = 0; let mut x338: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x337, &mut x338, x336, x320, x317); let mut x339: u32 = 0; let mut x340: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x339, &mut x340, x338, x318, x315); let mut x341: u32 = 0; let mut x342: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x341, &mut x342, x340, x316, x313); let mut x343: u32 = 0; let mut x344: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x343, &mut x344, 0x0, x299, x327); let mut x345: u32 = 0; let mut x346: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x345, &mut x346, x344, x301, x329); let mut x347: u32 = 0; let mut x348: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x347, &mut x348, x346, x303, x331); let mut x349: u32 = 0; let mut x350: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x349, &mut x350, x348, x305, x333); let mut x351: u32 = 0; let mut x352: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x351, &mut x352, x350, x307, x335); let mut x353: u32 = 0; let mut x354: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x309, x337); let mut x355: u32 = 0; let mut x356: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x311, x339); let mut x357: u32 = 0; let mut x358: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x357, &mut x358, x356, (((x312 as u32) + ((x278 as u32) + ((x262 as u32) + x234))) + x282), x341); let mut x359: u32 = 0; let mut x360: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x359, &mut x360, x343, 0x12547e1b); let mut x361: u32 = 0; let mut x362: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x361, &mut x362, x359, 0x10000000); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x363, &mut x364, x359, 0x14def9de); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x365, &mut x366, x359, 0xa2f79cd6); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x367, &mut x368, x359, 0x5812631a); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x369, &mut x370, x359, 0x5cf5d3ed); let mut x371: u32 = 0; let mut x372: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x371, &mut x372, 0x0, x370, x367); let mut x373: u32 = 0; let mut x374: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x373, &mut x374, x372, x368, x365); let mut x375: u32 = 0; let mut x376: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x375, &mut x376, x374, x366, x363); let mut x377: u32 = 0; let mut x378: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x377, &mut x378, 0x0, x343, x369); let mut x379: u32 = 0; let mut x380: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x345, x371); let mut x381: u32 = 0; let mut x382: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x347, x373); let mut x383: u32 = 0; let mut x384: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x349, x375); let mut x385: u32 = 0; let mut x386: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x351, ((x376 as u32) + x364)); let mut x387: u32 = 0; let mut x388: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x353, (0x0 as u32)); let mut x389: u32 = 0; let mut x390: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x355, (0x0 as u32)); let mut x391: u32 = 0; let mut x392: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x357, x361); let mut x393: u32 = 0; let mut x394: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x393, &mut x394, x5, 0x399411b); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x395, &mut x396, x5, 0x7c309a3d); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x397, &mut x398, x5, 0xceec73d2); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x399, &mut x400, x5, 0x17f5be65); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x401, &mut x402, x5, 0xd00e1ba7); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x403, &mut x404, x5, 0x68859347); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x405, &mut x406, x5, 0xa40611e3); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x407, &mut x408, x5, 0x449c0f01); let mut x409: u32 = 0; let mut x410: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x409, &mut x410, 0x0, x408, x405); let mut x411: u32 = 0; let mut x412: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x411, &mut x412, x410, x406, x403); let mut x413: u32 = 0; let mut x414: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x413, &mut x414, x412, x404, x401); let mut x415: u32 = 0; let mut x416: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x415, &mut x416, x414, x402, x399); let mut x417: u32 = 0; let mut x418: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x400, x397); let mut x419: u32 = 0; let mut x420: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x419, &mut x420, x418, x398, x395); let mut x421: u32 = 0; let mut x422: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x421, &mut x422, x420, x396, x393); let mut x423: u32 = 0; let mut x424: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x423, &mut x424, 0x0, x379, x407); let mut x425: u32 = 0; let mut x426: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x425, &mut x426, x424, x381, x409); let mut x427: u32 = 0; let mut x428: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x427, &mut x428, x426, x383, x411); let mut x429: u32 = 0; let mut x430: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x429, &mut x430, x428, x385, x413); let mut x431: u32 = 0; let mut x432: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x431, &mut x432, x430, x387, x415); let mut x433: u32 = 0; let mut x434: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x433, &mut x434, x432, x389, x417); let mut x435: u32 = 0; let mut x436: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x435, &mut x436, x434, x391, x419); let mut x437: u32 = 0; let mut x438: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x437, &mut x438, x436, (((x392 as u32) + ((x358 as u32) + ((x342 as u32) + x314))) + x362), x421); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x439, &mut x440, x423, 0x12547e1b); let mut x441: u32 = 0; let mut x442: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x441, &mut x442, x439, 0x10000000); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x443, &mut x444, x439, 0x14def9de); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x445, &mut x446, x439, 0xa2f79cd6); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x447, &mut x448, x439, 0x5812631a); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x449, &mut x450, x439, 0x5cf5d3ed); let mut x451: u32 = 0; let mut x452: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x451, &mut x452, 0x0, x450, x447); let mut x453: u32 = 0; let mut x454: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x453, &mut x454, x452, x448, x445); let mut x455: u32 = 0; let mut x456: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x455, &mut x456, x454, x446, x443); let mut x457: u32 = 0; let mut x458: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x457, &mut x458, 0x0, x423, x449); let mut x459: u32 = 0; let mut x460: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x459, &mut x460, x458, x425, x451); let mut x461: u32 = 0; let mut x462: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x427, x453); let mut x463: u32 = 0; let mut x464: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x429, x455); let mut x465: u32 = 0; let mut x466: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x431, ((x456 as u32) + x444)); let mut x467: u32 = 0; let mut x468: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x433, (0x0 as u32)); let mut x469: u32 = 0; let mut x470: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x435, (0x0 as u32)); let mut x471: u32 = 0; let mut x472: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x437, x441); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x473, &mut x474, x6, 0x399411b); let mut x475: u32 = 0; let mut x476: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x475, &mut x476, x6, 0x7c309a3d); let mut x477: u32 = 0; let mut x478: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x477, &mut x478, x6, 0xceec73d2); let mut x479: u32 = 0; let mut x480: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x479, &mut x480, x6, 0x17f5be65); let mut x481: u32 = 0; let mut x482: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x481, &mut x482, x6, 0xd00e1ba7); let mut x483: u32 = 0; let mut x484: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x483, &mut x484, x6, 0x68859347); let mut x485: u32 = 0; let mut x486: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x485, &mut x486, x6, 0xa40611e3); let mut x487: u32 = 0; let mut x488: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x487, &mut x488, x6, 0x449c0f01); let mut x489: u32 = 0; let mut x490: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x489, &mut x490, 0x0, x488, x485); let mut x491: u32 = 0; let mut x492: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x491, &mut x492, x490, x486, x483); let mut x493: u32 = 0; let mut x494: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x493, &mut x494, x492, x484, x481); let mut x495: u32 = 0; let mut x496: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x495, &mut x496, x494, x482, x479); let mut x497: u32 = 0; let mut x498: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x497, &mut x498, x496, x480, x477); let mut x499: u32 = 0; let mut x500: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x499, &mut x500, x498, x478, x475); let mut x501: u32 = 0; let mut x502: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x501, &mut x502, x500, x476, x473); let mut x503: u32 = 0; let mut x504: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x503, &mut x504, 0x0, x459, x487); let mut x505: u32 = 0; let mut x506: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x505, &mut x506, x504, x461, x489); let mut x507: u32 = 0; let mut x508: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x507, &mut x508, x506, x463, x491); let mut x509: u32 = 0; let mut x510: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x509, &mut x510, x508, x465, x493); let mut x511: u32 = 0; let mut x512: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x511, &mut x512, x510, x467, x495); let mut x513: u32 = 0; let mut x514: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x513, &mut x514, x512, x469, x497); let mut x515: u32 = 0; let mut x516: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x515, &mut x516, x514, x471, x499); let mut x517: u32 = 0; let mut x518: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x517, &mut x518, x516, (((x472 as u32) + ((x438 as u32) + ((x422 as u32) + x394))) + x442), x501); let mut x519: u32 = 0; let mut x520: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x519, &mut x520, x503, 0x12547e1b); let mut x521: u32 = 0; let mut x522: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x521, &mut x522, x519, 0x10000000); let mut x523: u32 = 0; let mut x524: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x523, &mut x524, x519, 0x14def9de); let mut x525: u32 = 0; let mut x526: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x525, &mut x526, x519, 0xa2f79cd6); let mut x527: u32 = 0; let mut x528: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x527, &mut x528, x519, 0x5812631a); let mut x529: u32 = 0; let mut x530: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x529, &mut x530, x519, 0x5cf5d3ed); let mut x531: u32 = 0; let mut x532: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x531, &mut x532, 0x0, x530, x527); let mut x533: u32 = 0; let mut x534: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x533, &mut x534, x532, x528, x525); let mut x535: u32 = 0; let mut x536: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x535, &mut x536, x534, x526, x523); let mut x537: u32 = 0; let mut x538: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x537, &mut x538, 0x0, x503, x529); let mut x539: u32 = 0; let mut x540: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x539, &mut x540, x538, x505, x531); let mut x541: u32 = 0; let mut x542: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x541, &mut x542, x540, x507, x533); let mut x543: u32 = 0; let mut x544: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x543, &mut x544, x542, x509, x535); let mut x545: u32 = 0; let mut x546: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x511, ((x536 as u32) + x524)); let mut x547: u32 = 0; let mut x548: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x513, (0x0 as u32)); let mut x549: u32 = 0; let mut x550: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x515, (0x0 as u32)); let mut x551: u32 = 0; let mut x552: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x517, x521); let mut x553: u32 = 0; let mut x554: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x553, &mut x554, x7, 0x399411b); let mut x555: u32 = 0; let mut x556: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x555, &mut x556, x7, 0x7c309a3d); let mut x557: u32 = 0; let mut x558: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x557, &mut x558, x7, 0xceec73d2); let mut x559: u32 = 0; let mut x560: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x559, &mut x560, x7, 0x17f5be65); let mut x561: u32 = 0; let mut x562: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x561, &mut x562, x7, 0xd00e1ba7); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x563, &mut x564, x7, 0x68859347); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x565, &mut x566, x7, 0xa40611e3); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x567, &mut x568, x7, 0x449c0f01); let mut x569: u32 = 0; let mut x570: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x569, &mut x570, 0x0, x568, x565); let mut x571: u32 = 0; let mut x572: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x571, &mut x572, x570, x566, x563); let mut x573: u32 = 0; let mut x574: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x573, &mut x574, x572, x564, x561); let mut x575: u32 = 0; let mut x576: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x562, x559); let mut x577: u32 = 0; let mut x578: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x560, x557); let mut x579: u32 = 0; let mut x580: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x579, &mut x580, x578, x558, x555); let mut x581: u32 = 0; let mut x582: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x581, &mut x582, x580, x556, x553); let mut x583: u32 = 0; let mut x584: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x583, &mut x584, 0x0, x539, x567); let mut x585: u32 = 0; let mut x586: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x585, &mut x586, x584, x541, x569); let mut x587: u32 = 0; let mut x588: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x587, &mut x588, x586, x543, x571); let mut x589: u32 = 0; let mut x590: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x589, &mut x590, x588, x545, x573); let mut x591: u32 = 0; let mut x592: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x591, &mut x592, x590, x547, x575); let mut x593: u32 = 0; let mut x594: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x549, x577); let mut x595: u32 = 0; let mut x596: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x595, &mut x596, x594, x551, x579); let mut x597: u32 = 0; let mut x598: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x597, &mut x598, x596, (((x552 as u32) + ((x518 as u32) + ((x502 as u32) + x474))) + x522), x581); let mut x599: u32 = 0; let mut x600: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x599, &mut x600, x583, 0x12547e1b); let mut x601: u32 = 0; let mut x602: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x601, &mut x602, x599, 0x10000000); let mut x603: u32 = 0; let mut x604: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x603, &mut x604, x599, 0x14def9de); let mut x605: u32 = 0; let mut x606: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x605, &mut x606, x599, 0xa2f79cd6); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x607, &mut x608, x599, 0x5812631a); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_25519_scalar_mulx_u32(&mut x609, &mut x610, x599, 0x5cf5d3ed); let mut x611: u32 = 0; let mut x612: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x611, &mut x612, 0x0, x610, x607); let mut x613: u32 = 0; let mut x614: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x613, &mut x614, x612, x608, x605); let mut x615: u32 = 0; let mut x616: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x615, &mut x616, x614, x606, x603); let mut x617: u32 = 0; let mut x618: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x617, &mut x618, 0x0, x583, x609); let mut x619: u32 = 0; let mut x620: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x619, &mut x620, x618, x585, x611); let mut x621: u32 = 0; let mut x622: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x621, &mut x622, x620, x587, x613); let mut x623: u32 = 0; let mut x624: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x623, &mut x624, x622, x589, x615); let mut x625: u32 = 0; let mut x626: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x625, &mut x626, x624, x591, ((x616 as u32) + x604)); let mut x627: u32 = 0; let mut x628: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x593, (0x0 as u32)); let mut x629: u32 = 0; let mut x630: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x595, (0x0 as u32)); let mut x631: u32 = 0; let mut x632: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x597, x601); let x633: u32 = (((x632 as u32) + ((x598 as u32) + ((x582 as u32) + x554))) + x602); let mut x634: u32 = 0; let mut x635: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x634, &mut x635, 0x0, x619, 0x5cf5d3ed); let mut x636: u32 = 0; let mut x637: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x636, &mut x637, x635, x621, 0x5812631a); let mut x638: u32 = 0; let mut x639: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x638, &mut x639, x637, x623, 0xa2f79cd6); let mut x640: u32 = 0; let mut x641: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x640, &mut x641, x639, x625, 0x14def9de); let mut x642: u32 = 0; let mut x643: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x642, &mut x643, x641, x627, (0x0 as u32)); let mut x644: u32 = 0; let mut x645: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x644, &mut x645, x643, x629, (0x0 as u32)); let mut x646: u32 = 0; let mut x647: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x646, &mut x647, x645, x631, (0x0 as u32)); let mut x648: u32 = 0; let mut x649: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x648, &mut x649, x647, x633, 0x10000000); let mut x650: u32 = 0; let mut x651: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x650, &mut x651, x649, (0x0 as u32), (0x0 as u32)); let mut x652: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x652, x651, x634, x619); let mut x653: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x653, x651, x636, x621); let mut x654: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x654, x651, x638, x623); let mut x655: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x655, x651, x640, x625); let mut x656: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x656, x651, x642, x627); let mut x657: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x657, x651, x644, x629); let mut x658: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x658, x651, x646, x631); let mut x659: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x659, x651, x648, x633); out1[0] = x652; out1[1] = x653; out1[2] = x654; out1[3] = x655; out1[4] = x656; out1[5] = x657; out1[6] = x658; out1[7] = x659; } /// The function fiat_25519_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_25519_scalar_nonzero(out1: &mut u32, arg1: &[u32; 8]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); *out1 = x1; } /// The function fiat_25519_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_25519_scalar_selectznz(out1: &mut [u32; 8], arg1: fiat_25519_scalar_u1, arg2: &[u32; 8], arg3: &[u32; 8]) { let mut x1: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_25519_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0x1fffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1f]] #[inline] pub fn fiat_25519_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u32; 8]) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[6]); let x3: u32 = (arg1[5]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[3]); let x6: u32 = (arg1[2]); let x7: u32 = (arg1[1]); let x8: u32 = (arg1[0]); let x9: u8 = ((x8 & (0xff as u32)) as u8); let x10: u32 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u32)) as u8); let x12: u32 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u8 = ((x12 >> 8) as u8); let x15: u8 = ((x7 & (0xff as u32)) as u8); let x16: u32 = (x7 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u32 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u32)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x6 & (0xff as u32)) as u8); let x22: u32 = (x6 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u32 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u32)) as u8); let x26: u8 = ((x24 >> 8) as u8); let x27: u8 = ((x5 & (0xff as u32)) as u8); let x28: u32 = (x5 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u32 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u32)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x4 & (0xff as u32)) as u8); let x34: u32 = (x4 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u32 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u32)) as u8); let x38: u8 = ((x36 >> 8) as u8); let x39: u8 = ((x3 & (0xff as u32)) as u8); let x40: u32 = (x3 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u8 = ((x2 & (0xff as u32)) as u8); let x46: u32 = (x2 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u32 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u32)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u8 = ((x1 & (0xff as u32)) as u8); let x52: u32 = (x1 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u32 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u32)) as u8); let x56: u8 = ((x54 >> 8) as u8); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x26; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x38; out1[20] = x39; out1[21] = x41; out1[22] = x43; out1[23] = x44; out1[24] = x45; out1[25] = x47; out1[26] = x49; out1[27] = x50; out1[28] = x51; out1[29] = x53; out1[30] = x55; out1[31] = x56; } /// The function fiat_25519_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1f]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0x1fffffff]] #[inline] pub fn fiat_25519_scalar_from_bytes(out1: &mut [u32; 8], arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 24); let x2: u32 = (((arg1[30]) as u32) << 16); let x3: u32 = (((arg1[29]) as u32) << 8); let x4: u8 = (arg1[28]); let x5: u32 = (((arg1[27]) as u32) << 24); let x6: u32 = (((arg1[26]) as u32) << 16); let x7: u32 = (((arg1[25]) as u32) << 8); let x8: u8 = (arg1[24]); let x9: u32 = (((arg1[23]) as u32) << 24); let x10: u32 = (((arg1[22]) as u32) << 16); let x11: u32 = (((arg1[21]) as u32) << 8); let x12: u8 = (arg1[20]); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 24); let x18: u32 = (((arg1[14]) as u32) << 16); let x19: u32 = (((arg1[13]) as u32) << 8); let x20: u8 = (arg1[12]); let x21: u32 = (((arg1[11]) as u32) << 24); let x22: u32 = (((arg1[10]) as u32) << 16); let x23: u32 = (((arg1[9]) as u32) << 8); let x24: u8 = (arg1[8]); let x25: u32 = (((arg1[7]) as u32) << 24); let x26: u32 = (((arg1[6]) as u32) << 16); let x27: u32 = (((arg1[5]) as u32) << 8); let x28: u8 = (arg1[4]); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x27 + (x28 as u32)); let x37: u32 = (x26 + x36); let x38: u32 = (x25 + x37); let x39: u32 = (x23 + (x24 as u32)); let x40: u32 = (x22 + x39); let x41: u32 = (x21 + x40); let x42: u32 = (x19 + (x20 as u32)); let x43: u32 = (x18 + x42); let x44: u32 = (x17 + x43); let x45: u32 = (x15 + (x16 as u32)); let x46: u32 = (x14 + x45); let x47: u32 = (x13 + x46); let x48: u32 = (x11 + (x12 as u32)); let x49: u32 = (x10 + x48); let x50: u32 = (x9 + x49); let x51: u32 = (x7 + (x8 as u32)); let x52: u32 = (x6 + x51); let x53: u32 = (x5 + x52); let x54: u32 = (x3 + (x4 as u32)); let x55: u32 = (x2 + x54); let x56: u32 = (x1 + x55); out1[0] = x35; out1[1] = x38; out1[2] = x41; out1[3] = x44; out1[4] = x47; out1[5] = x50; out1[6] = x53; out1[7] = x56; } /// The function fiat_25519_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_set_one(out1: &mut fiat_25519_scalar_montgomery_domain_field_element) { out1[0] = 0x8d98951d; out1[1] = 0xd6ec3174; out1[2] = 0x737dcf70; out1[3] = 0xc6ef5bf4; out1[4] = 0xfffffffe; out1[5] = 0xffffffff; out1[6] = 0xffffffff; out1[7] = 0xfffffff; } /// The function fiat_25519_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_25519_scalar_msat(out1: &mut [u32; 9]) { out1[0] = 0x5cf5d3ed; out1[1] = 0x5812631a; out1[2] = 0xa2f79cd6; out1[3] = 0x14def9de; out1[4] = (0x0 as u32); out1[5] = (0x0 as u32); out1[6] = (0x0 as u32); out1[7] = 0x10000000; out1[8] = (0x0 as u32); } /// The function fiat_25519_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_25519_scalar_divstep(out1: &mut u32, out2: &mut [u32; 9], out3: &mut [u32; 9], out4: &mut [u32; 8], out5: &mut [u32; 8], arg1: u32, arg2: &[u32; 9], arg3: &[u32; 9], arg4: &[u32; 8], arg5: &[u32; 8]) { let mut x1: u32 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_25519_scalar_u1 = (((x1 >> 31) as fiat_25519_scalar_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_25519_scalar_u1)); let mut x4: u32 = 0; let mut x5: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x16, &mut x17, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x18: u32 = 0; let mut x19: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), (!(arg2[1]))); let mut x20: u32 = 0; let mut x21: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), (!(arg2[2]))); let mut x22: u32 = 0; let mut x23: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[3]))); let mut x24: u32 = 0; let mut x25: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[4]))); let mut x26: u32 = 0; let mut x27: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[5]))); let mut x28: u32 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[6]))); let mut x30: u32 = 0; let mut x31: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[7]))); let mut x32: u32 = 0; let mut x33: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[8]))); let mut x34: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x34, x3, (arg3[0]), x16); let mut x35: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x35, x3, (arg3[1]), x18); let mut x36: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x36, x3, (arg3[2]), x20); let mut x37: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x37, x3, (arg3[3]), x22); let mut x38: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x38, x3, (arg3[4]), x24); let mut x39: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x39, x3, (arg3[5]), x26); let mut x40: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x40, x3, (arg3[6]), x28); let mut x41: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x41, x3, (arg3[7]), x30); let mut x42: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x42, x3, (arg3[8]), x32); let mut x43: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x43, x3, (arg4[0]), (arg5[0])); let mut x44: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x44, x3, (arg4[1]), (arg5[1])); let mut x45: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x45, x3, (arg4[2]), (arg5[2])); let mut x46: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x46, x3, (arg4[3]), (arg5[3])); let mut x47: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x47, x3, (arg4[4]), (arg5[4])); let mut x48: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x48, x3, (arg4[5]), (arg5[5])); let mut x49: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x49, x3, (arg4[6]), (arg5[6])); let mut x50: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x50, x3, (arg4[7]), (arg5[7])); let mut x51: u32 = 0; let mut x52: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x51, &mut x52, 0x0, x43, x43); let mut x53: u32 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x44, x44); let mut x55: u32 = 0; let mut x56: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x45, x45); let mut x57: u32 = 0; let mut x58: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x46, x46); let mut x59: u32 = 0; let mut x60: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x47, x47); let mut x61: u32 = 0; let mut x62: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x48, x48); let mut x63: u32 = 0; let mut x64: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x49, x49); let mut x65: u32 = 0; let mut x66: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x50, x50); let mut x67: u32 = 0; let mut x68: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x67, &mut x68, 0x0, x51, 0x5cf5d3ed); let mut x69: u32 = 0; let mut x70: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x69, &mut x70, x68, x53, 0x5812631a); let mut x71: u32 = 0; let mut x72: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x71, &mut x72, x70, x55, 0xa2f79cd6); let mut x73: u32 = 0; let mut x74: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x73, &mut x74, x72, x57, 0x14def9de); let mut x75: u32 = 0; let mut x76: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x75, &mut x76, x74, x59, (0x0 as u32)); let mut x77: u32 = 0; let mut x78: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x77, &mut x78, x76, x61, (0x0 as u32)); let mut x79: u32 = 0; let mut x80: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x79, &mut x80, x78, x63, (0x0 as u32)); let mut x81: u32 = 0; let mut x82: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x81, &mut x82, x80, x65, 0x10000000); let mut x83: u32 = 0; let mut x84: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x83, &mut x84, x82, (x66 as u32), (0x0 as u32)); let x85: u32 = (arg4[7]); let x86: u32 = (arg4[6]); let x87: u32 = (arg4[5]); let x88: u32 = (arg4[4]); let x89: u32 = (arg4[3]); let x90: u32 = (arg4[2]); let x91: u32 = (arg4[1]); let x92: u32 = (arg4[0]); let mut x93: u32 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x93, &mut x94, 0x0, (0x0 as u32), x92); let mut x95: u32 = 0; let mut x96: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x91); let mut x97: u32 = 0; let mut x98: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x97, &mut x98, x96, (0x0 as u32), x90); let mut x99: u32 = 0; let mut x100: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x99, &mut x100, x98, (0x0 as u32), x89); let mut x101: u32 = 0; let mut x102: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x101, &mut x102, x100, (0x0 as u32), x88); let mut x103: u32 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x103, &mut x104, x102, (0x0 as u32), x87); let mut x105: u32 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x105, &mut x106, x104, (0x0 as u32), x86); let mut x107: u32 = 0; let mut x108: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x107, &mut x108, x106, (0x0 as u32), x85); let mut x109: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x109, x108, (0x0 as u32), 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x110, &mut x111, 0x0, x93, (x109 & 0x5cf5d3ed)); let mut x112: u32 = 0; let mut x113: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x95, (x109 & 0x5812631a)); let mut x114: u32 = 0; let mut x115: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x97, (x109 & 0xa2f79cd6)); let mut x116: u32 = 0; let mut x117: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x99, (x109 & 0x14def9de)); let mut x118: u32 = 0; let mut x119: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x101, (0x0 as u32)); let mut x120: u32 = 0; let mut x121: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x103, (0x0 as u32)); let mut x122: u32 = 0; let mut x123: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x105, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x107, (x109 & 0x10000000)); let mut x126: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x126, x3, (arg5[0]), x110); let mut x127: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x127, x3, (arg5[1]), x112); let mut x128: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x128, x3, (arg5[2]), x114); let mut x129: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x129, x3, (arg5[3]), x116); let mut x130: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x130, x3, (arg5[4]), x118); let mut x131: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x131, x3, (arg5[5]), x120); let mut x132: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x132, x3, (arg5[6]), x122); let mut x133: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x133, x3, (arg5[7]), x124); let x134: fiat_25519_scalar_u1 = ((x34 & (0x1 as u32)) as fiat_25519_scalar_u1); let mut x135: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x135, x134, (0x0 as u32), x7); let mut x136: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x136, x134, (0x0 as u32), x8); let mut x137: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x137, x134, (0x0 as u32), x9); let mut x138: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x138, x134, (0x0 as u32), x10); let mut x139: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x139, x134, (0x0 as u32), x11); let mut x140: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x140, x134, (0x0 as u32), x12); let mut x141: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x141, x134, (0x0 as u32), x13); let mut x142: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x142, x134, (0x0 as u32), x14); let mut x143: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x143, x134, (0x0 as u32), x15); let mut x144: u32 = 0; let mut x145: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x144, &mut x145, 0x0, x34, x135); let mut x146: u32 = 0; let mut x147: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x146, &mut x147, x145, x35, x136); let mut x148: u32 = 0; let mut x149: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x148, &mut x149, x147, x36, x137); let mut x150: u32 = 0; let mut x151: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x150, &mut x151, x149, x37, x138); let mut x152: u32 = 0; let mut x153: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x38, x139); let mut x154: u32 = 0; let mut x155: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x39, x140); let mut x156: u32 = 0; let mut x157: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x40, x141); let mut x158: u32 = 0; let mut x159: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x41, x142); let mut x160: u32 = 0; let mut x161: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x42, x143); let mut x162: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x162, x134, (0x0 as u32), x43); let mut x163: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x163, x134, (0x0 as u32), x44); let mut x164: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x164, x134, (0x0 as u32), x45); let mut x165: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x165, x134, (0x0 as u32), x46); let mut x166: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x166, x134, (0x0 as u32), x47); let mut x167: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x167, x134, (0x0 as u32), x48); let mut x168: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x168, x134, (0x0 as u32), x49); let mut x169: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x169, x134, (0x0 as u32), x50); let mut x170: u32 = 0; let mut x171: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x170, &mut x171, 0x0, x126, x162); let mut x172: u32 = 0; let mut x173: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x127, x163); let mut x174: u32 = 0; let mut x175: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x128, x164); let mut x176: u32 = 0; let mut x177: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x129, x165); let mut x178: u32 = 0; let mut x179: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x130, x166); let mut x180: u32 = 0; let mut x181: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x131, x167); let mut x182: u32 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x132, x168); let mut x184: u32 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x133, x169); let mut x186: u32 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x186, &mut x187, 0x0, x170, 0x5cf5d3ed); let mut x188: u32 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x188, &mut x189, x187, x172, 0x5812631a); let mut x190: u32 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x190, &mut x191, x189, x174, 0xa2f79cd6); let mut x192: u32 = 0; let mut x193: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x192, &mut x193, x191, x176, 0x14def9de); let mut x194: u32 = 0; let mut x195: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x194, &mut x195, x193, x178, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x196, &mut x197, x195, x180, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x198, &mut x199, x197, x182, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x200, &mut x201, x199, x184, 0x10000000); let mut x202: u32 = 0; let mut x203: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u32(&mut x202, &mut x203, x201, (x185 as u32), (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u32(&mut x204, &mut x205, 0x0, x6, (0x1 as u32)); let x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); let x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); let x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); let x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); let x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); let x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); let x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); let x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); let x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); let mut x215: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x215, x84, x67, x51); let mut x216: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x216, x84, x69, x53); let mut x217: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x217, x84, x71, x55); let mut x218: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x218, x84, x73, x57); let mut x219: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x219, x84, x75, x59); let mut x220: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x220, x84, x77, x61); let mut x221: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x221, x84, x79, x63); let mut x222: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x222, x84, x81, x65); let mut x223: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x223, x203, x186, x170); let mut x224: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x224, x203, x188, x172); let mut x225: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x225, x203, x190, x174); let mut x226: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x226, x203, x192, x176); let mut x227: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x227, x203, x194, x178); let mut x228: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x228, x203, x196, x180); let mut x229: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x229, x203, x198, x182); let mut x230: u32 = 0; fiat_25519_scalar_cmovznz_u32(&mut x230, x203, x200, x184); *out1 = x204; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out3[0] = x206; out3[1] = x207; out3[2] = x208; out3[3] = x209; out3[4] = x210; out3[5] = x211; out3[6] = x212; out3[7] = x213; out3[8] = x214; out4[0] = x215; out4[1] = x216; out4[2] = x217; out4[3] = x218; out4[4] = x219; out4[5] = x220; out4[6] = x221; out4[7] = x222; out5[0] = x223; out5[1] = x224; out5[2] = x225; out5[3] = x226; out5[4] = x227; out5[5] = x228; out5[6] = x229; out5[7] = x230; } /// The function fiat_25519_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_25519_scalar_divstep_precomp(out1: &mut [u32; 8]) { out1[0] = 0x36a7cb92; out1[1] = 0xd70af844; out1[2] = 0xb0b8b159; out1[3] = 0x5f71c978; out1[4] = 0x74947f1a; out1[5] = 0xe76d8169; out1[6] = 0xf193e4ff; out1[7] = 0x19a2d36; } fiat-crypto-0.2.2/src/curve25519_scalar_64.rs000064400000000000000000002373251046102023000166270ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline 25519_scalar 64 '2^252 + 27742317777372353535851937790883648493' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: 25519_scalar //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed (from "2^252 + 27742317777372353535851937790883648493") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_25519_scalar_u1 = u8; pub type fiat_25519_scalar_i1 = i8; pub type fiat_25519_scalar_u2 = u8; pub type fiat_25519_scalar_i2 = i8; /** The type fiat_25519_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_25519_scalar_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_25519_scalar_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_25519_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_25519_scalar_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_25519_scalar_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_25519_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_25519_scalar_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_scalar_addcarryx_u64(out1: &mut u64, out2: &mut fiat_25519_scalar_u1, arg1: fiat_25519_scalar_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_25519_scalar_u1 = ((x1 >> 64) as fiat_25519_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_25519_scalar_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_25519_scalar_subborrowx_u64(out1: &mut u64, out2: &mut fiat_25519_scalar_u1, arg1: fiat_25519_scalar_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_25519_scalar_i1 = ((x1 >> 64) as fiat_25519_scalar_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_25519_scalar_i2) - (x2 as fiat_25519_scalar_i2)) as fiat_25519_scalar_u1); } /// The function fiat_25519_scalar_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_25519_scalar_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_25519_scalar_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_25519_scalar_cmovznz_u64(out1: &mut u64, arg1: fiat_25519_scalar_u1, arg2: u64, arg3: u64) { let x1: fiat_25519_scalar_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_25519_scalar_i2) - (x1 as fiat_25519_scalar_i2)) as fiat_25519_scalar_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_25519_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_mul(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x20, &mut x21, x11, 0xd2b51da312547e1b); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x22, &mut x23, x20, 0x1000000000000000); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x24, &mut x25, x20, 0x14def9dea2f79cd6); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x26, &mut x27, x20, 0x5812631a5cf5d3ed); let mut x28: u64 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x28, &mut x29, 0x0, x27, x24); let x30: u64 = ((x29 as u64) + x25); let mut x31: u64 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x31, &mut x32, 0x0, x11, x26); let mut x33: u64 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x13, x28); let mut x35: u64 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x15, x30); let mut x37: u64 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x17, x22); let mut x39: u64 = 0; let mut x40: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x19, x23); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x41, &mut x42, x1, (arg2[3])); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x43, &mut x44, x1, (arg2[2])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x45, &mut x46, x1, (arg2[1])); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg2[0])); let mut x49: u64 = 0; let mut x50: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x49, &mut x50, 0x0, x48, x45); let mut x51: u64 = 0; let mut x52: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x51, &mut x52, x50, x46, x43); let mut x53: u64 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x53, &mut x54, x52, x44, x41); let x55: u64 = ((x54 as u64) + x42); let mut x56: u64 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x56, &mut x57, 0x0, x33, x47); let mut x58: u64 = 0; let mut x59: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x58, &mut x59, x57, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x62, &mut x63, x61, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x64, &mut x65, x63, (x40 as u64), x55); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x66, &mut x67, x56, 0xd2b51da312547e1b); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x68, &mut x69, x66, 0x1000000000000000); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x70, &mut x71, x66, 0x14def9dea2f79cd6); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x72, &mut x73, x66, 0x5812631a5cf5d3ed); let mut x74: u64 = 0; let mut x75: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x74, &mut x75, 0x0, x73, x70); let x76: u64 = ((x75 as u64) + x71); let mut x77: u64 = 0; let mut x78: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x77, &mut x78, 0x0, x56, x72); let mut x79: u64 = 0; let mut x80: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x79, &mut x80, x78, x58, x74); let mut x81: u64 = 0; let mut x82: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x81, &mut x82, x80, x60, x76); let mut x83: u64 = 0; let mut x84: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x83, &mut x84, x82, x62, x68); let mut x85: u64 = 0; let mut x86: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x64, x69); let x87: u64 = ((x86 as u64) + (x65 as u64)); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x88, &mut x89, x2, (arg2[3])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x90, &mut x91, x2, (arg2[2])); let mut x92: u64 = 0; let mut x93: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x92, &mut x93, x2, (arg2[1])); let mut x94: u64 = 0; let mut x95: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x94, &mut x95, x2, (arg2[0])); let mut x96: u64 = 0; let mut x97: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x96, &mut x97, 0x0, x95, x92); let mut x98: u64 = 0; let mut x99: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x93, x90); let mut x100: u64 = 0; let mut x101: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x91, x88); let x102: u64 = ((x101 as u64) + x89); let mut x103: u64 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x103, &mut x104, 0x0, x79, x94); let mut x105: u64 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x105, &mut x106, x104, x81, x96); let mut x107: u64 = 0; let mut x108: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x107, &mut x108, x106, x83, x98); let mut x109: u64 = 0; let mut x110: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x109, &mut x110, x108, x85, x100); let mut x111: u64 = 0; let mut x112: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x111, &mut x112, x110, x87, x102); let mut x113: u64 = 0; let mut x114: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x113, &mut x114, x103, 0xd2b51da312547e1b); let mut x115: u64 = 0; let mut x116: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x115, &mut x116, x113, 0x1000000000000000); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x117, &mut x118, x113, 0x14def9dea2f79cd6); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x119, &mut x120, x113, 0x5812631a5cf5d3ed); let mut x121: u64 = 0; let mut x122: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x121, &mut x122, 0x0, x120, x117); let x123: u64 = ((x122 as u64) + x118); let mut x124: u64 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x124, &mut x125, 0x0, x103, x119); let mut x126: u64 = 0; let mut x127: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x126, &mut x127, x125, x105, x121); let mut x128: u64 = 0; let mut x129: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x128, &mut x129, x127, x107, x123); let mut x130: u64 = 0; let mut x131: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x130, &mut x131, x129, x109, x115); let mut x132: u64 = 0; let mut x133: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x132, &mut x133, x131, x111, x116); let x134: u64 = ((x133 as u64) + (x112 as u64)); let mut x135: u64 = 0; let mut x136: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x135, &mut x136, x3, (arg2[3])); let mut x137: u64 = 0; let mut x138: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x137, &mut x138, x3, (arg2[2])); let mut x139: u64 = 0; let mut x140: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x139, &mut x140, x3, (arg2[1])); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x141, &mut x142, x3, (arg2[0])); let mut x143: u64 = 0; let mut x144: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x143, &mut x144, 0x0, x142, x139); let mut x145: u64 = 0; let mut x146: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x145, &mut x146, x144, x140, x137); let mut x147: u64 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x147, &mut x148, x146, x138, x135); let x149: u64 = ((x148 as u64) + x136); let mut x150: u64 = 0; let mut x151: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x150, &mut x151, 0x0, x126, x141); let mut x152: u64 = 0; let mut x153: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x152, &mut x153, x151, x128, x143); let mut x154: u64 = 0; let mut x155: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x154, &mut x155, x153, x130, x145); let mut x156: u64 = 0; let mut x157: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x156, &mut x157, x155, x132, x147); let mut x158: u64 = 0; let mut x159: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x158, &mut x159, x157, x134, x149); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x160, &mut x161, x150, 0xd2b51da312547e1b); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x162, &mut x163, x160, 0x1000000000000000); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x164, &mut x165, x160, 0x14def9dea2f79cd6); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x166, &mut x167, x160, 0x5812631a5cf5d3ed); let mut x168: u64 = 0; let mut x169: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x167, x164); let x170: u64 = ((x169 as u64) + x165); let mut x171: u64 = 0; let mut x172: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x171, &mut x172, 0x0, x150, x166); let mut x173: u64 = 0; let mut x174: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x173, &mut x174, x172, x152, x168); let mut x175: u64 = 0; let mut x176: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x154, x170); let mut x177: u64 = 0; let mut x178: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x156, x162); let mut x179: u64 = 0; let mut x180: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x179, &mut x180, x178, x158, x163); let x181: u64 = ((x180 as u64) + (x159 as u64)); let mut x182: u64 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x182, &mut x183, 0x0, x173, 0x5812631a5cf5d3ed); let mut x184: u64 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x184, &mut x185, x183, x175, 0x14def9dea2f79cd6); let mut x186: u64 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x186, &mut x187, x185, x177, (0x0 as u64)); let mut x188: u64 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x188, &mut x189, x187, x179, 0x1000000000000000); let mut x190: u64 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x190, &mut x191, x189, x181, (0x0 as u64)); let mut x192: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x192, x191, x182, x173); let mut x193: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x193, x191, x184, x175); let mut x194: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x194, x191, x186, x177); let mut x195: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x195, x191, x188, x179); out1[0] = x192; out1[1] = x193; out1[2] = x194; out1[3] = x195; } /// The function fiat_25519_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_square(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x20, &mut x21, x11, 0xd2b51da312547e1b); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x22, &mut x23, x20, 0x1000000000000000); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x24, &mut x25, x20, 0x14def9dea2f79cd6); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x26, &mut x27, x20, 0x5812631a5cf5d3ed); let mut x28: u64 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x28, &mut x29, 0x0, x27, x24); let x30: u64 = ((x29 as u64) + x25); let mut x31: u64 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x31, &mut x32, 0x0, x11, x26); let mut x33: u64 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x13, x28); let mut x35: u64 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x15, x30); let mut x37: u64 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x17, x22); let mut x39: u64 = 0; let mut x40: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x19, x23); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x41, &mut x42, x1, (arg1[3])); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x43, &mut x44, x1, (arg1[2])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x45, &mut x46, x1, (arg1[1])); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg1[0])); let mut x49: u64 = 0; let mut x50: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x49, &mut x50, 0x0, x48, x45); let mut x51: u64 = 0; let mut x52: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x51, &mut x52, x50, x46, x43); let mut x53: u64 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x53, &mut x54, x52, x44, x41); let x55: u64 = ((x54 as u64) + x42); let mut x56: u64 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x56, &mut x57, 0x0, x33, x47); let mut x58: u64 = 0; let mut x59: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x58, &mut x59, x57, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x62, &mut x63, x61, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x64, &mut x65, x63, (x40 as u64), x55); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x66, &mut x67, x56, 0xd2b51da312547e1b); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x68, &mut x69, x66, 0x1000000000000000); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x70, &mut x71, x66, 0x14def9dea2f79cd6); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x72, &mut x73, x66, 0x5812631a5cf5d3ed); let mut x74: u64 = 0; let mut x75: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x74, &mut x75, 0x0, x73, x70); let x76: u64 = ((x75 as u64) + x71); let mut x77: u64 = 0; let mut x78: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x77, &mut x78, 0x0, x56, x72); let mut x79: u64 = 0; let mut x80: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x79, &mut x80, x78, x58, x74); let mut x81: u64 = 0; let mut x82: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x81, &mut x82, x80, x60, x76); let mut x83: u64 = 0; let mut x84: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x83, &mut x84, x82, x62, x68); let mut x85: u64 = 0; let mut x86: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x64, x69); let x87: u64 = ((x86 as u64) + (x65 as u64)); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x88, &mut x89, x2, (arg1[3])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x90, &mut x91, x2, (arg1[2])); let mut x92: u64 = 0; let mut x93: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x92, &mut x93, x2, (arg1[1])); let mut x94: u64 = 0; let mut x95: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x94, &mut x95, x2, (arg1[0])); let mut x96: u64 = 0; let mut x97: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x96, &mut x97, 0x0, x95, x92); let mut x98: u64 = 0; let mut x99: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x93, x90); let mut x100: u64 = 0; let mut x101: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x91, x88); let x102: u64 = ((x101 as u64) + x89); let mut x103: u64 = 0; let mut x104: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x103, &mut x104, 0x0, x79, x94); let mut x105: u64 = 0; let mut x106: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x105, &mut x106, x104, x81, x96); let mut x107: u64 = 0; let mut x108: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x107, &mut x108, x106, x83, x98); let mut x109: u64 = 0; let mut x110: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x109, &mut x110, x108, x85, x100); let mut x111: u64 = 0; let mut x112: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x111, &mut x112, x110, x87, x102); let mut x113: u64 = 0; let mut x114: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x113, &mut x114, x103, 0xd2b51da312547e1b); let mut x115: u64 = 0; let mut x116: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x115, &mut x116, x113, 0x1000000000000000); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x117, &mut x118, x113, 0x14def9dea2f79cd6); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x119, &mut x120, x113, 0x5812631a5cf5d3ed); let mut x121: u64 = 0; let mut x122: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x121, &mut x122, 0x0, x120, x117); let x123: u64 = ((x122 as u64) + x118); let mut x124: u64 = 0; let mut x125: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x124, &mut x125, 0x0, x103, x119); let mut x126: u64 = 0; let mut x127: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x126, &mut x127, x125, x105, x121); let mut x128: u64 = 0; let mut x129: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x128, &mut x129, x127, x107, x123); let mut x130: u64 = 0; let mut x131: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x130, &mut x131, x129, x109, x115); let mut x132: u64 = 0; let mut x133: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x132, &mut x133, x131, x111, x116); let x134: u64 = ((x133 as u64) + (x112 as u64)); let mut x135: u64 = 0; let mut x136: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x135, &mut x136, x3, (arg1[3])); let mut x137: u64 = 0; let mut x138: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x137, &mut x138, x3, (arg1[2])); let mut x139: u64 = 0; let mut x140: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x139, &mut x140, x3, (arg1[1])); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x141, &mut x142, x3, (arg1[0])); let mut x143: u64 = 0; let mut x144: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x143, &mut x144, 0x0, x142, x139); let mut x145: u64 = 0; let mut x146: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x145, &mut x146, x144, x140, x137); let mut x147: u64 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x147, &mut x148, x146, x138, x135); let x149: u64 = ((x148 as u64) + x136); let mut x150: u64 = 0; let mut x151: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x150, &mut x151, 0x0, x126, x141); let mut x152: u64 = 0; let mut x153: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x152, &mut x153, x151, x128, x143); let mut x154: u64 = 0; let mut x155: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x154, &mut x155, x153, x130, x145); let mut x156: u64 = 0; let mut x157: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x156, &mut x157, x155, x132, x147); let mut x158: u64 = 0; let mut x159: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x158, &mut x159, x157, x134, x149); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x160, &mut x161, x150, 0xd2b51da312547e1b); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x162, &mut x163, x160, 0x1000000000000000); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x164, &mut x165, x160, 0x14def9dea2f79cd6); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x166, &mut x167, x160, 0x5812631a5cf5d3ed); let mut x168: u64 = 0; let mut x169: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x167, x164); let x170: u64 = ((x169 as u64) + x165); let mut x171: u64 = 0; let mut x172: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x171, &mut x172, 0x0, x150, x166); let mut x173: u64 = 0; let mut x174: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x173, &mut x174, x172, x152, x168); let mut x175: u64 = 0; let mut x176: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x154, x170); let mut x177: u64 = 0; let mut x178: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x156, x162); let mut x179: u64 = 0; let mut x180: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x179, &mut x180, x178, x158, x163); let x181: u64 = ((x180 as u64) + (x159 as u64)); let mut x182: u64 = 0; let mut x183: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x182, &mut x183, 0x0, x173, 0x5812631a5cf5d3ed); let mut x184: u64 = 0; let mut x185: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x184, &mut x185, x183, x175, 0x14def9dea2f79cd6); let mut x186: u64 = 0; let mut x187: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x186, &mut x187, x185, x177, (0x0 as u64)); let mut x188: u64 = 0; let mut x189: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x188, &mut x189, x187, x179, 0x1000000000000000); let mut x190: u64 = 0; let mut x191: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x190, &mut x191, x189, x181, (0x0 as u64)); let mut x192: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x192, x191, x182, x173); let mut x193: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x193, x191, x184, x175); let mut x194: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x194, x191, x186, x177); let mut x195: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x195, x191, x188, x179); out1[0] = x192; out1[1] = x193; out1[2] = x194; out1[3] = x195; } /// The function fiat_25519_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_add(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, 0x5812631a5cf5d3ed); let mut x11: u64 = 0; let mut x12: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0x14def9dea2f79cd6); let mut x13: u64 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x13, &mut x14, x12, x5, (0x0 as u64)); let mut x15: u64 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0x1000000000000000); let mut x17: u64 = 0; let mut x18: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_25519_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_sub(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element, arg2: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0x5812631a5cf5d3ed)); let mut x12: u64 = 0; let mut x13: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0x14def9dea2f79cd6)); let mut x14: u64 = 0; let mut x15: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, (0x0 as u64)); let mut x16: u64 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0x1000000000000000)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_25519_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_opp(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0x5812631a5cf5d3ed)); let mut x12: u64 = 0; let mut x13: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0x14def9dea2f79cd6)); let mut x14: u64 = 0; let mut x15: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, (0x0 as u64)); let mut x16: u64 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0x1000000000000000)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_25519_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_from_montgomery(out1: &mut fiat_25519_scalar_non_montgomery_domain_field_element, arg1: &fiat_25519_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x2, &mut x3, x1, 0xd2b51da312547e1b); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x4, &mut x5, x2, 0x1000000000000000); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x6, &mut x7, x2, 0x14def9dea2f79cd6); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x8, &mut x9, x2, 0x5812631a5cf5d3ed); let mut x10: u64 = 0; let mut x11: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x9, x6); let mut x12: u64 = 0; let mut x13: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, x1, x8); let mut x14: u64 = 0; let mut x15: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), x10); let mut x16: u64 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x16, &mut x17, 0x0, x14, (arg1[1])); let mut x18: u64 = 0; let mut x19: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x18, &mut x19, x16, 0xd2b51da312547e1b); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x20, &mut x21, x18, 0x1000000000000000); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x22, &mut x23, x18, 0x14def9dea2f79cd6); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x24, &mut x25, x18, 0x5812631a5cf5d3ed); let mut x26: u64 = 0; let mut x27: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x26, &mut x27, 0x0, x25, x22); let mut x28: u64 = 0; let mut x29: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x28, &mut x29, 0x0, x16, x24); let mut x30: u64 = 0; let mut x31: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x30, &mut x31, x29, ((x17 as u64) + ((x15 as u64) + ((x11 as u64) + x7))), x26); let mut x32: u64 = 0; let mut x33: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x4, ((x27 as u64) + x23)); let mut x34: u64 = 0; let mut x35: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x5, x20); let mut x36: u64 = 0; let mut x37: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x36, &mut x37, 0x0, x30, (arg1[2])); let mut x38: u64 = 0; let mut x39: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x38, &mut x39, x37, x32, (0x0 as u64)); let mut x40: u64 = 0; let mut x41: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x40, &mut x41, x39, x34, (0x0 as u64)); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x42, &mut x43, x36, 0xd2b51da312547e1b); let mut x44: u64 = 0; let mut x45: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x44, &mut x45, x42, 0x1000000000000000); let mut x46: u64 = 0; let mut x47: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x46, &mut x47, x42, 0x14def9dea2f79cd6); let mut x48: u64 = 0; let mut x49: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x48, &mut x49, x42, 0x5812631a5cf5d3ed); let mut x50: u64 = 0; let mut x51: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x50, &mut x51, 0x0, x49, x46); let mut x52: u64 = 0; let mut x53: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x52, &mut x53, 0x0, x36, x48); let mut x54: u64 = 0; let mut x55: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x54, &mut x55, x53, x38, x50); let mut x56: u64 = 0; let mut x57: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x56, &mut x57, x55, x40, ((x51 as u64) + x47)); let mut x58: u64 = 0; let mut x59: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x58, &mut x59, x57, ((x41 as u64) + ((x35 as u64) + x21)), x44); let mut x60: u64 = 0; let mut x61: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x60, &mut x61, 0x0, x54, (arg1[3])); let mut x62: u64 = 0; let mut x63: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x62, &mut x63, x61, x56, (0x0 as u64)); let mut x64: u64 = 0; let mut x65: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x58, (0x0 as u64)); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x66, &mut x67, x60, 0xd2b51da312547e1b); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x68, &mut x69, x66, 0x1000000000000000); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x70, &mut x71, x66, 0x14def9dea2f79cd6); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x72, &mut x73, x66, 0x5812631a5cf5d3ed); let mut x74: u64 = 0; let mut x75: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x74, &mut x75, 0x0, x73, x70); let mut x76: u64 = 0; let mut x77: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x76, &mut x77, 0x0, x60, x72); let mut x78: u64 = 0; let mut x79: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x78, &mut x79, x77, x62, x74); let mut x80: u64 = 0; let mut x81: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x80, &mut x81, x79, x64, ((x75 as u64) + x71)); let mut x82: u64 = 0; let mut x83: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x82, &mut x83, x81, ((x65 as u64) + ((x59 as u64) + x45)), x68); let x84: u64 = ((x83 as u64) + x69); let mut x85: u64 = 0; let mut x86: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x85, &mut x86, 0x0, x78, 0x5812631a5cf5d3ed); let mut x87: u64 = 0; let mut x88: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x87, &mut x88, x86, x80, 0x14def9dea2f79cd6); let mut x89: u64 = 0; let mut x90: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x89, &mut x90, x88, x82, (0x0 as u64)); let mut x91: u64 = 0; let mut x92: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x91, &mut x92, x90, x84, 0x1000000000000000); let mut x93: u64 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x93, &mut x94, x92, (0x0 as u64), (0x0 as u64)); let mut x95: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x95, x94, x85, x78); let mut x96: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x96, x94, x87, x80); let mut x97: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x97, x94, x89, x82); let mut x98: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x98, x94, x91, x84); out1[0] = x95; out1[1] = x96; out1[2] = x97; out1[3] = x98; } /// The function fiat_25519_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_to_montgomery(out1: &mut fiat_25519_scalar_montgomery_domain_field_element, arg1: &fiat_25519_scalar_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x5, &mut x6, x4, 0x399411b7c309a3d); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x7, &mut x8, x4, 0xceec73d217f5be65); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x9, &mut x10, x4, 0xd00e1ba768859347); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x11, &mut x12, x4, 0xa40611e3449c0f01); let mut x13: u64 = 0; let mut x14: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x19, &mut x20, x11, 0xd2b51da312547e1b); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x21, &mut x22, x19, 0x1000000000000000); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x23, &mut x24, x19, 0x14def9dea2f79cd6); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x25, &mut x26, x19, 0x5812631a5cf5d3ed); let mut x27: u64 = 0; let mut x28: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x27, &mut x28, 0x0, x26, x23); let mut x29: u64 = 0; let mut x30: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x29, &mut x30, 0x0, x11, x25); let mut x31: u64 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x31, &mut x32, x30, x13, x27); let mut x33: u64 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x15, ((x28 as u64) + x24)); let mut x35: u64 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x17, x21); let mut x37: u64 = 0; let mut x38: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x37, &mut x38, x1, 0x399411b7c309a3d); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x39, &mut x40, x1, 0xceec73d217f5be65); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x41, &mut x42, x1, 0xd00e1ba768859347); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x43, &mut x44, x1, 0xa40611e3449c0f01); let mut x45: u64 = 0; let mut x46: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x45, &mut x46, 0x0, x44, x41); let mut x47: u64 = 0; let mut x48: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x47, &mut x48, x46, x42, x39); let mut x49: u64 = 0; let mut x50: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x49, &mut x50, x48, x40, x37); let mut x51: u64 = 0; let mut x52: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x51, &mut x52, 0x0, x31, x43); let mut x53: u64 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x53, &mut x54, x52, x33, x45); let mut x55: u64 = 0; let mut x56: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x55, &mut x56, x54, x35, x47); let mut x57: u64 = 0; let mut x58: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x57, &mut x58, x56, (((x36 as u64) + ((x18 as u64) + x6)) + x22), x49); let mut x59: u64 = 0; let mut x60: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x59, &mut x60, x51, 0xd2b51da312547e1b); let mut x61: u64 = 0; let mut x62: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x61, &mut x62, x59, 0x1000000000000000); let mut x63: u64 = 0; let mut x64: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x63, &mut x64, x59, 0x14def9dea2f79cd6); let mut x65: u64 = 0; let mut x66: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x65, &mut x66, x59, 0x5812631a5cf5d3ed); let mut x67: u64 = 0; let mut x68: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x67, &mut x68, 0x0, x66, x63); let mut x69: u64 = 0; let mut x70: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x69, &mut x70, 0x0, x51, x65); let mut x71: u64 = 0; let mut x72: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x71, &mut x72, x70, x53, x67); let mut x73: u64 = 0; let mut x74: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x73, &mut x74, x72, x55, ((x68 as u64) + x64)); let mut x75: u64 = 0; let mut x76: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x75, &mut x76, x74, x57, x61); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x77, &mut x78, x2, 0x399411b7c309a3d); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x79, &mut x80, x2, 0xceec73d217f5be65); let mut x81: u64 = 0; let mut x82: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x81, &mut x82, x2, 0xd00e1ba768859347); let mut x83: u64 = 0; let mut x84: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x83, &mut x84, x2, 0xa40611e3449c0f01); let mut x85: u64 = 0; let mut x86: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x85, &mut x86, 0x0, x84, x81); let mut x87: u64 = 0; let mut x88: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x82, x79); let mut x89: u64 = 0; let mut x90: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x89, &mut x90, x88, x80, x77); let mut x91: u64 = 0; let mut x92: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x91, &mut x92, 0x0, x71, x83); let mut x93: u64 = 0; let mut x94: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x73, x85); let mut x95: u64 = 0; let mut x96: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x75, x87); let mut x97: u64 = 0; let mut x98: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x97, &mut x98, x96, (((x76 as u64) + ((x58 as u64) + ((x50 as u64) + x38))) + x62), x89); let mut x99: u64 = 0; let mut x100: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x99, &mut x100, x91, 0xd2b51da312547e1b); let mut x101: u64 = 0; let mut x102: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x101, &mut x102, x99, 0x1000000000000000); let mut x103: u64 = 0; let mut x104: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x103, &mut x104, x99, 0x14def9dea2f79cd6); let mut x105: u64 = 0; let mut x106: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x105, &mut x106, x99, 0x5812631a5cf5d3ed); let mut x107: u64 = 0; let mut x108: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x107, &mut x108, 0x0, x106, x103); let mut x109: u64 = 0; let mut x110: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x109, &mut x110, 0x0, x91, x105); let mut x111: u64 = 0; let mut x112: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x111, &mut x112, x110, x93, x107); let mut x113: u64 = 0; let mut x114: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x113, &mut x114, x112, x95, ((x108 as u64) + x104)); let mut x115: u64 = 0; let mut x116: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x115, &mut x116, x114, x97, x101); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x117, &mut x118, x3, 0x399411b7c309a3d); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x119, &mut x120, x3, 0xceec73d217f5be65); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x121, &mut x122, x3, 0xd00e1ba768859347); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x123, &mut x124, x3, 0xa40611e3449c0f01); let mut x125: u64 = 0; let mut x126: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let mut x129: u64 = 0; let mut x130: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x129, &mut x130, x128, x120, x117); let mut x131: u64 = 0; let mut x132: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x131, &mut x132, 0x0, x111, x123); let mut x133: u64 = 0; let mut x134: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x113, x125); let mut x135: u64 = 0; let mut x136: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x115, x127); let mut x137: u64 = 0; let mut x138: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x137, &mut x138, x136, (((x116 as u64) + ((x98 as u64) + ((x90 as u64) + x78))) + x102), x129); let mut x139: u64 = 0; let mut x140: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x139, &mut x140, x131, 0xd2b51da312547e1b); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x141, &mut x142, x139, 0x1000000000000000); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x143, &mut x144, x139, 0x14def9dea2f79cd6); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_25519_scalar_mulx_u64(&mut x145, &mut x146, x139, 0x5812631a5cf5d3ed); let mut x147: u64 = 0; let mut x148: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x147, &mut x148, 0x0, x146, x143); let mut x149: u64 = 0; let mut x150: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x149, &mut x150, 0x0, x131, x145); let mut x151: u64 = 0; let mut x152: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x151, &mut x152, x150, x133, x147); let mut x153: u64 = 0; let mut x154: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x153, &mut x154, x152, x135, ((x148 as u64) + x144)); let mut x155: u64 = 0; let mut x156: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x155, &mut x156, x154, x137, x141); let x157: u64 = (((x156 as u64) + ((x138 as u64) + ((x130 as u64) + x118))) + x142); let mut x158: u64 = 0; let mut x159: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x158, &mut x159, 0x0, x151, 0x5812631a5cf5d3ed); let mut x160: u64 = 0; let mut x161: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x160, &mut x161, x159, x153, 0x14def9dea2f79cd6); let mut x162: u64 = 0; let mut x163: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x162, &mut x163, x161, x155, (0x0 as u64)); let mut x164: u64 = 0; let mut x165: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x164, &mut x165, x163, x157, 0x1000000000000000); let mut x166: u64 = 0; let mut x167: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x166, &mut x167, x165, (0x0 as u64), (0x0 as u64)); let mut x168: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x168, x167, x158, x151); let mut x169: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x169, x167, x160, x153); let mut x170: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x170, x167, x162, x155); let mut x171: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x171, x167, x164, x157); out1[0] = x168; out1[1] = x169; out1[2] = x170; out1[3] = x171; } /// The function fiat_25519_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_25519_scalar_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_25519_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_25519_scalar_selectznz(out1: &mut [u64; 4], arg1: fiat_25519_scalar_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_25519_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x1fffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1f]] #[inline] pub fn fiat_25519_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u8 = ((x58 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x53; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; } /// The function fiat_25519_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1f]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x1fffffffffffffff]] #[inline] pub fn fiat_25519_scalar_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 56); let x2: u64 = (((arg1[30]) as u64) << 48); let x3: u64 = (((arg1[29]) as u64) << 40); let x4: u64 = (((arg1[28]) as u64) << 32); let x5: u64 = (((arg1[27]) as u64) << 24); let x6: u64 = (((arg1[26]) as u64) << 16); let x7: u64 = (((arg1[25]) as u64) << 8); let x8: u8 = (arg1[24]); let x9: u64 = (((arg1[23]) as u64) << 56); let x10: u64 = (((arg1[22]) as u64) << 48); let x11: u64 = (((arg1[21]) as u64) << 40); let x12: u64 = (((arg1[20]) as u64) << 32); let x13: u64 = (((arg1[19]) as u64) << 24); let x14: u64 = (((arg1[18]) as u64) << 16); let x15: u64 = (((arg1[17]) as u64) << 8); let x16: u8 = (arg1[16]); let x17: u64 = (((arg1[15]) as u64) << 56); let x18: u64 = (((arg1[14]) as u64) << 48); let x19: u64 = (((arg1[13]) as u64) << 40); let x20: u64 = (((arg1[12]) as u64) << 32); let x21: u64 = (((arg1[11]) as u64) << 24); let x22: u64 = (((arg1[10]) as u64) << 16); let x23: u64 = (((arg1[9]) as u64) << 8); let x24: u8 = (arg1[8]); let x25: u64 = (((arg1[7]) as u64) << 56); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x25 + x38); let x40: u64 = (x23 + (x24 as u64)); let x41: u64 = (x22 + x40); let x42: u64 = (x21 + x41); let x43: u64 = (x20 + x42); let x44: u64 = (x19 + x43); let x45: u64 = (x18 + x44); let x46: u64 = (x17 + x45); let x47: u64 = (x15 + (x16 as u64)); let x48: u64 = (x14 + x47); let x49: u64 = (x13 + x48); let x50: u64 = (x12 + x49); let x51: u64 = (x11 + x50); let x52: u64 = (x10 + x51); let x53: u64 = (x9 + x52); let x54: u64 = (x7 + (x8 as u64)); let x55: u64 = (x6 + x54); let x56: u64 = (x5 + x55); let x57: u64 = (x4 + x56); let x58: u64 = (x3 + x57); let x59: u64 = (x2 + x58); let x60: u64 = (x1 + x59); out1[0] = x39; out1[1] = x46; out1[2] = x53; out1[3] = x60; } /// The function fiat_25519_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_25519_scalar_set_one(out1: &mut fiat_25519_scalar_montgomery_domain_field_element) { out1[0] = 0xd6ec31748d98951d; out1[1] = 0xc6ef5bf4737dcf70; out1[2] = 0xfffffffffffffffe; out1[3] = 0xfffffffffffffff; } /// The function fiat_25519_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_25519_scalar_msat(out1: &mut [u64; 5]) { out1[0] = 0x5812631a5cf5d3ed; out1[1] = 0x14def9dea2f79cd6; out1[2] = (0x0 as u64); out1[3] = 0x1000000000000000; out1[4] = (0x0 as u64); } /// The function fiat_25519_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_25519_scalar_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_25519_scalar_u1 = (((x1 >> 63) as fiat_25519_scalar_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_25519_scalar_u1)); let mut x4: u64 = 0; let mut x5: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, 0x5812631a5cf5d3ed); let mut x41: u64 = 0; let mut x42: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0x14def9dea2f79cd6); let mut x43: u64 = 0; let mut x44: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x43, &mut x44, x42, x35, (0x0 as u64)); let mut x45: u64 = 0; let mut x46: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0x1000000000000000); let mut x47: u64 = 0; let mut x48: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, (x61 & 0x5812631a5cf5d3ed)); let mut x64: u64 = 0; let mut x65: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x55, (x61 & 0x14def9dea2f79cd6)); let mut x66: u64 = 0; let mut x67: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x57, (0x0 as u64)); let mut x68: u64 = 0; let mut x69: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x59, (x61 & 0x1000000000000000)); let mut x70: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_25519_scalar_u1 = ((x22 & (0x1 as u64)) as fiat_25519_scalar_u1); let mut x75: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, 0x5812631a5cf5d3ed); let mut x104: u64 = 0; let mut x105: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0x14def9dea2f79cd6); let mut x106: u64 = 0; let mut x107: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x106, &mut x107, x105, x98, (0x0 as u64)); let mut x108: u64 = 0; let mut x109: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0x1000000000000000); let mut x110: u64 = 0; let mut x111: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_25519_scalar_u1 = 0; fiat_25519_scalar_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_25519_scalar_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_25519_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_25519_scalar_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0xd70af84436a7cb92; out1[1] = 0x5f71c978b0b8b159; out1[2] = 0xe76d816974947f1a; out1[3] = 0x19a2d36f193e4ff; } fiat-crypto-0.2.2/src/curve25519_solinas_64.rs000064400000000000000000000522001046102023000170150ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/solinas_reduction' --lang Rust --inline curve25519_solinas 64 '2^255 - 19' mul square //! curve description: curve25519_solinas //! machine_wordsize = 64 (from "64") //! requested operations: mul, square //! s-c = 2^255 - [(1, 19)] (from "2^255 - 19") //! //! Computed values: //! #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_curve25519_solinas_u1 = u8; pub type fiat_curve25519_solinas_i1 = i8; pub type fiat_curve25519_solinas_u2 = u8; pub type fiat_curve25519_solinas_i2 = i8; /// The function fiat_curve25519_solinas_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_curve25519_solinas_addcarryx_u64(out1: &mut u64, out2: &mut fiat_curve25519_solinas_u1, arg1: fiat_curve25519_solinas_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_curve25519_solinas_u1 = ((x1 >> 64) as fiat_curve25519_solinas_u1); *out1 = x2; *out2 = x3; } /// The function fiat_curve25519_solinas_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_curve25519_solinas_subborrowx_u64(out1: &mut u64, out2: &mut fiat_curve25519_solinas_u1, arg1: fiat_curve25519_solinas_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_curve25519_solinas_i1 = ((x1 >> 64) as fiat_curve25519_solinas_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_curve25519_solinas_i2) - (x2 as fiat_curve25519_solinas_i2)) as fiat_curve25519_solinas_u1); } /// The function fiat_curve25519_solinas_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_curve25519_solinas_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_curve25519_solinas_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_curve25519_solinas_cmovznz_u64(out1: &mut u64, arg1: fiat_curve25519_solinas_u1, arg2: u64, arg3: u64) { let x1: fiat_curve25519_solinas_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_curve25519_solinas_i2) - (x1 as fiat_curve25519_solinas_i2)) as fiat_curve25519_solinas_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_curve25519_solinas_mul multiplies two field elements. /// /// Postconditions: /// eval out1 mod 57896044618658097711785492504343953926634992332820282019728792003956564819949 = (eval arg1 * eval arg2) mod 57896044618658097711785492504343953926634992332820282019728792003956564819949 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_curve25519_solinas_mul(out1: &mut [u64; 4], arg1: &[u64; 4], arg2: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x1, &mut x2, (arg1[3]), (arg2[3])); let mut x3: u64 = 0; let mut x4: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x3, &mut x4, (arg1[3]), (arg2[2])); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x5, &mut x6, (arg1[3]), (arg2[1])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x7, &mut x8, (arg1[3]), (arg2[0])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x9, &mut x10, (arg1[2]), (arg2[3])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x11, &mut x12, (arg1[2]), (arg2[2])); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x13, &mut x14, (arg1[2]), (arg2[1])); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x15, &mut x16, (arg1[2]), (arg2[0])); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x17, &mut x18, (arg1[1]), (arg2[3])); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x19, &mut x20, (arg1[1]), (arg2[2])); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x21, &mut x22, (arg1[1]), (arg2[1])); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x23, &mut x24, (arg1[1]), (arg2[0])); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x25, &mut x26, (arg1[0]), (arg2[3])); let mut x27: u64 = 0; let mut x28: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x27, &mut x28, (arg1[0]), (arg2[2])); let mut x29: u64 = 0; let mut x30: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x29, &mut x30, (arg1[0]), (arg2[1])); let mut x31: u64 = 0; let mut x32: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x31, &mut x32, (arg1[0]), (arg2[0])); let mut x33: u64 = 0; let mut x34: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x33, &mut x34, 0x0, x28, x7); let mut x35: u64 = 0; let mut x36: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x35, &mut x36, x34, x26, x5); let x37: u64 = ((x36 as u64) + x18); let mut x38: u64 = 0; let mut x39: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x38, &mut x39, 0x0, x33, x13); let mut x40: u64 = 0; let mut x41: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x40, &mut x41, x39, x35, x8); let mut x42: u64 = 0; let mut x43: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x42, &mut x43, x41, x37, (0x0 as u64)); let x44: u64 = ((x43 as u64) + x10); let mut x45: u64 = 0; let mut x46: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x45, &mut x46, 0x0, x30, x15); let mut x47: u64 = 0; let mut x48: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x47, &mut x48, x46, x38, x16); let mut x49: u64 = 0; let mut x50: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x49, &mut x50, x48, x40, x11); let mut x51: u64 = 0; let mut x52: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x51, &mut x52, x50, x42, x3); let mut x53: u64 = 0; let mut x54: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x53, &mut x54, x52, x44, (0x0 as u64)); let x55: u64 = ((x54 as u64) + x2); let mut x56: u64 = 0; let mut x57: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x56, &mut x57, 0x0, x45, x21); let mut x58: u64 = 0; let mut x59: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x58, &mut x59, x57, x47, x19); let mut x60: u64 = 0; let mut x61: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x60, &mut x61, x59, x49, x14); let mut x62: u64 = 0; let mut x63: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x62, &mut x63, x61, x51, x6); let mut x64: u64 = 0; let mut x65: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x64, &mut x65, x63, x53, (0x0 as u64)); let mut x66: u64 = 0; let mut x67: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x66, &mut x67, x65, x55, (0x0 as u64)); let mut x68: u64 = 0; let mut x69: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x68, &mut x69, 0x0, x32, x23); let mut x70: u64 = 0; let mut x71: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x70, &mut x71, x69, x56, x24); let mut x72: u64 = 0; let mut x73: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x72, &mut x73, x71, x58, x22); let mut x74: u64 = 0; let mut x75: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x74, &mut x75, x73, x60, x17); let mut x76: u64 = 0; let mut x77: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x76, &mut x77, x75, x62, x9); let mut x78: u64 = 0; let mut x79: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x78, &mut x79, x77, x64, x1); let mut x80: u64 = 0; let mut x81: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x80, &mut x81, x79, x66, (0x0 as u64)); let mut x82: u64 = 0; let mut x83: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x82, &mut x83, 0x0, x68, x29); let mut x84: u64 = 0; let mut x85: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x84, &mut x85, x83, x70, x27); let mut x86: u64 = 0; let mut x87: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x86, &mut x87, x85, x72, x25); let mut x88: u64 = 0; let mut x89: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x88, &mut x89, x87, x74, x20); let mut x90: u64 = 0; let mut x91: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x90, &mut x91, x89, x76, x12); let mut x92: u64 = 0; let mut x93: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x92, &mut x93, x91, x78, x4); let mut x94: u64 = 0; let mut x95: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x94, &mut x95, x93, x80, (0x0 as u64)); let mut x96: u64 = 0; let mut x97: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x96, &mut x97, 0x26, x94); let mut x98: u64 = 0; let mut x99: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x98, &mut x99, 0x26, x92); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x100, &mut x101, 0x26, x90); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x102, &mut x103, 0x26, x88); let mut x104: u64 = 0; let mut x105: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x104, &mut x105, 0x0, x82, x100); let mut x106: u64 = 0; let mut x107: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x106, &mut x107, x105, x84, x98); let mut x108: u64 = 0; let mut x109: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x108, &mut x109, x107, x86, x96); let x110: u64 = ((x109 as u64) + x97); let mut x111: u64 = 0; let mut x112: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x111, &mut x112, 0x0, x31, x102); let mut x113: u64 = 0; let mut x114: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x113, &mut x114, x112, x104, x103); let mut x115: u64 = 0; let mut x116: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x115, &mut x116, x114, x106, x101); let mut x117: u64 = 0; let mut x118: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x117, &mut x118, x116, x108, x99); let x119: u64 = ((x118 as u64) + x110); let mut x120: u64 = 0; let mut x121: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x120, &mut x121, 0x26, x119); let mut x122: u64 = 0; let mut x123: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x122, &mut x123, 0x0, x111, x120); let mut x124: u64 = 0; let mut x125: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x124, &mut x125, x123, x113, (0x0 as u64)); let mut x126: u64 = 0; let mut x127: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x126, &mut x127, x125, x115, (0x0 as u64)); let mut x128: u64 = 0; let mut x129: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x128, &mut x129, x127, x117, (0x0 as u64)); let mut x130: u64 = 0; fiat_curve25519_solinas_cmovznz_u64(&mut x130, x129, (0x0 as u64), 0x26); let mut x131: u64 = 0; let mut x132: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x131, &mut x132, 0x0, x130, x122); out1[0] = x131; out1[1] = x124; out1[2] = x126; out1[3] = x128; } /// The function fiat_curve25519_solinas_square squares a field element. /// /// Postconditions: /// eval out1 mod 57896044618658097711785492504343953926634992332820282019728792003956564819949 = (eval arg1 * eval arg1) mod 57896044618658097711785492504343953926634992332820282019728792003956564819949 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_curve25519_solinas_square(out1: &mut [u64; 4], arg1: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x1, &mut x2, (arg1[0]), (arg1[3])); let mut x3: u64 = 0; let mut x4: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x3, &mut x4, (arg1[0]), (arg1[2])); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x5, &mut x6, (arg1[0]), (arg1[1])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x7, &mut x8, (arg1[3]), (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x9, &mut x10, (arg1[3]), (arg1[1])); let mut x11: u64 = 0; let mut x12: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x11, &mut x12, 0x0, x6, x3); let mut x13: u64 = 0; let mut x14: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x13, &mut x14, x12, x4, x1); let mut x15: u64 = 0; let mut x16: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x15, &mut x16, x14, x2, x9); let mut x17: u64 = 0; let mut x18: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x17, &mut x18, x16, x10, x7); let x19: u64 = ((x18 as u64) + x8); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x20, &mut x21, (arg1[1]), (arg1[2])); let mut x22: u64 = 0; let mut x23: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x22, &mut x23, 0x0, x13, x20); let mut x24: u64 = 0; let mut x25: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x24, &mut x25, x23, x15, x21); let mut x26: u64 = 0; let mut x27: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x26, &mut x27, x25, x17, (0x0 as u64)); let mut x28: u64 = 0; let mut x29: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x28, &mut x29, x27, x19, (0x0 as u64)); let mut x30: u64 = 0; let mut x31: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x30, &mut x31, 0x0, x5, x5); let mut x32: u64 = 0; let mut x33: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x32, &mut x33, x31, x11, x11); let mut x34: u64 = 0; let mut x35: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x34, &mut x35, x33, x22, x22); let mut x36: u64 = 0; let mut x37: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x36, &mut x37, x35, x24, x24); let mut x38: u64 = 0; let mut x39: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x38, &mut x39, x37, x26, x26); let mut x40: u64 = 0; let mut x41: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x40, &mut x41, x39, x28, x28); let x42: u64 = (((x41 as u64) + (x29 as u64)) + (x29 as u64)); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x43, &mut x44, (arg1[3]), (arg1[3])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x45, &mut x46, (arg1[2]), (arg1[2])); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x47, &mut x48, (arg1[1]), (arg1[1])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x49, &mut x50, (arg1[0]), (arg1[0])); let mut x51: u64 = 0; let mut x52: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x51, &mut x52, 0x0, x30, x50); let mut x53: u64 = 0; let mut x54: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x53, &mut x54, x52, x32, x47); let mut x55: u64 = 0; let mut x56: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x55, &mut x56, x54, x34, x48); let mut x57: u64 = 0; let mut x58: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x57, &mut x58, x56, x36, x45); let mut x59: u64 = 0; let mut x60: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x59, &mut x60, x58, x38, x46); let mut x61: u64 = 0; let mut x62: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x61, &mut x62, x60, x40, x43); let mut x63: u64 = 0; let mut x64: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x63, &mut x64, x62, x42, x44); let mut x65: u64 = 0; let mut x66: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x65, &mut x66, 0x26, x63); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x67, &mut x68, 0x26, x61); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x69, &mut x70, 0x26, x59); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x71, &mut x72, 0x26, x57); let mut x73: u64 = 0; let mut x74: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x73, &mut x74, 0x0, x51, x69); let mut x75: u64 = 0; let mut x76: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x75, &mut x76, x74, x53, x67); let mut x77: u64 = 0; let mut x78: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x77, &mut x78, x76, x55, x65); let x79: u64 = ((x78 as u64) + x66); let mut x80: u64 = 0; let mut x81: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x80, &mut x81, 0x0, x49, x71); let mut x82: u64 = 0; let mut x83: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x82, &mut x83, x81, x73, x72); let mut x84: u64 = 0; let mut x85: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x84, &mut x85, x83, x75, x70); let mut x86: u64 = 0; let mut x87: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x86, &mut x87, x85, x77, x68); let x88: u64 = ((x87 as u64) + x79); let mut x89: u64 = 0; let mut x90: u64 = 0; fiat_curve25519_solinas_mulx_u64(&mut x89, &mut x90, 0x26, x88); let mut x91: u64 = 0; let mut x92: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x91, &mut x92, 0x0, x80, x89); let mut x93: u64 = 0; let mut x94: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x93, &mut x94, x92, x82, (0x0 as u64)); let mut x95: u64 = 0; let mut x96: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x95, &mut x96, x94, x84, (0x0 as u64)); let mut x97: u64 = 0; let mut x98: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x97, &mut x98, x96, x86, (0x0 as u64)); let mut x99: u64 = 0; fiat_curve25519_solinas_cmovznz_u64(&mut x99, x98, (0x0 as u64), 0x26); let mut x100: u64 = 0; let mut x101: fiat_curve25519_solinas_u1 = 0; fiat_curve25519_solinas_addcarryx_u64(&mut x100, &mut x101, 0x0, x99, x91); out1[0] = x100; out1[1] = x93; out1[2] = x95; out1[3] = x97; } fiat-crypto-0.2.2/src/lib.rs000064400000000000000000000013721046102023000137740ustar 00000000000000// AUTOGENERATED FILE: DO NOT EDIT #![cfg_attr(not(feature = "std"), no_std)] pub mod curve25519_32; pub mod curve25519_64; pub mod curve25519_scalar_32; pub mod curve25519_scalar_64; pub mod curve25519_solinas_64; pub mod p224_32; pub mod p224_64; pub mod p256_32; pub mod p256_64; pub mod p256_scalar_32; pub mod p256_scalar_64; pub mod p384_32; pub mod p384_64; pub mod p384_scalar_32; pub mod p384_scalar_64; pub mod p434_64; pub mod p448_solinas_32; pub mod p448_solinas_64; pub mod p521_32; pub mod p521_64; pub mod poly1305_32; pub mod poly1305_64; pub mod secp256k1_dettman_32; pub mod secp256k1_dettman_64; pub mod secp256k1_montgomery_32; pub mod secp256k1_montgomery_64; pub mod secp256k1_montgomery_scalar_32; pub mod secp256k1_montgomery_scalar_64; fiat-crypto-0.2.2/src/p224_32.rs000064400000000000000000004531461046102023000142330ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p224 32 '2^224 - 2^96 + 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p224 //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffffffffffffffffffffffffffff000000000000000000000001 (from "2^224 - 2^96 + 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) in //! if x1 & (2^224-1) < 2^223 then x1 & (2^224-1) else (x1 & (2^224-1)) - 2^224 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p224_u1 = u8; pub type fiat_p224_i1 = i8; pub type fiat_p224_u2 = u8; pub type fiat_p224_i2 = i8; /** The type fiat_p224_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p224_montgomery_domain_field_element(pub [u32; 7]); impl core::ops::Index for fiat_p224_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p224_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p224_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p224_non_montgomery_domain_field_element(pub [u32; 7]); impl core::ops::Index for fiat_p224_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p224_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p224_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p224_addcarryx_u32(out1: &mut u32, out2: &mut fiat_p224_u1, arg1: fiat_p224_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_p224_u1 = ((x1 >> 32) as fiat_p224_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p224_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p224_subborrowx_u32(out1: &mut u32, out2: &mut fiat_p224_u1, arg1: fiat_p224_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_p224_i1 = ((x1 >> 32) as fiat_p224_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p224_i2) - (x2 as fiat_p224_i2)) as fiat_p224_u1); } /// The function fiat_p224_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p224_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_p224_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p224_cmovznz_u32(out1: &mut u32, arg1: fiat_p224_u1, arg2: u32, arg3: u32) { let x1: fiat_p224_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p224_i2) - (x1 as fiat_p224_i2)) as fiat_p224_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p224_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_mul(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[0]); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p224_mulx_u32(&mut x8, &mut x9, x7, (arg2[6])); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p224_mulx_u32(&mut x10, &mut x11, x7, (arg2[5])); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p224_mulx_u32(&mut x12, &mut x13, x7, (arg2[4])); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_p224_mulx_u32(&mut x14, &mut x15, x7, (arg2[3])); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_p224_mulx_u32(&mut x16, &mut x17, x7, (arg2[2])); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_p224_mulx_u32(&mut x18, &mut x19, x7, (arg2[1])); let mut x20: u32 = 0; let mut x21: u32 = 0; fiat_p224_mulx_u32(&mut x20, &mut x21, x7, (arg2[0])); let mut x22: u32 = 0; let mut x23: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u32 = 0; let mut x25: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x24, &mut x25, x23, x19, x16); let mut x26: u32 = 0; let mut x27: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x26, &mut x27, x25, x17, x14); let mut x28: u32 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x28, &mut x29, x27, x15, x12); let mut x30: u32 = 0; let mut x31: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x30, &mut x31, x29, x13, x10); let mut x32: u32 = 0; let mut x33: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x32, &mut x33, x31, x11, x8); let x34: u32 = ((x33 as u32) + x9); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p224_mulx_u32(&mut x35, &mut x36, x20, 0xffffffff); let mut x37: u32 = 0; let mut x38: u32 = 0; fiat_p224_mulx_u32(&mut x37, &mut x38, x35, 0xffffffff); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_p224_mulx_u32(&mut x39, &mut x40, x35, 0xffffffff); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_p224_mulx_u32(&mut x41, &mut x42, x35, 0xffffffff); let mut x43: u32 = 0; let mut x44: u32 = 0; fiat_p224_mulx_u32(&mut x43, &mut x44, x35, 0xffffffff); let mut x45: u32 = 0; let mut x46: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x45, &mut x46, 0x0, x44, x41); let mut x47: u32 = 0; let mut x48: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x47, &mut x48, x46, x42, x39); let mut x49: u32 = 0; let mut x50: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x49, &mut x50, x48, x40, x37); let x51: u32 = ((x50 as u32) + x38); let mut x52: u32 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x52, &mut x53, 0x0, x20, x35); let mut x54: u32 = 0; let mut x55: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x54, &mut x55, x53, x22, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x56, &mut x57, x55, x24, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x58, &mut x59, x57, x26, x43); let mut x60: u32 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x60, &mut x61, x59, x28, x45); let mut x62: u32 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x62, &mut x63, x61, x30, x47); let mut x64: u32 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x64, &mut x65, x63, x32, x49); let mut x66: u32 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x66, &mut x67, x65, x34, x51); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p224_mulx_u32(&mut x68, &mut x69, x1, (arg2[6])); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p224_mulx_u32(&mut x70, &mut x71, x1, (arg2[5])); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p224_mulx_u32(&mut x72, &mut x73, x1, (arg2[4])); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p224_mulx_u32(&mut x74, &mut x75, x1, (arg2[3])); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p224_mulx_u32(&mut x76, &mut x77, x1, (arg2[2])); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p224_mulx_u32(&mut x78, &mut x79, x1, (arg2[1])); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_p224_mulx_u32(&mut x80, &mut x81, x1, (arg2[0])); let mut x82: u32 = 0; let mut x83: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u32 = 0; let mut x85: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x84, &mut x85, x83, x79, x76); let mut x86: u32 = 0; let mut x87: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x86, &mut x87, x85, x77, x74); let mut x88: u32 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x88, &mut x89, x87, x75, x72); let mut x90: u32 = 0; let mut x91: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x90, &mut x91, x89, x73, x70); let mut x92: u32 = 0; let mut x93: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x92, &mut x93, x91, x71, x68); let x94: u32 = ((x93 as u32) + x69); let mut x95: u32 = 0; let mut x96: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x95, &mut x96, 0x0, x54, x80); let mut x97: u32 = 0; let mut x98: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x97, &mut x98, x96, x56, x82); let mut x99: u32 = 0; let mut x100: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x99, &mut x100, x98, x58, x84); let mut x101: u32 = 0; let mut x102: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x101, &mut x102, x100, x60, x86); let mut x103: u32 = 0; let mut x104: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x103, &mut x104, x102, x62, x88); let mut x105: u32 = 0; let mut x106: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x105, &mut x106, x104, x64, x90); let mut x107: u32 = 0; let mut x108: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x107, &mut x108, x106, x66, x92); let mut x109: u32 = 0; let mut x110: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x109, &mut x110, x108, (x67 as u32), x94); let mut x111: u32 = 0; let mut x112: u32 = 0; fiat_p224_mulx_u32(&mut x111, &mut x112, x95, 0xffffffff); let mut x113: u32 = 0; let mut x114: u32 = 0; fiat_p224_mulx_u32(&mut x113, &mut x114, x111, 0xffffffff); let mut x115: u32 = 0; let mut x116: u32 = 0; fiat_p224_mulx_u32(&mut x115, &mut x116, x111, 0xffffffff); let mut x117: u32 = 0; let mut x118: u32 = 0; fiat_p224_mulx_u32(&mut x117, &mut x118, x111, 0xffffffff); let mut x119: u32 = 0; let mut x120: u32 = 0; fiat_p224_mulx_u32(&mut x119, &mut x120, x111, 0xffffffff); let mut x121: u32 = 0; let mut x122: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x121, &mut x122, 0x0, x120, x117); let mut x123: u32 = 0; let mut x124: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x123, &mut x124, x122, x118, x115); let mut x125: u32 = 0; let mut x126: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x125, &mut x126, x124, x116, x113); let x127: u32 = ((x126 as u32) + x114); let mut x128: u32 = 0; let mut x129: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x128, &mut x129, 0x0, x95, x111); let mut x130: u32 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x130, &mut x131, x129, x97, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x132, &mut x133, x131, x99, (0x0 as u32)); let mut x134: u32 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x134, &mut x135, x133, x101, x119); let mut x136: u32 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x136, &mut x137, x135, x103, x121); let mut x138: u32 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x138, &mut x139, x137, x105, x123); let mut x140: u32 = 0; let mut x141: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x140, &mut x141, x139, x107, x125); let mut x142: u32 = 0; let mut x143: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x142, &mut x143, x141, x109, x127); let x144: u32 = ((x143 as u32) + (x110 as u32)); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p224_mulx_u32(&mut x145, &mut x146, x2, (arg2[6])); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_p224_mulx_u32(&mut x147, &mut x148, x2, (arg2[5])); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_p224_mulx_u32(&mut x149, &mut x150, x2, (arg2[4])); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_p224_mulx_u32(&mut x151, &mut x152, x2, (arg2[3])); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_p224_mulx_u32(&mut x153, &mut x154, x2, (arg2[2])); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_p224_mulx_u32(&mut x155, &mut x156, x2, (arg2[1])); let mut x157: u32 = 0; let mut x158: u32 = 0; fiat_p224_mulx_u32(&mut x157, &mut x158, x2, (arg2[0])); let mut x159: u32 = 0; let mut x160: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x159, &mut x160, 0x0, x158, x155); let mut x161: u32 = 0; let mut x162: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x161, &mut x162, x160, x156, x153); let mut x163: u32 = 0; let mut x164: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x163, &mut x164, x162, x154, x151); let mut x165: u32 = 0; let mut x166: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x165, &mut x166, x164, x152, x149); let mut x167: u32 = 0; let mut x168: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x167, &mut x168, x166, x150, x147); let mut x169: u32 = 0; let mut x170: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x169, &mut x170, x168, x148, x145); let x171: u32 = ((x170 as u32) + x146); let mut x172: u32 = 0; let mut x173: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x172, &mut x173, 0x0, x130, x157); let mut x174: u32 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x174, &mut x175, x173, x132, x159); let mut x176: u32 = 0; let mut x177: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x176, &mut x177, x175, x134, x161); let mut x178: u32 = 0; let mut x179: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x178, &mut x179, x177, x136, x163); let mut x180: u32 = 0; let mut x181: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x180, &mut x181, x179, x138, x165); let mut x182: u32 = 0; let mut x183: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x182, &mut x183, x181, x140, x167); let mut x184: u32 = 0; let mut x185: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x184, &mut x185, x183, x142, x169); let mut x186: u32 = 0; let mut x187: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x186, &mut x187, x185, x144, x171); let mut x188: u32 = 0; let mut x189: u32 = 0; fiat_p224_mulx_u32(&mut x188, &mut x189, x172, 0xffffffff); let mut x190: u32 = 0; let mut x191: u32 = 0; fiat_p224_mulx_u32(&mut x190, &mut x191, x188, 0xffffffff); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_p224_mulx_u32(&mut x192, &mut x193, x188, 0xffffffff); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p224_mulx_u32(&mut x194, &mut x195, x188, 0xffffffff); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_p224_mulx_u32(&mut x196, &mut x197, x188, 0xffffffff); let mut x198: u32 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x198, &mut x199, 0x0, x197, x194); let mut x200: u32 = 0; let mut x201: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x200, &mut x201, x199, x195, x192); let mut x202: u32 = 0; let mut x203: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x202, &mut x203, x201, x193, x190); let x204: u32 = ((x203 as u32) + x191); let mut x205: u32 = 0; let mut x206: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x205, &mut x206, 0x0, x172, x188); let mut x207: u32 = 0; let mut x208: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x207, &mut x208, x206, x174, (0x0 as u32)); let mut x209: u32 = 0; let mut x210: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x209, &mut x210, x208, x176, (0x0 as u32)); let mut x211: u32 = 0; let mut x212: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x211, &mut x212, x210, x178, x196); let mut x213: u32 = 0; let mut x214: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x213, &mut x214, x212, x180, x198); let mut x215: u32 = 0; let mut x216: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x215, &mut x216, x214, x182, x200); let mut x217: u32 = 0; let mut x218: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x217, &mut x218, x216, x184, x202); let mut x219: u32 = 0; let mut x220: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x219, &mut x220, x218, x186, x204); let x221: u32 = ((x220 as u32) + (x187 as u32)); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p224_mulx_u32(&mut x222, &mut x223, x3, (arg2[6])); let mut x224: u32 = 0; let mut x225: u32 = 0; fiat_p224_mulx_u32(&mut x224, &mut x225, x3, (arg2[5])); let mut x226: u32 = 0; let mut x227: u32 = 0; fiat_p224_mulx_u32(&mut x226, &mut x227, x3, (arg2[4])); let mut x228: u32 = 0; let mut x229: u32 = 0; fiat_p224_mulx_u32(&mut x228, &mut x229, x3, (arg2[3])); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p224_mulx_u32(&mut x230, &mut x231, x3, (arg2[2])); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p224_mulx_u32(&mut x232, &mut x233, x3, (arg2[1])); let mut x234: u32 = 0; let mut x235: u32 = 0; fiat_p224_mulx_u32(&mut x234, &mut x235, x3, (arg2[0])); let mut x236: u32 = 0; let mut x237: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x236, &mut x237, 0x0, x235, x232); let mut x238: u32 = 0; let mut x239: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x238, &mut x239, x237, x233, x230); let mut x240: u32 = 0; let mut x241: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x240, &mut x241, x239, x231, x228); let mut x242: u32 = 0; let mut x243: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x242, &mut x243, x241, x229, x226); let mut x244: u32 = 0; let mut x245: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x244, &mut x245, x243, x227, x224); let mut x246: u32 = 0; let mut x247: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x246, &mut x247, x245, x225, x222); let x248: u32 = ((x247 as u32) + x223); let mut x249: u32 = 0; let mut x250: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x249, &mut x250, 0x0, x207, x234); let mut x251: u32 = 0; let mut x252: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x251, &mut x252, x250, x209, x236); let mut x253: u32 = 0; let mut x254: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x253, &mut x254, x252, x211, x238); let mut x255: u32 = 0; let mut x256: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x255, &mut x256, x254, x213, x240); let mut x257: u32 = 0; let mut x258: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x257, &mut x258, x256, x215, x242); let mut x259: u32 = 0; let mut x260: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x259, &mut x260, x258, x217, x244); let mut x261: u32 = 0; let mut x262: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x261, &mut x262, x260, x219, x246); let mut x263: u32 = 0; let mut x264: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x263, &mut x264, x262, x221, x248); let mut x265: u32 = 0; let mut x266: u32 = 0; fiat_p224_mulx_u32(&mut x265, &mut x266, x249, 0xffffffff); let mut x267: u32 = 0; let mut x268: u32 = 0; fiat_p224_mulx_u32(&mut x267, &mut x268, x265, 0xffffffff); let mut x269: u32 = 0; let mut x270: u32 = 0; fiat_p224_mulx_u32(&mut x269, &mut x270, x265, 0xffffffff); let mut x271: u32 = 0; let mut x272: u32 = 0; fiat_p224_mulx_u32(&mut x271, &mut x272, x265, 0xffffffff); let mut x273: u32 = 0; let mut x274: u32 = 0; fiat_p224_mulx_u32(&mut x273, &mut x274, x265, 0xffffffff); let mut x275: u32 = 0; let mut x276: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x275, &mut x276, 0x0, x274, x271); let mut x277: u32 = 0; let mut x278: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x277, &mut x278, x276, x272, x269); let mut x279: u32 = 0; let mut x280: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x279, &mut x280, x278, x270, x267); let x281: u32 = ((x280 as u32) + x268); let mut x282: u32 = 0; let mut x283: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x282, &mut x283, 0x0, x249, x265); let mut x284: u32 = 0; let mut x285: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x284, &mut x285, x283, x251, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x286, &mut x287, x285, x253, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x288, &mut x289, x287, x255, x273); let mut x290: u32 = 0; let mut x291: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x290, &mut x291, x289, x257, x275); let mut x292: u32 = 0; let mut x293: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x292, &mut x293, x291, x259, x277); let mut x294: u32 = 0; let mut x295: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x294, &mut x295, x293, x261, x279); let mut x296: u32 = 0; let mut x297: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x296, &mut x297, x295, x263, x281); let x298: u32 = ((x297 as u32) + (x264 as u32)); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_p224_mulx_u32(&mut x299, &mut x300, x4, (arg2[6])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_p224_mulx_u32(&mut x301, &mut x302, x4, (arg2[5])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_p224_mulx_u32(&mut x303, &mut x304, x4, (arg2[4])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_p224_mulx_u32(&mut x305, &mut x306, x4, (arg2[3])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_p224_mulx_u32(&mut x307, &mut x308, x4, (arg2[2])); let mut x309: u32 = 0; let mut x310: u32 = 0; fiat_p224_mulx_u32(&mut x309, &mut x310, x4, (arg2[1])); let mut x311: u32 = 0; let mut x312: u32 = 0; fiat_p224_mulx_u32(&mut x311, &mut x312, x4, (arg2[0])); let mut x313: u32 = 0; let mut x314: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x313, &mut x314, 0x0, x312, x309); let mut x315: u32 = 0; let mut x316: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x315, &mut x316, x314, x310, x307); let mut x317: u32 = 0; let mut x318: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x317, &mut x318, x316, x308, x305); let mut x319: u32 = 0; let mut x320: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x319, &mut x320, x318, x306, x303); let mut x321: u32 = 0; let mut x322: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x321, &mut x322, x320, x304, x301); let mut x323: u32 = 0; let mut x324: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x323, &mut x324, x322, x302, x299); let x325: u32 = ((x324 as u32) + x300); let mut x326: u32 = 0; let mut x327: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x326, &mut x327, 0x0, x284, x311); let mut x328: u32 = 0; let mut x329: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x328, &mut x329, x327, x286, x313); let mut x330: u32 = 0; let mut x331: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x330, &mut x331, x329, x288, x315); let mut x332: u32 = 0; let mut x333: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x332, &mut x333, x331, x290, x317); let mut x334: u32 = 0; let mut x335: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x334, &mut x335, x333, x292, x319); let mut x336: u32 = 0; let mut x337: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x336, &mut x337, x335, x294, x321); let mut x338: u32 = 0; let mut x339: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x338, &mut x339, x337, x296, x323); let mut x340: u32 = 0; let mut x341: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x340, &mut x341, x339, x298, x325); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_p224_mulx_u32(&mut x342, &mut x343, x326, 0xffffffff); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_p224_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_p224_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_p224_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_p224_mulx_u32(&mut x350, &mut x351, x342, 0xffffffff); let mut x352: u32 = 0; let mut x353: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x352, &mut x353, 0x0, x351, x348); let mut x354: u32 = 0; let mut x355: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x354, &mut x355, x353, x349, x346); let mut x356: u32 = 0; let mut x357: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x356, &mut x357, x355, x347, x344); let x358: u32 = ((x357 as u32) + x345); let mut x359: u32 = 0; let mut x360: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x359, &mut x360, 0x0, x326, x342); let mut x361: u32 = 0; let mut x362: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x361, &mut x362, x360, x328, (0x0 as u32)); let mut x363: u32 = 0; let mut x364: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x363, &mut x364, x362, x330, (0x0 as u32)); let mut x365: u32 = 0; let mut x366: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x365, &mut x366, x364, x332, x350); let mut x367: u32 = 0; let mut x368: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x367, &mut x368, x366, x334, x352); let mut x369: u32 = 0; let mut x370: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x369, &mut x370, x368, x336, x354); let mut x371: u32 = 0; let mut x372: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x371, &mut x372, x370, x338, x356); let mut x373: u32 = 0; let mut x374: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x373, &mut x374, x372, x340, x358); let x375: u32 = ((x374 as u32) + (x341 as u32)); let mut x376: u32 = 0; let mut x377: u32 = 0; fiat_p224_mulx_u32(&mut x376, &mut x377, x5, (arg2[6])); let mut x378: u32 = 0; let mut x379: u32 = 0; fiat_p224_mulx_u32(&mut x378, &mut x379, x5, (arg2[5])); let mut x380: u32 = 0; let mut x381: u32 = 0; fiat_p224_mulx_u32(&mut x380, &mut x381, x5, (arg2[4])); let mut x382: u32 = 0; let mut x383: u32 = 0; fiat_p224_mulx_u32(&mut x382, &mut x383, x5, (arg2[3])); let mut x384: u32 = 0; let mut x385: u32 = 0; fiat_p224_mulx_u32(&mut x384, &mut x385, x5, (arg2[2])); let mut x386: u32 = 0; let mut x387: u32 = 0; fiat_p224_mulx_u32(&mut x386, &mut x387, x5, (arg2[1])); let mut x388: u32 = 0; let mut x389: u32 = 0; fiat_p224_mulx_u32(&mut x388, &mut x389, x5, (arg2[0])); let mut x390: u32 = 0; let mut x391: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x390, &mut x391, 0x0, x389, x386); let mut x392: u32 = 0; let mut x393: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x392, &mut x393, x391, x387, x384); let mut x394: u32 = 0; let mut x395: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x394, &mut x395, x393, x385, x382); let mut x396: u32 = 0; let mut x397: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x396, &mut x397, x395, x383, x380); let mut x398: u32 = 0; let mut x399: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x398, &mut x399, x397, x381, x378); let mut x400: u32 = 0; let mut x401: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x400, &mut x401, x399, x379, x376); let x402: u32 = ((x401 as u32) + x377); let mut x403: u32 = 0; let mut x404: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x403, &mut x404, 0x0, x361, x388); let mut x405: u32 = 0; let mut x406: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x405, &mut x406, x404, x363, x390); let mut x407: u32 = 0; let mut x408: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x407, &mut x408, x406, x365, x392); let mut x409: u32 = 0; let mut x410: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x409, &mut x410, x408, x367, x394); let mut x411: u32 = 0; let mut x412: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x411, &mut x412, x410, x369, x396); let mut x413: u32 = 0; let mut x414: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x413, &mut x414, x412, x371, x398); let mut x415: u32 = 0; let mut x416: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x415, &mut x416, x414, x373, x400); let mut x417: u32 = 0; let mut x418: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x417, &mut x418, x416, x375, x402); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p224_mulx_u32(&mut x419, &mut x420, x403, 0xffffffff); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p224_mulx_u32(&mut x421, &mut x422, x419, 0xffffffff); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p224_mulx_u32(&mut x423, &mut x424, x419, 0xffffffff); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p224_mulx_u32(&mut x425, &mut x426, x419, 0xffffffff); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_p224_mulx_u32(&mut x427, &mut x428, x419, 0xffffffff); let mut x429: u32 = 0; let mut x430: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x429, &mut x430, 0x0, x428, x425); let mut x431: u32 = 0; let mut x432: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x431, &mut x432, x430, x426, x423); let mut x433: u32 = 0; let mut x434: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x433, &mut x434, x432, x424, x421); let x435: u32 = ((x434 as u32) + x422); let mut x436: u32 = 0; let mut x437: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x436, &mut x437, 0x0, x403, x419); let mut x438: u32 = 0; let mut x439: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x438, &mut x439, x437, x405, (0x0 as u32)); let mut x440: u32 = 0; let mut x441: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x440, &mut x441, x439, x407, (0x0 as u32)); let mut x442: u32 = 0; let mut x443: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x442, &mut x443, x441, x409, x427); let mut x444: u32 = 0; let mut x445: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x444, &mut x445, x443, x411, x429); let mut x446: u32 = 0; let mut x447: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x446, &mut x447, x445, x413, x431); let mut x448: u32 = 0; let mut x449: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x448, &mut x449, x447, x415, x433); let mut x450: u32 = 0; let mut x451: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x450, &mut x451, x449, x417, x435); let x452: u32 = ((x451 as u32) + (x418 as u32)); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p224_mulx_u32(&mut x453, &mut x454, x6, (arg2[6])); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p224_mulx_u32(&mut x455, &mut x456, x6, (arg2[5])); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_p224_mulx_u32(&mut x457, &mut x458, x6, (arg2[4])); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_p224_mulx_u32(&mut x459, &mut x460, x6, (arg2[3])); let mut x461: u32 = 0; let mut x462: u32 = 0; fiat_p224_mulx_u32(&mut x461, &mut x462, x6, (arg2[2])); let mut x463: u32 = 0; let mut x464: u32 = 0; fiat_p224_mulx_u32(&mut x463, &mut x464, x6, (arg2[1])); let mut x465: u32 = 0; let mut x466: u32 = 0; fiat_p224_mulx_u32(&mut x465, &mut x466, x6, (arg2[0])); let mut x467: u32 = 0; let mut x468: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x467, &mut x468, 0x0, x466, x463); let mut x469: u32 = 0; let mut x470: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x469, &mut x470, x468, x464, x461); let mut x471: u32 = 0; let mut x472: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x471, &mut x472, x470, x462, x459); let mut x473: u32 = 0; let mut x474: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x473, &mut x474, x472, x460, x457); let mut x475: u32 = 0; let mut x476: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x475, &mut x476, x474, x458, x455); let mut x477: u32 = 0; let mut x478: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x477, &mut x478, x476, x456, x453); let x479: u32 = ((x478 as u32) + x454); let mut x480: u32 = 0; let mut x481: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x480, &mut x481, 0x0, x438, x465); let mut x482: u32 = 0; let mut x483: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x482, &mut x483, x481, x440, x467); let mut x484: u32 = 0; let mut x485: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x484, &mut x485, x483, x442, x469); let mut x486: u32 = 0; let mut x487: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x486, &mut x487, x485, x444, x471); let mut x488: u32 = 0; let mut x489: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x488, &mut x489, x487, x446, x473); let mut x490: u32 = 0; let mut x491: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x490, &mut x491, x489, x448, x475); let mut x492: u32 = 0; let mut x493: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x492, &mut x493, x491, x450, x477); let mut x494: u32 = 0; let mut x495: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x494, &mut x495, x493, x452, x479); let mut x496: u32 = 0; let mut x497: u32 = 0; fiat_p224_mulx_u32(&mut x496, &mut x497, x480, 0xffffffff); let mut x498: u32 = 0; let mut x499: u32 = 0; fiat_p224_mulx_u32(&mut x498, &mut x499, x496, 0xffffffff); let mut x500: u32 = 0; let mut x501: u32 = 0; fiat_p224_mulx_u32(&mut x500, &mut x501, x496, 0xffffffff); let mut x502: u32 = 0; let mut x503: u32 = 0; fiat_p224_mulx_u32(&mut x502, &mut x503, x496, 0xffffffff); let mut x504: u32 = 0; let mut x505: u32 = 0; fiat_p224_mulx_u32(&mut x504, &mut x505, x496, 0xffffffff); let mut x506: u32 = 0; let mut x507: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x506, &mut x507, 0x0, x505, x502); let mut x508: u32 = 0; let mut x509: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x508, &mut x509, x507, x503, x500); let mut x510: u32 = 0; let mut x511: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x510, &mut x511, x509, x501, x498); let x512: u32 = ((x511 as u32) + x499); let mut x513: u32 = 0; let mut x514: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x513, &mut x514, 0x0, x480, x496); let mut x515: u32 = 0; let mut x516: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x515, &mut x516, x514, x482, (0x0 as u32)); let mut x517: u32 = 0; let mut x518: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x517, &mut x518, x516, x484, (0x0 as u32)); let mut x519: u32 = 0; let mut x520: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x519, &mut x520, x518, x486, x504); let mut x521: u32 = 0; let mut x522: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x521, &mut x522, x520, x488, x506); let mut x523: u32 = 0; let mut x524: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x523, &mut x524, x522, x490, x508); let mut x525: u32 = 0; let mut x526: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x525, &mut x526, x524, x492, x510); let mut x527: u32 = 0; let mut x528: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x527, &mut x528, x526, x494, x512); let x529: u32 = ((x528 as u32) + (x495 as u32)); let mut x530: u32 = 0; let mut x531: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x530, &mut x531, 0x0, x515, (0x1 as u32)); let mut x532: u32 = 0; let mut x533: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x532, &mut x533, x531, x517, (0x0 as u32)); let mut x534: u32 = 0; let mut x535: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x534, &mut x535, x533, x519, (0x0 as u32)); let mut x536: u32 = 0; let mut x537: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x536, &mut x537, x535, x521, 0xffffffff); let mut x538: u32 = 0; let mut x539: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x538, &mut x539, x537, x523, 0xffffffff); let mut x540: u32 = 0; let mut x541: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x540, &mut x541, x539, x525, 0xffffffff); let mut x542: u32 = 0; let mut x543: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x542, &mut x543, x541, x527, 0xffffffff); let mut x544: u32 = 0; let mut x545: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x544, &mut x545, x543, x529, (0x0 as u32)); let mut x546: u32 = 0; fiat_p224_cmovznz_u32(&mut x546, x545, x530, x515); let mut x547: u32 = 0; fiat_p224_cmovznz_u32(&mut x547, x545, x532, x517); let mut x548: u32 = 0; fiat_p224_cmovznz_u32(&mut x548, x545, x534, x519); let mut x549: u32 = 0; fiat_p224_cmovznz_u32(&mut x549, x545, x536, x521); let mut x550: u32 = 0; fiat_p224_cmovznz_u32(&mut x550, x545, x538, x523); let mut x551: u32 = 0; fiat_p224_cmovznz_u32(&mut x551, x545, x540, x525); let mut x552: u32 = 0; fiat_p224_cmovznz_u32(&mut x552, x545, x542, x527); out1[0] = x546; out1[1] = x547; out1[2] = x548; out1[3] = x549; out1[4] = x550; out1[5] = x551; out1[6] = x552; } /// The function fiat_p224_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_square(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[0]); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p224_mulx_u32(&mut x8, &mut x9, x7, (arg1[6])); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p224_mulx_u32(&mut x10, &mut x11, x7, (arg1[5])); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p224_mulx_u32(&mut x12, &mut x13, x7, (arg1[4])); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_p224_mulx_u32(&mut x14, &mut x15, x7, (arg1[3])); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_p224_mulx_u32(&mut x16, &mut x17, x7, (arg1[2])); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_p224_mulx_u32(&mut x18, &mut x19, x7, (arg1[1])); let mut x20: u32 = 0; let mut x21: u32 = 0; fiat_p224_mulx_u32(&mut x20, &mut x21, x7, (arg1[0])); let mut x22: u32 = 0; let mut x23: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u32 = 0; let mut x25: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x24, &mut x25, x23, x19, x16); let mut x26: u32 = 0; let mut x27: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x26, &mut x27, x25, x17, x14); let mut x28: u32 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x28, &mut x29, x27, x15, x12); let mut x30: u32 = 0; let mut x31: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x30, &mut x31, x29, x13, x10); let mut x32: u32 = 0; let mut x33: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x32, &mut x33, x31, x11, x8); let x34: u32 = ((x33 as u32) + x9); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p224_mulx_u32(&mut x35, &mut x36, x20, 0xffffffff); let mut x37: u32 = 0; let mut x38: u32 = 0; fiat_p224_mulx_u32(&mut x37, &mut x38, x35, 0xffffffff); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_p224_mulx_u32(&mut x39, &mut x40, x35, 0xffffffff); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_p224_mulx_u32(&mut x41, &mut x42, x35, 0xffffffff); let mut x43: u32 = 0; let mut x44: u32 = 0; fiat_p224_mulx_u32(&mut x43, &mut x44, x35, 0xffffffff); let mut x45: u32 = 0; let mut x46: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x45, &mut x46, 0x0, x44, x41); let mut x47: u32 = 0; let mut x48: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x47, &mut x48, x46, x42, x39); let mut x49: u32 = 0; let mut x50: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x49, &mut x50, x48, x40, x37); let x51: u32 = ((x50 as u32) + x38); let mut x52: u32 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x52, &mut x53, 0x0, x20, x35); let mut x54: u32 = 0; let mut x55: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x54, &mut x55, x53, x22, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x56, &mut x57, x55, x24, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x58, &mut x59, x57, x26, x43); let mut x60: u32 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x60, &mut x61, x59, x28, x45); let mut x62: u32 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x62, &mut x63, x61, x30, x47); let mut x64: u32 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x64, &mut x65, x63, x32, x49); let mut x66: u32 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x66, &mut x67, x65, x34, x51); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p224_mulx_u32(&mut x68, &mut x69, x1, (arg1[6])); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p224_mulx_u32(&mut x70, &mut x71, x1, (arg1[5])); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p224_mulx_u32(&mut x72, &mut x73, x1, (arg1[4])); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p224_mulx_u32(&mut x74, &mut x75, x1, (arg1[3])); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p224_mulx_u32(&mut x76, &mut x77, x1, (arg1[2])); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p224_mulx_u32(&mut x78, &mut x79, x1, (arg1[1])); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_p224_mulx_u32(&mut x80, &mut x81, x1, (arg1[0])); let mut x82: u32 = 0; let mut x83: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u32 = 0; let mut x85: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x84, &mut x85, x83, x79, x76); let mut x86: u32 = 0; let mut x87: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x86, &mut x87, x85, x77, x74); let mut x88: u32 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x88, &mut x89, x87, x75, x72); let mut x90: u32 = 0; let mut x91: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x90, &mut x91, x89, x73, x70); let mut x92: u32 = 0; let mut x93: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x92, &mut x93, x91, x71, x68); let x94: u32 = ((x93 as u32) + x69); let mut x95: u32 = 0; let mut x96: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x95, &mut x96, 0x0, x54, x80); let mut x97: u32 = 0; let mut x98: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x97, &mut x98, x96, x56, x82); let mut x99: u32 = 0; let mut x100: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x99, &mut x100, x98, x58, x84); let mut x101: u32 = 0; let mut x102: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x101, &mut x102, x100, x60, x86); let mut x103: u32 = 0; let mut x104: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x103, &mut x104, x102, x62, x88); let mut x105: u32 = 0; let mut x106: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x105, &mut x106, x104, x64, x90); let mut x107: u32 = 0; let mut x108: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x107, &mut x108, x106, x66, x92); let mut x109: u32 = 0; let mut x110: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x109, &mut x110, x108, (x67 as u32), x94); let mut x111: u32 = 0; let mut x112: u32 = 0; fiat_p224_mulx_u32(&mut x111, &mut x112, x95, 0xffffffff); let mut x113: u32 = 0; let mut x114: u32 = 0; fiat_p224_mulx_u32(&mut x113, &mut x114, x111, 0xffffffff); let mut x115: u32 = 0; let mut x116: u32 = 0; fiat_p224_mulx_u32(&mut x115, &mut x116, x111, 0xffffffff); let mut x117: u32 = 0; let mut x118: u32 = 0; fiat_p224_mulx_u32(&mut x117, &mut x118, x111, 0xffffffff); let mut x119: u32 = 0; let mut x120: u32 = 0; fiat_p224_mulx_u32(&mut x119, &mut x120, x111, 0xffffffff); let mut x121: u32 = 0; let mut x122: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x121, &mut x122, 0x0, x120, x117); let mut x123: u32 = 0; let mut x124: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x123, &mut x124, x122, x118, x115); let mut x125: u32 = 0; let mut x126: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x125, &mut x126, x124, x116, x113); let x127: u32 = ((x126 as u32) + x114); let mut x128: u32 = 0; let mut x129: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x128, &mut x129, 0x0, x95, x111); let mut x130: u32 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x130, &mut x131, x129, x97, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x132, &mut x133, x131, x99, (0x0 as u32)); let mut x134: u32 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x134, &mut x135, x133, x101, x119); let mut x136: u32 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x136, &mut x137, x135, x103, x121); let mut x138: u32 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x138, &mut x139, x137, x105, x123); let mut x140: u32 = 0; let mut x141: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x140, &mut x141, x139, x107, x125); let mut x142: u32 = 0; let mut x143: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x142, &mut x143, x141, x109, x127); let x144: u32 = ((x143 as u32) + (x110 as u32)); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p224_mulx_u32(&mut x145, &mut x146, x2, (arg1[6])); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_p224_mulx_u32(&mut x147, &mut x148, x2, (arg1[5])); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_p224_mulx_u32(&mut x149, &mut x150, x2, (arg1[4])); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_p224_mulx_u32(&mut x151, &mut x152, x2, (arg1[3])); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_p224_mulx_u32(&mut x153, &mut x154, x2, (arg1[2])); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_p224_mulx_u32(&mut x155, &mut x156, x2, (arg1[1])); let mut x157: u32 = 0; let mut x158: u32 = 0; fiat_p224_mulx_u32(&mut x157, &mut x158, x2, (arg1[0])); let mut x159: u32 = 0; let mut x160: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x159, &mut x160, 0x0, x158, x155); let mut x161: u32 = 0; let mut x162: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x161, &mut x162, x160, x156, x153); let mut x163: u32 = 0; let mut x164: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x163, &mut x164, x162, x154, x151); let mut x165: u32 = 0; let mut x166: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x165, &mut x166, x164, x152, x149); let mut x167: u32 = 0; let mut x168: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x167, &mut x168, x166, x150, x147); let mut x169: u32 = 0; let mut x170: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x169, &mut x170, x168, x148, x145); let x171: u32 = ((x170 as u32) + x146); let mut x172: u32 = 0; let mut x173: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x172, &mut x173, 0x0, x130, x157); let mut x174: u32 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x174, &mut x175, x173, x132, x159); let mut x176: u32 = 0; let mut x177: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x176, &mut x177, x175, x134, x161); let mut x178: u32 = 0; let mut x179: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x178, &mut x179, x177, x136, x163); let mut x180: u32 = 0; let mut x181: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x180, &mut x181, x179, x138, x165); let mut x182: u32 = 0; let mut x183: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x182, &mut x183, x181, x140, x167); let mut x184: u32 = 0; let mut x185: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x184, &mut x185, x183, x142, x169); let mut x186: u32 = 0; let mut x187: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x186, &mut x187, x185, x144, x171); let mut x188: u32 = 0; let mut x189: u32 = 0; fiat_p224_mulx_u32(&mut x188, &mut x189, x172, 0xffffffff); let mut x190: u32 = 0; let mut x191: u32 = 0; fiat_p224_mulx_u32(&mut x190, &mut x191, x188, 0xffffffff); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_p224_mulx_u32(&mut x192, &mut x193, x188, 0xffffffff); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p224_mulx_u32(&mut x194, &mut x195, x188, 0xffffffff); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_p224_mulx_u32(&mut x196, &mut x197, x188, 0xffffffff); let mut x198: u32 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x198, &mut x199, 0x0, x197, x194); let mut x200: u32 = 0; let mut x201: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x200, &mut x201, x199, x195, x192); let mut x202: u32 = 0; let mut x203: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x202, &mut x203, x201, x193, x190); let x204: u32 = ((x203 as u32) + x191); let mut x205: u32 = 0; let mut x206: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x205, &mut x206, 0x0, x172, x188); let mut x207: u32 = 0; let mut x208: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x207, &mut x208, x206, x174, (0x0 as u32)); let mut x209: u32 = 0; let mut x210: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x209, &mut x210, x208, x176, (0x0 as u32)); let mut x211: u32 = 0; let mut x212: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x211, &mut x212, x210, x178, x196); let mut x213: u32 = 0; let mut x214: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x213, &mut x214, x212, x180, x198); let mut x215: u32 = 0; let mut x216: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x215, &mut x216, x214, x182, x200); let mut x217: u32 = 0; let mut x218: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x217, &mut x218, x216, x184, x202); let mut x219: u32 = 0; let mut x220: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x219, &mut x220, x218, x186, x204); let x221: u32 = ((x220 as u32) + (x187 as u32)); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p224_mulx_u32(&mut x222, &mut x223, x3, (arg1[6])); let mut x224: u32 = 0; let mut x225: u32 = 0; fiat_p224_mulx_u32(&mut x224, &mut x225, x3, (arg1[5])); let mut x226: u32 = 0; let mut x227: u32 = 0; fiat_p224_mulx_u32(&mut x226, &mut x227, x3, (arg1[4])); let mut x228: u32 = 0; let mut x229: u32 = 0; fiat_p224_mulx_u32(&mut x228, &mut x229, x3, (arg1[3])); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p224_mulx_u32(&mut x230, &mut x231, x3, (arg1[2])); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p224_mulx_u32(&mut x232, &mut x233, x3, (arg1[1])); let mut x234: u32 = 0; let mut x235: u32 = 0; fiat_p224_mulx_u32(&mut x234, &mut x235, x3, (arg1[0])); let mut x236: u32 = 0; let mut x237: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x236, &mut x237, 0x0, x235, x232); let mut x238: u32 = 0; let mut x239: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x238, &mut x239, x237, x233, x230); let mut x240: u32 = 0; let mut x241: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x240, &mut x241, x239, x231, x228); let mut x242: u32 = 0; let mut x243: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x242, &mut x243, x241, x229, x226); let mut x244: u32 = 0; let mut x245: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x244, &mut x245, x243, x227, x224); let mut x246: u32 = 0; let mut x247: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x246, &mut x247, x245, x225, x222); let x248: u32 = ((x247 as u32) + x223); let mut x249: u32 = 0; let mut x250: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x249, &mut x250, 0x0, x207, x234); let mut x251: u32 = 0; let mut x252: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x251, &mut x252, x250, x209, x236); let mut x253: u32 = 0; let mut x254: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x253, &mut x254, x252, x211, x238); let mut x255: u32 = 0; let mut x256: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x255, &mut x256, x254, x213, x240); let mut x257: u32 = 0; let mut x258: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x257, &mut x258, x256, x215, x242); let mut x259: u32 = 0; let mut x260: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x259, &mut x260, x258, x217, x244); let mut x261: u32 = 0; let mut x262: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x261, &mut x262, x260, x219, x246); let mut x263: u32 = 0; let mut x264: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x263, &mut x264, x262, x221, x248); let mut x265: u32 = 0; let mut x266: u32 = 0; fiat_p224_mulx_u32(&mut x265, &mut x266, x249, 0xffffffff); let mut x267: u32 = 0; let mut x268: u32 = 0; fiat_p224_mulx_u32(&mut x267, &mut x268, x265, 0xffffffff); let mut x269: u32 = 0; let mut x270: u32 = 0; fiat_p224_mulx_u32(&mut x269, &mut x270, x265, 0xffffffff); let mut x271: u32 = 0; let mut x272: u32 = 0; fiat_p224_mulx_u32(&mut x271, &mut x272, x265, 0xffffffff); let mut x273: u32 = 0; let mut x274: u32 = 0; fiat_p224_mulx_u32(&mut x273, &mut x274, x265, 0xffffffff); let mut x275: u32 = 0; let mut x276: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x275, &mut x276, 0x0, x274, x271); let mut x277: u32 = 0; let mut x278: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x277, &mut x278, x276, x272, x269); let mut x279: u32 = 0; let mut x280: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x279, &mut x280, x278, x270, x267); let x281: u32 = ((x280 as u32) + x268); let mut x282: u32 = 0; let mut x283: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x282, &mut x283, 0x0, x249, x265); let mut x284: u32 = 0; let mut x285: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x284, &mut x285, x283, x251, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x286, &mut x287, x285, x253, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x288, &mut x289, x287, x255, x273); let mut x290: u32 = 0; let mut x291: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x290, &mut x291, x289, x257, x275); let mut x292: u32 = 0; let mut x293: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x292, &mut x293, x291, x259, x277); let mut x294: u32 = 0; let mut x295: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x294, &mut x295, x293, x261, x279); let mut x296: u32 = 0; let mut x297: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x296, &mut x297, x295, x263, x281); let x298: u32 = ((x297 as u32) + (x264 as u32)); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_p224_mulx_u32(&mut x299, &mut x300, x4, (arg1[6])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_p224_mulx_u32(&mut x301, &mut x302, x4, (arg1[5])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_p224_mulx_u32(&mut x303, &mut x304, x4, (arg1[4])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_p224_mulx_u32(&mut x305, &mut x306, x4, (arg1[3])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_p224_mulx_u32(&mut x307, &mut x308, x4, (arg1[2])); let mut x309: u32 = 0; let mut x310: u32 = 0; fiat_p224_mulx_u32(&mut x309, &mut x310, x4, (arg1[1])); let mut x311: u32 = 0; let mut x312: u32 = 0; fiat_p224_mulx_u32(&mut x311, &mut x312, x4, (arg1[0])); let mut x313: u32 = 0; let mut x314: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x313, &mut x314, 0x0, x312, x309); let mut x315: u32 = 0; let mut x316: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x315, &mut x316, x314, x310, x307); let mut x317: u32 = 0; let mut x318: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x317, &mut x318, x316, x308, x305); let mut x319: u32 = 0; let mut x320: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x319, &mut x320, x318, x306, x303); let mut x321: u32 = 0; let mut x322: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x321, &mut x322, x320, x304, x301); let mut x323: u32 = 0; let mut x324: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x323, &mut x324, x322, x302, x299); let x325: u32 = ((x324 as u32) + x300); let mut x326: u32 = 0; let mut x327: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x326, &mut x327, 0x0, x284, x311); let mut x328: u32 = 0; let mut x329: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x328, &mut x329, x327, x286, x313); let mut x330: u32 = 0; let mut x331: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x330, &mut x331, x329, x288, x315); let mut x332: u32 = 0; let mut x333: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x332, &mut x333, x331, x290, x317); let mut x334: u32 = 0; let mut x335: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x334, &mut x335, x333, x292, x319); let mut x336: u32 = 0; let mut x337: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x336, &mut x337, x335, x294, x321); let mut x338: u32 = 0; let mut x339: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x338, &mut x339, x337, x296, x323); let mut x340: u32 = 0; let mut x341: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x340, &mut x341, x339, x298, x325); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_p224_mulx_u32(&mut x342, &mut x343, x326, 0xffffffff); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_p224_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_p224_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_p224_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_p224_mulx_u32(&mut x350, &mut x351, x342, 0xffffffff); let mut x352: u32 = 0; let mut x353: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x352, &mut x353, 0x0, x351, x348); let mut x354: u32 = 0; let mut x355: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x354, &mut x355, x353, x349, x346); let mut x356: u32 = 0; let mut x357: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x356, &mut x357, x355, x347, x344); let x358: u32 = ((x357 as u32) + x345); let mut x359: u32 = 0; let mut x360: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x359, &mut x360, 0x0, x326, x342); let mut x361: u32 = 0; let mut x362: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x361, &mut x362, x360, x328, (0x0 as u32)); let mut x363: u32 = 0; let mut x364: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x363, &mut x364, x362, x330, (0x0 as u32)); let mut x365: u32 = 0; let mut x366: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x365, &mut x366, x364, x332, x350); let mut x367: u32 = 0; let mut x368: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x367, &mut x368, x366, x334, x352); let mut x369: u32 = 0; let mut x370: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x369, &mut x370, x368, x336, x354); let mut x371: u32 = 0; let mut x372: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x371, &mut x372, x370, x338, x356); let mut x373: u32 = 0; let mut x374: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x373, &mut x374, x372, x340, x358); let x375: u32 = ((x374 as u32) + (x341 as u32)); let mut x376: u32 = 0; let mut x377: u32 = 0; fiat_p224_mulx_u32(&mut x376, &mut x377, x5, (arg1[6])); let mut x378: u32 = 0; let mut x379: u32 = 0; fiat_p224_mulx_u32(&mut x378, &mut x379, x5, (arg1[5])); let mut x380: u32 = 0; let mut x381: u32 = 0; fiat_p224_mulx_u32(&mut x380, &mut x381, x5, (arg1[4])); let mut x382: u32 = 0; let mut x383: u32 = 0; fiat_p224_mulx_u32(&mut x382, &mut x383, x5, (arg1[3])); let mut x384: u32 = 0; let mut x385: u32 = 0; fiat_p224_mulx_u32(&mut x384, &mut x385, x5, (arg1[2])); let mut x386: u32 = 0; let mut x387: u32 = 0; fiat_p224_mulx_u32(&mut x386, &mut x387, x5, (arg1[1])); let mut x388: u32 = 0; let mut x389: u32 = 0; fiat_p224_mulx_u32(&mut x388, &mut x389, x5, (arg1[0])); let mut x390: u32 = 0; let mut x391: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x390, &mut x391, 0x0, x389, x386); let mut x392: u32 = 0; let mut x393: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x392, &mut x393, x391, x387, x384); let mut x394: u32 = 0; let mut x395: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x394, &mut x395, x393, x385, x382); let mut x396: u32 = 0; let mut x397: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x396, &mut x397, x395, x383, x380); let mut x398: u32 = 0; let mut x399: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x398, &mut x399, x397, x381, x378); let mut x400: u32 = 0; let mut x401: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x400, &mut x401, x399, x379, x376); let x402: u32 = ((x401 as u32) + x377); let mut x403: u32 = 0; let mut x404: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x403, &mut x404, 0x0, x361, x388); let mut x405: u32 = 0; let mut x406: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x405, &mut x406, x404, x363, x390); let mut x407: u32 = 0; let mut x408: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x407, &mut x408, x406, x365, x392); let mut x409: u32 = 0; let mut x410: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x409, &mut x410, x408, x367, x394); let mut x411: u32 = 0; let mut x412: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x411, &mut x412, x410, x369, x396); let mut x413: u32 = 0; let mut x414: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x413, &mut x414, x412, x371, x398); let mut x415: u32 = 0; let mut x416: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x415, &mut x416, x414, x373, x400); let mut x417: u32 = 0; let mut x418: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x417, &mut x418, x416, x375, x402); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p224_mulx_u32(&mut x419, &mut x420, x403, 0xffffffff); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p224_mulx_u32(&mut x421, &mut x422, x419, 0xffffffff); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p224_mulx_u32(&mut x423, &mut x424, x419, 0xffffffff); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p224_mulx_u32(&mut x425, &mut x426, x419, 0xffffffff); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_p224_mulx_u32(&mut x427, &mut x428, x419, 0xffffffff); let mut x429: u32 = 0; let mut x430: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x429, &mut x430, 0x0, x428, x425); let mut x431: u32 = 0; let mut x432: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x431, &mut x432, x430, x426, x423); let mut x433: u32 = 0; let mut x434: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x433, &mut x434, x432, x424, x421); let x435: u32 = ((x434 as u32) + x422); let mut x436: u32 = 0; let mut x437: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x436, &mut x437, 0x0, x403, x419); let mut x438: u32 = 0; let mut x439: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x438, &mut x439, x437, x405, (0x0 as u32)); let mut x440: u32 = 0; let mut x441: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x440, &mut x441, x439, x407, (0x0 as u32)); let mut x442: u32 = 0; let mut x443: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x442, &mut x443, x441, x409, x427); let mut x444: u32 = 0; let mut x445: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x444, &mut x445, x443, x411, x429); let mut x446: u32 = 0; let mut x447: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x446, &mut x447, x445, x413, x431); let mut x448: u32 = 0; let mut x449: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x448, &mut x449, x447, x415, x433); let mut x450: u32 = 0; let mut x451: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x450, &mut x451, x449, x417, x435); let x452: u32 = ((x451 as u32) + (x418 as u32)); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p224_mulx_u32(&mut x453, &mut x454, x6, (arg1[6])); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p224_mulx_u32(&mut x455, &mut x456, x6, (arg1[5])); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_p224_mulx_u32(&mut x457, &mut x458, x6, (arg1[4])); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_p224_mulx_u32(&mut x459, &mut x460, x6, (arg1[3])); let mut x461: u32 = 0; let mut x462: u32 = 0; fiat_p224_mulx_u32(&mut x461, &mut x462, x6, (arg1[2])); let mut x463: u32 = 0; let mut x464: u32 = 0; fiat_p224_mulx_u32(&mut x463, &mut x464, x6, (arg1[1])); let mut x465: u32 = 0; let mut x466: u32 = 0; fiat_p224_mulx_u32(&mut x465, &mut x466, x6, (arg1[0])); let mut x467: u32 = 0; let mut x468: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x467, &mut x468, 0x0, x466, x463); let mut x469: u32 = 0; let mut x470: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x469, &mut x470, x468, x464, x461); let mut x471: u32 = 0; let mut x472: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x471, &mut x472, x470, x462, x459); let mut x473: u32 = 0; let mut x474: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x473, &mut x474, x472, x460, x457); let mut x475: u32 = 0; let mut x476: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x475, &mut x476, x474, x458, x455); let mut x477: u32 = 0; let mut x478: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x477, &mut x478, x476, x456, x453); let x479: u32 = ((x478 as u32) + x454); let mut x480: u32 = 0; let mut x481: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x480, &mut x481, 0x0, x438, x465); let mut x482: u32 = 0; let mut x483: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x482, &mut x483, x481, x440, x467); let mut x484: u32 = 0; let mut x485: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x484, &mut x485, x483, x442, x469); let mut x486: u32 = 0; let mut x487: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x486, &mut x487, x485, x444, x471); let mut x488: u32 = 0; let mut x489: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x488, &mut x489, x487, x446, x473); let mut x490: u32 = 0; let mut x491: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x490, &mut x491, x489, x448, x475); let mut x492: u32 = 0; let mut x493: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x492, &mut x493, x491, x450, x477); let mut x494: u32 = 0; let mut x495: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x494, &mut x495, x493, x452, x479); let mut x496: u32 = 0; let mut x497: u32 = 0; fiat_p224_mulx_u32(&mut x496, &mut x497, x480, 0xffffffff); let mut x498: u32 = 0; let mut x499: u32 = 0; fiat_p224_mulx_u32(&mut x498, &mut x499, x496, 0xffffffff); let mut x500: u32 = 0; let mut x501: u32 = 0; fiat_p224_mulx_u32(&mut x500, &mut x501, x496, 0xffffffff); let mut x502: u32 = 0; let mut x503: u32 = 0; fiat_p224_mulx_u32(&mut x502, &mut x503, x496, 0xffffffff); let mut x504: u32 = 0; let mut x505: u32 = 0; fiat_p224_mulx_u32(&mut x504, &mut x505, x496, 0xffffffff); let mut x506: u32 = 0; let mut x507: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x506, &mut x507, 0x0, x505, x502); let mut x508: u32 = 0; let mut x509: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x508, &mut x509, x507, x503, x500); let mut x510: u32 = 0; let mut x511: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x510, &mut x511, x509, x501, x498); let x512: u32 = ((x511 as u32) + x499); let mut x513: u32 = 0; let mut x514: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x513, &mut x514, 0x0, x480, x496); let mut x515: u32 = 0; let mut x516: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x515, &mut x516, x514, x482, (0x0 as u32)); let mut x517: u32 = 0; let mut x518: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x517, &mut x518, x516, x484, (0x0 as u32)); let mut x519: u32 = 0; let mut x520: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x519, &mut x520, x518, x486, x504); let mut x521: u32 = 0; let mut x522: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x521, &mut x522, x520, x488, x506); let mut x523: u32 = 0; let mut x524: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x523, &mut x524, x522, x490, x508); let mut x525: u32 = 0; let mut x526: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x525, &mut x526, x524, x492, x510); let mut x527: u32 = 0; let mut x528: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x527, &mut x528, x526, x494, x512); let x529: u32 = ((x528 as u32) + (x495 as u32)); let mut x530: u32 = 0; let mut x531: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x530, &mut x531, 0x0, x515, (0x1 as u32)); let mut x532: u32 = 0; let mut x533: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x532, &mut x533, x531, x517, (0x0 as u32)); let mut x534: u32 = 0; let mut x535: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x534, &mut x535, x533, x519, (0x0 as u32)); let mut x536: u32 = 0; let mut x537: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x536, &mut x537, x535, x521, 0xffffffff); let mut x538: u32 = 0; let mut x539: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x538, &mut x539, x537, x523, 0xffffffff); let mut x540: u32 = 0; let mut x541: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x540, &mut x541, x539, x525, 0xffffffff); let mut x542: u32 = 0; let mut x543: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x542, &mut x543, x541, x527, 0xffffffff); let mut x544: u32 = 0; let mut x545: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x544, &mut x545, x543, x529, (0x0 as u32)); let mut x546: u32 = 0; fiat_p224_cmovznz_u32(&mut x546, x545, x530, x515); let mut x547: u32 = 0; fiat_p224_cmovznz_u32(&mut x547, x545, x532, x517); let mut x548: u32 = 0; fiat_p224_cmovznz_u32(&mut x548, x545, x534, x519); let mut x549: u32 = 0; fiat_p224_cmovznz_u32(&mut x549, x545, x536, x521); let mut x550: u32 = 0; fiat_p224_cmovznz_u32(&mut x550, x545, x538, x523); let mut x551: u32 = 0; fiat_p224_cmovznz_u32(&mut x551, x545, x540, x525); let mut x552: u32 = 0; fiat_p224_cmovznz_u32(&mut x552, x545, x542, x527); out1[0] = x546; out1[1] = x547; out1[2] = x548; out1[3] = x549; out1[4] = x550; out1[5] = x551; out1[6] = x552; } /// The function fiat_p224_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_add(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x15, &mut x16, 0x0, x1, (0x1 as u32)); let mut x17: u32 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x17, &mut x18, x16, x3, (0x0 as u32)); let mut x19: u32 = 0; let mut x20: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x19, &mut x20, x18, x5, (0x0 as u32)); let mut x21: u32 = 0; let mut x22: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x21, &mut x22, x20, x7, 0xffffffff); let mut x23: u32 = 0; let mut x24: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x23, &mut x24, x22, x9, 0xffffffff); let mut x25: u32 = 0; let mut x26: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x25, &mut x26, x24, x11, 0xffffffff); let mut x27: u32 = 0; let mut x28: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x27, &mut x28, x26, x13, 0xffffffff); let mut x29: u32 = 0; let mut x30: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x29, &mut x30, x28, (x14 as u32), (0x0 as u32)); let mut x31: u32 = 0; fiat_p224_cmovznz_u32(&mut x31, x30, x15, x1); let mut x32: u32 = 0; fiat_p224_cmovznz_u32(&mut x32, x30, x17, x3); let mut x33: u32 = 0; fiat_p224_cmovznz_u32(&mut x33, x30, x19, x5); let mut x34: u32 = 0; fiat_p224_cmovznz_u32(&mut x34, x30, x21, x7); let mut x35: u32 = 0; fiat_p224_cmovznz_u32(&mut x35, x30, x23, x9); let mut x36: u32 = 0; fiat_p224_cmovznz_u32(&mut x36, x30, x25, x11); let mut x37: u32 = 0; fiat_p224_cmovznz_u32(&mut x37, x30, x27, x13); out1[0] = x31; out1[1] = x32; out1[2] = x33; out1[3] = x34; out1[4] = x35; out1[5] = x36; out1[6] = x37; } /// The function fiat_p224_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_sub(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; fiat_p224_cmovznz_u32(&mut x15, x14, (0x0 as u32), 0xffffffff); let mut x16: u32 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x16, &mut x17, 0x0, x1, (((x15 & (0x1 as u32)) as fiat_p224_u1) as u32)); let mut x18: u32 = 0; let mut x19: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x18, &mut x19, x17, x3, (0x0 as u32)); let mut x20: u32 = 0; let mut x21: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x20, &mut x21, x19, x5, (0x0 as u32)); let mut x22: u32 = 0; let mut x23: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x22, &mut x23, x21, x7, x15); let mut x24: u32 = 0; let mut x25: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x24, &mut x25, x23, x9, x15); let mut x26: u32 = 0; let mut x27: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x26, &mut x27, x25, x11, x15); let mut x28: u32 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x28, &mut x29, x27, x13, x15); out1[0] = x16; out1[1] = x18; out1[2] = x20; out1[3] = x22; out1[4] = x24; out1[5] = x26; out1[6] = x28; } /// The function fiat_p224_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_opp(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; fiat_p224_cmovznz_u32(&mut x15, x14, (0x0 as u32), 0xffffffff); let mut x16: u32 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x16, &mut x17, 0x0, x1, (((x15 & (0x1 as u32)) as fiat_p224_u1) as u32)); let mut x18: u32 = 0; let mut x19: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x18, &mut x19, x17, x3, (0x0 as u32)); let mut x20: u32 = 0; let mut x21: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x20, &mut x21, x19, x5, (0x0 as u32)); let mut x22: u32 = 0; let mut x23: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x22, &mut x23, x21, x7, x15); let mut x24: u32 = 0; let mut x25: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x24, &mut x25, x23, x9, x15); let mut x26: u32 = 0; let mut x27: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x26, &mut x27, x25, x11, x15); let mut x28: u32 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x28, &mut x29, x27, x13, x15); out1[0] = x16; out1[1] = x18; out1[2] = x20; out1[3] = x22; out1[4] = x24; out1[5] = x26; out1[6] = x28; } /// The function fiat_p224_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^7) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_from_montgomery(out1: &mut fiat_p224_non_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_p224_mulx_u32(&mut x2, &mut x3, x1, 0xffffffff); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_p224_mulx_u32(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_p224_mulx_u32(&mut x6, &mut x7, x2, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p224_mulx_u32(&mut x8, &mut x9, x2, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p224_mulx_u32(&mut x10, &mut x11, x2, 0xffffffff); let mut x12: u32 = 0; let mut x13: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x12, &mut x13, 0x0, x11, x8); let mut x14: u32 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x14, &mut x15, x13, x9, x6); let mut x16: u32 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x16, &mut x17, x15, x7, x4); let mut x18: u32 = 0; let mut x19: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, x2); let mut x20: u32 = 0; let mut x21: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x20, &mut x21, 0x0, (x19 as u32), (arg1[1])); let mut x22: u32 = 0; let mut x23: u32 = 0; fiat_p224_mulx_u32(&mut x22, &mut x23, x20, 0xffffffff); let mut x24: u32 = 0; let mut x25: u32 = 0; fiat_p224_mulx_u32(&mut x24, &mut x25, x22, 0xffffffff); let mut x26: u32 = 0; let mut x27: u32 = 0; fiat_p224_mulx_u32(&mut x26, &mut x27, x22, 0xffffffff); let mut x28: u32 = 0; let mut x29: u32 = 0; fiat_p224_mulx_u32(&mut x28, &mut x29, x22, 0xffffffff); let mut x30: u32 = 0; let mut x31: u32 = 0; fiat_p224_mulx_u32(&mut x30, &mut x31, x22, 0xffffffff); let mut x32: u32 = 0; let mut x33: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x32, &mut x33, 0x0, x31, x28); let mut x34: u32 = 0; let mut x35: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x34, &mut x35, x33, x29, x26); let mut x36: u32 = 0; let mut x37: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x36, &mut x37, x35, x27, x24); let mut x38: u32 = 0; let mut x39: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x38, &mut x39, 0x0, x12, x30); let mut x40: u32 = 0; let mut x41: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x40, &mut x41, x39, x14, x32); let mut x42: u32 = 0; let mut x43: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x42, &mut x43, x41, x16, x34); let mut x44: u32 = 0; let mut x45: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x44, &mut x45, x43, ((x17 as u32) + x5), x36); let mut x46: u32 = 0; let mut x47: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x46, &mut x47, x45, (0x0 as u32), ((x37 as u32) + x25)); let mut x48: u32 = 0; let mut x49: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x48, &mut x49, 0x0, x20, x22); let mut x50: u32 = 0; let mut x51: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x50, &mut x51, 0x0, ((x49 as u32) + (x21 as u32)), (arg1[2])); let mut x52: u32 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x52, &mut x53, x51, x10, (0x0 as u32)); let mut x54: u32 = 0; let mut x55: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x54, &mut x55, x53, x38, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x56, &mut x57, x55, x40, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x58, &mut x59, x57, x42, (0x0 as u32)); let mut x60: u32 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x60, &mut x61, x59, x44, (0x0 as u32)); let mut x62: u32 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x62, &mut x63, x61, x46, (0x0 as u32)); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p224_mulx_u32(&mut x64, &mut x65, x50, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p224_mulx_u32(&mut x66, &mut x67, x64, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p224_mulx_u32(&mut x68, &mut x69, x64, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p224_mulx_u32(&mut x70, &mut x71, x64, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p224_mulx_u32(&mut x72, &mut x73, x64, 0xffffffff); let mut x74: u32 = 0; let mut x75: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x74, &mut x75, 0x0, x73, x70); let mut x76: u32 = 0; let mut x77: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x76, &mut x77, x75, x71, x68); let mut x78: u32 = 0; let mut x79: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x78, &mut x79, x77, x69, x66); let mut x80: u32 = 0; let mut x81: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x80, &mut x81, 0x0, x50, x64); let mut x82: u32 = 0; let mut x83: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x82, &mut x83, x81, x52, (0x0 as u32)); let mut x84: u32 = 0; let mut x85: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x84, &mut x85, x83, x54, (0x0 as u32)); let mut x86: u32 = 0; let mut x87: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x86, &mut x87, x85, x56, x72); let mut x88: u32 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x88, &mut x89, x87, x58, x74); let mut x90: u32 = 0; let mut x91: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x90, &mut x91, x89, x60, x76); let mut x92: u32 = 0; let mut x93: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x92, &mut x93, x91, x62, x78); let mut x94: u32 = 0; let mut x95: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x94, &mut x95, x93, ((x63 as u32) + (x47 as u32)), ((x79 as u32) + x67)); let mut x96: u32 = 0; let mut x97: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x96, &mut x97, 0x0, x82, (arg1[3])); let mut x98: u32 = 0; let mut x99: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x98, &mut x99, x97, x84, (0x0 as u32)); let mut x100: u32 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x100, &mut x101, x99, x86, (0x0 as u32)); let mut x102: u32 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x102, &mut x103, x101, x88, (0x0 as u32)); let mut x104: u32 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x104, &mut x105, x103, x90, (0x0 as u32)); let mut x106: u32 = 0; let mut x107: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x106, &mut x107, x105, x92, (0x0 as u32)); let mut x108: u32 = 0; let mut x109: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x108, &mut x109, x107, x94, (0x0 as u32)); let mut x110: u32 = 0; let mut x111: u32 = 0; fiat_p224_mulx_u32(&mut x110, &mut x111, x96, 0xffffffff); let mut x112: u32 = 0; let mut x113: u32 = 0; fiat_p224_mulx_u32(&mut x112, &mut x113, x110, 0xffffffff); let mut x114: u32 = 0; let mut x115: u32 = 0; fiat_p224_mulx_u32(&mut x114, &mut x115, x110, 0xffffffff); let mut x116: u32 = 0; let mut x117: u32 = 0; fiat_p224_mulx_u32(&mut x116, &mut x117, x110, 0xffffffff); let mut x118: u32 = 0; let mut x119: u32 = 0; fiat_p224_mulx_u32(&mut x118, &mut x119, x110, 0xffffffff); let mut x120: u32 = 0; let mut x121: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u32 = 0; let mut x123: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x122, &mut x123, x121, x117, x114); let mut x124: u32 = 0; let mut x125: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x124, &mut x125, x123, x115, x112); let mut x126: u32 = 0; let mut x127: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x126, &mut x127, 0x0, x96, x110); let mut x128: u32 = 0; let mut x129: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x128, &mut x129, x127, x98, (0x0 as u32)); let mut x130: u32 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x130, &mut x131, x129, x100, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x132, &mut x133, x131, x102, x118); let mut x134: u32 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x134, &mut x135, x133, x104, x120); let mut x136: u32 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x136, &mut x137, x135, x106, x122); let mut x138: u32 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x138, &mut x139, x137, x108, x124); let mut x140: u32 = 0; let mut x141: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x140, &mut x141, x139, ((x109 as u32) + (x95 as u32)), ((x125 as u32) + x113)); let mut x142: u32 = 0; let mut x143: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x142, &mut x143, 0x0, x128, (arg1[4])); let mut x144: u32 = 0; let mut x145: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x144, &mut x145, x143, x130, (0x0 as u32)); let mut x146: u32 = 0; let mut x147: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x146, &mut x147, x145, x132, (0x0 as u32)); let mut x148: u32 = 0; let mut x149: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x148, &mut x149, x147, x134, (0x0 as u32)); let mut x150: u32 = 0; let mut x151: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x150, &mut x151, x149, x136, (0x0 as u32)); let mut x152: u32 = 0; let mut x153: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x152, &mut x153, x151, x138, (0x0 as u32)); let mut x154: u32 = 0; let mut x155: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x154, &mut x155, x153, x140, (0x0 as u32)); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_p224_mulx_u32(&mut x156, &mut x157, x142, 0xffffffff); let mut x158: u32 = 0; let mut x159: u32 = 0; fiat_p224_mulx_u32(&mut x158, &mut x159, x156, 0xffffffff); let mut x160: u32 = 0; let mut x161: u32 = 0; fiat_p224_mulx_u32(&mut x160, &mut x161, x156, 0xffffffff); let mut x162: u32 = 0; let mut x163: u32 = 0; fiat_p224_mulx_u32(&mut x162, &mut x163, x156, 0xffffffff); let mut x164: u32 = 0; let mut x165: u32 = 0; fiat_p224_mulx_u32(&mut x164, &mut x165, x156, 0xffffffff); let mut x166: u32 = 0; let mut x167: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x166, &mut x167, 0x0, x165, x162); let mut x168: u32 = 0; let mut x169: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x168, &mut x169, x167, x163, x160); let mut x170: u32 = 0; let mut x171: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x170, &mut x171, x169, x161, x158); let mut x172: u32 = 0; let mut x173: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x172, &mut x173, 0x0, x142, x156); let mut x174: u32 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x174, &mut x175, x173, x144, (0x0 as u32)); let mut x176: u32 = 0; let mut x177: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x176, &mut x177, x175, x146, (0x0 as u32)); let mut x178: u32 = 0; let mut x179: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x178, &mut x179, x177, x148, x164); let mut x180: u32 = 0; let mut x181: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x180, &mut x181, x179, x150, x166); let mut x182: u32 = 0; let mut x183: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x182, &mut x183, x181, x152, x168); let mut x184: u32 = 0; let mut x185: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x184, &mut x185, x183, x154, x170); let mut x186: u32 = 0; let mut x187: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x186, &mut x187, x185, ((x155 as u32) + (x141 as u32)), ((x171 as u32) + x159)); let mut x188: u32 = 0; let mut x189: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x188, &mut x189, 0x0, x174, (arg1[5])); let mut x190: u32 = 0; let mut x191: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x190, &mut x191, x189, x176, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x192, &mut x193, x191, x178, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x194, &mut x195, x193, x180, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x196, &mut x197, x195, x182, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x198, &mut x199, x197, x184, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x200, &mut x201, x199, x186, (0x0 as u32)); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_p224_mulx_u32(&mut x202, &mut x203, x188, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_p224_mulx_u32(&mut x204, &mut x205, x202, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_p224_mulx_u32(&mut x206, &mut x207, x202, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p224_mulx_u32(&mut x208, &mut x209, x202, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p224_mulx_u32(&mut x210, &mut x211, x202, 0xffffffff); let mut x212: u32 = 0; let mut x213: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x212, &mut x213, 0x0, x211, x208); let mut x214: u32 = 0; let mut x215: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x214, &mut x215, x213, x209, x206); let mut x216: u32 = 0; let mut x217: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x216, &mut x217, x215, x207, x204); let mut x218: u32 = 0; let mut x219: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x218, &mut x219, 0x0, x188, x202); let mut x220: u32 = 0; let mut x221: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x220, &mut x221, x219, x190, (0x0 as u32)); let mut x222: u32 = 0; let mut x223: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x222, &mut x223, x221, x192, (0x0 as u32)); let mut x224: u32 = 0; let mut x225: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x224, &mut x225, x223, x194, x210); let mut x226: u32 = 0; let mut x227: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x226, &mut x227, x225, x196, x212); let mut x228: u32 = 0; let mut x229: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x228, &mut x229, x227, x198, x214); let mut x230: u32 = 0; let mut x231: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x230, &mut x231, x229, x200, x216); let mut x232: u32 = 0; let mut x233: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x232, &mut x233, x231, ((x201 as u32) + (x187 as u32)), ((x217 as u32) + x205)); let mut x234: u32 = 0; let mut x235: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x234, &mut x235, 0x0, x220, (arg1[6])); let mut x236: u32 = 0; let mut x237: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x236, &mut x237, x235, x222, (0x0 as u32)); let mut x238: u32 = 0; let mut x239: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x238, &mut x239, x237, x224, (0x0 as u32)); let mut x240: u32 = 0; let mut x241: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x240, &mut x241, x239, x226, (0x0 as u32)); let mut x242: u32 = 0; let mut x243: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x242, &mut x243, x241, x228, (0x0 as u32)); let mut x244: u32 = 0; let mut x245: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x244, &mut x245, x243, x230, (0x0 as u32)); let mut x246: u32 = 0; let mut x247: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x246, &mut x247, x245, x232, (0x0 as u32)); let mut x248: u32 = 0; let mut x249: u32 = 0; fiat_p224_mulx_u32(&mut x248, &mut x249, x234, 0xffffffff); let mut x250: u32 = 0; let mut x251: u32 = 0; fiat_p224_mulx_u32(&mut x250, &mut x251, x248, 0xffffffff); let mut x252: u32 = 0; let mut x253: u32 = 0; fiat_p224_mulx_u32(&mut x252, &mut x253, x248, 0xffffffff); let mut x254: u32 = 0; let mut x255: u32 = 0; fiat_p224_mulx_u32(&mut x254, &mut x255, x248, 0xffffffff); let mut x256: u32 = 0; let mut x257: u32 = 0; fiat_p224_mulx_u32(&mut x256, &mut x257, x248, 0xffffffff); let mut x258: u32 = 0; let mut x259: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x258, &mut x259, 0x0, x257, x254); let mut x260: u32 = 0; let mut x261: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x260, &mut x261, x259, x255, x252); let mut x262: u32 = 0; let mut x263: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x262, &mut x263, x261, x253, x250); let mut x264: u32 = 0; let mut x265: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x264, &mut x265, 0x0, x234, x248); let mut x266: u32 = 0; let mut x267: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x266, &mut x267, x265, x236, (0x0 as u32)); let mut x268: u32 = 0; let mut x269: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x268, &mut x269, x267, x238, (0x0 as u32)); let mut x270: u32 = 0; let mut x271: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x270, &mut x271, x269, x240, x256); let mut x272: u32 = 0; let mut x273: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x272, &mut x273, x271, x242, x258); let mut x274: u32 = 0; let mut x275: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x274, &mut x275, x273, x244, x260); let mut x276: u32 = 0; let mut x277: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x276, &mut x277, x275, x246, x262); let mut x278: u32 = 0; let mut x279: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x278, &mut x279, x277, ((x247 as u32) + (x233 as u32)), ((x263 as u32) + x251)); let mut x280: u32 = 0; let mut x281: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x280, &mut x281, 0x0, x266, (0x1 as u32)); let mut x282: u32 = 0; let mut x283: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x282, &mut x283, x281, x268, (0x0 as u32)); let mut x284: u32 = 0; let mut x285: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x284, &mut x285, x283, x270, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x286, &mut x287, x285, x272, 0xffffffff); let mut x288: u32 = 0; let mut x289: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x288, &mut x289, x287, x274, 0xffffffff); let mut x290: u32 = 0; let mut x291: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x290, &mut x291, x289, x276, 0xffffffff); let mut x292: u32 = 0; let mut x293: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x292, &mut x293, x291, x278, 0xffffffff); let mut x294: u32 = 0; let mut x295: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x294, &mut x295, x293, (x279 as u32), (0x0 as u32)); let mut x296: u32 = 0; fiat_p224_cmovznz_u32(&mut x296, x295, x280, x266); let mut x297: u32 = 0; fiat_p224_cmovznz_u32(&mut x297, x295, x282, x268); let mut x298: u32 = 0; fiat_p224_cmovznz_u32(&mut x298, x295, x284, x270); let mut x299: u32 = 0; fiat_p224_cmovznz_u32(&mut x299, x295, x286, x272); let mut x300: u32 = 0; fiat_p224_cmovznz_u32(&mut x300, x295, x288, x274); let mut x301: u32 = 0; fiat_p224_cmovznz_u32(&mut x301, x295, x290, x276); let mut x302: u32 = 0; fiat_p224_cmovznz_u32(&mut x302, x295, x292, x278); out1[0] = x296; out1[1] = x297; out1[2] = x298; out1[3] = x299; out1[4] = x300; out1[5] = x301; out1[6] = x302; } /// The function fiat_p224_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_to_montgomery(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[0]); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p224_mulx_u32(&mut x8, &mut x9, x7, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p224_mulx_u32(&mut x10, &mut x11, x7, 0xffffffff); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p224_mulx_u32(&mut x12, &mut x13, x7, 0xfffffffe); let mut x14: u32 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x14, &mut x15, 0x0, x13, x10); let mut x16: u32 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x16, &mut x17, x15, x11, x8); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_p224_mulx_u32(&mut x18, &mut x19, x7, 0xffffffff); let mut x20: u32 = 0; let mut x21: u32 = 0; fiat_p224_mulx_u32(&mut x20, &mut x21, x18, 0xffffffff); let mut x22: u32 = 0; let mut x23: u32 = 0; fiat_p224_mulx_u32(&mut x22, &mut x23, x18, 0xffffffff); let mut x24: u32 = 0; let mut x25: u32 = 0; fiat_p224_mulx_u32(&mut x24, &mut x25, x18, 0xffffffff); let mut x26: u32 = 0; let mut x27: u32 = 0; fiat_p224_mulx_u32(&mut x26, &mut x27, x18, 0xffffffff); let mut x28: u32 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x28, &mut x29, 0x0, x27, x24); let mut x30: u32 = 0; let mut x31: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x30, &mut x31, x29, x25, x22); let mut x32: u32 = 0; let mut x33: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x32, &mut x33, x31, x23, x20); let mut x34: u32 = 0; let mut x35: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x34, &mut x35, 0x0, x12, x26); let mut x36: u32 = 0; let mut x37: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x36, &mut x37, x35, x14, x28); let mut x38: u32 = 0; let mut x39: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x38, &mut x39, x37, x16, x30); let mut x40: u32 = 0; let mut x41: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x40, &mut x41, x39, ((x17 as u32) + x9), x32); let mut x42: u32 = 0; let mut x43: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), ((x33 as u32) + x21)); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p224_mulx_u32(&mut x44, &mut x45, x1, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p224_mulx_u32(&mut x46, &mut x47, x1, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_p224_mulx_u32(&mut x48, &mut x49, x1, 0xfffffffe); let mut x50: u32 = 0; let mut x51: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x50, &mut x51, 0x0, x49, x46); let mut x52: u32 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x52, &mut x53, x51, x47, x44); let mut x54: u32 = 0; let mut x55: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x54, &mut x55, 0x0, x7, x18); let mut x56: u32 = 0; let mut x57: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x56, &mut x57, 0x0, (x55 as u32), x1); let mut x58: u32 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x58, &mut x59, 0x0, x36, x48); let mut x60: u32 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x60, &mut x61, x59, x38, x50); let mut x62: u32 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x62, &mut x63, x61, x40, x52); let mut x64: u32 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x64, &mut x65, x63, x42, ((x53 as u32) + x45)); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p224_mulx_u32(&mut x66, &mut x67, x56, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p224_mulx_u32(&mut x68, &mut x69, x66, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p224_mulx_u32(&mut x70, &mut x71, x66, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p224_mulx_u32(&mut x72, &mut x73, x66, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p224_mulx_u32(&mut x74, &mut x75, x66, 0xffffffff); let mut x76: u32 = 0; let mut x77: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x76, &mut x77, 0x0, x75, x72); let mut x78: u32 = 0; let mut x79: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x78, &mut x79, x77, x73, x70); let mut x80: u32 = 0; let mut x81: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x80, &mut x81, x79, x71, x68); let mut x82: u32 = 0; let mut x83: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x82, &mut x83, 0x0, x58, x74); let mut x84: u32 = 0; let mut x85: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x84, &mut x85, x83, x60, x76); let mut x86: u32 = 0; let mut x87: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x86, &mut x87, x85, x62, x78); let mut x88: u32 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x88, &mut x89, x87, x64, x80); let mut x90: u32 = 0; let mut x91: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x90, &mut x91, x89, ((x65 as u32) + (x43 as u32)), ((x81 as u32) + x69)); let mut x92: u32 = 0; let mut x93: u32 = 0; fiat_p224_mulx_u32(&mut x92, &mut x93, x2, 0xffffffff); let mut x94: u32 = 0; let mut x95: u32 = 0; fiat_p224_mulx_u32(&mut x94, &mut x95, x2, 0xffffffff); let mut x96: u32 = 0; let mut x97: u32 = 0; fiat_p224_mulx_u32(&mut x96, &mut x97, x2, 0xfffffffe); let mut x98: u32 = 0; let mut x99: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x98, &mut x99, 0x0, x97, x94); let mut x100: u32 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x100, &mut x101, x99, x95, x92); let mut x102: u32 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x102, &mut x103, 0x0, x56, x66); let mut x104: u32 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x104, &mut x105, 0x0, ((x103 as u32) + (x57 as u32)), x2); let mut x106: u32 = 0; let mut x107: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x106, &mut x107, x105, x34, (0x0 as u32)); let mut x108: u32 = 0; let mut x109: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x108, &mut x109, x107, x82, (0x0 as u32)); let mut x110: u32 = 0; let mut x111: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x110, &mut x111, x109, x84, x96); let mut x112: u32 = 0; let mut x113: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x112, &mut x113, x111, x86, x98); let mut x114: u32 = 0; let mut x115: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x114, &mut x115, x113, x88, x100); let mut x116: u32 = 0; let mut x117: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x116, &mut x117, x115, x90, ((x101 as u32) + x93)); let mut x118: u32 = 0; let mut x119: u32 = 0; fiat_p224_mulx_u32(&mut x118, &mut x119, x104, 0xffffffff); let mut x120: u32 = 0; let mut x121: u32 = 0; fiat_p224_mulx_u32(&mut x120, &mut x121, x118, 0xffffffff); let mut x122: u32 = 0; let mut x123: u32 = 0; fiat_p224_mulx_u32(&mut x122, &mut x123, x118, 0xffffffff); let mut x124: u32 = 0; let mut x125: u32 = 0; fiat_p224_mulx_u32(&mut x124, &mut x125, x118, 0xffffffff); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_p224_mulx_u32(&mut x126, &mut x127, x118, 0xffffffff); let mut x128: u32 = 0; let mut x129: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x128, &mut x129, 0x0, x127, x124); let mut x130: u32 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x130, &mut x131, x129, x125, x122); let mut x132: u32 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x132, &mut x133, x131, x123, x120); let mut x134: u32 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x134, &mut x135, 0x0, x104, x118); let mut x136: u32 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x136, &mut x137, x135, x106, (0x0 as u32)); let mut x138: u32 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x138, &mut x139, x137, x108, (0x0 as u32)); let mut x140: u32 = 0; let mut x141: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x140, &mut x141, x139, x110, x126); let mut x142: u32 = 0; let mut x143: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x142, &mut x143, x141, x112, x128); let mut x144: u32 = 0; let mut x145: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x144, &mut x145, x143, x114, x130); let mut x146: u32 = 0; let mut x147: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x146, &mut x147, x145, x116, x132); let mut x148: u32 = 0; let mut x149: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x148, &mut x149, x147, ((x117 as u32) + (x91 as u32)), ((x133 as u32) + x121)); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_p224_mulx_u32(&mut x150, &mut x151, x3, 0xffffffff); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_p224_mulx_u32(&mut x152, &mut x153, x3, 0xffffffff); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_p224_mulx_u32(&mut x154, &mut x155, x3, 0xfffffffe); let mut x156: u32 = 0; let mut x157: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x156, &mut x157, 0x0, x155, x152); let mut x158: u32 = 0; let mut x159: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x158, &mut x159, x157, x153, x150); let mut x160: u32 = 0; let mut x161: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x160, &mut x161, 0x0, x136, x3); let mut x162: u32 = 0; let mut x163: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x162, &mut x163, x161, x138, (0x0 as u32)); let mut x164: u32 = 0; let mut x165: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x164, &mut x165, x163, x140, (0x0 as u32)); let mut x166: u32 = 0; let mut x167: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x166, &mut x167, x165, x142, x154); let mut x168: u32 = 0; let mut x169: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x168, &mut x169, x167, x144, x156); let mut x170: u32 = 0; let mut x171: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x170, &mut x171, x169, x146, x158); let mut x172: u32 = 0; let mut x173: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x172, &mut x173, x171, x148, ((x159 as u32) + x151)); let mut x174: u32 = 0; let mut x175: u32 = 0; fiat_p224_mulx_u32(&mut x174, &mut x175, x160, 0xffffffff); let mut x176: u32 = 0; let mut x177: u32 = 0; fiat_p224_mulx_u32(&mut x176, &mut x177, x174, 0xffffffff); let mut x178: u32 = 0; let mut x179: u32 = 0; fiat_p224_mulx_u32(&mut x178, &mut x179, x174, 0xffffffff); let mut x180: u32 = 0; let mut x181: u32 = 0; fiat_p224_mulx_u32(&mut x180, &mut x181, x174, 0xffffffff); let mut x182: u32 = 0; let mut x183: u32 = 0; fiat_p224_mulx_u32(&mut x182, &mut x183, x174, 0xffffffff); let mut x184: u32 = 0; let mut x185: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x184, &mut x185, 0x0, x183, x180); let mut x186: u32 = 0; let mut x187: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x186, &mut x187, x185, x181, x178); let mut x188: u32 = 0; let mut x189: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x188, &mut x189, x187, x179, x176); let mut x190: u32 = 0; let mut x191: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x190, &mut x191, 0x0, x160, x174); let mut x192: u32 = 0; let mut x193: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x192, &mut x193, x191, x162, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x194, &mut x195, x193, x164, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x196, &mut x197, x195, x166, x182); let mut x198: u32 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x198, &mut x199, x197, x168, x184); let mut x200: u32 = 0; let mut x201: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x200, &mut x201, x199, x170, x186); let mut x202: u32 = 0; let mut x203: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x202, &mut x203, x201, x172, x188); let mut x204: u32 = 0; let mut x205: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x204, &mut x205, x203, ((x173 as u32) + (x149 as u32)), ((x189 as u32) + x177)); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_p224_mulx_u32(&mut x206, &mut x207, x4, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p224_mulx_u32(&mut x208, &mut x209, x4, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p224_mulx_u32(&mut x210, &mut x211, x4, 0xfffffffe); let mut x212: u32 = 0; let mut x213: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x212, &mut x213, 0x0, x211, x208); let mut x214: u32 = 0; let mut x215: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x214, &mut x215, x213, x209, x206); let mut x216: u32 = 0; let mut x217: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x216, &mut x217, 0x0, x192, x4); let mut x218: u32 = 0; let mut x219: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x218, &mut x219, x217, x194, (0x0 as u32)); let mut x220: u32 = 0; let mut x221: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x220, &mut x221, x219, x196, (0x0 as u32)); let mut x222: u32 = 0; let mut x223: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x222, &mut x223, x221, x198, x210); let mut x224: u32 = 0; let mut x225: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x224, &mut x225, x223, x200, x212); let mut x226: u32 = 0; let mut x227: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x226, &mut x227, x225, x202, x214); let mut x228: u32 = 0; let mut x229: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x228, &mut x229, x227, x204, ((x215 as u32) + x207)); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p224_mulx_u32(&mut x230, &mut x231, x216, 0xffffffff); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p224_mulx_u32(&mut x232, &mut x233, x230, 0xffffffff); let mut x234: u32 = 0; let mut x235: u32 = 0; fiat_p224_mulx_u32(&mut x234, &mut x235, x230, 0xffffffff); let mut x236: u32 = 0; let mut x237: u32 = 0; fiat_p224_mulx_u32(&mut x236, &mut x237, x230, 0xffffffff); let mut x238: u32 = 0; let mut x239: u32 = 0; fiat_p224_mulx_u32(&mut x238, &mut x239, x230, 0xffffffff); let mut x240: u32 = 0; let mut x241: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x240, &mut x241, 0x0, x239, x236); let mut x242: u32 = 0; let mut x243: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x242, &mut x243, x241, x237, x234); let mut x244: u32 = 0; let mut x245: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x244, &mut x245, x243, x235, x232); let mut x246: u32 = 0; let mut x247: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x246, &mut x247, 0x0, x216, x230); let mut x248: u32 = 0; let mut x249: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x248, &mut x249, x247, x218, (0x0 as u32)); let mut x250: u32 = 0; let mut x251: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x250, &mut x251, x249, x220, (0x0 as u32)); let mut x252: u32 = 0; let mut x253: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x252, &mut x253, x251, x222, x238); let mut x254: u32 = 0; let mut x255: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x254, &mut x255, x253, x224, x240); let mut x256: u32 = 0; let mut x257: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x256, &mut x257, x255, x226, x242); let mut x258: u32 = 0; let mut x259: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x258, &mut x259, x257, x228, x244); let mut x260: u32 = 0; let mut x261: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x260, &mut x261, x259, ((x229 as u32) + (x205 as u32)), ((x245 as u32) + x233)); let mut x262: u32 = 0; let mut x263: u32 = 0; fiat_p224_mulx_u32(&mut x262, &mut x263, x5, 0xffffffff); let mut x264: u32 = 0; let mut x265: u32 = 0; fiat_p224_mulx_u32(&mut x264, &mut x265, x5, 0xffffffff); let mut x266: u32 = 0; let mut x267: u32 = 0; fiat_p224_mulx_u32(&mut x266, &mut x267, x5, 0xfffffffe); let mut x268: u32 = 0; let mut x269: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x268, &mut x269, 0x0, x267, x264); let mut x270: u32 = 0; let mut x271: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x270, &mut x271, x269, x265, x262); let mut x272: u32 = 0; let mut x273: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x272, &mut x273, 0x0, x248, x5); let mut x274: u32 = 0; let mut x275: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x274, &mut x275, x273, x250, (0x0 as u32)); let mut x276: u32 = 0; let mut x277: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x276, &mut x277, x275, x252, (0x0 as u32)); let mut x278: u32 = 0; let mut x279: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x278, &mut x279, x277, x254, x266); let mut x280: u32 = 0; let mut x281: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x280, &mut x281, x279, x256, x268); let mut x282: u32 = 0; let mut x283: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x282, &mut x283, x281, x258, x270); let mut x284: u32 = 0; let mut x285: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x284, &mut x285, x283, x260, ((x271 as u32) + x263)); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p224_mulx_u32(&mut x286, &mut x287, x272, 0xffffffff); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p224_mulx_u32(&mut x288, &mut x289, x286, 0xffffffff); let mut x290: u32 = 0; let mut x291: u32 = 0; fiat_p224_mulx_u32(&mut x290, &mut x291, x286, 0xffffffff); let mut x292: u32 = 0; let mut x293: u32 = 0; fiat_p224_mulx_u32(&mut x292, &mut x293, x286, 0xffffffff); let mut x294: u32 = 0; let mut x295: u32 = 0; fiat_p224_mulx_u32(&mut x294, &mut x295, x286, 0xffffffff); let mut x296: u32 = 0; let mut x297: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x296, &mut x297, 0x0, x295, x292); let mut x298: u32 = 0; let mut x299: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x298, &mut x299, x297, x293, x290); let mut x300: u32 = 0; let mut x301: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x300, &mut x301, x299, x291, x288); let mut x302: u32 = 0; let mut x303: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x302, &mut x303, 0x0, x272, x286); let mut x304: u32 = 0; let mut x305: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x304, &mut x305, x303, x274, (0x0 as u32)); let mut x306: u32 = 0; let mut x307: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x306, &mut x307, x305, x276, (0x0 as u32)); let mut x308: u32 = 0; let mut x309: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x308, &mut x309, x307, x278, x294); let mut x310: u32 = 0; let mut x311: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x310, &mut x311, x309, x280, x296); let mut x312: u32 = 0; let mut x313: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x312, &mut x313, x311, x282, x298); let mut x314: u32 = 0; let mut x315: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x314, &mut x315, x313, x284, x300); let mut x316: u32 = 0; let mut x317: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x316, &mut x317, x315, ((x285 as u32) + (x261 as u32)), ((x301 as u32) + x289)); let mut x318: u32 = 0; let mut x319: u32 = 0; fiat_p224_mulx_u32(&mut x318, &mut x319, x6, 0xffffffff); let mut x320: u32 = 0; let mut x321: u32 = 0; fiat_p224_mulx_u32(&mut x320, &mut x321, x6, 0xffffffff); let mut x322: u32 = 0; let mut x323: u32 = 0; fiat_p224_mulx_u32(&mut x322, &mut x323, x6, 0xfffffffe); let mut x324: u32 = 0; let mut x325: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x324, &mut x325, 0x0, x323, x320); let mut x326: u32 = 0; let mut x327: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x326, &mut x327, x325, x321, x318); let mut x328: u32 = 0; let mut x329: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x328, &mut x329, 0x0, x304, x6); let mut x330: u32 = 0; let mut x331: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x330, &mut x331, x329, x306, (0x0 as u32)); let mut x332: u32 = 0; let mut x333: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x332, &mut x333, x331, x308, (0x0 as u32)); let mut x334: u32 = 0; let mut x335: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x334, &mut x335, x333, x310, x322); let mut x336: u32 = 0; let mut x337: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x336, &mut x337, x335, x312, x324); let mut x338: u32 = 0; let mut x339: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x338, &mut x339, x337, x314, x326); let mut x340: u32 = 0; let mut x341: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x340, &mut x341, x339, x316, ((x327 as u32) + x319)); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_p224_mulx_u32(&mut x342, &mut x343, x328, 0xffffffff); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_p224_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_p224_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_p224_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_p224_mulx_u32(&mut x350, &mut x351, x342, 0xffffffff); let mut x352: u32 = 0; let mut x353: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x352, &mut x353, 0x0, x351, x348); let mut x354: u32 = 0; let mut x355: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x354, &mut x355, x353, x349, x346); let mut x356: u32 = 0; let mut x357: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x356, &mut x357, x355, x347, x344); let mut x358: u32 = 0; let mut x359: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x358, &mut x359, 0x0, x328, x342); let mut x360: u32 = 0; let mut x361: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x360, &mut x361, x359, x330, (0x0 as u32)); let mut x362: u32 = 0; let mut x363: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x362, &mut x363, x361, x332, (0x0 as u32)); let mut x364: u32 = 0; let mut x365: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x364, &mut x365, x363, x334, x350); let mut x366: u32 = 0; let mut x367: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x366, &mut x367, x365, x336, x352); let mut x368: u32 = 0; let mut x369: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x368, &mut x369, x367, x338, x354); let mut x370: u32 = 0; let mut x371: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x370, &mut x371, x369, x340, x356); let mut x372: u32 = 0; let mut x373: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x372, &mut x373, x371, ((x341 as u32) + (x317 as u32)), ((x357 as u32) + x345)); let mut x374: u32 = 0; let mut x375: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x374, &mut x375, 0x0, x360, (0x1 as u32)); let mut x376: u32 = 0; let mut x377: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x376, &mut x377, x375, x362, (0x0 as u32)); let mut x378: u32 = 0; let mut x379: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x378, &mut x379, x377, x364, (0x0 as u32)); let mut x380: u32 = 0; let mut x381: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x380, &mut x381, x379, x366, 0xffffffff); let mut x382: u32 = 0; let mut x383: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x382, &mut x383, x381, x368, 0xffffffff); let mut x384: u32 = 0; let mut x385: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x384, &mut x385, x383, x370, 0xffffffff); let mut x386: u32 = 0; let mut x387: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x386, &mut x387, x385, x372, 0xffffffff); let mut x388: u32 = 0; let mut x389: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x388, &mut x389, x387, (x373 as u32), (0x0 as u32)); let mut x390: u32 = 0; fiat_p224_cmovznz_u32(&mut x390, x389, x374, x360); let mut x391: u32 = 0; fiat_p224_cmovznz_u32(&mut x391, x389, x376, x362); let mut x392: u32 = 0; fiat_p224_cmovznz_u32(&mut x392, x389, x378, x364); let mut x393: u32 = 0; fiat_p224_cmovznz_u32(&mut x393, x389, x380, x366); let mut x394: u32 = 0; fiat_p224_cmovznz_u32(&mut x394, x389, x382, x368); let mut x395: u32 = 0; fiat_p224_cmovznz_u32(&mut x395, x389, x384, x370); let mut x396: u32 = 0; fiat_p224_cmovznz_u32(&mut x396, x389, x386, x372); out1[0] = x390; out1[1] = x391; out1[2] = x392; out1[3] = x393; out1[4] = x394; out1[5] = x395; out1[6] = x396; } /// The function fiat_p224_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p224_nonzero(out1: &mut u32, arg1: &[u32; 7]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); *out1 = x1; } /// The function fiat_p224_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_selectznz(out1: &mut [u32; 7], arg1: fiat_p224_u1, arg2: &[u32; 7], arg3: &[u32; 7]) { let mut x1: u32 = 0; fiat_p224_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p224_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p224_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p224_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p224_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p224_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p224_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; } /// The function fiat_p224_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..27] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p224_to_bytes(out1: &mut [u8; 28], arg1: &[u32; 7]) { let x1: u32 = (arg1[6]); let x2: u32 = (arg1[5]); let x3: u32 = (arg1[4]); let x4: u32 = (arg1[3]); let x5: u32 = (arg1[2]); let x6: u32 = (arg1[1]); let x7: u32 = (arg1[0]); let x8: u8 = ((x7 & (0xff as u32)) as u8); let x9: u32 = (x7 >> 8); let x10: u8 = ((x9 & (0xff as u32)) as u8); let x11: u32 = (x9 >> 8); let x12: u8 = ((x11 & (0xff as u32)) as u8); let x13: u8 = ((x11 >> 8) as u8); let x14: u8 = ((x6 & (0xff as u32)) as u8); let x15: u32 = (x6 >> 8); let x16: u8 = ((x15 & (0xff as u32)) as u8); let x17: u32 = (x15 >> 8); let x18: u8 = ((x17 & (0xff as u32)) as u8); let x19: u8 = ((x17 >> 8) as u8); let x20: u8 = ((x5 & (0xff as u32)) as u8); let x21: u32 = (x5 >> 8); let x22: u8 = ((x21 & (0xff as u32)) as u8); let x23: u32 = (x21 >> 8); let x24: u8 = ((x23 & (0xff as u32)) as u8); let x25: u8 = ((x23 >> 8) as u8); let x26: u8 = ((x4 & (0xff as u32)) as u8); let x27: u32 = (x4 >> 8); let x28: u8 = ((x27 & (0xff as u32)) as u8); let x29: u32 = (x27 >> 8); let x30: u8 = ((x29 & (0xff as u32)) as u8); let x31: u8 = ((x29 >> 8) as u8); let x32: u8 = ((x3 & (0xff as u32)) as u8); let x33: u32 = (x3 >> 8); let x34: u8 = ((x33 & (0xff as u32)) as u8); let x35: u32 = (x33 >> 8); let x36: u8 = ((x35 & (0xff as u32)) as u8); let x37: u8 = ((x35 >> 8) as u8); let x38: u8 = ((x2 & (0xff as u32)) as u8); let x39: u32 = (x2 >> 8); let x40: u8 = ((x39 & (0xff as u32)) as u8); let x41: u32 = (x39 >> 8); let x42: u8 = ((x41 & (0xff as u32)) as u8); let x43: u8 = ((x41 >> 8) as u8); let x44: u8 = ((x1 & (0xff as u32)) as u8); let x45: u32 = (x1 >> 8); let x46: u8 = ((x45 & (0xff as u32)) as u8); let x47: u32 = (x45 >> 8); let x48: u8 = ((x47 & (0xff as u32)) as u8); let x49: u8 = ((x47 >> 8) as u8); out1[0] = x8; out1[1] = x10; out1[2] = x12; out1[3] = x13; out1[4] = x14; out1[5] = x16; out1[6] = x18; out1[7] = x19; out1[8] = x20; out1[9] = x22; out1[10] = x24; out1[11] = x25; out1[12] = x26; out1[13] = x28; out1[14] = x30; out1[15] = x31; out1[16] = x32; out1[17] = x34; out1[18] = x36; out1[19] = x37; out1[20] = x38; out1[21] = x40; out1[22] = x42; out1[23] = x43; out1[24] = x44; out1[25] = x46; out1[26] = x48; out1[27] = x49; } /// The function fiat_p224_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_from_bytes(out1: &mut [u32; 7], arg1: &[u8; 28]) { let x1: u32 = (((arg1[27]) as u32) << 24); let x2: u32 = (((arg1[26]) as u32) << 16); let x3: u32 = (((arg1[25]) as u32) << 8); let x4: u8 = (arg1[24]); let x5: u32 = (((arg1[23]) as u32) << 24); let x6: u32 = (((arg1[22]) as u32) << 16); let x7: u32 = (((arg1[21]) as u32) << 8); let x8: u8 = (arg1[20]); let x9: u32 = (((arg1[19]) as u32) << 24); let x10: u32 = (((arg1[18]) as u32) << 16); let x11: u32 = (((arg1[17]) as u32) << 8); let x12: u8 = (arg1[16]); let x13: u32 = (((arg1[15]) as u32) << 24); let x14: u32 = (((arg1[14]) as u32) << 16); let x15: u32 = (((arg1[13]) as u32) << 8); let x16: u8 = (arg1[12]); let x17: u32 = (((arg1[11]) as u32) << 24); let x18: u32 = (((arg1[10]) as u32) << 16); let x19: u32 = (((arg1[9]) as u32) << 8); let x20: u8 = (arg1[8]); let x21: u32 = (((arg1[7]) as u32) << 24); let x22: u32 = (((arg1[6]) as u32) << 16); let x23: u32 = (((arg1[5]) as u32) << 8); let x24: u8 = (arg1[4]); let x25: u32 = (((arg1[3]) as u32) << 24); let x26: u32 = (((arg1[2]) as u32) << 16); let x27: u32 = (((arg1[1]) as u32) << 8); let x28: u8 = (arg1[0]); let x29: u32 = (x27 + (x28 as u32)); let x30: u32 = (x26 + x29); let x31: u32 = (x25 + x30); let x32: u32 = (x23 + (x24 as u32)); let x33: u32 = (x22 + x32); let x34: u32 = (x21 + x33); let x35: u32 = (x19 + (x20 as u32)); let x36: u32 = (x18 + x35); let x37: u32 = (x17 + x36); let x38: u32 = (x15 + (x16 as u32)); let x39: u32 = (x14 + x38); let x40: u32 = (x13 + x39); let x41: u32 = (x11 + (x12 as u32)); let x42: u32 = (x10 + x41); let x43: u32 = (x9 + x42); let x44: u32 = (x7 + (x8 as u32)); let x45: u32 = (x6 + x44); let x46: u32 = (x5 + x45); let x47: u32 = (x3 + (x4 as u32)); let x48: u32 = (x2 + x47); let x49: u32 = (x1 + x48); out1[0] = x31; out1[1] = x34; out1[2] = x37; out1[3] = x40; out1[4] = x43; out1[5] = x46; out1[6] = x49; } /// The function fiat_p224_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_set_one(out1: &mut fiat_p224_montgomery_domain_field_element) { out1[0] = 0xffffffff; out1[1] = 0xffffffff; out1[2] = 0xffffffff; out1[3] = (0x0 as u32); out1[4] = (0x0 as u32); out1[5] = (0x0 as u32); out1[6] = (0x0 as u32); } /// The function fiat_p224_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_msat(out1: &mut [u32; 8]) { out1[0] = (0x1 as u32); out1[1] = (0x0 as u32); out1[2] = (0x0 as u32); out1[3] = 0xffffffff; out1[4] = 0xffffffff; out1[5] = 0xffffffff; out1[6] = 0xffffffff; out1[7] = (0x0 as u32); } /// The function fiat_p224_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_divstep(out1: &mut u32, out2: &mut [u32; 8], out3: &mut [u32; 8], out4: &mut [u32; 7], out5: &mut [u32; 7], arg1: u32, arg2: &[u32; 8], arg3: &[u32; 8], arg4: &[u32; 7], arg5: &[u32; 7]) { let mut x1: u32 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_p224_u1 = (((x1 >> 31) as fiat_p224_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_p224_u1)); let mut x4: u32 = 0; let mut x5: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_p224_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_p224_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_p224_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_p224_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_p224_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_p224_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_p224_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_p224_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_p224_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x15, &mut x16, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x17: u32 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x17, &mut x18, x16, (0x0 as u32), (!(arg2[1]))); let mut x19: u32 = 0; let mut x20: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x19, &mut x20, x18, (0x0 as u32), (!(arg2[2]))); let mut x21: u32 = 0; let mut x22: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x21, &mut x22, x20, (0x0 as u32), (!(arg2[3]))); let mut x23: u32 = 0; let mut x24: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x23, &mut x24, x22, (0x0 as u32), (!(arg2[4]))); let mut x25: u32 = 0; let mut x26: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x25, &mut x26, x24, (0x0 as u32), (!(arg2[5]))); let mut x27: u32 = 0; let mut x28: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x27, &mut x28, x26, (0x0 as u32), (!(arg2[6]))); let mut x29: u32 = 0; let mut x30: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x29, &mut x30, x28, (0x0 as u32), (!(arg2[7]))); let mut x31: u32 = 0; fiat_p224_cmovznz_u32(&mut x31, x3, (arg3[0]), x15); let mut x32: u32 = 0; fiat_p224_cmovznz_u32(&mut x32, x3, (arg3[1]), x17); let mut x33: u32 = 0; fiat_p224_cmovznz_u32(&mut x33, x3, (arg3[2]), x19); let mut x34: u32 = 0; fiat_p224_cmovznz_u32(&mut x34, x3, (arg3[3]), x21); let mut x35: u32 = 0; fiat_p224_cmovznz_u32(&mut x35, x3, (arg3[4]), x23); let mut x36: u32 = 0; fiat_p224_cmovznz_u32(&mut x36, x3, (arg3[5]), x25); let mut x37: u32 = 0; fiat_p224_cmovznz_u32(&mut x37, x3, (arg3[6]), x27); let mut x38: u32 = 0; fiat_p224_cmovznz_u32(&mut x38, x3, (arg3[7]), x29); let mut x39: u32 = 0; fiat_p224_cmovznz_u32(&mut x39, x3, (arg4[0]), (arg5[0])); let mut x40: u32 = 0; fiat_p224_cmovznz_u32(&mut x40, x3, (arg4[1]), (arg5[1])); let mut x41: u32 = 0; fiat_p224_cmovznz_u32(&mut x41, x3, (arg4[2]), (arg5[2])); let mut x42: u32 = 0; fiat_p224_cmovznz_u32(&mut x42, x3, (arg4[3]), (arg5[3])); let mut x43: u32 = 0; fiat_p224_cmovznz_u32(&mut x43, x3, (arg4[4]), (arg5[4])); let mut x44: u32 = 0; fiat_p224_cmovznz_u32(&mut x44, x3, (arg4[5]), (arg5[5])); let mut x45: u32 = 0; fiat_p224_cmovznz_u32(&mut x45, x3, (arg4[6]), (arg5[6])); let mut x46: u32 = 0; let mut x47: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x46, &mut x47, 0x0, x39, x39); let mut x48: u32 = 0; let mut x49: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x48, &mut x49, x47, x40, x40); let mut x50: u32 = 0; let mut x51: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x50, &mut x51, x49, x41, x41); let mut x52: u32 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x52, &mut x53, x51, x42, x42); let mut x54: u32 = 0; let mut x55: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x54, &mut x55, x53, x43, x43); let mut x56: u32 = 0; let mut x57: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x56, &mut x57, x55, x44, x44); let mut x58: u32 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x58, &mut x59, x57, x45, x45); let mut x60: u32 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x60, &mut x61, 0x0, x46, (0x1 as u32)); let mut x62: u32 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x62, &mut x63, x61, x48, (0x0 as u32)); let mut x64: u32 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x64, &mut x65, x63, x50, (0x0 as u32)); let mut x66: u32 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x66, &mut x67, x65, x52, 0xffffffff); let mut x68: u32 = 0; let mut x69: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x68, &mut x69, x67, x54, 0xffffffff); let mut x70: u32 = 0; let mut x71: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x70, &mut x71, x69, x56, 0xffffffff); let mut x72: u32 = 0; let mut x73: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x72, &mut x73, x71, x58, 0xffffffff); let mut x74: u32 = 0; let mut x75: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x74, &mut x75, x73, (x59 as u32), (0x0 as u32)); let x76: u32 = (arg4[6]); let x77: u32 = (arg4[5]); let x78: u32 = (arg4[4]); let x79: u32 = (arg4[3]); let x80: u32 = (arg4[2]); let x81: u32 = (arg4[1]); let x82: u32 = (arg4[0]); let mut x83: u32 = 0; let mut x84: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x83, &mut x84, 0x0, (0x0 as u32), x82); let mut x85: u32 = 0; let mut x86: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x85, &mut x86, x84, (0x0 as u32), x81); let mut x87: u32 = 0; let mut x88: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x87, &mut x88, x86, (0x0 as u32), x80); let mut x89: u32 = 0; let mut x90: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x89, &mut x90, x88, (0x0 as u32), x79); let mut x91: u32 = 0; let mut x92: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x91, &mut x92, x90, (0x0 as u32), x78); let mut x93: u32 = 0; let mut x94: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x93, &mut x94, x92, (0x0 as u32), x77); let mut x95: u32 = 0; let mut x96: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x76); let mut x97: u32 = 0; fiat_p224_cmovznz_u32(&mut x97, x96, (0x0 as u32), 0xffffffff); let mut x98: u32 = 0; let mut x99: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x98, &mut x99, 0x0, x83, (((x97 & (0x1 as u32)) as fiat_p224_u1) as u32)); let mut x100: u32 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x100, &mut x101, x99, x85, (0x0 as u32)); let mut x102: u32 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x102, &mut x103, x101, x87, (0x0 as u32)); let mut x104: u32 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x104, &mut x105, x103, x89, x97); let mut x106: u32 = 0; let mut x107: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x106, &mut x107, x105, x91, x97); let mut x108: u32 = 0; let mut x109: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x108, &mut x109, x107, x93, x97); let mut x110: u32 = 0; let mut x111: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x110, &mut x111, x109, x95, x97); let mut x112: u32 = 0; fiat_p224_cmovznz_u32(&mut x112, x3, (arg5[0]), x98); let mut x113: u32 = 0; fiat_p224_cmovznz_u32(&mut x113, x3, (arg5[1]), x100); let mut x114: u32 = 0; fiat_p224_cmovznz_u32(&mut x114, x3, (arg5[2]), x102); let mut x115: u32 = 0; fiat_p224_cmovznz_u32(&mut x115, x3, (arg5[3]), x104); let mut x116: u32 = 0; fiat_p224_cmovznz_u32(&mut x116, x3, (arg5[4]), x106); let mut x117: u32 = 0; fiat_p224_cmovznz_u32(&mut x117, x3, (arg5[5]), x108); let mut x118: u32 = 0; fiat_p224_cmovznz_u32(&mut x118, x3, (arg5[6]), x110); let x119: fiat_p224_u1 = ((x31 & (0x1 as u32)) as fiat_p224_u1); let mut x120: u32 = 0; fiat_p224_cmovznz_u32(&mut x120, x119, (0x0 as u32), x7); let mut x121: u32 = 0; fiat_p224_cmovznz_u32(&mut x121, x119, (0x0 as u32), x8); let mut x122: u32 = 0; fiat_p224_cmovznz_u32(&mut x122, x119, (0x0 as u32), x9); let mut x123: u32 = 0; fiat_p224_cmovznz_u32(&mut x123, x119, (0x0 as u32), x10); let mut x124: u32 = 0; fiat_p224_cmovznz_u32(&mut x124, x119, (0x0 as u32), x11); let mut x125: u32 = 0; fiat_p224_cmovznz_u32(&mut x125, x119, (0x0 as u32), x12); let mut x126: u32 = 0; fiat_p224_cmovznz_u32(&mut x126, x119, (0x0 as u32), x13); let mut x127: u32 = 0; fiat_p224_cmovznz_u32(&mut x127, x119, (0x0 as u32), x14); let mut x128: u32 = 0; let mut x129: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x128, &mut x129, 0x0, x31, x120); let mut x130: u32 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x130, &mut x131, x129, x32, x121); let mut x132: u32 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x132, &mut x133, x131, x33, x122); let mut x134: u32 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x134, &mut x135, x133, x34, x123); let mut x136: u32 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x136, &mut x137, x135, x35, x124); let mut x138: u32 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x138, &mut x139, x137, x36, x125); let mut x140: u32 = 0; let mut x141: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x140, &mut x141, x139, x37, x126); let mut x142: u32 = 0; let mut x143: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x142, &mut x143, x141, x38, x127); let mut x144: u32 = 0; fiat_p224_cmovznz_u32(&mut x144, x119, (0x0 as u32), x39); let mut x145: u32 = 0; fiat_p224_cmovznz_u32(&mut x145, x119, (0x0 as u32), x40); let mut x146: u32 = 0; fiat_p224_cmovznz_u32(&mut x146, x119, (0x0 as u32), x41); let mut x147: u32 = 0; fiat_p224_cmovznz_u32(&mut x147, x119, (0x0 as u32), x42); let mut x148: u32 = 0; fiat_p224_cmovznz_u32(&mut x148, x119, (0x0 as u32), x43); let mut x149: u32 = 0; fiat_p224_cmovznz_u32(&mut x149, x119, (0x0 as u32), x44); let mut x150: u32 = 0; fiat_p224_cmovznz_u32(&mut x150, x119, (0x0 as u32), x45); let mut x151: u32 = 0; let mut x152: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x151, &mut x152, 0x0, x112, x144); let mut x153: u32 = 0; let mut x154: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x153, &mut x154, x152, x113, x145); let mut x155: u32 = 0; let mut x156: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x155, &mut x156, x154, x114, x146); let mut x157: u32 = 0; let mut x158: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x157, &mut x158, x156, x115, x147); let mut x159: u32 = 0; let mut x160: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x159, &mut x160, x158, x116, x148); let mut x161: u32 = 0; let mut x162: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x161, &mut x162, x160, x117, x149); let mut x163: u32 = 0; let mut x164: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x163, &mut x164, x162, x118, x150); let mut x165: u32 = 0; let mut x166: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x165, &mut x166, 0x0, x151, (0x1 as u32)); let mut x167: u32 = 0; let mut x168: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x167, &mut x168, x166, x153, (0x0 as u32)); let mut x169: u32 = 0; let mut x170: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x169, &mut x170, x168, x155, (0x0 as u32)); let mut x171: u32 = 0; let mut x172: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x171, &mut x172, x170, x157, 0xffffffff); let mut x173: u32 = 0; let mut x174: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x173, &mut x174, x172, x159, 0xffffffff); let mut x175: u32 = 0; let mut x176: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x175, &mut x176, x174, x161, 0xffffffff); let mut x177: u32 = 0; let mut x178: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x177, &mut x178, x176, x163, 0xffffffff); let mut x179: u32 = 0; let mut x180: fiat_p224_u1 = 0; fiat_p224_subborrowx_u32(&mut x179, &mut x180, x178, (x164 as u32), (0x0 as u32)); let mut x181: u32 = 0; let mut x182: fiat_p224_u1 = 0; fiat_p224_addcarryx_u32(&mut x181, &mut x182, 0x0, x6, (0x1 as u32)); let x183: u32 = ((x128 >> 1) | ((x130 << 31) & 0xffffffff)); let x184: u32 = ((x130 >> 1) | ((x132 << 31) & 0xffffffff)); let x185: u32 = ((x132 >> 1) | ((x134 << 31) & 0xffffffff)); let x186: u32 = ((x134 >> 1) | ((x136 << 31) & 0xffffffff)); let x187: u32 = ((x136 >> 1) | ((x138 << 31) & 0xffffffff)); let x188: u32 = ((x138 >> 1) | ((x140 << 31) & 0xffffffff)); let x189: u32 = ((x140 >> 1) | ((x142 << 31) & 0xffffffff)); let x190: u32 = ((x142 & 0x80000000) | (x142 >> 1)); let mut x191: u32 = 0; fiat_p224_cmovznz_u32(&mut x191, x75, x60, x46); let mut x192: u32 = 0; fiat_p224_cmovznz_u32(&mut x192, x75, x62, x48); let mut x193: u32 = 0; fiat_p224_cmovznz_u32(&mut x193, x75, x64, x50); let mut x194: u32 = 0; fiat_p224_cmovznz_u32(&mut x194, x75, x66, x52); let mut x195: u32 = 0; fiat_p224_cmovznz_u32(&mut x195, x75, x68, x54); let mut x196: u32 = 0; fiat_p224_cmovznz_u32(&mut x196, x75, x70, x56); let mut x197: u32 = 0; fiat_p224_cmovznz_u32(&mut x197, x75, x72, x58); let mut x198: u32 = 0; fiat_p224_cmovznz_u32(&mut x198, x180, x165, x151); let mut x199: u32 = 0; fiat_p224_cmovznz_u32(&mut x199, x180, x167, x153); let mut x200: u32 = 0; fiat_p224_cmovznz_u32(&mut x200, x180, x169, x155); let mut x201: u32 = 0; fiat_p224_cmovznz_u32(&mut x201, x180, x171, x157); let mut x202: u32 = 0; fiat_p224_cmovznz_u32(&mut x202, x180, x173, x159); let mut x203: u32 = 0; fiat_p224_cmovznz_u32(&mut x203, x180, x175, x161); let mut x204: u32 = 0; fiat_p224_cmovznz_u32(&mut x204, x180, x177, x163); *out1 = x181; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out3[0] = x183; out3[1] = x184; out3[2] = x185; out3[3] = x186; out3[4] = x187; out3[5] = x188; out3[6] = x189; out3[7] = x190; out4[0] = x191; out4[1] = x192; out4[2] = x193; out4[3] = x194; out4[4] = x195; out4[5] = x196; out4[6] = x197; out5[0] = x198; out5[1] = x199; out5[2] = x200; out5[3] = x201; out5[4] = x202; out5[5] = x203; out5[6] = x204; } /// The function fiat_p224_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_divstep_precomp(out1: &mut [u32; 7]) { out1[0] = 0x800000; out1[1] = 0x800000; out1[2] = 0xfe000000; out1[3] = 0xffffff; out1[4] = (0x0 as u32); out1[5] = 0xff800000; out1[6] = 0x17fffff; } fiat-crypto-0.2.2/src/p224_64.rs000064400000000000000000002257231046102023000142360ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p224 64 '2^224 - 2^96 + 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p224 //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffffffffffffffffffffffffffff000000000000000000000001 (from "2^224 - 2^96 + 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p224_u1 = u8; pub type fiat_p224_i1 = i8; pub type fiat_p224_u2 = u8; pub type fiat_p224_i2 = i8; /** The type fiat_p224_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p224_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p224_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p224_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p224_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p224_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p224_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p224_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p224_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p224_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p224_u1, arg1: fiat_p224_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p224_u1 = ((x1 >> 64) as fiat_p224_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p224_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p224_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p224_u1, arg1: fiat_p224_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p224_i1 = ((x1 >> 64) as fiat_p224_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p224_i2) - (x2 as fiat_p224_i2)) as fiat_p224_u1); } /// The function fiat_p224_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p224_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p224_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p224_cmovznz_u64(out1: &mut u64, arg1: fiat_p224_u1, arg2: u64, arg3: u64) { let x1: fiat_p224_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p224_i2) - (x1 as fiat_p224_i2)) as fiat_p224_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p224_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_mul(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p224_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p224_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p224_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p224_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p224_mulx_u64(&mut x20, &mut x21, x11, 0xffffffffffffffff); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p224_mulx_u64(&mut x22, &mut x23, x20, 0xffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p224_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_p224_mulx_u64(&mut x26, &mut x27, x20, 0xffffffff00000000); let mut x28: u64 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x28, &mut x29, 0x0, x27, x24); let mut x30: u64 = 0; let mut x31: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x30, &mut x31, x29, x25, x22); let x32: u64 = ((x31 as u64) + x23); let mut x33: u64 = 0; let mut x34: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x33, &mut x34, 0x0, x11, x20); let mut x35: u64 = 0; let mut x36: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x35, &mut x36, x34, x13, x26); let mut x37: u64 = 0; let mut x38: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x37, &mut x38, x36, x15, x28); let mut x39: u64 = 0; let mut x40: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x39, &mut x40, x38, x17, x30); let mut x41: u64 = 0; let mut x42: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x41, &mut x42, x40, x19, x32); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p224_mulx_u64(&mut x43, &mut x44, x1, (arg2[3])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p224_mulx_u64(&mut x45, &mut x46, x1, (arg2[2])); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p224_mulx_u64(&mut x47, &mut x48, x1, (arg2[1])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_p224_mulx_u64(&mut x49, &mut x50, x1, (arg2[0])); let mut x51: u64 = 0; let mut x52: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x51, &mut x52, 0x0, x50, x47); let mut x53: u64 = 0; let mut x54: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x53, &mut x54, x52, x48, x45); let mut x55: u64 = 0; let mut x56: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x55, &mut x56, x54, x46, x43); let x57: u64 = ((x56 as u64) + x44); let mut x58: u64 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x58, &mut x59, 0x0, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x62, &mut x63, x61, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x66, &mut x67, x65, (x42 as u64), x57); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_p224_mulx_u64(&mut x68, &mut x69, x58, 0xffffffffffffffff); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_p224_mulx_u64(&mut x70, &mut x71, x68, 0xffffffff); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_p224_mulx_u64(&mut x72, &mut x73, x68, 0xffffffffffffffff); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_p224_mulx_u64(&mut x74, &mut x75, x68, 0xffffffff00000000); let mut x76: u64 = 0; let mut x77: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x76, &mut x77, 0x0, x75, x72); let mut x78: u64 = 0; let mut x79: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x78, &mut x79, x77, x73, x70); let x80: u64 = ((x79 as u64) + x71); let mut x81: u64 = 0; let mut x82: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x81, &mut x82, 0x0, x58, x68); let mut x83: u64 = 0; let mut x84: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x83, &mut x84, x82, x60, x74); let mut x85: u64 = 0; let mut x86: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x85, &mut x86, x84, x62, x76); let mut x87: u64 = 0; let mut x88: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x87, &mut x88, x86, x64, x78); let mut x89: u64 = 0; let mut x90: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x89, &mut x90, x88, x66, x80); let x91: u64 = ((x90 as u64) + (x67 as u64)); let mut x92: u64 = 0; let mut x93: u64 = 0; fiat_p224_mulx_u64(&mut x92, &mut x93, x2, (arg2[3])); let mut x94: u64 = 0; let mut x95: u64 = 0; fiat_p224_mulx_u64(&mut x94, &mut x95, x2, (arg2[2])); let mut x96: u64 = 0; let mut x97: u64 = 0; fiat_p224_mulx_u64(&mut x96, &mut x97, x2, (arg2[1])); let mut x98: u64 = 0; let mut x99: u64 = 0; fiat_p224_mulx_u64(&mut x98, &mut x99, x2, (arg2[0])); let mut x100: u64 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x100, &mut x101, 0x0, x99, x96); let mut x102: u64 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x102, &mut x103, x101, x97, x94); let mut x104: u64 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x104, &mut x105, x103, x95, x92); let x106: u64 = ((x105 as u64) + x93); let mut x107: u64 = 0; let mut x108: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x107, &mut x108, 0x0, x83, x98); let mut x109: u64 = 0; let mut x110: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x109, &mut x110, x108, x85, x100); let mut x111: u64 = 0; let mut x112: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x111, &mut x112, x110, x87, x102); let mut x113: u64 = 0; let mut x114: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x113, &mut x114, x112, x89, x104); let mut x115: u64 = 0; let mut x116: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x115, &mut x116, x114, x91, x106); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_p224_mulx_u64(&mut x117, &mut x118, x107, 0xffffffffffffffff); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_p224_mulx_u64(&mut x119, &mut x120, x117, 0xffffffff); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p224_mulx_u64(&mut x121, &mut x122, x117, 0xffffffffffffffff); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p224_mulx_u64(&mut x123, &mut x124, x117, 0xffffffff00000000); let mut x125: u64 = 0; let mut x126: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let x129: u64 = ((x128 as u64) + x120); let mut x130: u64 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x130, &mut x131, 0x0, x107, x117); let mut x132: u64 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x132, &mut x133, x131, x109, x123); let mut x134: u64 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x134, &mut x135, x133, x111, x125); let mut x136: u64 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x136, &mut x137, x135, x113, x127); let mut x138: u64 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x138, &mut x139, x137, x115, x129); let x140: u64 = ((x139 as u64) + (x116 as u64)); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_p224_mulx_u64(&mut x141, &mut x142, x3, (arg2[3])); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_p224_mulx_u64(&mut x143, &mut x144, x3, (arg2[2])); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_p224_mulx_u64(&mut x145, &mut x146, x3, (arg2[1])); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_p224_mulx_u64(&mut x147, &mut x148, x3, (arg2[0])); let mut x149: u64 = 0; let mut x150: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x149, &mut x150, 0x0, x148, x145); let mut x151: u64 = 0; let mut x152: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x151, &mut x152, x150, x146, x143); let mut x153: u64 = 0; let mut x154: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x153, &mut x154, x152, x144, x141); let x155: u64 = ((x154 as u64) + x142); let mut x156: u64 = 0; let mut x157: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x156, &mut x157, 0x0, x132, x147); let mut x158: u64 = 0; let mut x159: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x158, &mut x159, x157, x134, x149); let mut x160: u64 = 0; let mut x161: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x160, &mut x161, x159, x136, x151); let mut x162: u64 = 0; let mut x163: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x162, &mut x163, x161, x138, x153); let mut x164: u64 = 0; let mut x165: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x164, &mut x165, x163, x140, x155); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_p224_mulx_u64(&mut x166, &mut x167, x156, 0xffffffffffffffff); let mut x168: u64 = 0; let mut x169: u64 = 0; fiat_p224_mulx_u64(&mut x168, &mut x169, x166, 0xffffffff); let mut x170: u64 = 0; let mut x171: u64 = 0; fiat_p224_mulx_u64(&mut x170, &mut x171, x166, 0xffffffffffffffff); let mut x172: u64 = 0; let mut x173: u64 = 0; fiat_p224_mulx_u64(&mut x172, &mut x173, x166, 0xffffffff00000000); let mut x174: u64 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x174, &mut x175, 0x0, x173, x170); let mut x176: u64 = 0; let mut x177: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x176, &mut x177, x175, x171, x168); let x178: u64 = ((x177 as u64) + x169); let mut x179: u64 = 0; let mut x180: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x179, &mut x180, 0x0, x156, x166); let mut x181: u64 = 0; let mut x182: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x181, &mut x182, x180, x158, x172); let mut x183: u64 = 0; let mut x184: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x183, &mut x184, x182, x160, x174); let mut x185: u64 = 0; let mut x186: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x185, &mut x186, x184, x162, x176); let mut x187: u64 = 0; let mut x188: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x187, &mut x188, x186, x164, x178); let x189: u64 = ((x188 as u64) + (x165 as u64)); let mut x190: u64 = 0; let mut x191: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x190, &mut x191, 0x0, x181, (0x1 as u64)); let mut x192: u64 = 0; let mut x193: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x192, &mut x193, x191, x183, 0xffffffff00000000); let mut x194: u64 = 0; let mut x195: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x194, &mut x195, x193, x185, 0xffffffffffffffff); let mut x196: u64 = 0; let mut x197: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x196, &mut x197, x195, x187, 0xffffffff); let mut x198: u64 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x198, &mut x199, x197, x189, (0x0 as u64)); let mut x200: u64 = 0; fiat_p224_cmovznz_u64(&mut x200, x199, x190, x181); let mut x201: u64 = 0; fiat_p224_cmovznz_u64(&mut x201, x199, x192, x183); let mut x202: u64 = 0; fiat_p224_cmovznz_u64(&mut x202, x199, x194, x185); let mut x203: u64 = 0; fiat_p224_cmovznz_u64(&mut x203, x199, x196, x187); out1[0] = x200; out1[1] = x201; out1[2] = x202; out1[3] = x203; } /// The function fiat_p224_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_square(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p224_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p224_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p224_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p224_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p224_mulx_u64(&mut x20, &mut x21, x11, 0xffffffffffffffff); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p224_mulx_u64(&mut x22, &mut x23, x20, 0xffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p224_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_p224_mulx_u64(&mut x26, &mut x27, x20, 0xffffffff00000000); let mut x28: u64 = 0; let mut x29: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x28, &mut x29, 0x0, x27, x24); let mut x30: u64 = 0; let mut x31: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x30, &mut x31, x29, x25, x22); let x32: u64 = ((x31 as u64) + x23); let mut x33: u64 = 0; let mut x34: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x33, &mut x34, 0x0, x11, x20); let mut x35: u64 = 0; let mut x36: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x35, &mut x36, x34, x13, x26); let mut x37: u64 = 0; let mut x38: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x37, &mut x38, x36, x15, x28); let mut x39: u64 = 0; let mut x40: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x39, &mut x40, x38, x17, x30); let mut x41: u64 = 0; let mut x42: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x41, &mut x42, x40, x19, x32); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p224_mulx_u64(&mut x43, &mut x44, x1, (arg1[3])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p224_mulx_u64(&mut x45, &mut x46, x1, (arg1[2])); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p224_mulx_u64(&mut x47, &mut x48, x1, (arg1[1])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_p224_mulx_u64(&mut x49, &mut x50, x1, (arg1[0])); let mut x51: u64 = 0; let mut x52: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x51, &mut x52, 0x0, x50, x47); let mut x53: u64 = 0; let mut x54: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x53, &mut x54, x52, x48, x45); let mut x55: u64 = 0; let mut x56: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x55, &mut x56, x54, x46, x43); let x57: u64 = ((x56 as u64) + x44); let mut x58: u64 = 0; let mut x59: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x58, &mut x59, 0x0, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x62, &mut x63, x61, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x66, &mut x67, x65, (x42 as u64), x57); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_p224_mulx_u64(&mut x68, &mut x69, x58, 0xffffffffffffffff); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_p224_mulx_u64(&mut x70, &mut x71, x68, 0xffffffff); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_p224_mulx_u64(&mut x72, &mut x73, x68, 0xffffffffffffffff); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_p224_mulx_u64(&mut x74, &mut x75, x68, 0xffffffff00000000); let mut x76: u64 = 0; let mut x77: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x76, &mut x77, 0x0, x75, x72); let mut x78: u64 = 0; let mut x79: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x78, &mut x79, x77, x73, x70); let x80: u64 = ((x79 as u64) + x71); let mut x81: u64 = 0; let mut x82: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x81, &mut x82, 0x0, x58, x68); let mut x83: u64 = 0; let mut x84: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x83, &mut x84, x82, x60, x74); let mut x85: u64 = 0; let mut x86: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x85, &mut x86, x84, x62, x76); let mut x87: u64 = 0; let mut x88: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x87, &mut x88, x86, x64, x78); let mut x89: u64 = 0; let mut x90: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x89, &mut x90, x88, x66, x80); let x91: u64 = ((x90 as u64) + (x67 as u64)); let mut x92: u64 = 0; let mut x93: u64 = 0; fiat_p224_mulx_u64(&mut x92, &mut x93, x2, (arg1[3])); let mut x94: u64 = 0; let mut x95: u64 = 0; fiat_p224_mulx_u64(&mut x94, &mut x95, x2, (arg1[2])); let mut x96: u64 = 0; let mut x97: u64 = 0; fiat_p224_mulx_u64(&mut x96, &mut x97, x2, (arg1[1])); let mut x98: u64 = 0; let mut x99: u64 = 0; fiat_p224_mulx_u64(&mut x98, &mut x99, x2, (arg1[0])); let mut x100: u64 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x100, &mut x101, 0x0, x99, x96); let mut x102: u64 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x102, &mut x103, x101, x97, x94); let mut x104: u64 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x104, &mut x105, x103, x95, x92); let x106: u64 = ((x105 as u64) + x93); let mut x107: u64 = 0; let mut x108: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x107, &mut x108, 0x0, x83, x98); let mut x109: u64 = 0; let mut x110: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x109, &mut x110, x108, x85, x100); let mut x111: u64 = 0; let mut x112: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x111, &mut x112, x110, x87, x102); let mut x113: u64 = 0; let mut x114: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x113, &mut x114, x112, x89, x104); let mut x115: u64 = 0; let mut x116: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x115, &mut x116, x114, x91, x106); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_p224_mulx_u64(&mut x117, &mut x118, x107, 0xffffffffffffffff); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_p224_mulx_u64(&mut x119, &mut x120, x117, 0xffffffff); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p224_mulx_u64(&mut x121, &mut x122, x117, 0xffffffffffffffff); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p224_mulx_u64(&mut x123, &mut x124, x117, 0xffffffff00000000); let mut x125: u64 = 0; let mut x126: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let x129: u64 = ((x128 as u64) + x120); let mut x130: u64 = 0; let mut x131: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x130, &mut x131, 0x0, x107, x117); let mut x132: u64 = 0; let mut x133: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x132, &mut x133, x131, x109, x123); let mut x134: u64 = 0; let mut x135: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x134, &mut x135, x133, x111, x125); let mut x136: u64 = 0; let mut x137: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x136, &mut x137, x135, x113, x127); let mut x138: u64 = 0; let mut x139: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x138, &mut x139, x137, x115, x129); let x140: u64 = ((x139 as u64) + (x116 as u64)); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_p224_mulx_u64(&mut x141, &mut x142, x3, (arg1[3])); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_p224_mulx_u64(&mut x143, &mut x144, x3, (arg1[2])); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_p224_mulx_u64(&mut x145, &mut x146, x3, (arg1[1])); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_p224_mulx_u64(&mut x147, &mut x148, x3, (arg1[0])); let mut x149: u64 = 0; let mut x150: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x149, &mut x150, 0x0, x148, x145); let mut x151: u64 = 0; let mut x152: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x151, &mut x152, x150, x146, x143); let mut x153: u64 = 0; let mut x154: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x153, &mut x154, x152, x144, x141); let x155: u64 = ((x154 as u64) + x142); let mut x156: u64 = 0; let mut x157: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x156, &mut x157, 0x0, x132, x147); let mut x158: u64 = 0; let mut x159: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x158, &mut x159, x157, x134, x149); let mut x160: u64 = 0; let mut x161: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x160, &mut x161, x159, x136, x151); let mut x162: u64 = 0; let mut x163: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x162, &mut x163, x161, x138, x153); let mut x164: u64 = 0; let mut x165: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x164, &mut x165, x163, x140, x155); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_p224_mulx_u64(&mut x166, &mut x167, x156, 0xffffffffffffffff); let mut x168: u64 = 0; let mut x169: u64 = 0; fiat_p224_mulx_u64(&mut x168, &mut x169, x166, 0xffffffff); let mut x170: u64 = 0; let mut x171: u64 = 0; fiat_p224_mulx_u64(&mut x170, &mut x171, x166, 0xffffffffffffffff); let mut x172: u64 = 0; let mut x173: u64 = 0; fiat_p224_mulx_u64(&mut x172, &mut x173, x166, 0xffffffff00000000); let mut x174: u64 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x174, &mut x175, 0x0, x173, x170); let mut x176: u64 = 0; let mut x177: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x176, &mut x177, x175, x171, x168); let x178: u64 = ((x177 as u64) + x169); let mut x179: u64 = 0; let mut x180: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x179, &mut x180, 0x0, x156, x166); let mut x181: u64 = 0; let mut x182: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x181, &mut x182, x180, x158, x172); let mut x183: u64 = 0; let mut x184: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x183, &mut x184, x182, x160, x174); let mut x185: u64 = 0; let mut x186: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x185, &mut x186, x184, x162, x176); let mut x187: u64 = 0; let mut x188: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x187, &mut x188, x186, x164, x178); let x189: u64 = ((x188 as u64) + (x165 as u64)); let mut x190: u64 = 0; let mut x191: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x190, &mut x191, 0x0, x181, (0x1 as u64)); let mut x192: u64 = 0; let mut x193: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x192, &mut x193, x191, x183, 0xffffffff00000000); let mut x194: u64 = 0; let mut x195: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x194, &mut x195, x193, x185, 0xffffffffffffffff); let mut x196: u64 = 0; let mut x197: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x196, &mut x197, x195, x187, 0xffffffff); let mut x198: u64 = 0; let mut x199: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x198, &mut x199, x197, x189, (0x0 as u64)); let mut x200: u64 = 0; fiat_p224_cmovznz_u64(&mut x200, x199, x190, x181); let mut x201: u64 = 0; fiat_p224_cmovznz_u64(&mut x201, x199, x192, x183); let mut x202: u64 = 0; fiat_p224_cmovznz_u64(&mut x202, x199, x194, x185); let mut x203: u64 = 0; fiat_p224_cmovznz_u64(&mut x203, x199, x196, x187); out1[0] = x200; out1[1] = x201; out1[2] = x202; out1[3] = x203; } /// The function fiat_p224_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_add(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, (0x1 as u64)); let mut x11: u64 = 0; let mut x12: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0xffffffff00000000); let mut x13: u64 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x13, &mut x14, x12, x5, 0xffffffffffffffff); let mut x15: u64 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0xffffffff); let mut x17: u64 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_p224_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_p224_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_p224_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_p224_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_p224_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_sub(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element, arg2: &fiat_p224_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_p224_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (((x9 & (0x1 as u64)) as fiat_p224_u1) as u64)); let mut x12: u64 = 0; let mut x13: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xffffffff00000000)); let mut x14: u64 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p224_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_opp(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_p224_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (((x9 & (0x1 as u64)) as fiat_p224_u1) as u64)); let mut x12: u64 = 0; let mut x13: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xffffffff00000000)); let mut x14: u64 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p224_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_from_montgomery(out1: &mut fiat_p224_non_montgomery_domain_field_element, arg1: &fiat_p224_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p224_mulx_u64(&mut x2, &mut x3, x1, 0xffffffffffffffff); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p224_mulx_u64(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p224_mulx_u64(&mut x6, &mut x7, x2, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p224_mulx_u64(&mut x8, &mut x9, x2, 0xffffffff00000000); let mut x10: u64 = 0; let mut x11: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x10, &mut x11, 0x0, x9, x6); let mut x12: u64 = 0; let mut x13: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x12, &mut x13, x11, x7, x4); let mut x14: u64 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x14, &mut x15, 0x0, x1, x2); let mut x16: u64 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), x8); let mut x18: u64 = 0; let mut x19: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), x10); let mut x20: u64 = 0; let mut x21: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), x12); let mut x22: u64 = 0; let mut x23: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x22, &mut x23, 0x0, x16, (arg1[1])); let mut x24: u64 = 0; let mut x25: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x24, &mut x25, x23, x18, (0x0 as u64)); let mut x26: u64 = 0; let mut x27: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x26, &mut x27, x25, x20, (0x0 as u64)); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_p224_mulx_u64(&mut x28, &mut x29, x22, 0xffffffffffffffff); let mut x30: u64 = 0; let mut x31: u64 = 0; fiat_p224_mulx_u64(&mut x30, &mut x31, x28, 0xffffffff); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p224_mulx_u64(&mut x32, &mut x33, x28, 0xffffffffffffffff); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p224_mulx_u64(&mut x34, &mut x35, x28, 0xffffffff00000000); let mut x36: u64 = 0; let mut x37: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x36, &mut x37, 0x0, x35, x32); let mut x38: u64 = 0; let mut x39: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x38, &mut x39, x37, x33, x30); let mut x40: u64 = 0; let mut x41: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x40, &mut x41, 0x0, x22, x28); let mut x42: u64 = 0; let mut x43: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x42, &mut x43, x41, x24, x34); let mut x44: u64 = 0; let mut x45: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x44, &mut x45, x43, x26, x36); let mut x46: u64 = 0; let mut x47: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x46, &mut x47, x45, ((x27 as u64) + ((x21 as u64) + ((x13 as u64) + x5))), x38); let mut x48: u64 = 0; let mut x49: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x48, &mut x49, 0x0, x42, (arg1[2])); let mut x50: u64 = 0; let mut x51: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x50, &mut x51, x49, x44, (0x0 as u64)); let mut x52: u64 = 0; let mut x53: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x52, &mut x53, x51, x46, (0x0 as u64)); let mut x54: u64 = 0; let mut x55: u64 = 0; fiat_p224_mulx_u64(&mut x54, &mut x55, x48, 0xffffffffffffffff); let mut x56: u64 = 0; let mut x57: u64 = 0; fiat_p224_mulx_u64(&mut x56, &mut x57, x54, 0xffffffff); let mut x58: u64 = 0; let mut x59: u64 = 0; fiat_p224_mulx_u64(&mut x58, &mut x59, x54, 0xffffffffffffffff); let mut x60: u64 = 0; let mut x61: u64 = 0; fiat_p224_mulx_u64(&mut x60, &mut x61, x54, 0xffffffff00000000); let mut x62: u64 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x62, &mut x63, 0x0, x61, x58); let mut x64: u64 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x64, &mut x65, x63, x59, x56); let mut x66: u64 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x66, &mut x67, 0x0, x48, x54); let mut x68: u64 = 0; let mut x69: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x68, &mut x69, x67, x50, x60); let mut x70: u64 = 0; let mut x71: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x70, &mut x71, x69, x52, x62); let mut x72: u64 = 0; let mut x73: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x72, &mut x73, x71, ((x53 as u64) + ((x47 as u64) + ((x39 as u64) + x31))), x64); let mut x74: u64 = 0; let mut x75: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x74, &mut x75, 0x0, x68, (arg1[3])); let mut x76: u64 = 0; let mut x77: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x76, &mut x77, x75, x70, (0x0 as u64)); let mut x78: u64 = 0; let mut x79: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x78, &mut x79, x77, x72, (0x0 as u64)); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p224_mulx_u64(&mut x80, &mut x81, x74, 0xffffffffffffffff); let mut x82: u64 = 0; let mut x83: u64 = 0; fiat_p224_mulx_u64(&mut x82, &mut x83, x80, 0xffffffff); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p224_mulx_u64(&mut x84, &mut x85, x80, 0xffffffffffffffff); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p224_mulx_u64(&mut x86, &mut x87, x80, 0xffffffff00000000); let mut x88: u64 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x88, &mut x89, 0x0, x87, x84); let mut x90: u64 = 0; let mut x91: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x90, &mut x91, x89, x85, x82); let mut x92: u64 = 0; let mut x93: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x92, &mut x93, 0x0, x74, x80); let mut x94: u64 = 0; let mut x95: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x94, &mut x95, x93, x76, x86); let mut x96: u64 = 0; let mut x97: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x96, &mut x97, x95, x78, x88); let mut x98: u64 = 0; let mut x99: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x98, &mut x99, x97, ((x79 as u64) + ((x73 as u64) + ((x65 as u64) + x57))), x90); let x100: u64 = ((x99 as u64) + ((x91 as u64) + x83)); let mut x101: u64 = 0; let mut x102: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x101, &mut x102, 0x0, x94, (0x1 as u64)); let mut x103: u64 = 0; let mut x104: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x103, &mut x104, x102, x96, 0xffffffff00000000); let mut x105: u64 = 0; let mut x106: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x105, &mut x106, x104, x98, 0xffffffffffffffff); let mut x107: u64 = 0; let mut x108: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x107, &mut x108, x106, x100, 0xffffffff); let mut x109: u64 = 0; let mut x110: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x109, &mut x110, x108, (0x0 as u64), (0x0 as u64)); let mut x111: u64 = 0; fiat_p224_cmovznz_u64(&mut x111, x110, x101, x94); let mut x112: u64 = 0; fiat_p224_cmovznz_u64(&mut x112, x110, x103, x96); let mut x113: u64 = 0; fiat_p224_cmovznz_u64(&mut x113, x110, x105, x98); let mut x114: u64 = 0; fiat_p224_cmovznz_u64(&mut x114, x110, x107, x100); out1[0] = x111; out1[1] = x112; out1[2] = x113; out1[3] = x114; } /// The function fiat_p224_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_to_montgomery(out1: &mut fiat_p224_montgomery_domain_field_element, arg1: &fiat_p224_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p224_mulx_u64(&mut x5, &mut x6, x4, 0xffffffff); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p224_mulx_u64(&mut x7, &mut x8, x4, 0xfffffffe00000000); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p224_mulx_u64(&mut x9, &mut x10, x4, 0xffffffff00000000); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p224_mulx_u64(&mut x11, &mut x12, x4, 0xffffffff00000001); let mut x13: u64 = 0; let mut x14: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_p224_mulx_u64(&mut x19, &mut x20, x11, 0xffffffffffffffff); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_p224_mulx_u64(&mut x21, &mut x22, x19, 0xffffffff); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_p224_mulx_u64(&mut x23, &mut x24, x19, 0xffffffffffffffff); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_p224_mulx_u64(&mut x25, &mut x26, x19, 0xffffffff00000000); let mut x27: u64 = 0; let mut x28: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x27, &mut x28, 0x0, x26, x23); let mut x29: u64 = 0; let mut x30: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x29, &mut x30, x28, x24, x21); let mut x31: u64 = 0; let mut x32: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x31, &mut x32, 0x0, x11, x19); let mut x33: u64 = 0; let mut x34: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x33, &mut x34, x32, x13, x25); let mut x35: u64 = 0; let mut x36: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x35, &mut x36, x34, x15, x27); let mut x37: u64 = 0; let mut x38: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x37, &mut x38, x36, x17, x29); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p224_mulx_u64(&mut x39, &mut x40, x1, 0xffffffff); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p224_mulx_u64(&mut x41, &mut x42, x1, 0xfffffffe00000000); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p224_mulx_u64(&mut x43, &mut x44, x1, 0xffffffff00000000); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p224_mulx_u64(&mut x45, &mut x46, x1, 0xffffffff00000001); let mut x47: u64 = 0; let mut x48: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x47, &mut x48, 0x0, x46, x43); let mut x49: u64 = 0; let mut x50: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x49, &mut x50, x48, x44, x41); let mut x51: u64 = 0; let mut x52: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x51, &mut x52, x50, x42, x39); let mut x53: u64 = 0; let mut x54: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x53, &mut x54, 0x0, x33, x45); let mut x55: u64 = 0; let mut x56: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x55, &mut x56, x54, x35, x47); let mut x57: u64 = 0; let mut x58: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x57, &mut x58, x56, x37, x49); let mut x59: u64 = 0; let mut x60: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x59, &mut x60, x58, (((x38 as u64) + ((x18 as u64) + x6)) + ((x30 as u64) + x22)), x51); let mut x61: u64 = 0; let mut x62: u64 = 0; fiat_p224_mulx_u64(&mut x61, &mut x62, x53, 0xffffffffffffffff); let mut x63: u64 = 0; let mut x64: u64 = 0; fiat_p224_mulx_u64(&mut x63, &mut x64, x61, 0xffffffff); let mut x65: u64 = 0; let mut x66: u64 = 0; fiat_p224_mulx_u64(&mut x65, &mut x66, x61, 0xffffffffffffffff); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_p224_mulx_u64(&mut x67, &mut x68, x61, 0xffffffff00000000); let mut x69: u64 = 0; let mut x70: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x69, &mut x70, 0x0, x68, x65); let mut x71: u64 = 0; let mut x72: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x71, &mut x72, x70, x66, x63); let mut x73: u64 = 0; let mut x74: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x73, &mut x74, 0x0, x53, x61); let mut x75: u64 = 0; let mut x76: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x75, &mut x76, x74, x55, x67); let mut x77: u64 = 0; let mut x78: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x77, &mut x78, x76, x57, x69); let mut x79: u64 = 0; let mut x80: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x79, &mut x80, x78, x59, x71); let mut x81: u64 = 0; let mut x82: u64 = 0; fiat_p224_mulx_u64(&mut x81, &mut x82, x2, 0xffffffff); let mut x83: u64 = 0; let mut x84: u64 = 0; fiat_p224_mulx_u64(&mut x83, &mut x84, x2, 0xfffffffe00000000); let mut x85: u64 = 0; let mut x86: u64 = 0; fiat_p224_mulx_u64(&mut x85, &mut x86, x2, 0xffffffff00000000); let mut x87: u64 = 0; let mut x88: u64 = 0; fiat_p224_mulx_u64(&mut x87, &mut x88, x2, 0xffffffff00000001); let mut x89: u64 = 0; let mut x90: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x89, &mut x90, 0x0, x88, x85); let mut x91: u64 = 0; let mut x92: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x91, &mut x92, x90, x86, x83); let mut x93: u64 = 0; let mut x94: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x93, &mut x94, x92, x84, x81); let mut x95: u64 = 0; let mut x96: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x95, &mut x96, 0x0, x75, x87); let mut x97: u64 = 0; let mut x98: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x97, &mut x98, x96, x77, x89); let mut x99: u64 = 0; let mut x100: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x99, &mut x100, x98, x79, x91); let mut x101: u64 = 0; let mut x102: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x101, &mut x102, x100, (((x80 as u64) + ((x60 as u64) + ((x52 as u64) + x40))) + ((x72 as u64) + x64)), x93); let mut x103: u64 = 0; let mut x104: u64 = 0; fiat_p224_mulx_u64(&mut x103, &mut x104, x95, 0xffffffffffffffff); let mut x105: u64 = 0; let mut x106: u64 = 0; fiat_p224_mulx_u64(&mut x105, &mut x106, x103, 0xffffffff); let mut x107: u64 = 0; let mut x108: u64 = 0; fiat_p224_mulx_u64(&mut x107, &mut x108, x103, 0xffffffffffffffff); let mut x109: u64 = 0; let mut x110: u64 = 0; fiat_p224_mulx_u64(&mut x109, &mut x110, x103, 0xffffffff00000000); let mut x111: u64 = 0; let mut x112: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x111, &mut x112, 0x0, x110, x107); let mut x113: u64 = 0; let mut x114: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x113, &mut x114, x112, x108, x105); let mut x115: u64 = 0; let mut x116: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x115, &mut x116, 0x0, x95, x103); let mut x117: u64 = 0; let mut x118: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x117, &mut x118, x116, x97, x109); let mut x119: u64 = 0; let mut x120: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x119, &mut x120, x118, x99, x111); let mut x121: u64 = 0; let mut x122: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x121, &mut x122, x120, x101, x113); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p224_mulx_u64(&mut x123, &mut x124, x3, 0xffffffff); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_p224_mulx_u64(&mut x125, &mut x126, x3, 0xfffffffe00000000); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p224_mulx_u64(&mut x127, &mut x128, x3, 0xffffffff00000000); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p224_mulx_u64(&mut x129, &mut x130, x3, 0xffffffff00000001); let mut x131: u64 = 0; let mut x132: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x131, &mut x132, 0x0, x130, x127); let mut x133: u64 = 0; let mut x134: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x133, &mut x134, x132, x128, x125); let mut x135: u64 = 0; let mut x136: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x135, &mut x136, x134, x126, x123); let mut x137: u64 = 0; let mut x138: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x137, &mut x138, 0x0, x117, x129); let mut x139: u64 = 0; let mut x140: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x139, &mut x140, x138, x119, x131); let mut x141: u64 = 0; let mut x142: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x141, &mut x142, x140, x121, x133); let mut x143: u64 = 0; let mut x144: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x143, &mut x144, x142, (((x122 as u64) + ((x102 as u64) + ((x94 as u64) + x82))) + ((x114 as u64) + x106)), x135); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_p224_mulx_u64(&mut x145, &mut x146, x137, 0xffffffffffffffff); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_p224_mulx_u64(&mut x147, &mut x148, x145, 0xffffffff); let mut x149: u64 = 0; let mut x150: u64 = 0; fiat_p224_mulx_u64(&mut x149, &mut x150, x145, 0xffffffffffffffff); let mut x151: u64 = 0; let mut x152: u64 = 0; fiat_p224_mulx_u64(&mut x151, &mut x152, x145, 0xffffffff00000000); let mut x153: u64 = 0; let mut x154: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x153, &mut x154, 0x0, x152, x149); let mut x155: u64 = 0; let mut x156: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x155, &mut x156, x154, x150, x147); let mut x157: u64 = 0; let mut x158: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x157, &mut x158, 0x0, x137, x145); let mut x159: u64 = 0; let mut x160: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x159, &mut x160, x158, x139, x151); let mut x161: u64 = 0; let mut x162: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x161, &mut x162, x160, x141, x153); let mut x163: u64 = 0; let mut x164: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x163, &mut x164, x162, x143, x155); let x165: u64 = (((x164 as u64) + ((x144 as u64) + ((x136 as u64) + x124))) + ((x156 as u64) + x148)); let mut x166: u64 = 0; let mut x167: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x166, &mut x167, 0x0, x159, (0x1 as u64)); let mut x168: u64 = 0; let mut x169: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x168, &mut x169, x167, x161, 0xffffffff00000000); let mut x170: u64 = 0; let mut x171: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x170, &mut x171, x169, x163, 0xffffffffffffffff); let mut x172: u64 = 0; let mut x173: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x172, &mut x173, x171, x165, 0xffffffff); let mut x174: u64 = 0; let mut x175: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x174, &mut x175, x173, (0x0 as u64), (0x0 as u64)); let mut x176: u64 = 0; fiat_p224_cmovznz_u64(&mut x176, x175, x166, x159); let mut x177: u64 = 0; fiat_p224_cmovznz_u64(&mut x177, x175, x168, x161); let mut x178: u64 = 0; fiat_p224_cmovznz_u64(&mut x178, x175, x170, x163); let mut x179: u64 = 0; fiat_p224_cmovznz_u64(&mut x179, x175, x172, x165); out1[0] = x176; out1[1] = x177; out1[2] = x178; out1[3] = x179; } /// The function fiat_p224_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p224_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_p224_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p224_selectznz(out1: &mut [u64; 4], arg1: fiat_p224_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_p224_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p224_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p224_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p224_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_p224_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..27] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p224_to_bytes(out1: &mut [u8; 28], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u8 = ((x50 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x52; } /// The function fiat_p224_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p224_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 28]) { let x1: u64 = (((arg1[27]) as u64) << 24); let x2: u64 = (((arg1[26]) as u64) << 16); let x3: u64 = (((arg1[25]) as u64) << 8); let x4: u8 = (arg1[24]); let x5: u64 = (((arg1[23]) as u64) << 56); let x6: u64 = (((arg1[22]) as u64) << 48); let x7: u64 = (((arg1[21]) as u64) << 40); let x8: u64 = (((arg1[20]) as u64) << 32); let x9: u64 = (((arg1[19]) as u64) << 24); let x10: u64 = (((arg1[18]) as u64) << 16); let x11: u64 = (((arg1[17]) as u64) << 8); let x12: u8 = (arg1[16]); let x13: u64 = (((arg1[15]) as u64) << 56); let x14: u64 = (((arg1[14]) as u64) << 48); let x15: u64 = (((arg1[13]) as u64) << 40); let x16: u64 = (((arg1[12]) as u64) << 32); let x17: u64 = (((arg1[11]) as u64) << 24); let x18: u64 = (((arg1[10]) as u64) << 16); let x19: u64 = (((arg1[9]) as u64) << 8); let x20: u8 = (arg1[8]); let x21: u64 = (((arg1[7]) as u64) << 56); let x22: u64 = (((arg1[6]) as u64) << 48); let x23: u64 = (((arg1[5]) as u64) << 40); let x24: u64 = (((arg1[4]) as u64) << 32); let x25: u64 = (((arg1[3]) as u64) << 24); let x26: u64 = (((arg1[2]) as u64) << 16); let x27: u64 = (((arg1[1]) as u64) << 8); let x28: u8 = (arg1[0]); let x29: u64 = (x27 + (x28 as u64)); let x30: u64 = (x26 + x29); let x31: u64 = (x25 + x30); let x32: u64 = (x24 + x31); let x33: u64 = (x23 + x32); let x34: u64 = (x22 + x33); let x35: u64 = (x21 + x34); let x36: u64 = (x19 + (x20 as u64)); let x37: u64 = (x18 + x36); let x38: u64 = (x17 + x37); let x39: u64 = (x16 + x38); let x40: u64 = (x15 + x39); let x41: u64 = (x14 + x40); let x42: u64 = (x13 + x41); let x43: u64 = (x11 + (x12 as u64)); let x44: u64 = (x10 + x43); let x45: u64 = (x9 + x44); let x46: u64 = (x8 + x45); let x47: u64 = (x7 + x46); let x48: u64 = (x6 + x47); let x49: u64 = (x5 + x48); let x50: u64 = (x3 + (x4 as u64)); let x51: u64 = (x2 + x50); let x52: u64 = (x1 + x51); out1[0] = x35; out1[1] = x42; out1[2] = x49; out1[3] = x52; } /// The function fiat_p224_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p224_set_one(out1: &mut fiat_p224_montgomery_domain_field_element) { out1[0] = 0xffffffff00000000; out1[1] = 0xffffffffffffffff; out1[2] = (0x0 as u64); out1[3] = (0x0 as u64); } /// The function fiat_p224_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p224_msat(out1: &mut [u64; 5]) { out1[0] = (0x1 as u64); out1[1] = 0xffffffff00000000; out1[2] = 0xffffffffffffffff; out1[3] = 0xffffffff; out1[4] = (0x0 as u64); } /// The function fiat_p224_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p224_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p224_u1 = (((x1 >> 63) as fiat_p224_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p224_u1)); let mut x4: u64 = 0; let mut x5: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p224_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p224_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p224_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p224_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p224_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p224_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_p224_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_p224_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_p224_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_p224_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_p224_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_p224_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_p224_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_p224_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_p224_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, (0x1 as u64)); let mut x41: u64 = 0; let mut x42: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0xffffffff00000000); let mut x43: u64 = 0; let mut x44: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x43, &mut x44, x42, x35, 0xffffffffffffffff); let mut x45: u64 = 0; let mut x46: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0xffffffff); let mut x47: u64 = 0; let mut x48: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_p224_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, (((x61 & (0x1 as u64)) as fiat_p224_u1) as u64)); let mut x64: u64 = 0; let mut x65: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x64, &mut x65, x63, x55, (x61 & 0xffffffff00000000)); let mut x66: u64 = 0; let mut x67: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x66, &mut x67, x65, x57, x61); let mut x68: u64 = 0; let mut x69: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x68, &mut x69, x67, x59, (x61 & 0xffffffff)); let mut x70: u64 = 0; fiat_p224_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_p224_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_p224_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_p224_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_p224_u1 = ((x22 & (0x1 as u64)) as fiat_p224_u1); let mut x75: u64 = 0; fiat_p224_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_p224_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_p224_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_p224_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_p224_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_p224_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_p224_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_p224_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_p224_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, (0x1 as u64)); let mut x104: u64 = 0; let mut x105: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0xffffffff00000000); let mut x106: u64 = 0; let mut x107: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x106, &mut x107, x105, x98, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0xffffffff); let mut x110: u64 = 0; let mut x111: fiat_p224_u1 = 0; fiat_p224_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_p224_u1 = 0; fiat_p224_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_p224_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_p224_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_p224_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_p224_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_p224_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_p224_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_p224_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_p224_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_p224_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p224_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0x7ffffffe800001; out1[1] = 0xff7fffff00800000; out1[2] = 0xffffff; out1[3] = 0xff800000; } fiat-crypto-0.2.2/src/p256_32.rs000064400000000000000000005503401046102023000142320ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p256 32 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p256 //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p256_u1 = u8; pub type fiat_p256_i1 = i8; pub type fiat_p256_u2 = u8; pub type fiat_p256_i2 = i8; /** The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_p256_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p256_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_non_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_p256_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p256_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_addcarryx_u32(out1: &mut u32, out2: &mut fiat_p256_u1, arg1: fiat_p256_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_p256_u1 = ((x1 >> 32) as fiat_p256_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p256_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_subborrowx_u32(out1: &mut u32, out2: &mut fiat_p256_u1, arg1: fiat_p256_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_p256_i1 = ((x1 >> 32) as fiat_p256_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p256_i2) - (x2 as fiat_p256_i2)) as fiat_p256_u1); } /// The function fiat_p256_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_p256_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_cmovznz_u32(out1: &mut u32, arg1: fiat_p256_u1, arg2: u32, arg3: u32) { let x1: fiat_p256_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p256_i2) - (x1 as fiat_p256_i2)) as fiat_p256_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p256_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_mul(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_mulx_u32(&mut x9, &mut x10, x8, (arg2[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_mulx_u32(&mut x11, &mut x12, x8, (arg2[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_mulx_u32(&mut x13, &mut x14, x8, (arg2[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_mulx_u32(&mut x15, &mut x16, x8, (arg2[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_mulx_u32(&mut x17, &mut x18, x8, (arg2[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_mulx_u32(&mut x19, &mut x20, x8, (arg2[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_mulx_u32(&mut x21, &mut x22, x8, (arg2[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p256_mulx_u32(&mut x23, &mut x24, x8, (arg2[0])); let mut x25: u32 = 0; let mut x26: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_p256_mulx_u32(&mut x40, &mut x41, x23, 0xffffffff); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_p256_mulx_u32(&mut x42, &mut x43, x23, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p256_mulx_u32(&mut x44, &mut x45, x23, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p256_mulx_u32(&mut x46, &mut x47, x23, 0xffffffff); let mut x48: u32 = 0; let mut x49: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x48, &mut x49, 0x0, x47, x44); let mut x50: u32 = 0; let mut x51: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x50, &mut x51, x49, x45, x42); let x52: u32 = ((x51 as u32) + x43); let mut x53: u32 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x53, &mut x54, 0x0, x23, x46); let mut x55: u32 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x55, &mut x56, x54, x25, x48); let mut x57: u32 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x57, &mut x58, x56, x27, x50); let mut x59: u32 = 0; let mut x60: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x59, &mut x60, x58, x29, x52); let mut x61: u32 = 0; let mut x62: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x61, &mut x62, x60, x31, (0x0 as u32)); let mut x63: u32 = 0; let mut x64: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x63, &mut x64, x62, x33, (0x0 as u32)); let mut x65: u32 = 0; let mut x66: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x65, &mut x66, x64, x35, x23); let mut x67: u32 = 0; let mut x68: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x67, &mut x68, x66, x37, x40); let mut x69: u32 = 0; let mut x70: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x69, &mut x70, x68, x39, x41); let mut x71: u32 = 0; let mut x72: u32 = 0; fiat_p256_mulx_u32(&mut x71, &mut x72, x1, (arg2[7])); let mut x73: u32 = 0; let mut x74: u32 = 0; fiat_p256_mulx_u32(&mut x73, &mut x74, x1, (arg2[6])); let mut x75: u32 = 0; let mut x76: u32 = 0; fiat_p256_mulx_u32(&mut x75, &mut x76, x1, (arg2[5])); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_p256_mulx_u32(&mut x77, &mut x78, x1, (arg2[4])); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_p256_mulx_u32(&mut x79, &mut x80, x1, (arg2[3])); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_p256_mulx_u32(&mut x81, &mut x82, x1, (arg2[2])); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_p256_mulx_u32(&mut x83, &mut x84, x1, (arg2[1])); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p256_mulx_u32(&mut x85, &mut x86, x1, (arg2[0])); let mut x87: u32 = 0; let mut x88: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x87, &mut x88, 0x0, x86, x83); let mut x89: u32 = 0; let mut x90: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x89, &mut x90, x88, x84, x81); let mut x91: u32 = 0; let mut x92: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x91, &mut x92, x90, x82, x79); let mut x93: u32 = 0; let mut x94: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x93, &mut x94, x92, x80, x77); let mut x95: u32 = 0; let mut x96: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x95, &mut x96, x94, x78, x75); let mut x97: u32 = 0; let mut x98: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x97, &mut x98, x96, x76, x73); let mut x99: u32 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x99, &mut x100, x98, x74, x71); let x101: u32 = ((x100 as u32) + x72); let mut x102: u32 = 0; let mut x103: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x102, &mut x103, 0x0, x55, x85); let mut x104: u32 = 0; let mut x105: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x104, &mut x105, x103, x57, x87); let mut x106: u32 = 0; let mut x107: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x106, &mut x107, x105, x59, x89); let mut x108: u32 = 0; let mut x109: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x108, &mut x109, x107, x61, x91); let mut x110: u32 = 0; let mut x111: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x110, &mut x111, x109, x63, x93); let mut x112: u32 = 0; let mut x113: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x112, &mut x113, x111, x65, x95); let mut x114: u32 = 0; let mut x115: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x114, &mut x115, x113, x67, x97); let mut x116: u32 = 0; let mut x117: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x116, &mut x117, x115, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x118, &mut x119, x117, (x70 as u32), x101); let mut x120: u32 = 0; let mut x121: u32 = 0; fiat_p256_mulx_u32(&mut x120, &mut x121, x102, 0xffffffff); let mut x122: u32 = 0; let mut x123: u32 = 0; fiat_p256_mulx_u32(&mut x122, &mut x123, x102, 0xffffffff); let mut x124: u32 = 0; let mut x125: u32 = 0; fiat_p256_mulx_u32(&mut x124, &mut x125, x102, 0xffffffff); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_p256_mulx_u32(&mut x126, &mut x127, x102, 0xffffffff); let mut x128: u32 = 0; let mut x129: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x128, &mut x129, 0x0, x127, x124); let mut x130: u32 = 0; let mut x131: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x130, &mut x131, x129, x125, x122); let x132: u32 = ((x131 as u32) + x123); let mut x133: u32 = 0; let mut x134: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x133, &mut x134, 0x0, x102, x126); let mut x135: u32 = 0; let mut x136: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x135, &mut x136, x134, x104, x128); let mut x137: u32 = 0; let mut x138: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x137, &mut x138, x136, x106, x130); let mut x139: u32 = 0; let mut x140: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x139, &mut x140, x138, x108, x132); let mut x141: u32 = 0; let mut x142: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x141, &mut x142, x140, x110, (0x0 as u32)); let mut x143: u32 = 0; let mut x144: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x143, &mut x144, x142, x112, (0x0 as u32)); let mut x145: u32 = 0; let mut x146: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x145, &mut x146, x144, x114, x102); let mut x147: u32 = 0; let mut x148: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x147, &mut x148, x146, x116, x120); let mut x149: u32 = 0; let mut x150: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x149, &mut x150, x148, x118, x121); let x151: u32 = ((x150 as u32) + (x119 as u32)); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_p256_mulx_u32(&mut x152, &mut x153, x2, (arg2[7])); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_p256_mulx_u32(&mut x154, &mut x155, x2, (arg2[6])); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_p256_mulx_u32(&mut x156, &mut x157, x2, (arg2[5])); let mut x158: u32 = 0; let mut x159: u32 = 0; fiat_p256_mulx_u32(&mut x158, &mut x159, x2, (arg2[4])); let mut x160: u32 = 0; let mut x161: u32 = 0; fiat_p256_mulx_u32(&mut x160, &mut x161, x2, (arg2[3])); let mut x162: u32 = 0; let mut x163: u32 = 0; fiat_p256_mulx_u32(&mut x162, &mut x163, x2, (arg2[2])); let mut x164: u32 = 0; let mut x165: u32 = 0; fiat_p256_mulx_u32(&mut x164, &mut x165, x2, (arg2[1])); let mut x166: u32 = 0; let mut x167: u32 = 0; fiat_p256_mulx_u32(&mut x166, &mut x167, x2, (arg2[0])); let mut x168: u32 = 0; let mut x169: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x168, &mut x169, 0x0, x167, x164); let mut x170: u32 = 0; let mut x171: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x170, &mut x171, x169, x165, x162); let mut x172: u32 = 0; let mut x173: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x172, &mut x173, x171, x163, x160); let mut x174: u32 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x174, &mut x175, x173, x161, x158); let mut x176: u32 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x176, &mut x177, x175, x159, x156); let mut x178: u32 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x178, &mut x179, x177, x157, x154); let mut x180: u32 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x180, &mut x181, x179, x155, x152); let x182: u32 = ((x181 as u32) + x153); let mut x183: u32 = 0; let mut x184: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x183, &mut x184, 0x0, x135, x166); let mut x185: u32 = 0; let mut x186: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x185, &mut x186, x184, x137, x168); let mut x187: u32 = 0; let mut x188: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x187, &mut x188, x186, x139, x170); let mut x189: u32 = 0; let mut x190: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x189, &mut x190, x188, x141, x172); let mut x191: u32 = 0; let mut x192: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x191, &mut x192, x190, x143, x174); let mut x193: u32 = 0; let mut x194: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x193, &mut x194, x192, x145, x176); let mut x195: u32 = 0; let mut x196: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x195, &mut x196, x194, x147, x178); let mut x197: u32 = 0; let mut x198: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x197, &mut x198, x196, x149, x180); let mut x199: u32 = 0; let mut x200: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x199, &mut x200, x198, x151, x182); let mut x201: u32 = 0; let mut x202: u32 = 0; fiat_p256_mulx_u32(&mut x201, &mut x202, x183, 0xffffffff); let mut x203: u32 = 0; let mut x204: u32 = 0; fiat_p256_mulx_u32(&mut x203, &mut x204, x183, 0xffffffff); let mut x205: u32 = 0; let mut x206: u32 = 0; fiat_p256_mulx_u32(&mut x205, &mut x206, x183, 0xffffffff); let mut x207: u32 = 0; let mut x208: u32 = 0; fiat_p256_mulx_u32(&mut x207, &mut x208, x183, 0xffffffff); let mut x209: u32 = 0; let mut x210: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x209, &mut x210, 0x0, x208, x205); let mut x211: u32 = 0; let mut x212: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x211, &mut x212, x210, x206, x203); let x213: u32 = ((x212 as u32) + x204); let mut x214: u32 = 0; let mut x215: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x214, &mut x215, 0x0, x183, x207); let mut x216: u32 = 0; let mut x217: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x216, &mut x217, x215, x185, x209); let mut x218: u32 = 0; let mut x219: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x218, &mut x219, x217, x187, x211); let mut x220: u32 = 0; let mut x221: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x220, &mut x221, x219, x189, x213); let mut x222: u32 = 0; let mut x223: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x222, &mut x223, x221, x191, (0x0 as u32)); let mut x224: u32 = 0; let mut x225: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x224, &mut x225, x223, x193, (0x0 as u32)); let mut x226: u32 = 0; let mut x227: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x226, &mut x227, x225, x195, x183); let mut x228: u32 = 0; let mut x229: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x228, &mut x229, x227, x197, x201); let mut x230: u32 = 0; let mut x231: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x230, &mut x231, x229, x199, x202); let x232: u32 = ((x231 as u32) + (x200 as u32)); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_p256_mulx_u32(&mut x233, &mut x234, x3, (arg2[7])); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_p256_mulx_u32(&mut x235, &mut x236, x3, (arg2[6])); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_p256_mulx_u32(&mut x237, &mut x238, x3, (arg2[5])); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_p256_mulx_u32(&mut x239, &mut x240, x3, (arg2[4])); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_p256_mulx_u32(&mut x241, &mut x242, x3, (arg2[3])); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_p256_mulx_u32(&mut x243, &mut x244, x3, (arg2[2])); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_p256_mulx_u32(&mut x245, &mut x246, x3, (arg2[1])); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_p256_mulx_u32(&mut x247, &mut x248, x3, (arg2[0])); let mut x249: u32 = 0; let mut x250: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x249, &mut x250, 0x0, x248, x245); let mut x251: u32 = 0; let mut x252: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x251, &mut x252, x250, x246, x243); let mut x253: u32 = 0; let mut x254: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x253, &mut x254, x252, x244, x241); let mut x255: u32 = 0; let mut x256: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x255, &mut x256, x254, x242, x239); let mut x257: u32 = 0; let mut x258: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x257, &mut x258, x256, x240, x237); let mut x259: u32 = 0; let mut x260: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x259, &mut x260, x258, x238, x235); let mut x261: u32 = 0; let mut x262: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x261, &mut x262, x260, x236, x233); let x263: u32 = ((x262 as u32) + x234); let mut x264: u32 = 0; let mut x265: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x264, &mut x265, 0x0, x216, x247); let mut x266: u32 = 0; let mut x267: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x266, &mut x267, x265, x218, x249); let mut x268: u32 = 0; let mut x269: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x268, &mut x269, x267, x220, x251); let mut x270: u32 = 0; let mut x271: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x270, &mut x271, x269, x222, x253); let mut x272: u32 = 0; let mut x273: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x272, &mut x273, x271, x224, x255); let mut x274: u32 = 0; let mut x275: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x274, &mut x275, x273, x226, x257); let mut x276: u32 = 0; let mut x277: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x276, &mut x277, x275, x228, x259); let mut x278: u32 = 0; let mut x279: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x278, &mut x279, x277, x230, x261); let mut x280: u32 = 0; let mut x281: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x280, &mut x281, x279, x232, x263); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_p256_mulx_u32(&mut x282, &mut x283, x264, 0xffffffff); let mut x284: u32 = 0; let mut x285: u32 = 0; fiat_p256_mulx_u32(&mut x284, &mut x285, x264, 0xffffffff); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p256_mulx_u32(&mut x286, &mut x287, x264, 0xffffffff); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p256_mulx_u32(&mut x288, &mut x289, x264, 0xffffffff); let mut x290: u32 = 0; let mut x291: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x290, &mut x291, 0x0, x289, x286); let mut x292: u32 = 0; let mut x293: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x292, &mut x293, x291, x287, x284); let x294: u32 = ((x293 as u32) + x285); let mut x295: u32 = 0; let mut x296: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x295, &mut x296, 0x0, x264, x288); let mut x297: u32 = 0; let mut x298: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x297, &mut x298, x296, x266, x290); let mut x299: u32 = 0; let mut x300: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x299, &mut x300, x298, x268, x292); let mut x301: u32 = 0; let mut x302: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x301, &mut x302, x300, x270, x294); let mut x303: u32 = 0; let mut x304: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x303, &mut x304, x302, x272, (0x0 as u32)); let mut x305: u32 = 0; let mut x306: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x305, &mut x306, x304, x274, (0x0 as u32)); let mut x307: u32 = 0; let mut x308: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x307, &mut x308, x306, x276, x264); let mut x309: u32 = 0; let mut x310: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x309, &mut x310, x308, x278, x282); let mut x311: u32 = 0; let mut x312: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x311, &mut x312, x310, x280, x283); let x313: u32 = ((x312 as u32) + (x281 as u32)); let mut x314: u32 = 0; let mut x315: u32 = 0; fiat_p256_mulx_u32(&mut x314, &mut x315, x4, (arg2[7])); let mut x316: u32 = 0; let mut x317: u32 = 0; fiat_p256_mulx_u32(&mut x316, &mut x317, x4, (arg2[6])); let mut x318: u32 = 0; let mut x319: u32 = 0; fiat_p256_mulx_u32(&mut x318, &mut x319, x4, (arg2[5])); let mut x320: u32 = 0; let mut x321: u32 = 0; fiat_p256_mulx_u32(&mut x320, &mut x321, x4, (arg2[4])); let mut x322: u32 = 0; let mut x323: u32 = 0; fiat_p256_mulx_u32(&mut x322, &mut x323, x4, (arg2[3])); let mut x324: u32 = 0; let mut x325: u32 = 0; fiat_p256_mulx_u32(&mut x324, &mut x325, x4, (arg2[2])); let mut x326: u32 = 0; let mut x327: u32 = 0; fiat_p256_mulx_u32(&mut x326, &mut x327, x4, (arg2[1])); let mut x328: u32 = 0; let mut x329: u32 = 0; fiat_p256_mulx_u32(&mut x328, &mut x329, x4, (arg2[0])); let mut x330: u32 = 0; let mut x331: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x330, &mut x331, 0x0, x329, x326); let mut x332: u32 = 0; let mut x333: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x332, &mut x333, x331, x327, x324); let mut x334: u32 = 0; let mut x335: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x334, &mut x335, x333, x325, x322); let mut x336: u32 = 0; let mut x337: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x336, &mut x337, x335, x323, x320); let mut x338: u32 = 0; let mut x339: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x338, &mut x339, x337, x321, x318); let mut x340: u32 = 0; let mut x341: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x340, &mut x341, x339, x319, x316); let mut x342: u32 = 0; let mut x343: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x342, &mut x343, x341, x317, x314); let x344: u32 = ((x343 as u32) + x315); let mut x345: u32 = 0; let mut x346: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x345, &mut x346, 0x0, x297, x328); let mut x347: u32 = 0; let mut x348: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x347, &mut x348, x346, x299, x330); let mut x349: u32 = 0; let mut x350: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x349, &mut x350, x348, x301, x332); let mut x351: u32 = 0; let mut x352: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x351, &mut x352, x350, x303, x334); let mut x353: u32 = 0; let mut x354: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x353, &mut x354, x352, x305, x336); let mut x355: u32 = 0; let mut x356: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x355, &mut x356, x354, x307, x338); let mut x357: u32 = 0; let mut x358: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x357, &mut x358, x356, x309, x340); let mut x359: u32 = 0; let mut x360: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x359, &mut x360, x358, x311, x342); let mut x361: u32 = 0; let mut x362: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x361, &mut x362, x360, x313, x344); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p256_mulx_u32(&mut x363, &mut x364, x345, 0xffffffff); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p256_mulx_u32(&mut x365, &mut x366, x345, 0xffffffff); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p256_mulx_u32(&mut x367, &mut x368, x345, 0xffffffff); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_p256_mulx_u32(&mut x369, &mut x370, x345, 0xffffffff); let mut x371: u32 = 0; let mut x372: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x371, &mut x372, 0x0, x370, x367); let mut x373: u32 = 0; let mut x374: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x373, &mut x374, x372, x368, x365); let x375: u32 = ((x374 as u32) + x366); let mut x376: u32 = 0; let mut x377: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x376, &mut x377, 0x0, x345, x369); let mut x378: u32 = 0; let mut x379: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x378, &mut x379, x377, x347, x371); let mut x380: u32 = 0; let mut x381: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x380, &mut x381, x379, x349, x373); let mut x382: u32 = 0; let mut x383: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x382, &mut x383, x381, x351, x375); let mut x384: u32 = 0; let mut x385: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x384, &mut x385, x383, x353, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x386, &mut x387, x385, x355, (0x0 as u32)); let mut x388: u32 = 0; let mut x389: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x388, &mut x389, x387, x357, x345); let mut x390: u32 = 0; let mut x391: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x390, &mut x391, x389, x359, x363); let mut x392: u32 = 0; let mut x393: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x392, &mut x393, x391, x361, x364); let x394: u32 = ((x393 as u32) + (x362 as u32)); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_p256_mulx_u32(&mut x395, &mut x396, x5, (arg2[7])); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_p256_mulx_u32(&mut x397, &mut x398, x5, (arg2[6])); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_p256_mulx_u32(&mut x399, &mut x400, x5, (arg2[5])); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_p256_mulx_u32(&mut x401, &mut x402, x5, (arg2[4])); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_p256_mulx_u32(&mut x403, &mut x404, x5, (arg2[3])); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p256_mulx_u32(&mut x405, &mut x406, x5, (arg2[2])); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p256_mulx_u32(&mut x407, &mut x408, x5, (arg2[1])); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p256_mulx_u32(&mut x409, &mut x410, x5, (arg2[0])); let mut x411: u32 = 0; let mut x412: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x411, &mut x412, 0x0, x410, x407); let mut x413: u32 = 0; let mut x414: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x413, &mut x414, x412, x408, x405); let mut x415: u32 = 0; let mut x416: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x415, &mut x416, x414, x406, x403); let mut x417: u32 = 0; let mut x418: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x417, &mut x418, x416, x404, x401); let mut x419: u32 = 0; let mut x420: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x419, &mut x420, x418, x402, x399); let mut x421: u32 = 0; let mut x422: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x421, &mut x422, x420, x400, x397); let mut x423: u32 = 0; let mut x424: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x423, &mut x424, x422, x398, x395); let x425: u32 = ((x424 as u32) + x396); let mut x426: u32 = 0; let mut x427: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x426, &mut x427, 0x0, x378, x409); let mut x428: u32 = 0; let mut x429: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x428, &mut x429, x427, x380, x411); let mut x430: u32 = 0; let mut x431: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x430, &mut x431, x429, x382, x413); let mut x432: u32 = 0; let mut x433: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x432, &mut x433, x431, x384, x415); let mut x434: u32 = 0; let mut x435: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x434, &mut x435, x433, x386, x417); let mut x436: u32 = 0; let mut x437: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x436, &mut x437, x435, x388, x419); let mut x438: u32 = 0; let mut x439: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x438, &mut x439, x437, x390, x421); let mut x440: u32 = 0; let mut x441: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x440, &mut x441, x439, x392, x423); let mut x442: u32 = 0; let mut x443: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x442, &mut x443, x441, x394, x425); let mut x444: u32 = 0; let mut x445: u32 = 0; fiat_p256_mulx_u32(&mut x444, &mut x445, x426, 0xffffffff); let mut x446: u32 = 0; let mut x447: u32 = 0; fiat_p256_mulx_u32(&mut x446, &mut x447, x426, 0xffffffff); let mut x448: u32 = 0; let mut x449: u32 = 0; fiat_p256_mulx_u32(&mut x448, &mut x449, x426, 0xffffffff); let mut x450: u32 = 0; let mut x451: u32 = 0; fiat_p256_mulx_u32(&mut x450, &mut x451, x426, 0xffffffff); let mut x452: u32 = 0; let mut x453: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x452, &mut x453, 0x0, x451, x448); let mut x454: u32 = 0; let mut x455: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x454, &mut x455, x453, x449, x446); let x456: u32 = ((x455 as u32) + x447); let mut x457: u32 = 0; let mut x458: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x457, &mut x458, 0x0, x426, x450); let mut x459: u32 = 0; let mut x460: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x459, &mut x460, x458, x428, x452); let mut x461: u32 = 0; let mut x462: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x461, &mut x462, x460, x430, x454); let mut x463: u32 = 0; let mut x464: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x463, &mut x464, x462, x432, x456); let mut x465: u32 = 0; let mut x466: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x465, &mut x466, x464, x434, (0x0 as u32)); let mut x467: u32 = 0; let mut x468: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x467, &mut x468, x466, x436, (0x0 as u32)); let mut x469: u32 = 0; let mut x470: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x469, &mut x470, x468, x438, x426); let mut x471: u32 = 0; let mut x472: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x471, &mut x472, x470, x440, x444); let mut x473: u32 = 0; let mut x474: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x473, &mut x474, x472, x442, x445); let x475: u32 = ((x474 as u32) + (x443 as u32)); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_p256_mulx_u32(&mut x476, &mut x477, x6, (arg2[7])); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_p256_mulx_u32(&mut x478, &mut x479, x6, (arg2[6])); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_p256_mulx_u32(&mut x480, &mut x481, x6, (arg2[5])); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_p256_mulx_u32(&mut x482, &mut x483, x6, (arg2[4])); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_p256_mulx_u32(&mut x484, &mut x485, x6, (arg2[3])); let mut x486: u32 = 0; let mut x487: u32 = 0; fiat_p256_mulx_u32(&mut x486, &mut x487, x6, (arg2[2])); let mut x488: u32 = 0; let mut x489: u32 = 0; fiat_p256_mulx_u32(&mut x488, &mut x489, x6, (arg2[1])); let mut x490: u32 = 0; let mut x491: u32 = 0; fiat_p256_mulx_u32(&mut x490, &mut x491, x6, (arg2[0])); let mut x492: u32 = 0; let mut x493: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x492, &mut x493, 0x0, x491, x488); let mut x494: u32 = 0; let mut x495: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x494, &mut x495, x493, x489, x486); let mut x496: u32 = 0; let mut x497: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x496, &mut x497, x495, x487, x484); let mut x498: u32 = 0; let mut x499: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x498, &mut x499, x497, x485, x482); let mut x500: u32 = 0; let mut x501: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x500, &mut x501, x499, x483, x480); let mut x502: u32 = 0; let mut x503: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x502, &mut x503, x501, x481, x478); let mut x504: u32 = 0; let mut x505: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x504, &mut x505, x503, x479, x476); let x506: u32 = ((x505 as u32) + x477); let mut x507: u32 = 0; let mut x508: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x507, &mut x508, 0x0, x459, x490); let mut x509: u32 = 0; let mut x510: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x509, &mut x510, x508, x461, x492); let mut x511: u32 = 0; let mut x512: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x511, &mut x512, x510, x463, x494); let mut x513: u32 = 0; let mut x514: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x513, &mut x514, x512, x465, x496); let mut x515: u32 = 0; let mut x516: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x515, &mut x516, x514, x467, x498); let mut x517: u32 = 0; let mut x518: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x517, &mut x518, x516, x469, x500); let mut x519: u32 = 0; let mut x520: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x519, &mut x520, x518, x471, x502); let mut x521: u32 = 0; let mut x522: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x521, &mut x522, x520, x473, x504); let mut x523: u32 = 0; let mut x524: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x523, &mut x524, x522, x475, x506); let mut x525: u32 = 0; let mut x526: u32 = 0; fiat_p256_mulx_u32(&mut x525, &mut x526, x507, 0xffffffff); let mut x527: u32 = 0; let mut x528: u32 = 0; fiat_p256_mulx_u32(&mut x527, &mut x528, x507, 0xffffffff); let mut x529: u32 = 0; let mut x530: u32 = 0; fiat_p256_mulx_u32(&mut x529, &mut x530, x507, 0xffffffff); let mut x531: u32 = 0; let mut x532: u32 = 0; fiat_p256_mulx_u32(&mut x531, &mut x532, x507, 0xffffffff); let mut x533: u32 = 0; let mut x534: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x533, &mut x534, 0x0, x532, x529); let mut x535: u32 = 0; let mut x536: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x535, &mut x536, x534, x530, x527); let x537: u32 = ((x536 as u32) + x528); let mut x538: u32 = 0; let mut x539: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x538, &mut x539, 0x0, x507, x531); let mut x540: u32 = 0; let mut x541: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x540, &mut x541, x539, x509, x533); let mut x542: u32 = 0; let mut x543: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x542, &mut x543, x541, x511, x535); let mut x544: u32 = 0; let mut x545: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x544, &mut x545, x543, x513, x537); let mut x546: u32 = 0; let mut x547: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x546, &mut x547, x545, x515, (0x0 as u32)); let mut x548: u32 = 0; let mut x549: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x548, &mut x549, x547, x517, (0x0 as u32)); let mut x550: u32 = 0; let mut x551: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x550, &mut x551, x549, x519, x507); let mut x552: u32 = 0; let mut x553: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x552, &mut x553, x551, x521, x525); let mut x554: u32 = 0; let mut x555: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x554, &mut x555, x553, x523, x526); let x556: u32 = ((x555 as u32) + (x524 as u32)); let mut x557: u32 = 0; let mut x558: u32 = 0; fiat_p256_mulx_u32(&mut x557, &mut x558, x7, (arg2[7])); let mut x559: u32 = 0; let mut x560: u32 = 0; fiat_p256_mulx_u32(&mut x559, &mut x560, x7, (arg2[6])); let mut x561: u32 = 0; let mut x562: u32 = 0; fiat_p256_mulx_u32(&mut x561, &mut x562, x7, (arg2[5])); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_p256_mulx_u32(&mut x563, &mut x564, x7, (arg2[4])); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_p256_mulx_u32(&mut x565, &mut x566, x7, (arg2[3])); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_p256_mulx_u32(&mut x567, &mut x568, x7, (arg2[2])); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_p256_mulx_u32(&mut x569, &mut x570, x7, (arg2[1])); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_p256_mulx_u32(&mut x571, &mut x572, x7, (arg2[0])); let mut x573: u32 = 0; let mut x574: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x573, &mut x574, 0x0, x572, x569); let mut x575: u32 = 0; let mut x576: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x575, &mut x576, x574, x570, x567); let mut x577: u32 = 0; let mut x578: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x577, &mut x578, x576, x568, x565); let mut x579: u32 = 0; let mut x580: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x579, &mut x580, x578, x566, x563); let mut x581: u32 = 0; let mut x582: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x581, &mut x582, x580, x564, x561); let mut x583: u32 = 0; let mut x584: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x583, &mut x584, x582, x562, x559); let mut x585: u32 = 0; let mut x586: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x585, &mut x586, x584, x560, x557); let x587: u32 = ((x586 as u32) + x558); let mut x588: u32 = 0; let mut x589: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x588, &mut x589, 0x0, x540, x571); let mut x590: u32 = 0; let mut x591: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x590, &mut x591, x589, x542, x573); let mut x592: u32 = 0; let mut x593: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x592, &mut x593, x591, x544, x575); let mut x594: u32 = 0; let mut x595: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x594, &mut x595, x593, x546, x577); let mut x596: u32 = 0; let mut x597: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x596, &mut x597, x595, x548, x579); let mut x598: u32 = 0; let mut x599: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x598, &mut x599, x597, x550, x581); let mut x600: u32 = 0; let mut x601: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x600, &mut x601, x599, x552, x583); let mut x602: u32 = 0; let mut x603: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x602, &mut x603, x601, x554, x585); let mut x604: u32 = 0; let mut x605: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x604, &mut x605, x603, x556, x587); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_p256_mulx_u32(&mut x606, &mut x607, x588, 0xffffffff); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_p256_mulx_u32(&mut x608, &mut x609, x588, 0xffffffff); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_p256_mulx_u32(&mut x610, &mut x611, x588, 0xffffffff); let mut x612: u32 = 0; let mut x613: u32 = 0; fiat_p256_mulx_u32(&mut x612, &mut x613, x588, 0xffffffff); let mut x614: u32 = 0; let mut x615: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x614, &mut x615, 0x0, x613, x610); let mut x616: u32 = 0; let mut x617: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x616, &mut x617, x615, x611, x608); let x618: u32 = ((x617 as u32) + x609); let mut x619: u32 = 0; let mut x620: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x619, &mut x620, 0x0, x588, x612); let mut x621: u32 = 0; let mut x622: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x621, &mut x622, x620, x590, x614); let mut x623: u32 = 0; let mut x624: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x623, &mut x624, x622, x592, x616); let mut x625: u32 = 0; let mut x626: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x625, &mut x626, x624, x594, x618); let mut x627: u32 = 0; let mut x628: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x627, &mut x628, x626, x596, (0x0 as u32)); let mut x629: u32 = 0; let mut x630: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x629, &mut x630, x628, x598, (0x0 as u32)); let mut x631: u32 = 0; let mut x632: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x631, &mut x632, x630, x600, x588); let mut x633: u32 = 0; let mut x634: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x633, &mut x634, x632, x602, x606); let mut x635: u32 = 0; let mut x636: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x635, &mut x636, x634, x604, x607); let x637: u32 = ((x636 as u32) + (x605 as u32)); let mut x638: u32 = 0; let mut x639: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x638, &mut x639, 0x0, x621, 0xffffffff); let mut x640: u32 = 0; let mut x641: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x640, &mut x641, x639, x623, 0xffffffff); let mut x642: u32 = 0; let mut x643: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x642, &mut x643, x641, x625, 0xffffffff); let mut x644: u32 = 0; let mut x645: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x644, &mut x645, x643, x627, (0x0 as u32)); let mut x646: u32 = 0; let mut x647: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x646, &mut x647, x645, x629, (0x0 as u32)); let mut x648: u32 = 0; let mut x649: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x648, &mut x649, x647, x631, (0x0 as u32)); let mut x650: u32 = 0; let mut x651: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x650, &mut x651, x649, x633, (0x1 as u32)); let mut x652: u32 = 0; let mut x653: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x652, &mut x653, x651, x635, 0xffffffff); let mut x654: u32 = 0; let mut x655: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x654, &mut x655, x653, x637, (0x0 as u32)); let mut x656: u32 = 0; fiat_p256_cmovznz_u32(&mut x656, x655, x638, x621); let mut x657: u32 = 0; fiat_p256_cmovznz_u32(&mut x657, x655, x640, x623); let mut x658: u32 = 0; fiat_p256_cmovznz_u32(&mut x658, x655, x642, x625); let mut x659: u32 = 0; fiat_p256_cmovznz_u32(&mut x659, x655, x644, x627); let mut x660: u32 = 0; fiat_p256_cmovznz_u32(&mut x660, x655, x646, x629); let mut x661: u32 = 0; fiat_p256_cmovznz_u32(&mut x661, x655, x648, x631); let mut x662: u32 = 0; fiat_p256_cmovznz_u32(&mut x662, x655, x650, x633); let mut x663: u32 = 0; fiat_p256_cmovznz_u32(&mut x663, x655, x652, x635); out1[0] = x656; out1[1] = x657; out1[2] = x658; out1[3] = x659; out1[4] = x660; out1[5] = x661; out1[6] = x662; out1[7] = x663; } /// The function fiat_p256_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_square(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_mulx_u32(&mut x9, &mut x10, x8, (arg1[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_mulx_u32(&mut x11, &mut x12, x8, (arg1[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_mulx_u32(&mut x13, &mut x14, x8, (arg1[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_mulx_u32(&mut x15, &mut x16, x8, (arg1[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_mulx_u32(&mut x17, &mut x18, x8, (arg1[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_mulx_u32(&mut x19, &mut x20, x8, (arg1[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_mulx_u32(&mut x21, &mut x22, x8, (arg1[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p256_mulx_u32(&mut x23, &mut x24, x8, (arg1[0])); let mut x25: u32 = 0; let mut x26: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_p256_mulx_u32(&mut x40, &mut x41, x23, 0xffffffff); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_p256_mulx_u32(&mut x42, &mut x43, x23, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p256_mulx_u32(&mut x44, &mut x45, x23, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p256_mulx_u32(&mut x46, &mut x47, x23, 0xffffffff); let mut x48: u32 = 0; let mut x49: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x48, &mut x49, 0x0, x47, x44); let mut x50: u32 = 0; let mut x51: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x50, &mut x51, x49, x45, x42); let x52: u32 = ((x51 as u32) + x43); let mut x53: u32 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x53, &mut x54, 0x0, x23, x46); let mut x55: u32 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x55, &mut x56, x54, x25, x48); let mut x57: u32 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x57, &mut x58, x56, x27, x50); let mut x59: u32 = 0; let mut x60: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x59, &mut x60, x58, x29, x52); let mut x61: u32 = 0; let mut x62: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x61, &mut x62, x60, x31, (0x0 as u32)); let mut x63: u32 = 0; let mut x64: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x63, &mut x64, x62, x33, (0x0 as u32)); let mut x65: u32 = 0; let mut x66: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x65, &mut x66, x64, x35, x23); let mut x67: u32 = 0; let mut x68: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x67, &mut x68, x66, x37, x40); let mut x69: u32 = 0; let mut x70: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x69, &mut x70, x68, x39, x41); let mut x71: u32 = 0; let mut x72: u32 = 0; fiat_p256_mulx_u32(&mut x71, &mut x72, x1, (arg1[7])); let mut x73: u32 = 0; let mut x74: u32 = 0; fiat_p256_mulx_u32(&mut x73, &mut x74, x1, (arg1[6])); let mut x75: u32 = 0; let mut x76: u32 = 0; fiat_p256_mulx_u32(&mut x75, &mut x76, x1, (arg1[5])); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_p256_mulx_u32(&mut x77, &mut x78, x1, (arg1[4])); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_p256_mulx_u32(&mut x79, &mut x80, x1, (arg1[3])); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_p256_mulx_u32(&mut x81, &mut x82, x1, (arg1[2])); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_p256_mulx_u32(&mut x83, &mut x84, x1, (arg1[1])); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p256_mulx_u32(&mut x85, &mut x86, x1, (arg1[0])); let mut x87: u32 = 0; let mut x88: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x87, &mut x88, 0x0, x86, x83); let mut x89: u32 = 0; let mut x90: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x89, &mut x90, x88, x84, x81); let mut x91: u32 = 0; let mut x92: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x91, &mut x92, x90, x82, x79); let mut x93: u32 = 0; let mut x94: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x93, &mut x94, x92, x80, x77); let mut x95: u32 = 0; let mut x96: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x95, &mut x96, x94, x78, x75); let mut x97: u32 = 0; let mut x98: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x97, &mut x98, x96, x76, x73); let mut x99: u32 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x99, &mut x100, x98, x74, x71); let x101: u32 = ((x100 as u32) + x72); let mut x102: u32 = 0; let mut x103: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x102, &mut x103, 0x0, x55, x85); let mut x104: u32 = 0; let mut x105: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x104, &mut x105, x103, x57, x87); let mut x106: u32 = 0; let mut x107: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x106, &mut x107, x105, x59, x89); let mut x108: u32 = 0; let mut x109: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x108, &mut x109, x107, x61, x91); let mut x110: u32 = 0; let mut x111: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x110, &mut x111, x109, x63, x93); let mut x112: u32 = 0; let mut x113: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x112, &mut x113, x111, x65, x95); let mut x114: u32 = 0; let mut x115: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x114, &mut x115, x113, x67, x97); let mut x116: u32 = 0; let mut x117: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x116, &mut x117, x115, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x118, &mut x119, x117, (x70 as u32), x101); let mut x120: u32 = 0; let mut x121: u32 = 0; fiat_p256_mulx_u32(&mut x120, &mut x121, x102, 0xffffffff); let mut x122: u32 = 0; let mut x123: u32 = 0; fiat_p256_mulx_u32(&mut x122, &mut x123, x102, 0xffffffff); let mut x124: u32 = 0; let mut x125: u32 = 0; fiat_p256_mulx_u32(&mut x124, &mut x125, x102, 0xffffffff); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_p256_mulx_u32(&mut x126, &mut x127, x102, 0xffffffff); let mut x128: u32 = 0; let mut x129: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x128, &mut x129, 0x0, x127, x124); let mut x130: u32 = 0; let mut x131: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x130, &mut x131, x129, x125, x122); let x132: u32 = ((x131 as u32) + x123); let mut x133: u32 = 0; let mut x134: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x133, &mut x134, 0x0, x102, x126); let mut x135: u32 = 0; let mut x136: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x135, &mut x136, x134, x104, x128); let mut x137: u32 = 0; let mut x138: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x137, &mut x138, x136, x106, x130); let mut x139: u32 = 0; let mut x140: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x139, &mut x140, x138, x108, x132); let mut x141: u32 = 0; let mut x142: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x141, &mut x142, x140, x110, (0x0 as u32)); let mut x143: u32 = 0; let mut x144: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x143, &mut x144, x142, x112, (0x0 as u32)); let mut x145: u32 = 0; let mut x146: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x145, &mut x146, x144, x114, x102); let mut x147: u32 = 0; let mut x148: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x147, &mut x148, x146, x116, x120); let mut x149: u32 = 0; let mut x150: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x149, &mut x150, x148, x118, x121); let x151: u32 = ((x150 as u32) + (x119 as u32)); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_p256_mulx_u32(&mut x152, &mut x153, x2, (arg1[7])); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_p256_mulx_u32(&mut x154, &mut x155, x2, (arg1[6])); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_p256_mulx_u32(&mut x156, &mut x157, x2, (arg1[5])); let mut x158: u32 = 0; let mut x159: u32 = 0; fiat_p256_mulx_u32(&mut x158, &mut x159, x2, (arg1[4])); let mut x160: u32 = 0; let mut x161: u32 = 0; fiat_p256_mulx_u32(&mut x160, &mut x161, x2, (arg1[3])); let mut x162: u32 = 0; let mut x163: u32 = 0; fiat_p256_mulx_u32(&mut x162, &mut x163, x2, (arg1[2])); let mut x164: u32 = 0; let mut x165: u32 = 0; fiat_p256_mulx_u32(&mut x164, &mut x165, x2, (arg1[1])); let mut x166: u32 = 0; let mut x167: u32 = 0; fiat_p256_mulx_u32(&mut x166, &mut x167, x2, (arg1[0])); let mut x168: u32 = 0; let mut x169: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x168, &mut x169, 0x0, x167, x164); let mut x170: u32 = 0; let mut x171: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x170, &mut x171, x169, x165, x162); let mut x172: u32 = 0; let mut x173: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x172, &mut x173, x171, x163, x160); let mut x174: u32 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x174, &mut x175, x173, x161, x158); let mut x176: u32 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x176, &mut x177, x175, x159, x156); let mut x178: u32 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x178, &mut x179, x177, x157, x154); let mut x180: u32 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x180, &mut x181, x179, x155, x152); let x182: u32 = ((x181 as u32) + x153); let mut x183: u32 = 0; let mut x184: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x183, &mut x184, 0x0, x135, x166); let mut x185: u32 = 0; let mut x186: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x185, &mut x186, x184, x137, x168); let mut x187: u32 = 0; let mut x188: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x187, &mut x188, x186, x139, x170); let mut x189: u32 = 0; let mut x190: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x189, &mut x190, x188, x141, x172); let mut x191: u32 = 0; let mut x192: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x191, &mut x192, x190, x143, x174); let mut x193: u32 = 0; let mut x194: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x193, &mut x194, x192, x145, x176); let mut x195: u32 = 0; let mut x196: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x195, &mut x196, x194, x147, x178); let mut x197: u32 = 0; let mut x198: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x197, &mut x198, x196, x149, x180); let mut x199: u32 = 0; let mut x200: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x199, &mut x200, x198, x151, x182); let mut x201: u32 = 0; let mut x202: u32 = 0; fiat_p256_mulx_u32(&mut x201, &mut x202, x183, 0xffffffff); let mut x203: u32 = 0; let mut x204: u32 = 0; fiat_p256_mulx_u32(&mut x203, &mut x204, x183, 0xffffffff); let mut x205: u32 = 0; let mut x206: u32 = 0; fiat_p256_mulx_u32(&mut x205, &mut x206, x183, 0xffffffff); let mut x207: u32 = 0; let mut x208: u32 = 0; fiat_p256_mulx_u32(&mut x207, &mut x208, x183, 0xffffffff); let mut x209: u32 = 0; let mut x210: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x209, &mut x210, 0x0, x208, x205); let mut x211: u32 = 0; let mut x212: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x211, &mut x212, x210, x206, x203); let x213: u32 = ((x212 as u32) + x204); let mut x214: u32 = 0; let mut x215: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x214, &mut x215, 0x0, x183, x207); let mut x216: u32 = 0; let mut x217: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x216, &mut x217, x215, x185, x209); let mut x218: u32 = 0; let mut x219: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x218, &mut x219, x217, x187, x211); let mut x220: u32 = 0; let mut x221: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x220, &mut x221, x219, x189, x213); let mut x222: u32 = 0; let mut x223: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x222, &mut x223, x221, x191, (0x0 as u32)); let mut x224: u32 = 0; let mut x225: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x224, &mut x225, x223, x193, (0x0 as u32)); let mut x226: u32 = 0; let mut x227: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x226, &mut x227, x225, x195, x183); let mut x228: u32 = 0; let mut x229: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x228, &mut x229, x227, x197, x201); let mut x230: u32 = 0; let mut x231: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x230, &mut x231, x229, x199, x202); let x232: u32 = ((x231 as u32) + (x200 as u32)); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_p256_mulx_u32(&mut x233, &mut x234, x3, (arg1[7])); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_p256_mulx_u32(&mut x235, &mut x236, x3, (arg1[6])); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_p256_mulx_u32(&mut x237, &mut x238, x3, (arg1[5])); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_p256_mulx_u32(&mut x239, &mut x240, x3, (arg1[4])); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_p256_mulx_u32(&mut x241, &mut x242, x3, (arg1[3])); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_p256_mulx_u32(&mut x243, &mut x244, x3, (arg1[2])); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_p256_mulx_u32(&mut x245, &mut x246, x3, (arg1[1])); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_p256_mulx_u32(&mut x247, &mut x248, x3, (arg1[0])); let mut x249: u32 = 0; let mut x250: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x249, &mut x250, 0x0, x248, x245); let mut x251: u32 = 0; let mut x252: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x251, &mut x252, x250, x246, x243); let mut x253: u32 = 0; let mut x254: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x253, &mut x254, x252, x244, x241); let mut x255: u32 = 0; let mut x256: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x255, &mut x256, x254, x242, x239); let mut x257: u32 = 0; let mut x258: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x257, &mut x258, x256, x240, x237); let mut x259: u32 = 0; let mut x260: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x259, &mut x260, x258, x238, x235); let mut x261: u32 = 0; let mut x262: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x261, &mut x262, x260, x236, x233); let x263: u32 = ((x262 as u32) + x234); let mut x264: u32 = 0; let mut x265: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x264, &mut x265, 0x0, x216, x247); let mut x266: u32 = 0; let mut x267: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x266, &mut x267, x265, x218, x249); let mut x268: u32 = 0; let mut x269: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x268, &mut x269, x267, x220, x251); let mut x270: u32 = 0; let mut x271: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x270, &mut x271, x269, x222, x253); let mut x272: u32 = 0; let mut x273: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x272, &mut x273, x271, x224, x255); let mut x274: u32 = 0; let mut x275: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x274, &mut x275, x273, x226, x257); let mut x276: u32 = 0; let mut x277: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x276, &mut x277, x275, x228, x259); let mut x278: u32 = 0; let mut x279: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x278, &mut x279, x277, x230, x261); let mut x280: u32 = 0; let mut x281: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x280, &mut x281, x279, x232, x263); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_p256_mulx_u32(&mut x282, &mut x283, x264, 0xffffffff); let mut x284: u32 = 0; let mut x285: u32 = 0; fiat_p256_mulx_u32(&mut x284, &mut x285, x264, 0xffffffff); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p256_mulx_u32(&mut x286, &mut x287, x264, 0xffffffff); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p256_mulx_u32(&mut x288, &mut x289, x264, 0xffffffff); let mut x290: u32 = 0; let mut x291: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x290, &mut x291, 0x0, x289, x286); let mut x292: u32 = 0; let mut x293: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x292, &mut x293, x291, x287, x284); let x294: u32 = ((x293 as u32) + x285); let mut x295: u32 = 0; let mut x296: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x295, &mut x296, 0x0, x264, x288); let mut x297: u32 = 0; let mut x298: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x297, &mut x298, x296, x266, x290); let mut x299: u32 = 0; let mut x300: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x299, &mut x300, x298, x268, x292); let mut x301: u32 = 0; let mut x302: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x301, &mut x302, x300, x270, x294); let mut x303: u32 = 0; let mut x304: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x303, &mut x304, x302, x272, (0x0 as u32)); let mut x305: u32 = 0; let mut x306: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x305, &mut x306, x304, x274, (0x0 as u32)); let mut x307: u32 = 0; let mut x308: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x307, &mut x308, x306, x276, x264); let mut x309: u32 = 0; let mut x310: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x309, &mut x310, x308, x278, x282); let mut x311: u32 = 0; let mut x312: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x311, &mut x312, x310, x280, x283); let x313: u32 = ((x312 as u32) + (x281 as u32)); let mut x314: u32 = 0; let mut x315: u32 = 0; fiat_p256_mulx_u32(&mut x314, &mut x315, x4, (arg1[7])); let mut x316: u32 = 0; let mut x317: u32 = 0; fiat_p256_mulx_u32(&mut x316, &mut x317, x4, (arg1[6])); let mut x318: u32 = 0; let mut x319: u32 = 0; fiat_p256_mulx_u32(&mut x318, &mut x319, x4, (arg1[5])); let mut x320: u32 = 0; let mut x321: u32 = 0; fiat_p256_mulx_u32(&mut x320, &mut x321, x4, (arg1[4])); let mut x322: u32 = 0; let mut x323: u32 = 0; fiat_p256_mulx_u32(&mut x322, &mut x323, x4, (arg1[3])); let mut x324: u32 = 0; let mut x325: u32 = 0; fiat_p256_mulx_u32(&mut x324, &mut x325, x4, (arg1[2])); let mut x326: u32 = 0; let mut x327: u32 = 0; fiat_p256_mulx_u32(&mut x326, &mut x327, x4, (arg1[1])); let mut x328: u32 = 0; let mut x329: u32 = 0; fiat_p256_mulx_u32(&mut x328, &mut x329, x4, (arg1[0])); let mut x330: u32 = 0; let mut x331: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x330, &mut x331, 0x0, x329, x326); let mut x332: u32 = 0; let mut x333: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x332, &mut x333, x331, x327, x324); let mut x334: u32 = 0; let mut x335: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x334, &mut x335, x333, x325, x322); let mut x336: u32 = 0; let mut x337: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x336, &mut x337, x335, x323, x320); let mut x338: u32 = 0; let mut x339: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x338, &mut x339, x337, x321, x318); let mut x340: u32 = 0; let mut x341: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x340, &mut x341, x339, x319, x316); let mut x342: u32 = 0; let mut x343: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x342, &mut x343, x341, x317, x314); let x344: u32 = ((x343 as u32) + x315); let mut x345: u32 = 0; let mut x346: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x345, &mut x346, 0x0, x297, x328); let mut x347: u32 = 0; let mut x348: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x347, &mut x348, x346, x299, x330); let mut x349: u32 = 0; let mut x350: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x349, &mut x350, x348, x301, x332); let mut x351: u32 = 0; let mut x352: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x351, &mut x352, x350, x303, x334); let mut x353: u32 = 0; let mut x354: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x353, &mut x354, x352, x305, x336); let mut x355: u32 = 0; let mut x356: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x355, &mut x356, x354, x307, x338); let mut x357: u32 = 0; let mut x358: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x357, &mut x358, x356, x309, x340); let mut x359: u32 = 0; let mut x360: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x359, &mut x360, x358, x311, x342); let mut x361: u32 = 0; let mut x362: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x361, &mut x362, x360, x313, x344); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p256_mulx_u32(&mut x363, &mut x364, x345, 0xffffffff); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p256_mulx_u32(&mut x365, &mut x366, x345, 0xffffffff); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p256_mulx_u32(&mut x367, &mut x368, x345, 0xffffffff); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_p256_mulx_u32(&mut x369, &mut x370, x345, 0xffffffff); let mut x371: u32 = 0; let mut x372: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x371, &mut x372, 0x0, x370, x367); let mut x373: u32 = 0; let mut x374: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x373, &mut x374, x372, x368, x365); let x375: u32 = ((x374 as u32) + x366); let mut x376: u32 = 0; let mut x377: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x376, &mut x377, 0x0, x345, x369); let mut x378: u32 = 0; let mut x379: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x378, &mut x379, x377, x347, x371); let mut x380: u32 = 0; let mut x381: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x380, &mut x381, x379, x349, x373); let mut x382: u32 = 0; let mut x383: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x382, &mut x383, x381, x351, x375); let mut x384: u32 = 0; let mut x385: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x384, &mut x385, x383, x353, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x386, &mut x387, x385, x355, (0x0 as u32)); let mut x388: u32 = 0; let mut x389: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x388, &mut x389, x387, x357, x345); let mut x390: u32 = 0; let mut x391: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x390, &mut x391, x389, x359, x363); let mut x392: u32 = 0; let mut x393: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x392, &mut x393, x391, x361, x364); let x394: u32 = ((x393 as u32) + (x362 as u32)); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_p256_mulx_u32(&mut x395, &mut x396, x5, (arg1[7])); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_p256_mulx_u32(&mut x397, &mut x398, x5, (arg1[6])); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_p256_mulx_u32(&mut x399, &mut x400, x5, (arg1[5])); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_p256_mulx_u32(&mut x401, &mut x402, x5, (arg1[4])); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_p256_mulx_u32(&mut x403, &mut x404, x5, (arg1[3])); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p256_mulx_u32(&mut x405, &mut x406, x5, (arg1[2])); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p256_mulx_u32(&mut x407, &mut x408, x5, (arg1[1])); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p256_mulx_u32(&mut x409, &mut x410, x5, (arg1[0])); let mut x411: u32 = 0; let mut x412: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x411, &mut x412, 0x0, x410, x407); let mut x413: u32 = 0; let mut x414: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x413, &mut x414, x412, x408, x405); let mut x415: u32 = 0; let mut x416: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x415, &mut x416, x414, x406, x403); let mut x417: u32 = 0; let mut x418: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x417, &mut x418, x416, x404, x401); let mut x419: u32 = 0; let mut x420: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x419, &mut x420, x418, x402, x399); let mut x421: u32 = 0; let mut x422: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x421, &mut x422, x420, x400, x397); let mut x423: u32 = 0; let mut x424: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x423, &mut x424, x422, x398, x395); let x425: u32 = ((x424 as u32) + x396); let mut x426: u32 = 0; let mut x427: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x426, &mut x427, 0x0, x378, x409); let mut x428: u32 = 0; let mut x429: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x428, &mut x429, x427, x380, x411); let mut x430: u32 = 0; let mut x431: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x430, &mut x431, x429, x382, x413); let mut x432: u32 = 0; let mut x433: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x432, &mut x433, x431, x384, x415); let mut x434: u32 = 0; let mut x435: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x434, &mut x435, x433, x386, x417); let mut x436: u32 = 0; let mut x437: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x436, &mut x437, x435, x388, x419); let mut x438: u32 = 0; let mut x439: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x438, &mut x439, x437, x390, x421); let mut x440: u32 = 0; let mut x441: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x440, &mut x441, x439, x392, x423); let mut x442: u32 = 0; let mut x443: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x442, &mut x443, x441, x394, x425); let mut x444: u32 = 0; let mut x445: u32 = 0; fiat_p256_mulx_u32(&mut x444, &mut x445, x426, 0xffffffff); let mut x446: u32 = 0; let mut x447: u32 = 0; fiat_p256_mulx_u32(&mut x446, &mut x447, x426, 0xffffffff); let mut x448: u32 = 0; let mut x449: u32 = 0; fiat_p256_mulx_u32(&mut x448, &mut x449, x426, 0xffffffff); let mut x450: u32 = 0; let mut x451: u32 = 0; fiat_p256_mulx_u32(&mut x450, &mut x451, x426, 0xffffffff); let mut x452: u32 = 0; let mut x453: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x452, &mut x453, 0x0, x451, x448); let mut x454: u32 = 0; let mut x455: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x454, &mut x455, x453, x449, x446); let x456: u32 = ((x455 as u32) + x447); let mut x457: u32 = 0; let mut x458: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x457, &mut x458, 0x0, x426, x450); let mut x459: u32 = 0; let mut x460: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x459, &mut x460, x458, x428, x452); let mut x461: u32 = 0; let mut x462: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x461, &mut x462, x460, x430, x454); let mut x463: u32 = 0; let mut x464: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x463, &mut x464, x462, x432, x456); let mut x465: u32 = 0; let mut x466: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x465, &mut x466, x464, x434, (0x0 as u32)); let mut x467: u32 = 0; let mut x468: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x467, &mut x468, x466, x436, (0x0 as u32)); let mut x469: u32 = 0; let mut x470: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x469, &mut x470, x468, x438, x426); let mut x471: u32 = 0; let mut x472: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x471, &mut x472, x470, x440, x444); let mut x473: u32 = 0; let mut x474: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x473, &mut x474, x472, x442, x445); let x475: u32 = ((x474 as u32) + (x443 as u32)); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_p256_mulx_u32(&mut x476, &mut x477, x6, (arg1[7])); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_p256_mulx_u32(&mut x478, &mut x479, x6, (arg1[6])); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_p256_mulx_u32(&mut x480, &mut x481, x6, (arg1[5])); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_p256_mulx_u32(&mut x482, &mut x483, x6, (arg1[4])); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_p256_mulx_u32(&mut x484, &mut x485, x6, (arg1[3])); let mut x486: u32 = 0; let mut x487: u32 = 0; fiat_p256_mulx_u32(&mut x486, &mut x487, x6, (arg1[2])); let mut x488: u32 = 0; let mut x489: u32 = 0; fiat_p256_mulx_u32(&mut x488, &mut x489, x6, (arg1[1])); let mut x490: u32 = 0; let mut x491: u32 = 0; fiat_p256_mulx_u32(&mut x490, &mut x491, x6, (arg1[0])); let mut x492: u32 = 0; let mut x493: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x492, &mut x493, 0x0, x491, x488); let mut x494: u32 = 0; let mut x495: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x494, &mut x495, x493, x489, x486); let mut x496: u32 = 0; let mut x497: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x496, &mut x497, x495, x487, x484); let mut x498: u32 = 0; let mut x499: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x498, &mut x499, x497, x485, x482); let mut x500: u32 = 0; let mut x501: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x500, &mut x501, x499, x483, x480); let mut x502: u32 = 0; let mut x503: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x502, &mut x503, x501, x481, x478); let mut x504: u32 = 0; let mut x505: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x504, &mut x505, x503, x479, x476); let x506: u32 = ((x505 as u32) + x477); let mut x507: u32 = 0; let mut x508: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x507, &mut x508, 0x0, x459, x490); let mut x509: u32 = 0; let mut x510: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x509, &mut x510, x508, x461, x492); let mut x511: u32 = 0; let mut x512: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x511, &mut x512, x510, x463, x494); let mut x513: u32 = 0; let mut x514: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x513, &mut x514, x512, x465, x496); let mut x515: u32 = 0; let mut x516: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x515, &mut x516, x514, x467, x498); let mut x517: u32 = 0; let mut x518: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x517, &mut x518, x516, x469, x500); let mut x519: u32 = 0; let mut x520: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x519, &mut x520, x518, x471, x502); let mut x521: u32 = 0; let mut x522: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x521, &mut x522, x520, x473, x504); let mut x523: u32 = 0; let mut x524: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x523, &mut x524, x522, x475, x506); let mut x525: u32 = 0; let mut x526: u32 = 0; fiat_p256_mulx_u32(&mut x525, &mut x526, x507, 0xffffffff); let mut x527: u32 = 0; let mut x528: u32 = 0; fiat_p256_mulx_u32(&mut x527, &mut x528, x507, 0xffffffff); let mut x529: u32 = 0; let mut x530: u32 = 0; fiat_p256_mulx_u32(&mut x529, &mut x530, x507, 0xffffffff); let mut x531: u32 = 0; let mut x532: u32 = 0; fiat_p256_mulx_u32(&mut x531, &mut x532, x507, 0xffffffff); let mut x533: u32 = 0; let mut x534: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x533, &mut x534, 0x0, x532, x529); let mut x535: u32 = 0; let mut x536: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x535, &mut x536, x534, x530, x527); let x537: u32 = ((x536 as u32) + x528); let mut x538: u32 = 0; let mut x539: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x538, &mut x539, 0x0, x507, x531); let mut x540: u32 = 0; let mut x541: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x540, &mut x541, x539, x509, x533); let mut x542: u32 = 0; let mut x543: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x542, &mut x543, x541, x511, x535); let mut x544: u32 = 0; let mut x545: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x544, &mut x545, x543, x513, x537); let mut x546: u32 = 0; let mut x547: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x546, &mut x547, x545, x515, (0x0 as u32)); let mut x548: u32 = 0; let mut x549: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x548, &mut x549, x547, x517, (0x0 as u32)); let mut x550: u32 = 0; let mut x551: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x550, &mut x551, x549, x519, x507); let mut x552: u32 = 0; let mut x553: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x552, &mut x553, x551, x521, x525); let mut x554: u32 = 0; let mut x555: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x554, &mut x555, x553, x523, x526); let x556: u32 = ((x555 as u32) + (x524 as u32)); let mut x557: u32 = 0; let mut x558: u32 = 0; fiat_p256_mulx_u32(&mut x557, &mut x558, x7, (arg1[7])); let mut x559: u32 = 0; let mut x560: u32 = 0; fiat_p256_mulx_u32(&mut x559, &mut x560, x7, (arg1[6])); let mut x561: u32 = 0; let mut x562: u32 = 0; fiat_p256_mulx_u32(&mut x561, &mut x562, x7, (arg1[5])); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_p256_mulx_u32(&mut x563, &mut x564, x7, (arg1[4])); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_p256_mulx_u32(&mut x565, &mut x566, x7, (arg1[3])); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_p256_mulx_u32(&mut x567, &mut x568, x7, (arg1[2])); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_p256_mulx_u32(&mut x569, &mut x570, x7, (arg1[1])); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_p256_mulx_u32(&mut x571, &mut x572, x7, (arg1[0])); let mut x573: u32 = 0; let mut x574: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x573, &mut x574, 0x0, x572, x569); let mut x575: u32 = 0; let mut x576: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x575, &mut x576, x574, x570, x567); let mut x577: u32 = 0; let mut x578: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x577, &mut x578, x576, x568, x565); let mut x579: u32 = 0; let mut x580: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x579, &mut x580, x578, x566, x563); let mut x581: u32 = 0; let mut x582: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x581, &mut x582, x580, x564, x561); let mut x583: u32 = 0; let mut x584: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x583, &mut x584, x582, x562, x559); let mut x585: u32 = 0; let mut x586: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x585, &mut x586, x584, x560, x557); let x587: u32 = ((x586 as u32) + x558); let mut x588: u32 = 0; let mut x589: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x588, &mut x589, 0x0, x540, x571); let mut x590: u32 = 0; let mut x591: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x590, &mut x591, x589, x542, x573); let mut x592: u32 = 0; let mut x593: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x592, &mut x593, x591, x544, x575); let mut x594: u32 = 0; let mut x595: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x594, &mut x595, x593, x546, x577); let mut x596: u32 = 0; let mut x597: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x596, &mut x597, x595, x548, x579); let mut x598: u32 = 0; let mut x599: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x598, &mut x599, x597, x550, x581); let mut x600: u32 = 0; let mut x601: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x600, &mut x601, x599, x552, x583); let mut x602: u32 = 0; let mut x603: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x602, &mut x603, x601, x554, x585); let mut x604: u32 = 0; let mut x605: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x604, &mut x605, x603, x556, x587); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_p256_mulx_u32(&mut x606, &mut x607, x588, 0xffffffff); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_p256_mulx_u32(&mut x608, &mut x609, x588, 0xffffffff); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_p256_mulx_u32(&mut x610, &mut x611, x588, 0xffffffff); let mut x612: u32 = 0; let mut x613: u32 = 0; fiat_p256_mulx_u32(&mut x612, &mut x613, x588, 0xffffffff); let mut x614: u32 = 0; let mut x615: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x614, &mut x615, 0x0, x613, x610); let mut x616: u32 = 0; let mut x617: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x616, &mut x617, x615, x611, x608); let x618: u32 = ((x617 as u32) + x609); let mut x619: u32 = 0; let mut x620: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x619, &mut x620, 0x0, x588, x612); let mut x621: u32 = 0; let mut x622: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x621, &mut x622, x620, x590, x614); let mut x623: u32 = 0; let mut x624: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x623, &mut x624, x622, x592, x616); let mut x625: u32 = 0; let mut x626: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x625, &mut x626, x624, x594, x618); let mut x627: u32 = 0; let mut x628: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x627, &mut x628, x626, x596, (0x0 as u32)); let mut x629: u32 = 0; let mut x630: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x629, &mut x630, x628, x598, (0x0 as u32)); let mut x631: u32 = 0; let mut x632: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x631, &mut x632, x630, x600, x588); let mut x633: u32 = 0; let mut x634: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x633, &mut x634, x632, x602, x606); let mut x635: u32 = 0; let mut x636: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x635, &mut x636, x634, x604, x607); let x637: u32 = ((x636 as u32) + (x605 as u32)); let mut x638: u32 = 0; let mut x639: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x638, &mut x639, 0x0, x621, 0xffffffff); let mut x640: u32 = 0; let mut x641: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x640, &mut x641, x639, x623, 0xffffffff); let mut x642: u32 = 0; let mut x643: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x642, &mut x643, x641, x625, 0xffffffff); let mut x644: u32 = 0; let mut x645: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x644, &mut x645, x643, x627, (0x0 as u32)); let mut x646: u32 = 0; let mut x647: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x646, &mut x647, x645, x629, (0x0 as u32)); let mut x648: u32 = 0; let mut x649: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x648, &mut x649, x647, x631, (0x0 as u32)); let mut x650: u32 = 0; let mut x651: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x650, &mut x651, x649, x633, (0x1 as u32)); let mut x652: u32 = 0; let mut x653: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x652, &mut x653, x651, x635, 0xffffffff); let mut x654: u32 = 0; let mut x655: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x654, &mut x655, x653, x637, (0x0 as u32)); let mut x656: u32 = 0; fiat_p256_cmovznz_u32(&mut x656, x655, x638, x621); let mut x657: u32 = 0; fiat_p256_cmovznz_u32(&mut x657, x655, x640, x623); let mut x658: u32 = 0; fiat_p256_cmovznz_u32(&mut x658, x655, x642, x625); let mut x659: u32 = 0; fiat_p256_cmovznz_u32(&mut x659, x655, x644, x627); let mut x660: u32 = 0; fiat_p256_cmovznz_u32(&mut x660, x655, x646, x629); let mut x661: u32 = 0; fiat_p256_cmovznz_u32(&mut x661, x655, x648, x631); let mut x662: u32 = 0; fiat_p256_cmovznz_u32(&mut x662, x655, x650, x633); let mut x663: u32 = 0; fiat_p256_cmovznz_u32(&mut x663, x655, x652, x635); out1[0] = x656; out1[1] = x657; out1[2] = x658; out1[3] = x659; out1[4] = x660; out1[5] = x661; out1[6] = x662; out1[7] = x663; } /// The function fiat_p256_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_add(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x17, &mut x18, 0x0, x1, 0xffffffff); let mut x19: u32 = 0; let mut x20: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x19, &mut x20, x18, x3, 0xffffffff); let mut x21: u32 = 0; let mut x22: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x21, &mut x22, x20, x5, 0xffffffff); let mut x23: u32 = 0; let mut x24: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x23, &mut x24, x22, x7, (0x0 as u32)); let mut x25: u32 = 0; let mut x26: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x25, &mut x26, x24, x9, (0x0 as u32)); let mut x27: u32 = 0; let mut x28: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x27, &mut x28, x26, x11, (0x0 as u32)); let mut x29: u32 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x29, &mut x30, x28, x13, (0x1 as u32)); let mut x31: u32 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x31, &mut x32, x30, x15, 0xffffffff); let mut x33: u32 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x33, &mut x34, x32, (x16 as u32), (0x0 as u32)); let mut x35: u32 = 0; fiat_p256_cmovznz_u32(&mut x35, x34, x17, x1); let mut x36: u32 = 0; fiat_p256_cmovznz_u32(&mut x36, x34, x19, x3); let mut x37: u32 = 0; fiat_p256_cmovznz_u32(&mut x37, x34, x21, x5); let mut x38: u32 = 0; fiat_p256_cmovznz_u32(&mut x38, x34, x23, x7); let mut x39: u32 = 0; fiat_p256_cmovznz_u32(&mut x39, x34, x25, x9); let mut x40: u32 = 0; fiat_p256_cmovznz_u32(&mut x40, x34, x27, x11); let mut x41: u32 = 0; fiat_p256_cmovznz_u32(&mut x41, x34, x29, x13); let mut x42: u32 = 0; fiat_p256_cmovznz_u32(&mut x42, x34, x31, x15); out1[0] = x35; out1[1] = x36; out1[2] = x37; out1[3] = x38; out1[4] = x39; out1[5] = x40; out1[6] = x41; out1[7] = x42; } /// The function fiat_p256_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_sub(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; fiat_p256_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, x17); let mut x20: u32 = 0; let mut x21: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x20, &mut x21, x19, x3, x17); let mut x22: u32 = 0; let mut x23: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x22, &mut x23, x21, x5, x17); let mut x24: u32 = 0; let mut x25: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x24, &mut x25, x23, x7, (0x0 as u32)); let mut x26: u32 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x26, &mut x27, x25, x9, (0x0 as u32)); let mut x28: u32 = 0; let mut x29: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x28, &mut x29, x27, x11, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x30, &mut x31, x29, x13, (((x17 & (0x1 as u32)) as fiat_p256_u1) as u32)); let mut x32: u32 = 0; let mut x33: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_p256_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_opp(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; fiat_p256_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, x17); let mut x20: u32 = 0; let mut x21: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x20, &mut x21, x19, x3, x17); let mut x22: u32 = 0; let mut x23: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x22, &mut x23, x21, x5, x17); let mut x24: u32 = 0; let mut x25: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x24, &mut x25, x23, x7, (0x0 as u32)); let mut x26: u32 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x26, &mut x27, x25, x9, (0x0 as u32)); let mut x28: u32 = 0; let mut x29: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x28, &mut x29, x27, x11, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x30, &mut x31, x29, x13, (((x17 & (0x1 as u32)) as fiat_p256_u1) as u32)); let mut x32: u32 = 0; let mut x33: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_from_montgomery(out1: &mut fiat_p256_non_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_p256_mulx_u32(&mut x2, &mut x3, x1, 0xffffffff); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_p256_mulx_u32(&mut x4, &mut x5, x1, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_p256_mulx_u32(&mut x6, &mut x7, x1, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p256_mulx_u32(&mut x8, &mut x9, x1, 0xffffffff); let mut x10: u32 = 0; let mut x11: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x10, &mut x11, 0x0, x9, x6); let mut x12: u32 = 0; let mut x13: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x12, &mut x13, x11, x7, x4); let mut x14: u32 = 0; let mut x15: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x14, &mut x15, 0x0, x1, x8); let mut x16: u32 = 0; let mut x17: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x16, &mut x17, x15, (0x0 as u32), x10); let mut x18: u32 = 0; let mut x19: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), x12); let mut x20: u32 = 0; let mut x21: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), ((x13 as u32) + x5)); let mut x22: u32 = 0; let mut x23: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x22, &mut x23, 0x0, x16, (arg1[1])); let mut x24: u32 = 0; let mut x25: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x24, &mut x25, x23, x18, (0x0 as u32)); let mut x26: u32 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x26, &mut x27, x25, x20, (0x0 as u32)); let mut x28: u32 = 0; let mut x29: u32 = 0; fiat_p256_mulx_u32(&mut x28, &mut x29, x22, 0xffffffff); let mut x30: u32 = 0; let mut x31: u32 = 0; fiat_p256_mulx_u32(&mut x30, &mut x31, x22, 0xffffffff); let mut x32: u32 = 0; let mut x33: u32 = 0; fiat_p256_mulx_u32(&mut x32, &mut x33, x22, 0xffffffff); let mut x34: u32 = 0; let mut x35: u32 = 0; fiat_p256_mulx_u32(&mut x34, &mut x35, x22, 0xffffffff); let mut x36: u32 = 0; let mut x37: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x36, &mut x37, 0x0, x35, x32); let mut x38: u32 = 0; let mut x39: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x38, &mut x39, x37, x33, x30); let mut x40: u32 = 0; let mut x41: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x40, &mut x41, 0x0, x22, x34); let mut x42: u32 = 0; let mut x43: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x42, &mut x43, x41, x24, x36); let mut x44: u32 = 0; let mut x45: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x44, &mut x45, x43, x26, x38); let mut x46: u32 = 0; let mut x47: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x46, &mut x47, x45, ((x27 as u32) + (x21 as u32)), ((x39 as u32) + x31)); let mut x48: u32 = 0; let mut x49: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x48, &mut x49, 0x0, x2, x22); let mut x50: u32 = 0; let mut x51: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x50, &mut x51, x49, x3, x28); let mut x52: u32 = 0; let mut x53: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x52, &mut x53, 0x0, x42, (arg1[2])); let mut x54: u32 = 0; let mut x55: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x54, &mut x55, x53, x44, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x56, &mut x57, x55, x46, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: u32 = 0; fiat_p256_mulx_u32(&mut x58, &mut x59, x52, 0xffffffff); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p256_mulx_u32(&mut x60, &mut x61, x52, 0xffffffff); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p256_mulx_u32(&mut x62, &mut x63, x52, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p256_mulx_u32(&mut x64, &mut x65, x52, 0xffffffff); let mut x66: u32 = 0; let mut x67: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x66, &mut x67, 0x0, x65, x62); let mut x68: u32 = 0; let mut x69: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x68, &mut x69, x67, x63, x60); let mut x70: u32 = 0; let mut x71: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x70, &mut x71, 0x0, x52, x64); let mut x72: u32 = 0; let mut x73: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x72, &mut x73, x71, x54, x66); let mut x74: u32 = 0; let mut x75: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x74, &mut x75, x73, x56, x68); let mut x76: u32 = 0; let mut x77: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x76, &mut x77, x75, ((x57 as u32) + (x47 as u32)), ((x69 as u32) + x61)); let mut x78: u32 = 0; let mut x79: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x78, &mut x79, x77, x1, (0x0 as u32)); let mut x80: u32 = 0; let mut x81: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x80, &mut x81, x79, x48, (0x0 as u32)); let mut x82: u32 = 0; let mut x83: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x82, &mut x83, x81, x50, x52); let mut x84: u32 = 0; let mut x85: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x84, &mut x85, x83, ((x51 as u32) + x29), x58); let mut x86: u32 = 0; let mut x87: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x86, &mut x87, 0x0, x72, (arg1[3])); let mut x88: u32 = 0; let mut x89: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x88, &mut x89, x87, x74, (0x0 as u32)); let mut x90: u32 = 0; let mut x91: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x90, &mut x91, x89, x76, (0x0 as u32)); let mut x92: u32 = 0; let mut x93: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x92, &mut x93, x91, x78, (0x0 as u32)); let mut x94: u32 = 0; let mut x95: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x94, &mut x95, x93, x80, (0x0 as u32)); let mut x96: u32 = 0; let mut x97: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x96, &mut x97, x95, x82, (0x0 as u32)); let mut x98: u32 = 0; let mut x99: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x98, &mut x99, x97, x84, (0x0 as u32)); let mut x100: u32 = 0; let mut x101: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x100, &mut x101, x99, ((x85 as u32) + x59), (0x0 as u32)); let mut x102: u32 = 0; let mut x103: u32 = 0; fiat_p256_mulx_u32(&mut x102, &mut x103, x86, 0xffffffff); let mut x104: u32 = 0; let mut x105: u32 = 0; fiat_p256_mulx_u32(&mut x104, &mut x105, x86, 0xffffffff); let mut x106: u32 = 0; let mut x107: u32 = 0; fiat_p256_mulx_u32(&mut x106, &mut x107, x86, 0xffffffff); let mut x108: u32 = 0; let mut x109: u32 = 0; fiat_p256_mulx_u32(&mut x108, &mut x109, x86, 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x110, &mut x111, 0x0, x109, x106); let mut x112: u32 = 0; let mut x113: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x112, &mut x113, x111, x107, x104); let mut x114: u32 = 0; let mut x115: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x114, &mut x115, 0x0, x86, x108); let mut x116: u32 = 0; let mut x117: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x116, &mut x117, x115, x88, x110); let mut x118: u32 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x118, &mut x119, x117, x90, x112); let mut x120: u32 = 0; let mut x121: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x120, &mut x121, x119, x92, ((x113 as u32) + x105)); let mut x122: u32 = 0; let mut x123: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x122, &mut x123, x121, x94, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x124, &mut x125, x123, x96, (0x0 as u32)); let mut x126: u32 = 0; let mut x127: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x126, &mut x127, x125, x98, x86); let mut x128: u32 = 0; let mut x129: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x128, &mut x129, x127, x100, x102); let mut x130: u32 = 0; let mut x131: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x130, &mut x131, x129, (x101 as u32), x103); let mut x132: u32 = 0; let mut x133: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x132, &mut x133, 0x0, x116, (arg1[4])); let mut x134: u32 = 0; let mut x135: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x134, &mut x135, x133, x118, (0x0 as u32)); let mut x136: u32 = 0; let mut x137: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x136, &mut x137, x135, x120, (0x0 as u32)); let mut x138: u32 = 0; let mut x139: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x138, &mut x139, x137, x122, (0x0 as u32)); let mut x140: u32 = 0; let mut x141: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x140, &mut x141, x139, x124, (0x0 as u32)); let mut x142: u32 = 0; let mut x143: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x142, &mut x143, x141, x126, (0x0 as u32)); let mut x144: u32 = 0; let mut x145: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x144, &mut x145, x143, x128, (0x0 as u32)); let mut x146: u32 = 0; let mut x147: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x146, &mut x147, x145, x130, (0x0 as u32)); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_p256_mulx_u32(&mut x148, &mut x149, x132, 0xffffffff); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_p256_mulx_u32(&mut x150, &mut x151, x132, 0xffffffff); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_p256_mulx_u32(&mut x152, &mut x153, x132, 0xffffffff); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_p256_mulx_u32(&mut x154, &mut x155, x132, 0xffffffff); let mut x156: u32 = 0; let mut x157: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x156, &mut x157, 0x0, x155, x152); let mut x158: u32 = 0; let mut x159: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x158, &mut x159, x157, x153, x150); let mut x160: u32 = 0; let mut x161: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x160, &mut x161, 0x0, x132, x154); let mut x162: u32 = 0; let mut x163: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x162, &mut x163, x161, x134, x156); let mut x164: u32 = 0; let mut x165: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x164, &mut x165, x163, x136, x158); let mut x166: u32 = 0; let mut x167: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x166, &mut x167, x165, x138, ((x159 as u32) + x151)); let mut x168: u32 = 0; let mut x169: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x168, &mut x169, x167, x140, (0x0 as u32)); let mut x170: u32 = 0; let mut x171: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x170, &mut x171, x169, x142, (0x0 as u32)); let mut x172: u32 = 0; let mut x173: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x172, &mut x173, x171, x144, x132); let mut x174: u32 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x174, &mut x175, x173, x146, x148); let mut x176: u32 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x176, &mut x177, x175, ((x147 as u32) + (x131 as u32)), x149); let mut x178: u32 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x178, &mut x179, 0x0, x162, (arg1[5])); let mut x180: u32 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x180, &mut x181, x179, x164, (0x0 as u32)); let mut x182: u32 = 0; let mut x183: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x182, &mut x183, x181, x166, (0x0 as u32)); let mut x184: u32 = 0; let mut x185: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x184, &mut x185, x183, x168, (0x0 as u32)); let mut x186: u32 = 0; let mut x187: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x186, &mut x187, x185, x170, (0x0 as u32)); let mut x188: u32 = 0; let mut x189: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x188, &mut x189, x187, x172, (0x0 as u32)); let mut x190: u32 = 0; let mut x191: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x190, &mut x191, x189, x174, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x192, &mut x193, x191, x176, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p256_mulx_u32(&mut x194, &mut x195, x178, 0xffffffff); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_p256_mulx_u32(&mut x196, &mut x197, x178, 0xffffffff); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_p256_mulx_u32(&mut x198, &mut x199, x178, 0xffffffff); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_p256_mulx_u32(&mut x200, &mut x201, x178, 0xffffffff); let mut x202: u32 = 0; let mut x203: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x202, &mut x203, 0x0, x201, x198); let mut x204: u32 = 0; let mut x205: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x204, &mut x205, x203, x199, x196); let mut x206: u32 = 0; let mut x207: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x206, &mut x207, 0x0, x178, x200); let mut x208: u32 = 0; let mut x209: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x208, &mut x209, x207, x180, x202); let mut x210: u32 = 0; let mut x211: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x210, &mut x211, x209, x182, x204); let mut x212: u32 = 0; let mut x213: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x212, &mut x213, x211, x184, ((x205 as u32) + x197)); let mut x214: u32 = 0; let mut x215: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x214, &mut x215, x213, x186, (0x0 as u32)); let mut x216: u32 = 0; let mut x217: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x216, &mut x217, x215, x188, (0x0 as u32)); let mut x218: u32 = 0; let mut x219: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x218, &mut x219, x217, x190, x178); let mut x220: u32 = 0; let mut x221: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x220, &mut x221, x219, x192, x194); let mut x222: u32 = 0; let mut x223: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x222, &mut x223, x221, ((x193 as u32) + (x177 as u32)), x195); let mut x224: u32 = 0; let mut x225: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x224, &mut x225, 0x0, x208, (arg1[6])); let mut x226: u32 = 0; let mut x227: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x226, &mut x227, x225, x210, (0x0 as u32)); let mut x228: u32 = 0; let mut x229: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x228, &mut x229, x227, x212, (0x0 as u32)); let mut x230: u32 = 0; let mut x231: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x230, &mut x231, x229, x214, (0x0 as u32)); let mut x232: u32 = 0; let mut x233: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x232, &mut x233, x231, x216, (0x0 as u32)); let mut x234: u32 = 0; let mut x235: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x234, &mut x235, x233, x218, (0x0 as u32)); let mut x236: u32 = 0; let mut x237: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x236, &mut x237, x235, x220, (0x0 as u32)); let mut x238: u32 = 0; let mut x239: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x238, &mut x239, x237, x222, (0x0 as u32)); let mut x240: u32 = 0; let mut x241: u32 = 0; fiat_p256_mulx_u32(&mut x240, &mut x241, x224, 0xffffffff); let mut x242: u32 = 0; let mut x243: u32 = 0; fiat_p256_mulx_u32(&mut x242, &mut x243, x224, 0xffffffff); let mut x244: u32 = 0; let mut x245: u32 = 0; fiat_p256_mulx_u32(&mut x244, &mut x245, x224, 0xffffffff); let mut x246: u32 = 0; let mut x247: u32 = 0; fiat_p256_mulx_u32(&mut x246, &mut x247, x224, 0xffffffff); let mut x248: u32 = 0; let mut x249: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x248, &mut x249, 0x0, x247, x244); let mut x250: u32 = 0; let mut x251: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x250, &mut x251, x249, x245, x242); let mut x252: u32 = 0; let mut x253: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x252, &mut x253, 0x0, x224, x246); let mut x254: u32 = 0; let mut x255: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x254, &mut x255, x253, x226, x248); let mut x256: u32 = 0; let mut x257: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x256, &mut x257, x255, x228, x250); let mut x258: u32 = 0; let mut x259: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x258, &mut x259, x257, x230, ((x251 as u32) + x243)); let mut x260: u32 = 0; let mut x261: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x260, &mut x261, x259, x232, (0x0 as u32)); let mut x262: u32 = 0; let mut x263: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x262, &mut x263, x261, x234, (0x0 as u32)); let mut x264: u32 = 0; let mut x265: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x264, &mut x265, x263, x236, x224); let mut x266: u32 = 0; let mut x267: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x266, &mut x267, x265, x238, x240); let mut x268: u32 = 0; let mut x269: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x268, &mut x269, x267, ((x239 as u32) + (x223 as u32)), x241); let mut x270: u32 = 0; let mut x271: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x270, &mut x271, 0x0, x254, (arg1[7])); let mut x272: u32 = 0; let mut x273: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x272, &mut x273, x271, x256, (0x0 as u32)); let mut x274: u32 = 0; let mut x275: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x274, &mut x275, x273, x258, (0x0 as u32)); let mut x276: u32 = 0; let mut x277: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x276, &mut x277, x275, x260, (0x0 as u32)); let mut x278: u32 = 0; let mut x279: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x278, &mut x279, x277, x262, (0x0 as u32)); let mut x280: u32 = 0; let mut x281: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x280, &mut x281, x279, x264, (0x0 as u32)); let mut x282: u32 = 0; let mut x283: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x282, &mut x283, x281, x266, (0x0 as u32)); let mut x284: u32 = 0; let mut x285: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x284, &mut x285, x283, x268, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p256_mulx_u32(&mut x286, &mut x287, x270, 0xffffffff); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p256_mulx_u32(&mut x288, &mut x289, x270, 0xffffffff); let mut x290: u32 = 0; let mut x291: u32 = 0; fiat_p256_mulx_u32(&mut x290, &mut x291, x270, 0xffffffff); let mut x292: u32 = 0; let mut x293: u32 = 0; fiat_p256_mulx_u32(&mut x292, &mut x293, x270, 0xffffffff); let mut x294: u32 = 0; let mut x295: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x294, &mut x295, 0x0, x293, x290); let mut x296: u32 = 0; let mut x297: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x296, &mut x297, x295, x291, x288); let mut x298: u32 = 0; let mut x299: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x298, &mut x299, 0x0, x270, x292); let mut x300: u32 = 0; let mut x301: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x300, &mut x301, x299, x272, x294); let mut x302: u32 = 0; let mut x303: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x302, &mut x303, x301, x274, x296); let mut x304: u32 = 0; let mut x305: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x304, &mut x305, x303, x276, ((x297 as u32) + x289)); let mut x306: u32 = 0; let mut x307: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x306, &mut x307, x305, x278, (0x0 as u32)); let mut x308: u32 = 0; let mut x309: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x308, &mut x309, x307, x280, (0x0 as u32)); let mut x310: u32 = 0; let mut x311: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x310, &mut x311, x309, x282, x270); let mut x312: u32 = 0; let mut x313: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x312, &mut x313, x311, x284, x286); let mut x314: u32 = 0; let mut x315: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x314, &mut x315, x313, ((x285 as u32) + (x269 as u32)), x287); let mut x316: u32 = 0; let mut x317: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x316, &mut x317, 0x0, x300, 0xffffffff); let mut x318: u32 = 0; let mut x319: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x318, &mut x319, x317, x302, 0xffffffff); let mut x320: u32 = 0; let mut x321: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x320, &mut x321, x319, x304, 0xffffffff); let mut x322: u32 = 0; let mut x323: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x322, &mut x323, x321, x306, (0x0 as u32)); let mut x324: u32 = 0; let mut x325: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x324, &mut x325, x323, x308, (0x0 as u32)); let mut x326: u32 = 0; let mut x327: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x326, &mut x327, x325, x310, (0x0 as u32)); let mut x328: u32 = 0; let mut x329: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x328, &mut x329, x327, x312, (0x1 as u32)); let mut x330: u32 = 0; let mut x331: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x330, &mut x331, x329, x314, 0xffffffff); let mut x332: u32 = 0; let mut x333: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x332, &mut x333, x331, (x315 as u32), (0x0 as u32)); let mut x334: u32 = 0; fiat_p256_cmovznz_u32(&mut x334, x333, x316, x300); let mut x335: u32 = 0; fiat_p256_cmovznz_u32(&mut x335, x333, x318, x302); let mut x336: u32 = 0; fiat_p256_cmovznz_u32(&mut x336, x333, x320, x304); let mut x337: u32 = 0; fiat_p256_cmovznz_u32(&mut x337, x333, x322, x306); let mut x338: u32 = 0; fiat_p256_cmovznz_u32(&mut x338, x333, x324, x308); let mut x339: u32 = 0; fiat_p256_cmovznz_u32(&mut x339, x333, x326, x310); let mut x340: u32 = 0; fiat_p256_cmovznz_u32(&mut x340, x333, x328, x312); let mut x341: u32 = 0; fiat_p256_cmovznz_u32(&mut x341, x333, x330, x314); out1[0] = x334; out1[1] = x335; out1[2] = x336; out1[3] = x337; out1[4] = x338; out1[5] = x339; out1[6] = x340; out1[7] = x341; } /// The function fiat_p256_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_to_montgomery(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_mulx_u32(&mut x9, &mut x10, x8, 0x4); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_mulx_u32(&mut x11, &mut x12, x8, 0xfffffffd); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_mulx_u32(&mut x13, &mut x14, x8, 0xffffffff); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_mulx_u32(&mut x15, &mut x16, x8, 0xfffffffe); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_mulx_u32(&mut x17, &mut x18, x8, 0xfffffffb); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_mulx_u32(&mut x19, &mut x20, x8, 0xffffffff); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_mulx_u32(&mut x21, &mut x22, x8, 0x3); let mut x23: u32 = 0; let mut x24: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x23, &mut x24, 0x0, x20, x17); let mut x25: u32 = 0; let mut x26: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x25, &mut x26, x24, x18, x15); let mut x27: u32 = 0; let mut x28: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x27, &mut x28, x26, x16, x13); let mut x29: u32 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x29, &mut x30, x28, x14, x11); let mut x31: u32 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x31, &mut x32, x30, x12, x9); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p256_mulx_u32(&mut x33, &mut x34, x21, 0xffffffff); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p256_mulx_u32(&mut x35, &mut x36, x21, 0xffffffff); let mut x37: u32 = 0; let mut x38: u32 = 0; fiat_p256_mulx_u32(&mut x37, &mut x38, x21, 0xffffffff); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_p256_mulx_u32(&mut x39, &mut x40, x21, 0xffffffff); let mut x41: u32 = 0; let mut x42: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x41, &mut x42, 0x0, x40, x37); let mut x43: u32 = 0; let mut x44: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x43, &mut x44, x42, x38, x35); let mut x45: u32 = 0; let mut x46: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x45, &mut x46, 0x0, x21, x39); let mut x47: u32 = 0; let mut x48: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x47, &mut x48, x46, x22, x41); let mut x49: u32 = 0; let mut x50: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x49, &mut x50, x48, x19, x43); let mut x51: u32 = 0; let mut x52: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x51, &mut x52, x50, x23, ((x44 as u32) + x36)); let mut x53: u32 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x53, &mut x54, x52, x25, (0x0 as u32)); let mut x55: u32 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x55, &mut x56, x54, x27, (0x0 as u32)); let mut x57: u32 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x57, &mut x58, x56, x29, x21); let mut x59: u32 = 0; let mut x60: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x59, &mut x60, x58, x31, x33); let mut x61: u32 = 0; let mut x62: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x61, &mut x62, x60, ((x32 as u32) + x10), x34); let mut x63: u32 = 0; let mut x64: u32 = 0; fiat_p256_mulx_u32(&mut x63, &mut x64, x1, 0x4); let mut x65: u32 = 0; let mut x66: u32 = 0; fiat_p256_mulx_u32(&mut x65, &mut x66, x1, 0xfffffffd); let mut x67: u32 = 0; let mut x68: u32 = 0; fiat_p256_mulx_u32(&mut x67, &mut x68, x1, 0xffffffff); let mut x69: u32 = 0; let mut x70: u32 = 0; fiat_p256_mulx_u32(&mut x69, &mut x70, x1, 0xfffffffe); let mut x71: u32 = 0; let mut x72: u32 = 0; fiat_p256_mulx_u32(&mut x71, &mut x72, x1, 0xfffffffb); let mut x73: u32 = 0; let mut x74: u32 = 0; fiat_p256_mulx_u32(&mut x73, &mut x74, x1, 0xffffffff); let mut x75: u32 = 0; let mut x76: u32 = 0; fiat_p256_mulx_u32(&mut x75, &mut x76, x1, 0x3); let mut x77: u32 = 0; let mut x78: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x77, &mut x78, 0x0, x74, x71); let mut x79: u32 = 0; let mut x80: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x79, &mut x80, x78, x72, x69); let mut x81: u32 = 0; let mut x82: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x81, &mut x82, x80, x70, x67); let mut x83: u32 = 0; let mut x84: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x83, &mut x84, x82, x68, x65); let mut x85: u32 = 0; let mut x86: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x85, &mut x86, x84, x66, x63); let mut x87: u32 = 0; let mut x88: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x87, &mut x88, 0x0, x47, x75); let mut x89: u32 = 0; let mut x90: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x89, &mut x90, x88, x49, x76); let mut x91: u32 = 0; let mut x92: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x91, &mut x92, x90, x51, x73); let mut x93: u32 = 0; let mut x94: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x93, &mut x94, x92, x53, x77); let mut x95: u32 = 0; let mut x96: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x95, &mut x96, x94, x55, x79); let mut x97: u32 = 0; let mut x98: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x97, &mut x98, x96, x57, x81); let mut x99: u32 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x99, &mut x100, x98, x59, x83); let mut x101: u32 = 0; let mut x102: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x101, &mut x102, x100, x61, x85); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_p256_mulx_u32(&mut x103, &mut x104, x87, 0xffffffff); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_p256_mulx_u32(&mut x105, &mut x106, x87, 0xffffffff); let mut x107: u32 = 0; let mut x108: u32 = 0; fiat_p256_mulx_u32(&mut x107, &mut x108, x87, 0xffffffff); let mut x109: u32 = 0; let mut x110: u32 = 0; fiat_p256_mulx_u32(&mut x109, &mut x110, x87, 0xffffffff); let mut x111: u32 = 0; let mut x112: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x111, &mut x112, 0x0, x110, x107); let mut x113: u32 = 0; let mut x114: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x113, &mut x114, x112, x108, x105); let mut x115: u32 = 0; let mut x116: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x115, &mut x116, 0x0, x87, x109); let mut x117: u32 = 0; let mut x118: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x117, &mut x118, x116, x89, x111); let mut x119: u32 = 0; let mut x120: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x119, &mut x120, x118, x91, x113); let mut x121: u32 = 0; let mut x122: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x121, &mut x122, x120, x93, ((x114 as u32) + x106)); let mut x123: u32 = 0; let mut x124: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x123, &mut x124, x122, x95, (0x0 as u32)); let mut x125: u32 = 0; let mut x126: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x125, &mut x126, x124, x97, (0x0 as u32)); let mut x127: u32 = 0; let mut x128: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x127, &mut x128, x126, x99, x87); let mut x129: u32 = 0; let mut x130: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x129, &mut x130, x128, x101, x103); let mut x131: u32 = 0; let mut x132: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x131, &mut x132, x130, (((x102 as u32) + (x62 as u32)) + ((x86 as u32) + x64)), x104); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p256_mulx_u32(&mut x133, &mut x134, x2, 0x4); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p256_mulx_u32(&mut x135, &mut x136, x2, 0xfffffffd); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p256_mulx_u32(&mut x137, &mut x138, x2, 0xffffffff); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p256_mulx_u32(&mut x139, &mut x140, x2, 0xfffffffe); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p256_mulx_u32(&mut x141, &mut x142, x2, 0xfffffffb); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p256_mulx_u32(&mut x143, &mut x144, x2, 0xffffffff); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p256_mulx_u32(&mut x145, &mut x146, x2, 0x3); let mut x147: u32 = 0; let mut x148: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x147, &mut x148, 0x0, x144, x141); let mut x149: u32 = 0; let mut x150: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x149, &mut x150, x148, x142, x139); let mut x151: u32 = 0; let mut x152: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x151, &mut x152, x150, x140, x137); let mut x153: u32 = 0; let mut x154: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x153, &mut x154, x152, x138, x135); let mut x155: u32 = 0; let mut x156: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x155, &mut x156, x154, x136, x133); let mut x157: u32 = 0; let mut x158: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x157, &mut x158, 0x0, x117, x145); let mut x159: u32 = 0; let mut x160: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x159, &mut x160, x158, x119, x146); let mut x161: u32 = 0; let mut x162: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x161, &mut x162, x160, x121, x143); let mut x163: u32 = 0; let mut x164: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x163, &mut x164, x162, x123, x147); let mut x165: u32 = 0; let mut x166: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x165, &mut x166, x164, x125, x149); let mut x167: u32 = 0; let mut x168: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x167, &mut x168, x166, x127, x151); let mut x169: u32 = 0; let mut x170: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x169, &mut x170, x168, x129, x153); let mut x171: u32 = 0; let mut x172: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x171, &mut x172, x170, x131, x155); let mut x173: u32 = 0; let mut x174: u32 = 0; fiat_p256_mulx_u32(&mut x173, &mut x174, x157, 0xffffffff); let mut x175: u32 = 0; let mut x176: u32 = 0; fiat_p256_mulx_u32(&mut x175, &mut x176, x157, 0xffffffff); let mut x177: u32 = 0; let mut x178: u32 = 0; fiat_p256_mulx_u32(&mut x177, &mut x178, x157, 0xffffffff); let mut x179: u32 = 0; let mut x180: u32 = 0; fiat_p256_mulx_u32(&mut x179, &mut x180, x157, 0xffffffff); let mut x181: u32 = 0; let mut x182: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x181, &mut x182, 0x0, x180, x177); let mut x183: u32 = 0; let mut x184: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x183, &mut x184, x182, x178, x175); let mut x185: u32 = 0; let mut x186: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x185, &mut x186, 0x0, x157, x179); let mut x187: u32 = 0; let mut x188: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x187, &mut x188, x186, x159, x181); let mut x189: u32 = 0; let mut x190: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x189, &mut x190, x188, x161, x183); let mut x191: u32 = 0; let mut x192: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x191, &mut x192, x190, x163, ((x184 as u32) + x176)); let mut x193: u32 = 0; let mut x194: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x193, &mut x194, x192, x165, (0x0 as u32)); let mut x195: u32 = 0; let mut x196: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x195, &mut x196, x194, x167, (0x0 as u32)); let mut x197: u32 = 0; let mut x198: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x197, &mut x198, x196, x169, x157); let mut x199: u32 = 0; let mut x200: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x199, &mut x200, x198, x171, x173); let mut x201: u32 = 0; let mut x202: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x201, &mut x202, x200, (((x172 as u32) + (x132 as u32)) + ((x156 as u32) + x134)), x174); let mut x203: u32 = 0; let mut x204: u32 = 0; fiat_p256_mulx_u32(&mut x203, &mut x204, x3, 0x4); let mut x205: u32 = 0; let mut x206: u32 = 0; fiat_p256_mulx_u32(&mut x205, &mut x206, x3, 0xfffffffd); let mut x207: u32 = 0; let mut x208: u32 = 0; fiat_p256_mulx_u32(&mut x207, &mut x208, x3, 0xffffffff); let mut x209: u32 = 0; let mut x210: u32 = 0; fiat_p256_mulx_u32(&mut x209, &mut x210, x3, 0xfffffffe); let mut x211: u32 = 0; let mut x212: u32 = 0; fiat_p256_mulx_u32(&mut x211, &mut x212, x3, 0xfffffffb); let mut x213: u32 = 0; let mut x214: u32 = 0; fiat_p256_mulx_u32(&mut x213, &mut x214, x3, 0xffffffff); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_p256_mulx_u32(&mut x215, &mut x216, x3, 0x3); let mut x217: u32 = 0; let mut x218: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x217, &mut x218, 0x0, x214, x211); let mut x219: u32 = 0; let mut x220: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x219, &mut x220, x218, x212, x209); let mut x221: u32 = 0; let mut x222: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x221, &mut x222, x220, x210, x207); let mut x223: u32 = 0; let mut x224: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x223, &mut x224, x222, x208, x205); let mut x225: u32 = 0; let mut x226: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x225, &mut x226, x224, x206, x203); let mut x227: u32 = 0; let mut x228: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x227, &mut x228, 0x0, x187, x215); let mut x229: u32 = 0; let mut x230: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x229, &mut x230, x228, x189, x216); let mut x231: u32 = 0; let mut x232: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x231, &mut x232, x230, x191, x213); let mut x233: u32 = 0; let mut x234: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x233, &mut x234, x232, x193, x217); let mut x235: u32 = 0; let mut x236: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x235, &mut x236, x234, x195, x219); let mut x237: u32 = 0; let mut x238: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x237, &mut x238, x236, x197, x221); let mut x239: u32 = 0; let mut x240: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x239, &mut x240, x238, x199, x223); let mut x241: u32 = 0; let mut x242: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x241, &mut x242, x240, x201, x225); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_p256_mulx_u32(&mut x243, &mut x244, x227, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_p256_mulx_u32(&mut x245, &mut x246, x227, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_p256_mulx_u32(&mut x247, &mut x248, x227, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_p256_mulx_u32(&mut x249, &mut x250, x227, 0xffffffff); let mut x251: u32 = 0; let mut x252: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x251, &mut x252, 0x0, x250, x247); let mut x253: u32 = 0; let mut x254: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x253, &mut x254, x252, x248, x245); let mut x255: u32 = 0; let mut x256: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x255, &mut x256, 0x0, x227, x249); let mut x257: u32 = 0; let mut x258: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x257, &mut x258, x256, x229, x251); let mut x259: u32 = 0; let mut x260: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x259, &mut x260, x258, x231, x253); let mut x261: u32 = 0; let mut x262: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x261, &mut x262, x260, x233, ((x254 as u32) + x246)); let mut x263: u32 = 0; let mut x264: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x263, &mut x264, x262, x235, (0x0 as u32)); let mut x265: u32 = 0; let mut x266: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x265, &mut x266, x264, x237, (0x0 as u32)); let mut x267: u32 = 0; let mut x268: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x267, &mut x268, x266, x239, x227); let mut x269: u32 = 0; let mut x270: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x269, &mut x270, x268, x241, x243); let mut x271: u32 = 0; let mut x272: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x271, &mut x272, x270, (((x242 as u32) + (x202 as u32)) + ((x226 as u32) + x204)), x244); let mut x273: u32 = 0; let mut x274: u32 = 0; fiat_p256_mulx_u32(&mut x273, &mut x274, x4, 0x4); let mut x275: u32 = 0; let mut x276: u32 = 0; fiat_p256_mulx_u32(&mut x275, &mut x276, x4, 0xfffffffd); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p256_mulx_u32(&mut x277, &mut x278, x4, 0xffffffff); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_p256_mulx_u32(&mut x279, &mut x280, x4, 0xfffffffe); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_p256_mulx_u32(&mut x281, &mut x282, x4, 0xfffffffb); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_p256_mulx_u32(&mut x283, &mut x284, x4, 0xffffffff); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_p256_mulx_u32(&mut x285, &mut x286, x4, 0x3); let mut x287: u32 = 0; let mut x288: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x287, &mut x288, 0x0, x284, x281); let mut x289: u32 = 0; let mut x290: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x289, &mut x290, x288, x282, x279); let mut x291: u32 = 0; let mut x292: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x291, &mut x292, x290, x280, x277); let mut x293: u32 = 0; let mut x294: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x293, &mut x294, x292, x278, x275); let mut x295: u32 = 0; let mut x296: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x295, &mut x296, x294, x276, x273); let mut x297: u32 = 0; let mut x298: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x297, &mut x298, 0x0, x257, x285); let mut x299: u32 = 0; let mut x300: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x299, &mut x300, x298, x259, x286); let mut x301: u32 = 0; let mut x302: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x301, &mut x302, x300, x261, x283); let mut x303: u32 = 0; let mut x304: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x303, &mut x304, x302, x263, x287); let mut x305: u32 = 0; let mut x306: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x305, &mut x306, x304, x265, x289); let mut x307: u32 = 0; let mut x308: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x307, &mut x308, x306, x267, x291); let mut x309: u32 = 0; let mut x310: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x309, &mut x310, x308, x269, x293); let mut x311: u32 = 0; let mut x312: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x311, &mut x312, x310, x271, x295); let mut x313: u32 = 0; let mut x314: u32 = 0; fiat_p256_mulx_u32(&mut x313, &mut x314, x297, 0xffffffff); let mut x315: u32 = 0; let mut x316: u32 = 0; fiat_p256_mulx_u32(&mut x315, &mut x316, x297, 0xffffffff); let mut x317: u32 = 0; let mut x318: u32 = 0; fiat_p256_mulx_u32(&mut x317, &mut x318, x297, 0xffffffff); let mut x319: u32 = 0; let mut x320: u32 = 0; fiat_p256_mulx_u32(&mut x319, &mut x320, x297, 0xffffffff); let mut x321: u32 = 0; let mut x322: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x321, &mut x322, 0x0, x320, x317); let mut x323: u32 = 0; let mut x324: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x323, &mut x324, x322, x318, x315); let mut x325: u32 = 0; let mut x326: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x325, &mut x326, 0x0, x297, x319); let mut x327: u32 = 0; let mut x328: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x327, &mut x328, x326, x299, x321); let mut x329: u32 = 0; let mut x330: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x329, &mut x330, x328, x301, x323); let mut x331: u32 = 0; let mut x332: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x331, &mut x332, x330, x303, ((x324 as u32) + x316)); let mut x333: u32 = 0; let mut x334: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x333, &mut x334, x332, x305, (0x0 as u32)); let mut x335: u32 = 0; let mut x336: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x335, &mut x336, x334, x307, (0x0 as u32)); let mut x337: u32 = 0; let mut x338: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x337, &mut x338, x336, x309, x297); let mut x339: u32 = 0; let mut x340: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x339, &mut x340, x338, x311, x313); let mut x341: u32 = 0; let mut x342: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x341, &mut x342, x340, (((x312 as u32) + (x272 as u32)) + ((x296 as u32) + x274)), x314); let mut x343: u32 = 0; let mut x344: u32 = 0; fiat_p256_mulx_u32(&mut x343, &mut x344, x5, 0x4); let mut x345: u32 = 0; let mut x346: u32 = 0; fiat_p256_mulx_u32(&mut x345, &mut x346, x5, 0xfffffffd); let mut x347: u32 = 0; let mut x348: u32 = 0; fiat_p256_mulx_u32(&mut x347, &mut x348, x5, 0xffffffff); let mut x349: u32 = 0; let mut x350: u32 = 0; fiat_p256_mulx_u32(&mut x349, &mut x350, x5, 0xfffffffe); let mut x351: u32 = 0; let mut x352: u32 = 0; fiat_p256_mulx_u32(&mut x351, &mut x352, x5, 0xfffffffb); let mut x353: u32 = 0; let mut x354: u32 = 0; fiat_p256_mulx_u32(&mut x353, &mut x354, x5, 0xffffffff); let mut x355: u32 = 0; let mut x356: u32 = 0; fiat_p256_mulx_u32(&mut x355, &mut x356, x5, 0x3); let mut x357: u32 = 0; let mut x358: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x357, &mut x358, 0x0, x354, x351); let mut x359: u32 = 0; let mut x360: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x359, &mut x360, x358, x352, x349); let mut x361: u32 = 0; let mut x362: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x361, &mut x362, x360, x350, x347); let mut x363: u32 = 0; let mut x364: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x363, &mut x364, x362, x348, x345); let mut x365: u32 = 0; let mut x366: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x365, &mut x366, x364, x346, x343); let mut x367: u32 = 0; let mut x368: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x367, &mut x368, 0x0, x327, x355); let mut x369: u32 = 0; let mut x370: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x369, &mut x370, x368, x329, x356); let mut x371: u32 = 0; let mut x372: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x371, &mut x372, x370, x331, x353); let mut x373: u32 = 0; let mut x374: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x373, &mut x374, x372, x333, x357); let mut x375: u32 = 0; let mut x376: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x375, &mut x376, x374, x335, x359); let mut x377: u32 = 0; let mut x378: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x377, &mut x378, x376, x337, x361); let mut x379: u32 = 0; let mut x380: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x379, &mut x380, x378, x339, x363); let mut x381: u32 = 0; let mut x382: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x381, &mut x382, x380, x341, x365); let mut x383: u32 = 0; let mut x384: u32 = 0; fiat_p256_mulx_u32(&mut x383, &mut x384, x367, 0xffffffff); let mut x385: u32 = 0; let mut x386: u32 = 0; fiat_p256_mulx_u32(&mut x385, &mut x386, x367, 0xffffffff); let mut x387: u32 = 0; let mut x388: u32 = 0; fiat_p256_mulx_u32(&mut x387, &mut x388, x367, 0xffffffff); let mut x389: u32 = 0; let mut x390: u32 = 0; fiat_p256_mulx_u32(&mut x389, &mut x390, x367, 0xffffffff); let mut x391: u32 = 0; let mut x392: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x391, &mut x392, 0x0, x390, x387); let mut x393: u32 = 0; let mut x394: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x393, &mut x394, x392, x388, x385); let mut x395: u32 = 0; let mut x396: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x395, &mut x396, 0x0, x367, x389); let mut x397: u32 = 0; let mut x398: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x397, &mut x398, x396, x369, x391); let mut x399: u32 = 0; let mut x400: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x399, &mut x400, x398, x371, x393); let mut x401: u32 = 0; let mut x402: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x401, &mut x402, x400, x373, ((x394 as u32) + x386)); let mut x403: u32 = 0; let mut x404: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x403, &mut x404, x402, x375, (0x0 as u32)); let mut x405: u32 = 0; let mut x406: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x405, &mut x406, x404, x377, (0x0 as u32)); let mut x407: u32 = 0; let mut x408: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x407, &mut x408, x406, x379, x367); let mut x409: u32 = 0; let mut x410: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x409, &mut x410, x408, x381, x383); let mut x411: u32 = 0; let mut x412: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x411, &mut x412, x410, (((x382 as u32) + (x342 as u32)) + ((x366 as u32) + x344)), x384); let mut x413: u32 = 0; let mut x414: u32 = 0; fiat_p256_mulx_u32(&mut x413, &mut x414, x6, 0x4); let mut x415: u32 = 0; let mut x416: u32 = 0; fiat_p256_mulx_u32(&mut x415, &mut x416, x6, 0xfffffffd); let mut x417: u32 = 0; let mut x418: u32 = 0; fiat_p256_mulx_u32(&mut x417, &mut x418, x6, 0xffffffff); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p256_mulx_u32(&mut x419, &mut x420, x6, 0xfffffffe); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p256_mulx_u32(&mut x421, &mut x422, x6, 0xfffffffb); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p256_mulx_u32(&mut x423, &mut x424, x6, 0xffffffff); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p256_mulx_u32(&mut x425, &mut x426, x6, 0x3); let mut x427: u32 = 0; let mut x428: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x427, &mut x428, 0x0, x424, x421); let mut x429: u32 = 0; let mut x430: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x429, &mut x430, x428, x422, x419); let mut x431: u32 = 0; let mut x432: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x431, &mut x432, x430, x420, x417); let mut x433: u32 = 0; let mut x434: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x433, &mut x434, x432, x418, x415); let mut x435: u32 = 0; let mut x436: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x435, &mut x436, x434, x416, x413); let mut x437: u32 = 0; let mut x438: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x437, &mut x438, 0x0, x397, x425); let mut x439: u32 = 0; let mut x440: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x439, &mut x440, x438, x399, x426); let mut x441: u32 = 0; let mut x442: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x441, &mut x442, x440, x401, x423); let mut x443: u32 = 0; let mut x444: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x443, &mut x444, x442, x403, x427); let mut x445: u32 = 0; let mut x446: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x445, &mut x446, x444, x405, x429); let mut x447: u32 = 0; let mut x448: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x447, &mut x448, x446, x407, x431); let mut x449: u32 = 0; let mut x450: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x449, &mut x450, x448, x409, x433); let mut x451: u32 = 0; let mut x452: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x451, &mut x452, x450, x411, x435); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p256_mulx_u32(&mut x453, &mut x454, x437, 0xffffffff); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p256_mulx_u32(&mut x455, &mut x456, x437, 0xffffffff); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_p256_mulx_u32(&mut x457, &mut x458, x437, 0xffffffff); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_p256_mulx_u32(&mut x459, &mut x460, x437, 0xffffffff); let mut x461: u32 = 0; let mut x462: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x461, &mut x462, 0x0, x460, x457); let mut x463: u32 = 0; let mut x464: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x463, &mut x464, x462, x458, x455); let mut x465: u32 = 0; let mut x466: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x465, &mut x466, 0x0, x437, x459); let mut x467: u32 = 0; let mut x468: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x467, &mut x468, x466, x439, x461); let mut x469: u32 = 0; let mut x470: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x469, &mut x470, x468, x441, x463); let mut x471: u32 = 0; let mut x472: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x471, &mut x472, x470, x443, ((x464 as u32) + x456)); let mut x473: u32 = 0; let mut x474: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x473, &mut x474, x472, x445, (0x0 as u32)); let mut x475: u32 = 0; let mut x476: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x475, &mut x476, x474, x447, (0x0 as u32)); let mut x477: u32 = 0; let mut x478: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x477, &mut x478, x476, x449, x437); let mut x479: u32 = 0; let mut x480: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x479, &mut x480, x478, x451, x453); let mut x481: u32 = 0; let mut x482: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x481, &mut x482, x480, (((x452 as u32) + (x412 as u32)) + ((x436 as u32) + x414)), x454); let mut x483: u32 = 0; let mut x484: u32 = 0; fiat_p256_mulx_u32(&mut x483, &mut x484, x7, 0x4); let mut x485: u32 = 0; let mut x486: u32 = 0; fiat_p256_mulx_u32(&mut x485, &mut x486, x7, 0xfffffffd); let mut x487: u32 = 0; let mut x488: u32 = 0; fiat_p256_mulx_u32(&mut x487, &mut x488, x7, 0xffffffff); let mut x489: u32 = 0; let mut x490: u32 = 0; fiat_p256_mulx_u32(&mut x489, &mut x490, x7, 0xfffffffe); let mut x491: u32 = 0; let mut x492: u32 = 0; fiat_p256_mulx_u32(&mut x491, &mut x492, x7, 0xfffffffb); let mut x493: u32 = 0; let mut x494: u32 = 0; fiat_p256_mulx_u32(&mut x493, &mut x494, x7, 0xffffffff); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_p256_mulx_u32(&mut x495, &mut x496, x7, 0x3); let mut x497: u32 = 0; let mut x498: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x497, &mut x498, 0x0, x494, x491); let mut x499: u32 = 0; let mut x500: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x499, &mut x500, x498, x492, x489); let mut x501: u32 = 0; let mut x502: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x501, &mut x502, x500, x490, x487); let mut x503: u32 = 0; let mut x504: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x503, &mut x504, x502, x488, x485); let mut x505: u32 = 0; let mut x506: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x505, &mut x506, x504, x486, x483); let mut x507: u32 = 0; let mut x508: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x507, &mut x508, 0x0, x467, x495); let mut x509: u32 = 0; let mut x510: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x509, &mut x510, x508, x469, x496); let mut x511: u32 = 0; let mut x512: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x511, &mut x512, x510, x471, x493); let mut x513: u32 = 0; let mut x514: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x513, &mut x514, x512, x473, x497); let mut x515: u32 = 0; let mut x516: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x515, &mut x516, x514, x475, x499); let mut x517: u32 = 0; let mut x518: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x517, &mut x518, x516, x477, x501); let mut x519: u32 = 0; let mut x520: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x519, &mut x520, x518, x479, x503); let mut x521: u32 = 0; let mut x522: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x521, &mut x522, x520, x481, x505); let mut x523: u32 = 0; let mut x524: u32 = 0; fiat_p256_mulx_u32(&mut x523, &mut x524, x507, 0xffffffff); let mut x525: u32 = 0; let mut x526: u32 = 0; fiat_p256_mulx_u32(&mut x525, &mut x526, x507, 0xffffffff); let mut x527: u32 = 0; let mut x528: u32 = 0; fiat_p256_mulx_u32(&mut x527, &mut x528, x507, 0xffffffff); let mut x529: u32 = 0; let mut x530: u32 = 0; fiat_p256_mulx_u32(&mut x529, &mut x530, x507, 0xffffffff); let mut x531: u32 = 0; let mut x532: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x531, &mut x532, 0x0, x530, x527); let mut x533: u32 = 0; let mut x534: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x533, &mut x534, x532, x528, x525); let mut x535: u32 = 0; let mut x536: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x535, &mut x536, 0x0, x507, x529); let mut x537: u32 = 0; let mut x538: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x537, &mut x538, x536, x509, x531); let mut x539: u32 = 0; let mut x540: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x539, &mut x540, x538, x511, x533); let mut x541: u32 = 0; let mut x542: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x541, &mut x542, x540, x513, ((x534 as u32) + x526)); let mut x543: u32 = 0; let mut x544: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x543, &mut x544, x542, x515, (0x0 as u32)); let mut x545: u32 = 0; let mut x546: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x545, &mut x546, x544, x517, (0x0 as u32)); let mut x547: u32 = 0; let mut x548: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x547, &mut x548, x546, x519, x507); let mut x549: u32 = 0; let mut x550: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x549, &mut x550, x548, x521, x523); let mut x551: u32 = 0; let mut x552: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x551, &mut x552, x550, (((x522 as u32) + (x482 as u32)) + ((x506 as u32) + x484)), x524); let mut x553: u32 = 0; let mut x554: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x553, &mut x554, 0x0, x537, 0xffffffff); let mut x555: u32 = 0; let mut x556: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x555, &mut x556, x554, x539, 0xffffffff); let mut x557: u32 = 0; let mut x558: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x557, &mut x558, x556, x541, 0xffffffff); let mut x559: u32 = 0; let mut x560: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x559, &mut x560, x558, x543, (0x0 as u32)); let mut x561: u32 = 0; let mut x562: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x561, &mut x562, x560, x545, (0x0 as u32)); let mut x563: u32 = 0; let mut x564: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x563, &mut x564, x562, x547, (0x0 as u32)); let mut x565: u32 = 0; let mut x566: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x565, &mut x566, x564, x549, (0x1 as u32)); let mut x567: u32 = 0; let mut x568: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x567, &mut x568, x566, x551, 0xffffffff); let mut x569: u32 = 0; let mut x570: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x569, &mut x570, x568, (x552 as u32), (0x0 as u32)); let mut x571: u32 = 0; fiat_p256_cmovznz_u32(&mut x571, x570, x553, x537); let mut x572: u32 = 0; fiat_p256_cmovznz_u32(&mut x572, x570, x555, x539); let mut x573: u32 = 0; fiat_p256_cmovznz_u32(&mut x573, x570, x557, x541); let mut x574: u32 = 0; fiat_p256_cmovznz_u32(&mut x574, x570, x559, x543); let mut x575: u32 = 0; fiat_p256_cmovznz_u32(&mut x575, x570, x561, x545); let mut x576: u32 = 0; fiat_p256_cmovznz_u32(&mut x576, x570, x563, x547); let mut x577: u32 = 0; fiat_p256_cmovznz_u32(&mut x577, x570, x565, x549); let mut x578: u32 = 0; fiat_p256_cmovznz_u32(&mut x578, x570, x567, x551); out1[0] = x571; out1[1] = x572; out1[2] = x573; out1[3] = x574; out1[4] = x575; out1[5] = x576; out1[6] = x577; out1[7] = x578; } /// The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_nonzero(out1: &mut u32, arg1: &[u32; 8]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); *out1 = x1; } /// The function fiat_p256_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_selectznz(out1: &mut [u32; 8], arg1: fiat_p256_u1, arg2: &[u32; 8], arg3: &[u32; 8]) { let mut x1: u32 = 0; fiat_p256_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p256_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p256_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p256_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p256_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p256_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p256_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p256_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p256_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p256_to_bytes(out1: &mut [u8; 32], arg1: &[u32; 8]) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[6]); let x3: u32 = (arg1[5]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[3]); let x6: u32 = (arg1[2]); let x7: u32 = (arg1[1]); let x8: u32 = (arg1[0]); let x9: u8 = ((x8 & (0xff as u32)) as u8); let x10: u32 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u32)) as u8); let x12: u32 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u8 = ((x12 >> 8) as u8); let x15: u8 = ((x7 & (0xff as u32)) as u8); let x16: u32 = (x7 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u32 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u32)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x6 & (0xff as u32)) as u8); let x22: u32 = (x6 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u32 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u32)) as u8); let x26: u8 = ((x24 >> 8) as u8); let x27: u8 = ((x5 & (0xff as u32)) as u8); let x28: u32 = (x5 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u32 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u32)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x4 & (0xff as u32)) as u8); let x34: u32 = (x4 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u32 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u32)) as u8); let x38: u8 = ((x36 >> 8) as u8); let x39: u8 = ((x3 & (0xff as u32)) as u8); let x40: u32 = (x3 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u8 = ((x2 & (0xff as u32)) as u8); let x46: u32 = (x2 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u32 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u32)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u8 = ((x1 & (0xff as u32)) as u8); let x52: u32 = (x1 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u32 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u32)) as u8); let x56: u8 = ((x54 >> 8) as u8); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x26; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x38; out1[20] = x39; out1[21] = x41; out1[22] = x43; out1[23] = x44; out1[24] = x45; out1[25] = x47; out1[26] = x49; out1[27] = x50; out1[28] = x51; out1[29] = x53; out1[30] = x55; out1[31] = x56; } /// The function fiat_p256_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_from_bytes(out1: &mut [u32; 8], arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 24); let x2: u32 = (((arg1[30]) as u32) << 16); let x3: u32 = (((arg1[29]) as u32) << 8); let x4: u8 = (arg1[28]); let x5: u32 = (((arg1[27]) as u32) << 24); let x6: u32 = (((arg1[26]) as u32) << 16); let x7: u32 = (((arg1[25]) as u32) << 8); let x8: u8 = (arg1[24]); let x9: u32 = (((arg1[23]) as u32) << 24); let x10: u32 = (((arg1[22]) as u32) << 16); let x11: u32 = (((arg1[21]) as u32) << 8); let x12: u8 = (arg1[20]); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 24); let x18: u32 = (((arg1[14]) as u32) << 16); let x19: u32 = (((arg1[13]) as u32) << 8); let x20: u8 = (arg1[12]); let x21: u32 = (((arg1[11]) as u32) << 24); let x22: u32 = (((arg1[10]) as u32) << 16); let x23: u32 = (((arg1[9]) as u32) << 8); let x24: u8 = (arg1[8]); let x25: u32 = (((arg1[7]) as u32) << 24); let x26: u32 = (((arg1[6]) as u32) << 16); let x27: u32 = (((arg1[5]) as u32) << 8); let x28: u8 = (arg1[4]); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x27 + (x28 as u32)); let x37: u32 = (x26 + x36); let x38: u32 = (x25 + x37); let x39: u32 = (x23 + (x24 as u32)); let x40: u32 = (x22 + x39); let x41: u32 = (x21 + x40); let x42: u32 = (x19 + (x20 as u32)); let x43: u32 = (x18 + x42); let x44: u32 = (x17 + x43); let x45: u32 = (x15 + (x16 as u32)); let x46: u32 = (x14 + x45); let x47: u32 = (x13 + x46); let x48: u32 = (x11 + (x12 as u32)); let x49: u32 = (x10 + x48); let x50: u32 = (x9 + x49); let x51: u32 = (x7 + (x8 as u32)); let x52: u32 = (x6 + x51); let x53: u32 = (x5 + x52); let x54: u32 = (x3 + (x4 as u32)); let x55: u32 = (x2 + x54); let x56: u32 = (x1 + x55); out1[0] = x35; out1[1] = x38; out1[2] = x41; out1[3] = x44; out1[4] = x47; out1[5] = x50; out1[6] = x53; out1[7] = x56; } /// The function fiat_p256_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_set_one(out1: &mut fiat_p256_montgomery_domain_field_element) { out1[0] = (0x1 as u32); out1[1] = (0x0 as u32); out1[2] = (0x0 as u32); out1[3] = 0xffffffff; out1[4] = 0xffffffff; out1[5] = 0xffffffff; out1[6] = 0xfffffffe; out1[7] = (0x0 as u32); } /// The function fiat_p256_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_msat(out1: &mut [u32; 9]) { out1[0] = 0xffffffff; out1[1] = 0xffffffff; out1[2] = 0xffffffff; out1[3] = (0x0 as u32); out1[4] = (0x0 as u32); out1[5] = (0x0 as u32); out1[6] = (0x1 as u32); out1[7] = 0xffffffff; out1[8] = (0x0 as u32); } /// The function fiat_p256_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_divstep(out1: &mut u32, out2: &mut [u32; 9], out3: &mut [u32; 9], out4: &mut [u32; 8], out5: &mut [u32; 8], arg1: u32, arg2: &[u32; 9], arg3: &[u32; 9], arg4: &[u32; 8], arg5: &[u32; 8]) { let mut x1: u32 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_p256_u1 = (((x1 >> 31) as fiat_p256_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_p256_u1)); let mut x4: u32 = 0; let mut x5: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_p256_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_p256_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_p256_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_p256_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_p256_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_p256_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_p256_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_p256_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_p256_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_p256_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; let mut x17: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x16, &mut x17, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x18: u32 = 0; let mut x19: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), (!(arg2[1]))); let mut x20: u32 = 0; let mut x21: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), (!(arg2[2]))); let mut x22: u32 = 0; let mut x23: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[3]))); let mut x24: u32 = 0; let mut x25: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[4]))); let mut x26: u32 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[5]))); let mut x28: u32 = 0; let mut x29: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[6]))); let mut x30: u32 = 0; let mut x31: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[7]))); let mut x32: u32 = 0; let mut x33: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[8]))); let mut x34: u32 = 0; fiat_p256_cmovznz_u32(&mut x34, x3, (arg3[0]), x16); let mut x35: u32 = 0; fiat_p256_cmovznz_u32(&mut x35, x3, (arg3[1]), x18); let mut x36: u32 = 0; fiat_p256_cmovznz_u32(&mut x36, x3, (arg3[2]), x20); let mut x37: u32 = 0; fiat_p256_cmovznz_u32(&mut x37, x3, (arg3[3]), x22); let mut x38: u32 = 0; fiat_p256_cmovznz_u32(&mut x38, x3, (arg3[4]), x24); let mut x39: u32 = 0; fiat_p256_cmovznz_u32(&mut x39, x3, (arg3[5]), x26); let mut x40: u32 = 0; fiat_p256_cmovznz_u32(&mut x40, x3, (arg3[6]), x28); let mut x41: u32 = 0; fiat_p256_cmovznz_u32(&mut x41, x3, (arg3[7]), x30); let mut x42: u32 = 0; fiat_p256_cmovznz_u32(&mut x42, x3, (arg3[8]), x32); let mut x43: u32 = 0; fiat_p256_cmovznz_u32(&mut x43, x3, (arg4[0]), (arg5[0])); let mut x44: u32 = 0; fiat_p256_cmovznz_u32(&mut x44, x3, (arg4[1]), (arg5[1])); let mut x45: u32 = 0; fiat_p256_cmovznz_u32(&mut x45, x3, (arg4[2]), (arg5[2])); let mut x46: u32 = 0; fiat_p256_cmovznz_u32(&mut x46, x3, (arg4[3]), (arg5[3])); let mut x47: u32 = 0; fiat_p256_cmovznz_u32(&mut x47, x3, (arg4[4]), (arg5[4])); let mut x48: u32 = 0; fiat_p256_cmovznz_u32(&mut x48, x3, (arg4[5]), (arg5[5])); let mut x49: u32 = 0; fiat_p256_cmovznz_u32(&mut x49, x3, (arg4[6]), (arg5[6])); let mut x50: u32 = 0; fiat_p256_cmovznz_u32(&mut x50, x3, (arg4[7]), (arg5[7])); let mut x51: u32 = 0; let mut x52: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x51, &mut x52, 0x0, x43, x43); let mut x53: u32 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x53, &mut x54, x52, x44, x44); let mut x55: u32 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x55, &mut x56, x54, x45, x45); let mut x57: u32 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x57, &mut x58, x56, x46, x46); let mut x59: u32 = 0; let mut x60: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x59, &mut x60, x58, x47, x47); let mut x61: u32 = 0; let mut x62: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x61, &mut x62, x60, x48, x48); let mut x63: u32 = 0; let mut x64: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x63, &mut x64, x62, x49, x49); let mut x65: u32 = 0; let mut x66: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x65, &mut x66, x64, x50, x50); let mut x67: u32 = 0; let mut x68: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x67, &mut x68, 0x0, x51, 0xffffffff); let mut x69: u32 = 0; let mut x70: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x69, &mut x70, x68, x53, 0xffffffff); let mut x71: u32 = 0; let mut x72: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x71, &mut x72, x70, x55, 0xffffffff); let mut x73: u32 = 0; let mut x74: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x73, &mut x74, x72, x57, (0x0 as u32)); let mut x75: u32 = 0; let mut x76: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x75, &mut x76, x74, x59, (0x0 as u32)); let mut x77: u32 = 0; let mut x78: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x77, &mut x78, x76, x61, (0x0 as u32)); let mut x79: u32 = 0; let mut x80: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x79, &mut x80, x78, x63, (0x1 as u32)); let mut x81: u32 = 0; let mut x82: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x81, &mut x82, x80, x65, 0xffffffff); let mut x83: u32 = 0; let mut x84: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x83, &mut x84, x82, (x66 as u32), (0x0 as u32)); let x85: u32 = (arg4[7]); let x86: u32 = (arg4[6]); let x87: u32 = (arg4[5]); let x88: u32 = (arg4[4]); let x89: u32 = (arg4[3]); let x90: u32 = (arg4[2]); let x91: u32 = (arg4[1]); let x92: u32 = (arg4[0]); let mut x93: u32 = 0; let mut x94: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x93, &mut x94, 0x0, (0x0 as u32), x92); let mut x95: u32 = 0; let mut x96: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x91); let mut x97: u32 = 0; let mut x98: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x97, &mut x98, x96, (0x0 as u32), x90); let mut x99: u32 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x99, &mut x100, x98, (0x0 as u32), x89); let mut x101: u32 = 0; let mut x102: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x101, &mut x102, x100, (0x0 as u32), x88); let mut x103: u32 = 0; let mut x104: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x103, &mut x104, x102, (0x0 as u32), x87); let mut x105: u32 = 0; let mut x106: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x105, &mut x106, x104, (0x0 as u32), x86); let mut x107: u32 = 0; let mut x108: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x107, &mut x108, x106, (0x0 as u32), x85); let mut x109: u32 = 0; fiat_p256_cmovznz_u32(&mut x109, x108, (0x0 as u32), 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x110, &mut x111, 0x0, x93, x109); let mut x112: u32 = 0; let mut x113: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x112, &mut x113, x111, x95, x109); let mut x114: u32 = 0; let mut x115: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x114, &mut x115, x113, x97, x109); let mut x116: u32 = 0; let mut x117: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x116, &mut x117, x115, x99, (0x0 as u32)); let mut x118: u32 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x118, &mut x119, x117, x101, (0x0 as u32)); let mut x120: u32 = 0; let mut x121: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x120, &mut x121, x119, x103, (0x0 as u32)); let mut x122: u32 = 0; let mut x123: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x122, &mut x123, x121, x105, (((x109 & (0x1 as u32)) as fiat_p256_u1) as u32)); let mut x124: u32 = 0; let mut x125: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x124, &mut x125, x123, x107, x109); let mut x126: u32 = 0; fiat_p256_cmovznz_u32(&mut x126, x3, (arg5[0]), x110); let mut x127: u32 = 0; fiat_p256_cmovznz_u32(&mut x127, x3, (arg5[1]), x112); let mut x128: u32 = 0; fiat_p256_cmovznz_u32(&mut x128, x3, (arg5[2]), x114); let mut x129: u32 = 0; fiat_p256_cmovznz_u32(&mut x129, x3, (arg5[3]), x116); let mut x130: u32 = 0; fiat_p256_cmovznz_u32(&mut x130, x3, (arg5[4]), x118); let mut x131: u32 = 0; fiat_p256_cmovznz_u32(&mut x131, x3, (arg5[5]), x120); let mut x132: u32 = 0; fiat_p256_cmovznz_u32(&mut x132, x3, (arg5[6]), x122); let mut x133: u32 = 0; fiat_p256_cmovznz_u32(&mut x133, x3, (arg5[7]), x124); let x134: fiat_p256_u1 = ((x34 & (0x1 as u32)) as fiat_p256_u1); let mut x135: u32 = 0; fiat_p256_cmovznz_u32(&mut x135, x134, (0x0 as u32), x7); let mut x136: u32 = 0; fiat_p256_cmovznz_u32(&mut x136, x134, (0x0 as u32), x8); let mut x137: u32 = 0; fiat_p256_cmovznz_u32(&mut x137, x134, (0x0 as u32), x9); let mut x138: u32 = 0; fiat_p256_cmovznz_u32(&mut x138, x134, (0x0 as u32), x10); let mut x139: u32 = 0; fiat_p256_cmovznz_u32(&mut x139, x134, (0x0 as u32), x11); let mut x140: u32 = 0; fiat_p256_cmovznz_u32(&mut x140, x134, (0x0 as u32), x12); let mut x141: u32 = 0; fiat_p256_cmovznz_u32(&mut x141, x134, (0x0 as u32), x13); let mut x142: u32 = 0; fiat_p256_cmovznz_u32(&mut x142, x134, (0x0 as u32), x14); let mut x143: u32 = 0; fiat_p256_cmovznz_u32(&mut x143, x134, (0x0 as u32), x15); let mut x144: u32 = 0; let mut x145: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x144, &mut x145, 0x0, x34, x135); let mut x146: u32 = 0; let mut x147: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x146, &mut x147, x145, x35, x136); let mut x148: u32 = 0; let mut x149: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x148, &mut x149, x147, x36, x137); let mut x150: u32 = 0; let mut x151: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x150, &mut x151, x149, x37, x138); let mut x152: u32 = 0; let mut x153: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x152, &mut x153, x151, x38, x139); let mut x154: u32 = 0; let mut x155: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x154, &mut x155, x153, x39, x140); let mut x156: u32 = 0; let mut x157: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x156, &mut x157, x155, x40, x141); let mut x158: u32 = 0; let mut x159: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x158, &mut x159, x157, x41, x142); let mut x160: u32 = 0; let mut x161: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x160, &mut x161, x159, x42, x143); let mut x162: u32 = 0; fiat_p256_cmovznz_u32(&mut x162, x134, (0x0 as u32), x43); let mut x163: u32 = 0; fiat_p256_cmovznz_u32(&mut x163, x134, (0x0 as u32), x44); let mut x164: u32 = 0; fiat_p256_cmovznz_u32(&mut x164, x134, (0x0 as u32), x45); let mut x165: u32 = 0; fiat_p256_cmovznz_u32(&mut x165, x134, (0x0 as u32), x46); let mut x166: u32 = 0; fiat_p256_cmovznz_u32(&mut x166, x134, (0x0 as u32), x47); let mut x167: u32 = 0; fiat_p256_cmovznz_u32(&mut x167, x134, (0x0 as u32), x48); let mut x168: u32 = 0; fiat_p256_cmovznz_u32(&mut x168, x134, (0x0 as u32), x49); let mut x169: u32 = 0; fiat_p256_cmovznz_u32(&mut x169, x134, (0x0 as u32), x50); let mut x170: u32 = 0; let mut x171: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x170, &mut x171, 0x0, x126, x162); let mut x172: u32 = 0; let mut x173: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x172, &mut x173, x171, x127, x163); let mut x174: u32 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x174, &mut x175, x173, x128, x164); let mut x176: u32 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x176, &mut x177, x175, x129, x165); let mut x178: u32 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x178, &mut x179, x177, x130, x166); let mut x180: u32 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x180, &mut x181, x179, x131, x167); let mut x182: u32 = 0; let mut x183: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x182, &mut x183, x181, x132, x168); let mut x184: u32 = 0; let mut x185: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x184, &mut x185, x183, x133, x169); let mut x186: u32 = 0; let mut x187: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x186, &mut x187, 0x0, x170, 0xffffffff); let mut x188: u32 = 0; let mut x189: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x188, &mut x189, x187, x172, 0xffffffff); let mut x190: u32 = 0; let mut x191: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x190, &mut x191, x189, x174, 0xffffffff); let mut x192: u32 = 0; let mut x193: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x192, &mut x193, x191, x176, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x194, &mut x195, x193, x178, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x196, &mut x197, x195, x180, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x198, &mut x199, x197, x182, (0x1 as u32)); let mut x200: u32 = 0; let mut x201: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x200, &mut x201, x199, x184, 0xffffffff); let mut x202: u32 = 0; let mut x203: fiat_p256_u1 = 0; fiat_p256_subborrowx_u32(&mut x202, &mut x203, x201, (x185 as u32), (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_p256_u1 = 0; fiat_p256_addcarryx_u32(&mut x204, &mut x205, 0x0, x6, (0x1 as u32)); let x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); let x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); let x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); let x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); let x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); let x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); let x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); let x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); let x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); let mut x215: u32 = 0; fiat_p256_cmovznz_u32(&mut x215, x84, x67, x51); let mut x216: u32 = 0; fiat_p256_cmovznz_u32(&mut x216, x84, x69, x53); let mut x217: u32 = 0; fiat_p256_cmovznz_u32(&mut x217, x84, x71, x55); let mut x218: u32 = 0; fiat_p256_cmovznz_u32(&mut x218, x84, x73, x57); let mut x219: u32 = 0; fiat_p256_cmovznz_u32(&mut x219, x84, x75, x59); let mut x220: u32 = 0; fiat_p256_cmovznz_u32(&mut x220, x84, x77, x61); let mut x221: u32 = 0; fiat_p256_cmovznz_u32(&mut x221, x84, x79, x63); let mut x222: u32 = 0; fiat_p256_cmovznz_u32(&mut x222, x84, x81, x65); let mut x223: u32 = 0; fiat_p256_cmovznz_u32(&mut x223, x203, x186, x170); let mut x224: u32 = 0; fiat_p256_cmovznz_u32(&mut x224, x203, x188, x172); let mut x225: u32 = 0; fiat_p256_cmovznz_u32(&mut x225, x203, x190, x174); let mut x226: u32 = 0; fiat_p256_cmovznz_u32(&mut x226, x203, x192, x176); let mut x227: u32 = 0; fiat_p256_cmovznz_u32(&mut x227, x203, x194, x178); let mut x228: u32 = 0; fiat_p256_cmovznz_u32(&mut x228, x203, x196, x180); let mut x229: u32 = 0; fiat_p256_cmovznz_u32(&mut x229, x203, x198, x182); let mut x230: u32 = 0; fiat_p256_cmovznz_u32(&mut x230, x203, x200, x184); *out1 = x204; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out3[0] = x206; out3[1] = x207; out3[2] = x208; out3[3] = x209; out3[4] = x210; out3[5] = x211; out3[6] = x212; out3[7] = x213; out3[8] = x214; out4[0] = x215; out4[1] = x216; out4[2] = x217; out4[3] = x218; out4[4] = x219; out4[5] = x220; out4[6] = x221; out4[7] = x222; out5[0] = x223; out5[1] = x224; out5[2] = x225; out5[3] = x226; out5[4] = x227; out5[5] = x228; out5[6] = x229; out5[7] = x230; } /// The function fiat_p256_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_divstep_precomp(out1: &mut [u32; 8]) { out1[0] = 0xb8000000; out1[1] = 0x67ffffff; out1[2] = 0x38000000; out1[3] = 0xc0000000; out1[4] = 0x7fffffff; out1[5] = 0xd8000000; out1[6] = 0xffffffff; out1[7] = 0x2fffffff; } fiat-crypto-0.2.2/src/p256_64.rs000064400000000000000000002174501046102023000142410ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p256 //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p256_u1 = u8; pub type fiat_p256_i1 = i8; pub type fiat_p256_u2 = u8; pub type fiat_p256_i2 = i8; /** The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p256_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p256_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p256_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p256_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p256_u1, arg1: fiat_p256_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p256_u1 = ((x1 >> 64) as fiat_p256_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p256_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p256_u1, arg1: fiat_p256_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p256_i1 = ((x1 >> 64) as fiat_p256_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p256_i2) - (x2 as fiat_p256_i2)) as fiat_p256_u1); } /// The function fiat_p256_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p256_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_cmovznz_u64(out1: &mut u64, arg1: fiat_p256_u1, arg2: u64, arg3: u64) { let x1: fiat_p256_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p256_i2) - (x1 as fiat_p256_i2)) as fiat_p256_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p256_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_mul(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p256_mulx_u64(&mut x20, &mut x21, x11, 0xffffffff00000001); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p256_mulx_u64(&mut x22, &mut x23, x11, 0xffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p256_mulx_u64(&mut x24, &mut x25, x11, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x26, &mut x27, 0x0, x25, x22); let x28: u64 = ((x27 as u64) + x23); let mut x29: u64 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x29, &mut x30, 0x0, x11, x24); let mut x31: u64 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x31, &mut x32, x30, x13, x26); let mut x33: u64 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x33, &mut x34, x32, x15, x28); let mut x35: u64 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x35, &mut x36, x34, x17, x20); let mut x37: u64 = 0; let mut x38: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x37, &mut x38, x36, x19, x21); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p256_mulx_u64(&mut x39, &mut x40, x1, (arg2[3])); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p256_mulx_u64(&mut x41, &mut x42, x1, (arg2[2])); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p256_mulx_u64(&mut x43, &mut x44, x1, (arg2[1])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p256_mulx_u64(&mut x45, &mut x46, x1, (arg2[0])); let mut x47: u64 = 0; let mut x48: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x47, &mut x48, 0x0, x46, x43); let mut x49: u64 = 0; let mut x50: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x49, &mut x50, x48, x44, x41); let mut x51: u64 = 0; let mut x52: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x51, &mut x52, x50, x42, x39); let x53: u64 = ((x52 as u64) + x40); let mut x54: u64 = 0; let mut x55: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x54, &mut x55, 0x0, x31, x45); let mut x56: u64 = 0; let mut x57: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x56, &mut x57, x55, x33, x47); let mut x58: u64 = 0; let mut x59: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x58, &mut x59, x57, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x62, &mut x63, x61, (x38 as u64), x53); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p256_mulx_u64(&mut x64, &mut x65, x54, 0xffffffff00000001); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_p256_mulx_u64(&mut x66, &mut x67, x54, 0xffffffff); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_p256_mulx_u64(&mut x68, &mut x69, x54, 0xffffffffffffffff); let mut x70: u64 = 0; let mut x71: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x70, &mut x71, 0x0, x69, x66); let x72: u64 = ((x71 as u64) + x67); let mut x73: u64 = 0; let mut x74: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x73, &mut x74, 0x0, x54, x68); let mut x75: u64 = 0; let mut x76: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x75, &mut x76, x74, x56, x70); let mut x77: u64 = 0; let mut x78: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x77, &mut x78, x76, x58, x72); let mut x79: u64 = 0; let mut x80: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x79, &mut x80, x78, x60, x64); let mut x81: u64 = 0; let mut x82: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x81, &mut x82, x80, x62, x65); let x83: u64 = ((x82 as u64) + (x63 as u64)); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p256_mulx_u64(&mut x84, &mut x85, x2, (arg2[3])); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p256_mulx_u64(&mut x86, &mut x87, x2, (arg2[2])); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_p256_mulx_u64(&mut x88, &mut x89, x2, (arg2[1])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_p256_mulx_u64(&mut x90, &mut x91, x2, (arg2[0])); let mut x92: u64 = 0; let mut x93: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x92, &mut x93, 0x0, x91, x88); let mut x94: u64 = 0; let mut x95: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x94, &mut x95, x93, x89, x86); let mut x96: u64 = 0; let mut x97: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x96, &mut x97, x95, x87, x84); let x98: u64 = ((x97 as u64) + x85); let mut x99: u64 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x99, &mut x100, 0x0, x75, x90); let mut x101: u64 = 0; let mut x102: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x101, &mut x102, x100, x77, x92); let mut x103: u64 = 0; let mut x104: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x103, &mut x104, x102, x79, x94); let mut x105: u64 = 0; let mut x106: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x105, &mut x106, x104, x81, x96); let mut x107: u64 = 0; let mut x108: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x107, &mut x108, x106, x83, x98); let mut x109: u64 = 0; let mut x110: u64 = 0; fiat_p256_mulx_u64(&mut x109, &mut x110, x99, 0xffffffff00000001); let mut x111: u64 = 0; let mut x112: u64 = 0; fiat_p256_mulx_u64(&mut x111, &mut x112, x99, 0xffffffff); let mut x113: u64 = 0; let mut x114: u64 = 0; fiat_p256_mulx_u64(&mut x113, &mut x114, x99, 0xffffffffffffffff); let mut x115: u64 = 0; let mut x116: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x115, &mut x116, 0x0, x114, x111); let x117: u64 = ((x116 as u64) + x112); let mut x118: u64 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x118, &mut x119, 0x0, x99, x113); let mut x120: u64 = 0; let mut x121: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x120, &mut x121, x119, x101, x115); let mut x122: u64 = 0; let mut x123: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x122, &mut x123, x121, x103, x117); let mut x124: u64 = 0; let mut x125: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x124, &mut x125, x123, x105, x109); let mut x126: u64 = 0; let mut x127: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x126, &mut x127, x125, x107, x110); let x128: u64 = ((x127 as u64) + (x108 as u64)); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p256_mulx_u64(&mut x129, &mut x130, x3, (arg2[3])); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p256_mulx_u64(&mut x131, &mut x132, x3, (arg2[2])); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p256_mulx_u64(&mut x133, &mut x134, x3, (arg2[1])); let mut x135: u64 = 0; let mut x136: u64 = 0; fiat_p256_mulx_u64(&mut x135, &mut x136, x3, (arg2[0])); let mut x137: u64 = 0; let mut x138: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x137, &mut x138, 0x0, x136, x133); let mut x139: u64 = 0; let mut x140: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x139, &mut x140, x138, x134, x131); let mut x141: u64 = 0; let mut x142: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x141, &mut x142, x140, x132, x129); let x143: u64 = ((x142 as u64) + x130); let mut x144: u64 = 0; let mut x145: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x144, &mut x145, 0x0, x120, x135); let mut x146: u64 = 0; let mut x147: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x146, &mut x147, x145, x122, x137); let mut x148: u64 = 0; let mut x149: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x148, &mut x149, x147, x124, x139); let mut x150: u64 = 0; let mut x151: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x150, &mut x151, x149, x126, x141); let mut x152: u64 = 0; let mut x153: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x152, &mut x153, x151, x128, x143); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p256_mulx_u64(&mut x154, &mut x155, x144, 0xffffffff00000001); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p256_mulx_u64(&mut x156, &mut x157, x144, 0xffffffff); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p256_mulx_u64(&mut x158, &mut x159, x144, 0xffffffffffffffff); let mut x160: u64 = 0; let mut x161: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x160, &mut x161, 0x0, x159, x156); let x162: u64 = ((x161 as u64) + x157); let mut x163: u64 = 0; let mut x164: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x163, &mut x164, 0x0, x144, x158); let mut x165: u64 = 0; let mut x166: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x165, &mut x166, x164, x146, x160); let mut x167: u64 = 0; let mut x168: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x167, &mut x168, x166, x148, x162); let mut x169: u64 = 0; let mut x170: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x169, &mut x170, x168, x150, x154); let mut x171: u64 = 0; let mut x172: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x171, &mut x172, x170, x152, x155); let x173: u64 = ((x172 as u64) + (x153 as u64)); let mut x174: u64 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x174, &mut x175, 0x0, x165, 0xffffffffffffffff); let mut x176: u64 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x176, &mut x177, x175, x167, 0xffffffff); let mut x178: u64 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x178, &mut x179, x177, x169, (0x0 as u64)); let mut x180: u64 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x180, &mut x181, x179, x171, 0xffffffff00000001); let mut x182: u64 = 0; let mut x183: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x182, &mut x183, x181, x173, (0x0 as u64)); let mut x184: u64 = 0; fiat_p256_cmovznz_u64(&mut x184, x183, x174, x165); let mut x185: u64 = 0; fiat_p256_cmovznz_u64(&mut x185, x183, x176, x167); let mut x186: u64 = 0; fiat_p256_cmovznz_u64(&mut x186, x183, x178, x169); let mut x187: u64 = 0; fiat_p256_cmovznz_u64(&mut x187, x183, x180, x171); out1[0] = x184; out1[1] = x185; out1[2] = x186; out1[3] = x187; } /// The function fiat_p256_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_square(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p256_mulx_u64(&mut x20, &mut x21, x11, 0xffffffff00000001); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p256_mulx_u64(&mut x22, &mut x23, x11, 0xffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p256_mulx_u64(&mut x24, &mut x25, x11, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x26, &mut x27, 0x0, x25, x22); let x28: u64 = ((x27 as u64) + x23); let mut x29: u64 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x29, &mut x30, 0x0, x11, x24); let mut x31: u64 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x31, &mut x32, x30, x13, x26); let mut x33: u64 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x33, &mut x34, x32, x15, x28); let mut x35: u64 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x35, &mut x36, x34, x17, x20); let mut x37: u64 = 0; let mut x38: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x37, &mut x38, x36, x19, x21); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p256_mulx_u64(&mut x39, &mut x40, x1, (arg1[3])); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p256_mulx_u64(&mut x41, &mut x42, x1, (arg1[2])); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p256_mulx_u64(&mut x43, &mut x44, x1, (arg1[1])); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p256_mulx_u64(&mut x45, &mut x46, x1, (arg1[0])); let mut x47: u64 = 0; let mut x48: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x47, &mut x48, 0x0, x46, x43); let mut x49: u64 = 0; let mut x50: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x49, &mut x50, x48, x44, x41); let mut x51: u64 = 0; let mut x52: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x51, &mut x52, x50, x42, x39); let x53: u64 = ((x52 as u64) + x40); let mut x54: u64 = 0; let mut x55: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x54, &mut x55, 0x0, x31, x45); let mut x56: u64 = 0; let mut x57: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x56, &mut x57, x55, x33, x47); let mut x58: u64 = 0; let mut x59: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x58, &mut x59, x57, x35, x49); let mut x60: u64 = 0; let mut x61: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x60, &mut x61, x59, x37, x51); let mut x62: u64 = 0; let mut x63: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x62, &mut x63, x61, (x38 as u64), x53); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p256_mulx_u64(&mut x64, &mut x65, x54, 0xffffffff00000001); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_p256_mulx_u64(&mut x66, &mut x67, x54, 0xffffffff); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_p256_mulx_u64(&mut x68, &mut x69, x54, 0xffffffffffffffff); let mut x70: u64 = 0; let mut x71: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x70, &mut x71, 0x0, x69, x66); let x72: u64 = ((x71 as u64) + x67); let mut x73: u64 = 0; let mut x74: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x73, &mut x74, 0x0, x54, x68); let mut x75: u64 = 0; let mut x76: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x75, &mut x76, x74, x56, x70); let mut x77: u64 = 0; let mut x78: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x77, &mut x78, x76, x58, x72); let mut x79: u64 = 0; let mut x80: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x79, &mut x80, x78, x60, x64); let mut x81: u64 = 0; let mut x82: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x81, &mut x82, x80, x62, x65); let x83: u64 = ((x82 as u64) + (x63 as u64)); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p256_mulx_u64(&mut x84, &mut x85, x2, (arg1[3])); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p256_mulx_u64(&mut x86, &mut x87, x2, (arg1[2])); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_p256_mulx_u64(&mut x88, &mut x89, x2, (arg1[1])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_p256_mulx_u64(&mut x90, &mut x91, x2, (arg1[0])); let mut x92: u64 = 0; let mut x93: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x92, &mut x93, 0x0, x91, x88); let mut x94: u64 = 0; let mut x95: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x94, &mut x95, x93, x89, x86); let mut x96: u64 = 0; let mut x97: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x96, &mut x97, x95, x87, x84); let x98: u64 = ((x97 as u64) + x85); let mut x99: u64 = 0; let mut x100: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x99, &mut x100, 0x0, x75, x90); let mut x101: u64 = 0; let mut x102: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x101, &mut x102, x100, x77, x92); let mut x103: u64 = 0; let mut x104: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x103, &mut x104, x102, x79, x94); let mut x105: u64 = 0; let mut x106: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x105, &mut x106, x104, x81, x96); let mut x107: u64 = 0; let mut x108: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x107, &mut x108, x106, x83, x98); let mut x109: u64 = 0; let mut x110: u64 = 0; fiat_p256_mulx_u64(&mut x109, &mut x110, x99, 0xffffffff00000001); let mut x111: u64 = 0; let mut x112: u64 = 0; fiat_p256_mulx_u64(&mut x111, &mut x112, x99, 0xffffffff); let mut x113: u64 = 0; let mut x114: u64 = 0; fiat_p256_mulx_u64(&mut x113, &mut x114, x99, 0xffffffffffffffff); let mut x115: u64 = 0; let mut x116: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x115, &mut x116, 0x0, x114, x111); let x117: u64 = ((x116 as u64) + x112); let mut x118: u64 = 0; let mut x119: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x118, &mut x119, 0x0, x99, x113); let mut x120: u64 = 0; let mut x121: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x120, &mut x121, x119, x101, x115); let mut x122: u64 = 0; let mut x123: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x122, &mut x123, x121, x103, x117); let mut x124: u64 = 0; let mut x125: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x124, &mut x125, x123, x105, x109); let mut x126: u64 = 0; let mut x127: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x126, &mut x127, x125, x107, x110); let x128: u64 = ((x127 as u64) + (x108 as u64)); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p256_mulx_u64(&mut x129, &mut x130, x3, (arg1[3])); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p256_mulx_u64(&mut x131, &mut x132, x3, (arg1[2])); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p256_mulx_u64(&mut x133, &mut x134, x3, (arg1[1])); let mut x135: u64 = 0; let mut x136: u64 = 0; fiat_p256_mulx_u64(&mut x135, &mut x136, x3, (arg1[0])); let mut x137: u64 = 0; let mut x138: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x137, &mut x138, 0x0, x136, x133); let mut x139: u64 = 0; let mut x140: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x139, &mut x140, x138, x134, x131); let mut x141: u64 = 0; let mut x142: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x141, &mut x142, x140, x132, x129); let x143: u64 = ((x142 as u64) + x130); let mut x144: u64 = 0; let mut x145: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x144, &mut x145, 0x0, x120, x135); let mut x146: u64 = 0; let mut x147: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x146, &mut x147, x145, x122, x137); let mut x148: u64 = 0; let mut x149: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x148, &mut x149, x147, x124, x139); let mut x150: u64 = 0; let mut x151: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x150, &mut x151, x149, x126, x141); let mut x152: u64 = 0; let mut x153: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x152, &mut x153, x151, x128, x143); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p256_mulx_u64(&mut x154, &mut x155, x144, 0xffffffff00000001); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p256_mulx_u64(&mut x156, &mut x157, x144, 0xffffffff); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p256_mulx_u64(&mut x158, &mut x159, x144, 0xffffffffffffffff); let mut x160: u64 = 0; let mut x161: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x160, &mut x161, 0x0, x159, x156); let x162: u64 = ((x161 as u64) + x157); let mut x163: u64 = 0; let mut x164: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x163, &mut x164, 0x0, x144, x158); let mut x165: u64 = 0; let mut x166: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x165, &mut x166, x164, x146, x160); let mut x167: u64 = 0; let mut x168: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x167, &mut x168, x166, x148, x162); let mut x169: u64 = 0; let mut x170: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x169, &mut x170, x168, x150, x154); let mut x171: u64 = 0; let mut x172: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x171, &mut x172, x170, x152, x155); let x173: u64 = ((x172 as u64) + (x153 as u64)); let mut x174: u64 = 0; let mut x175: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x174, &mut x175, 0x0, x165, 0xffffffffffffffff); let mut x176: u64 = 0; let mut x177: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x176, &mut x177, x175, x167, 0xffffffff); let mut x178: u64 = 0; let mut x179: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x178, &mut x179, x177, x169, (0x0 as u64)); let mut x180: u64 = 0; let mut x181: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x180, &mut x181, x179, x171, 0xffffffff00000001); let mut x182: u64 = 0; let mut x183: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x182, &mut x183, x181, x173, (0x0 as u64)); let mut x184: u64 = 0; fiat_p256_cmovznz_u64(&mut x184, x183, x174, x165); let mut x185: u64 = 0; fiat_p256_cmovznz_u64(&mut x185, x183, x176, x167); let mut x186: u64 = 0; fiat_p256_cmovznz_u64(&mut x186, x183, x178, x169); let mut x187: u64 = 0; fiat_p256_cmovznz_u64(&mut x187, x183, x180, x171); out1[0] = x184; out1[1] = x185; out1[2] = x186; out1[3] = x187; } /// The function fiat_p256_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_add(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, 0xffffffffffffffff); let mut x11: u64 = 0; let mut x12: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0xffffffff); let mut x13: u64 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x13, &mut x14, x12, x5, (0x0 as u64)); let mut x15: u64 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0xffffffff00000001); let mut x17: u64 = 0; let mut x18: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_p256_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_p256_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_p256_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_p256_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_p256_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_sub(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element, arg2: &fiat_p256_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_p256_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, x9); let mut x12: u64 = 0; let mut x13: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xffffffff)); let mut x14: u64 = 0; let mut x15: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x14, &mut x15, x13, x5, (0x0 as u64)); let mut x16: u64 = 0; let mut x17: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff00000001)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p256_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_opp(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_p256_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, x9); let mut x12: u64 = 0; let mut x13: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xffffffff)); let mut x14: u64 = 0; let mut x15: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x14, &mut x15, x13, x5, (0x0 as u64)); let mut x16: u64 = 0; let mut x17: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff00000001)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p256_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_from_montgomery(out1: &mut fiat_p256_non_montgomery_domain_field_element, arg1: &fiat_p256_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p256_mulx_u64(&mut x2, &mut x3, x1, 0xffffffff00000001); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p256_mulx_u64(&mut x4, &mut x5, x1, 0xffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p256_mulx_u64(&mut x6, &mut x7, x1, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x8, &mut x9, 0x0, x7, x4); let mut x10: u64 = 0; let mut x11: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, x6); let mut x12: u64 = 0; let mut x13: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x12, &mut x13, x11, (0x0 as u64), x8); let mut x14: u64 = 0; let mut x15: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x14, &mut x15, 0x0, x12, (arg1[1])); let mut x16: u64 = 0; let mut x17: u64 = 0; fiat_p256_mulx_u64(&mut x16, &mut x17, x14, 0xffffffff00000001); let mut x18: u64 = 0; let mut x19: u64 = 0; fiat_p256_mulx_u64(&mut x18, &mut x19, x14, 0xffffffff); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p256_mulx_u64(&mut x20, &mut x21, x14, 0xffffffffffffffff); let mut x22: u64 = 0; let mut x23: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u64 = 0; let mut x25: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x24, &mut x25, 0x0, x14, x20); let mut x26: u64 = 0; let mut x27: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x26, &mut x27, x25, ((x15 as u64) + ((x13 as u64) + ((x9 as u64) + x5))), x22); let mut x28: u64 = 0; let mut x29: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x28, &mut x29, x27, x2, ((x23 as u64) + x19)); let mut x30: u64 = 0; let mut x31: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x30, &mut x31, x29, x3, x16); let mut x32: u64 = 0; let mut x33: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x32, &mut x33, 0x0, x26, (arg1[2])); let mut x34: u64 = 0; let mut x35: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x34, &mut x35, x33, x28, (0x0 as u64)); let mut x36: u64 = 0; let mut x37: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x36, &mut x37, x35, x30, (0x0 as u64)); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p256_mulx_u64(&mut x38, &mut x39, x32, 0xffffffff00000001); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p256_mulx_u64(&mut x40, &mut x41, x32, 0xffffffff); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p256_mulx_u64(&mut x42, &mut x43, x32, 0xffffffffffffffff); let mut x44: u64 = 0; let mut x45: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x44, &mut x45, 0x0, x43, x40); let mut x46: u64 = 0; let mut x47: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x46, &mut x47, 0x0, x32, x42); let mut x48: u64 = 0; let mut x49: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x48, &mut x49, x47, x34, x44); let mut x50: u64 = 0; let mut x51: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x50, &mut x51, x49, x36, ((x45 as u64) + x41)); let mut x52: u64 = 0; let mut x53: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x52, &mut x53, x51, ((x37 as u64) + ((x31 as u64) + x17)), x38); let mut x54: u64 = 0; let mut x55: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x54, &mut x55, 0x0, x48, (arg1[3])); let mut x56: u64 = 0; let mut x57: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x56, &mut x57, x55, x50, (0x0 as u64)); let mut x58: u64 = 0; let mut x59: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x58, &mut x59, x57, x52, (0x0 as u64)); let mut x60: u64 = 0; let mut x61: u64 = 0; fiat_p256_mulx_u64(&mut x60, &mut x61, x54, 0xffffffff00000001); let mut x62: u64 = 0; let mut x63: u64 = 0; fiat_p256_mulx_u64(&mut x62, &mut x63, x54, 0xffffffff); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p256_mulx_u64(&mut x64, &mut x65, x54, 0xffffffffffffffff); let mut x66: u64 = 0; let mut x67: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x66, &mut x67, 0x0, x65, x62); let mut x68: u64 = 0; let mut x69: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x68, &mut x69, 0x0, x54, x64); let mut x70: u64 = 0; let mut x71: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x70, &mut x71, x69, x56, x66); let mut x72: u64 = 0; let mut x73: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x72, &mut x73, x71, x58, ((x67 as u64) + x63)); let mut x74: u64 = 0; let mut x75: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x74, &mut x75, x73, ((x59 as u64) + ((x53 as u64) + x39)), x60); let x76: u64 = ((x75 as u64) + x61); let mut x77: u64 = 0; let mut x78: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x77, &mut x78, 0x0, x70, 0xffffffffffffffff); let mut x79: u64 = 0; let mut x80: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x79, &mut x80, x78, x72, 0xffffffff); let mut x81: u64 = 0; let mut x82: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x81, &mut x82, x80, x74, (0x0 as u64)); let mut x83: u64 = 0; let mut x84: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x83, &mut x84, x82, x76, 0xffffffff00000001); let mut x85: u64 = 0; let mut x86: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x85, &mut x86, x84, (0x0 as u64), (0x0 as u64)); let mut x87: u64 = 0; fiat_p256_cmovznz_u64(&mut x87, x86, x77, x70); let mut x88: u64 = 0; fiat_p256_cmovznz_u64(&mut x88, x86, x79, x72); let mut x89: u64 = 0; fiat_p256_cmovznz_u64(&mut x89, x86, x81, x74); let mut x90: u64 = 0; fiat_p256_cmovznz_u64(&mut x90, x86, x83, x76); out1[0] = x87; out1[1] = x88; out1[2] = x89; out1[3] = x90; } /// The function fiat_p256_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_to_montgomery(out1: &mut fiat_p256_montgomery_domain_field_element, arg1: &fiat_p256_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_mulx_u64(&mut x5, &mut x6, x4, 0x4fffffffd); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_mulx_u64(&mut x7, &mut x8, x4, 0xfffffffffffffffe); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_mulx_u64(&mut x9, &mut x10, x4, 0xfffffffbffffffff); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_mulx_u64(&mut x11, &mut x12, x4, 0x3); let mut x13: u64 = 0; let mut x14: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_p256_mulx_u64(&mut x19, &mut x20, x11, 0xffffffff00000001); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_p256_mulx_u64(&mut x21, &mut x22, x11, 0xffffffff); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_p256_mulx_u64(&mut x23, &mut x24, x11, 0xffffffffffffffff); let mut x25: u64 = 0; let mut x26: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u64 = 0; let mut x28: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x27, &mut x28, 0x0, x11, x23); let mut x29: u64 = 0; let mut x30: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x29, &mut x30, x28, x13, x25); let mut x31: u64 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x31, &mut x32, x30, x15, ((x26 as u64) + x22)); let mut x33: u64 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x33, &mut x34, x32, x17, x19); let mut x35: u64 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x35, &mut x36, x34, ((x18 as u64) + x6), x20); let mut x37: u64 = 0; let mut x38: u64 = 0; fiat_p256_mulx_u64(&mut x37, &mut x38, x1, 0x4fffffffd); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p256_mulx_u64(&mut x39, &mut x40, x1, 0xfffffffffffffffe); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p256_mulx_u64(&mut x41, &mut x42, x1, 0xfffffffbffffffff); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p256_mulx_u64(&mut x43, &mut x44, x1, 0x3); let mut x45: u64 = 0; let mut x46: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x45, &mut x46, 0x0, x44, x41); let mut x47: u64 = 0; let mut x48: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x47, &mut x48, x46, x42, x39); let mut x49: u64 = 0; let mut x50: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x49, &mut x50, x48, x40, x37); let mut x51: u64 = 0; let mut x52: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x51, &mut x52, 0x0, x29, x43); let mut x53: u64 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x53, &mut x54, x52, x31, x45); let mut x55: u64 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x55, &mut x56, x54, x33, x47); let mut x57: u64 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x57, &mut x58, x56, x35, x49); let mut x59: u64 = 0; let mut x60: u64 = 0; fiat_p256_mulx_u64(&mut x59, &mut x60, x51, 0xffffffff00000001); let mut x61: u64 = 0; let mut x62: u64 = 0; fiat_p256_mulx_u64(&mut x61, &mut x62, x51, 0xffffffff); let mut x63: u64 = 0; let mut x64: u64 = 0; fiat_p256_mulx_u64(&mut x63, &mut x64, x51, 0xffffffffffffffff); let mut x65: u64 = 0; let mut x66: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x65, &mut x66, 0x0, x64, x61); let mut x67: u64 = 0; let mut x68: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x67, &mut x68, 0x0, x51, x63); let mut x69: u64 = 0; let mut x70: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x69, &mut x70, x68, x53, x65); let mut x71: u64 = 0; let mut x72: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x71, &mut x72, x70, x55, ((x66 as u64) + x62)); let mut x73: u64 = 0; let mut x74: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x73, &mut x74, x72, x57, x59); let mut x75: u64 = 0; let mut x76: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x75, &mut x76, x74, (((x58 as u64) + (x36 as u64)) + ((x50 as u64) + x38)), x60); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p256_mulx_u64(&mut x77, &mut x78, x2, 0x4fffffffd); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_p256_mulx_u64(&mut x79, &mut x80, x2, 0xfffffffffffffffe); let mut x81: u64 = 0; let mut x82: u64 = 0; fiat_p256_mulx_u64(&mut x81, &mut x82, x2, 0xfffffffbffffffff); let mut x83: u64 = 0; let mut x84: u64 = 0; fiat_p256_mulx_u64(&mut x83, &mut x84, x2, 0x3); let mut x85: u64 = 0; let mut x86: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x85, &mut x86, 0x0, x84, x81); let mut x87: u64 = 0; let mut x88: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x87, &mut x88, x86, x82, x79); let mut x89: u64 = 0; let mut x90: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x89, &mut x90, x88, x80, x77); let mut x91: u64 = 0; let mut x92: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x91, &mut x92, 0x0, x69, x83); let mut x93: u64 = 0; let mut x94: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x93, &mut x94, x92, x71, x85); let mut x95: u64 = 0; let mut x96: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x95, &mut x96, x94, x73, x87); let mut x97: u64 = 0; let mut x98: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x97, &mut x98, x96, x75, x89); let mut x99: u64 = 0; let mut x100: u64 = 0; fiat_p256_mulx_u64(&mut x99, &mut x100, x91, 0xffffffff00000001); let mut x101: u64 = 0; let mut x102: u64 = 0; fiat_p256_mulx_u64(&mut x101, &mut x102, x91, 0xffffffff); let mut x103: u64 = 0; let mut x104: u64 = 0; fiat_p256_mulx_u64(&mut x103, &mut x104, x91, 0xffffffffffffffff); let mut x105: u64 = 0; let mut x106: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x105, &mut x106, 0x0, x104, x101); let mut x107: u64 = 0; let mut x108: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x107, &mut x108, 0x0, x91, x103); let mut x109: u64 = 0; let mut x110: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x109, &mut x110, x108, x93, x105); let mut x111: u64 = 0; let mut x112: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x111, &mut x112, x110, x95, ((x106 as u64) + x102)); let mut x113: u64 = 0; let mut x114: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x113, &mut x114, x112, x97, x99); let mut x115: u64 = 0; let mut x116: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x115, &mut x116, x114, (((x98 as u64) + (x76 as u64)) + ((x90 as u64) + x78)), x100); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_p256_mulx_u64(&mut x117, &mut x118, x3, 0x4fffffffd); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_p256_mulx_u64(&mut x119, &mut x120, x3, 0xfffffffffffffffe); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p256_mulx_u64(&mut x121, &mut x122, x3, 0xfffffffbffffffff); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p256_mulx_u64(&mut x123, &mut x124, x3, 0x3); let mut x125: u64 = 0; let mut x126: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let mut x129: u64 = 0; let mut x130: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x129, &mut x130, x128, x120, x117); let mut x131: u64 = 0; let mut x132: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x131, &mut x132, 0x0, x109, x123); let mut x133: u64 = 0; let mut x134: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x133, &mut x134, x132, x111, x125); let mut x135: u64 = 0; let mut x136: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x135, &mut x136, x134, x113, x127); let mut x137: u64 = 0; let mut x138: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x137, &mut x138, x136, x115, x129); let mut x139: u64 = 0; let mut x140: u64 = 0; fiat_p256_mulx_u64(&mut x139, &mut x140, x131, 0xffffffff00000001); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_p256_mulx_u64(&mut x141, &mut x142, x131, 0xffffffff); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_p256_mulx_u64(&mut x143, &mut x144, x131, 0xffffffffffffffff); let mut x145: u64 = 0; let mut x146: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x145, &mut x146, 0x0, x144, x141); let mut x147: u64 = 0; let mut x148: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x147, &mut x148, 0x0, x131, x143); let mut x149: u64 = 0; let mut x150: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x149, &mut x150, x148, x133, x145); let mut x151: u64 = 0; let mut x152: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x151, &mut x152, x150, x135, ((x146 as u64) + x142)); let mut x153: u64 = 0; let mut x154: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x153, &mut x154, x152, x137, x139); let mut x155: u64 = 0; let mut x156: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x155, &mut x156, x154, (((x138 as u64) + (x116 as u64)) + ((x130 as u64) + x118)), x140); let mut x157: u64 = 0; let mut x158: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x157, &mut x158, 0x0, x149, 0xffffffffffffffff); let mut x159: u64 = 0; let mut x160: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x159, &mut x160, x158, x151, 0xffffffff); let mut x161: u64 = 0; let mut x162: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x161, &mut x162, x160, x153, (0x0 as u64)); let mut x163: u64 = 0; let mut x164: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x163, &mut x164, x162, x155, 0xffffffff00000001); let mut x165: u64 = 0; let mut x166: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x165, &mut x166, x164, (x156 as u64), (0x0 as u64)); let mut x167: u64 = 0; fiat_p256_cmovznz_u64(&mut x167, x166, x157, x149); let mut x168: u64 = 0; fiat_p256_cmovznz_u64(&mut x168, x166, x159, x151); let mut x169: u64 = 0; fiat_p256_cmovznz_u64(&mut x169, x166, x161, x153); let mut x170: u64 = 0; fiat_p256_cmovznz_u64(&mut x170, x166, x163, x155); out1[0] = x167; out1[1] = x168; out1[2] = x169; out1[3] = x170; } /// The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_p256_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_selectznz(out1: &mut [u64; 4], arg1: fiat_p256_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_p256_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p256_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p256_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p256_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_p256_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p256_to_bytes(out1: &mut [u8; 32], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u8 = ((x58 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x53; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; } /// The function fiat_p256_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 56); let x2: u64 = (((arg1[30]) as u64) << 48); let x3: u64 = (((arg1[29]) as u64) << 40); let x4: u64 = (((arg1[28]) as u64) << 32); let x5: u64 = (((arg1[27]) as u64) << 24); let x6: u64 = (((arg1[26]) as u64) << 16); let x7: u64 = (((arg1[25]) as u64) << 8); let x8: u8 = (arg1[24]); let x9: u64 = (((arg1[23]) as u64) << 56); let x10: u64 = (((arg1[22]) as u64) << 48); let x11: u64 = (((arg1[21]) as u64) << 40); let x12: u64 = (((arg1[20]) as u64) << 32); let x13: u64 = (((arg1[19]) as u64) << 24); let x14: u64 = (((arg1[18]) as u64) << 16); let x15: u64 = (((arg1[17]) as u64) << 8); let x16: u8 = (arg1[16]); let x17: u64 = (((arg1[15]) as u64) << 56); let x18: u64 = (((arg1[14]) as u64) << 48); let x19: u64 = (((arg1[13]) as u64) << 40); let x20: u64 = (((arg1[12]) as u64) << 32); let x21: u64 = (((arg1[11]) as u64) << 24); let x22: u64 = (((arg1[10]) as u64) << 16); let x23: u64 = (((arg1[9]) as u64) << 8); let x24: u8 = (arg1[8]); let x25: u64 = (((arg1[7]) as u64) << 56); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x25 + x38); let x40: u64 = (x23 + (x24 as u64)); let x41: u64 = (x22 + x40); let x42: u64 = (x21 + x41); let x43: u64 = (x20 + x42); let x44: u64 = (x19 + x43); let x45: u64 = (x18 + x44); let x46: u64 = (x17 + x45); let x47: u64 = (x15 + (x16 as u64)); let x48: u64 = (x14 + x47); let x49: u64 = (x13 + x48); let x50: u64 = (x12 + x49); let x51: u64 = (x11 + x50); let x52: u64 = (x10 + x51); let x53: u64 = (x9 + x52); let x54: u64 = (x7 + (x8 as u64)); let x55: u64 = (x6 + x54); let x56: u64 = (x5 + x55); let x57: u64 = (x4 + x56); let x58: u64 = (x3 + x57); let x59: u64 = (x2 + x58); let x60: u64 = (x1 + x59); out1[0] = x39; out1[1] = x46; out1[2] = x53; out1[3] = x60; } /// The function fiat_p256_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_set_one(out1: &mut fiat_p256_montgomery_domain_field_element) { out1[0] = (0x1 as u64); out1[1] = 0xffffffff00000000; out1[2] = 0xffffffffffffffff; out1[3] = 0xfffffffe; } /// The function fiat_p256_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_msat(out1: &mut [u64; 5]) { out1[0] = 0xffffffffffffffff; out1[1] = 0xffffffff; out1[2] = (0x0 as u64); out1[3] = 0xffffffff00000001; out1[4] = (0x0 as u64); } /// The function fiat_p256_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p256_u1 = (((x1 >> 63) as fiat_p256_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p256_u1)); let mut x4: u64 = 0; let mut x5: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p256_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p256_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p256_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p256_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p256_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p256_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_p256_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_p256_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_p256_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_p256_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_p256_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_p256_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_p256_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_p256_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_p256_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, 0xffffffffffffffff); let mut x41: u64 = 0; let mut x42: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0xffffffff); let mut x43: u64 = 0; let mut x44: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x43, &mut x44, x42, x35, (0x0 as u64)); let mut x45: u64 = 0; let mut x46: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0xffffffff00000001); let mut x47: u64 = 0; let mut x48: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_p256_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, x61); let mut x64: u64 = 0; let mut x65: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x64, &mut x65, x63, x55, (x61 & 0xffffffff)); let mut x66: u64 = 0; let mut x67: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x66, &mut x67, x65, x57, (0x0 as u64)); let mut x68: u64 = 0; let mut x69: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x68, &mut x69, x67, x59, (x61 & 0xffffffff00000001)); let mut x70: u64 = 0; fiat_p256_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_p256_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_p256_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_p256_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_p256_u1 = ((x22 & (0x1 as u64)) as fiat_p256_u1); let mut x75: u64 = 0; fiat_p256_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_p256_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_p256_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_p256_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_p256_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_p256_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_p256_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_p256_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_p256_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, 0xffffffffffffffff); let mut x104: u64 = 0; let mut x105: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0xffffffff); let mut x106: u64 = 0; let mut x107: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x106, &mut x107, x105, x98, (0x0 as u64)); let mut x108: u64 = 0; let mut x109: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0xffffffff00000001); let mut x110: u64 = 0; let mut x111: fiat_p256_u1 = 0; fiat_p256_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_p256_u1 = 0; fiat_p256_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_p256_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_p256_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_p256_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_p256_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_p256_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_p256_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_p256_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_p256_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_p256_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0x67ffffffb8000000; out1[1] = 0xc000000038000000; out1[2] = 0xd80000007fffffff; out1[3] = 0x2fffffffffffffff; } fiat-crypto-0.2.2/src/p256_scalar_32.rs000064400000000000000000007121721046102023000155620ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p256_scalar 32 '2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p256_scalar //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 (from "2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p256_scalar_u1 = u8; pub type fiat_p256_scalar_i1 = i8; pub type fiat_p256_scalar_u2 = u8; pub type fiat_p256_scalar_i2 = i8; /** The type fiat_p256_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_scalar_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_p256_scalar_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p256_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_scalar_non_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_p256_scalar_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p256_scalar_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_scalar_addcarryx_u32(out1: &mut u32, out2: &mut fiat_p256_scalar_u1, arg1: fiat_p256_scalar_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_p256_scalar_u1 = ((x1 >> 32) as fiat_p256_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p256_scalar_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_scalar_subborrowx_u32(out1: &mut u32, out2: &mut fiat_p256_scalar_u1, arg1: fiat_p256_scalar_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_p256_scalar_i1 = ((x1 >> 32) as fiat_p256_scalar_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p256_scalar_i2) - (x2 as fiat_p256_scalar_i2)) as fiat_p256_scalar_u1); } /// The function fiat_p256_scalar_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_scalar_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_p256_scalar_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_scalar_cmovznz_u32(out1: &mut u32, arg1: fiat_p256_scalar_u1, arg2: u32, arg3: u32) { let x1: fiat_p256_scalar_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p256_scalar_i2) - (x1 as fiat_p256_scalar_i2)) as fiat_p256_scalar_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p256_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_mul(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg2[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg2[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg2[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg2[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg2[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg2[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg2[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg2[0])); let mut x25: u32 = 0; let mut x26: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x40, &mut x41, x23, 0xee00bc4f); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x48, &mut x49, x40, 0xbce6faad); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x50, &mut x51, x40, 0xa7179e84); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x52, &mut x53, x40, 0xf3b9cac2); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x54, &mut x55, x40, 0xfc632551); let mut x56: u32 = 0; let mut x57: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x56, &mut x57, 0x0, x55, x52); let mut x58: u32 = 0; let mut x59: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x58, &mut x59, x57, x53, x50); let mut x60: u32 = 0; let mut x61: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x60, &mut x61, x59, x51, x48); let mut x62: u32 = 0; let mut x63: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x62, &mut x63, x61, x49, x46); let mut x64: u32 = 0; let mut x65: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x47, x44); let x66: u32 = ((x65 as u32) + x45); let mut x67: u32 = 0; let mut x68: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x67, &mut x68, 0x0, x23, x54); let mut x69: u32 = 0; let mut x70: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x25, x56); let mut x71: u32 = 0; let mut x72: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x27, x58); let mut x73: u32 = 0; let mut x74: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x29, x60); let mut x75: u32 = 0; let mut x76: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x31, x62); let mut x77: u32 = 0; let mut x78: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x33, x64); let mut x79: u32 = 0; let mut x80: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x35, x66); let mut x81: u32 = 0; let mut x82: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x37, x42); let mut x83: u32 = 0; let mut x84: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x39, x43); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x85, &mut x86, x1, (arg2[7])); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x87, &mut x88, x1, (arg2[6])); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x89, &mut x90, x1, (arg2[5])); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg2[4])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x93, &mut x94, x1, (arg2[3])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x95, &mut x96, x1, (arg2[2])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x97, &mut x98, x1, (arg2[1])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x99, &mut x100, x1, (arg2[0])); let mut x101: u32 = 0; let mut x102: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x101, &mut x102, 0x0, x100, x97); let mut x103: u32 = 0; let mut x104: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x98, x95); let mut x105: u32 = 0; let mut x106: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x96, x93); let mut x107: u32 = 0; let mut x108: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x107, &mut x108, x106, x94, x91); let mut x109: u32 = 0; let mut x110: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x92, x89); let mut x111: u32 = 0; let mut x112: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x90, x87); let mut x113: u32 = 0; let mut x114: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x88, x85); let x115: u32 = ((x114 as u32) + x86); let mut x116: u32 = 0; let mut x117: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x116, &mut x117, 0x0, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x71, x101); let mut x120: u32 = 0; let mut x121: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x73, x103); let mut x122: u32 = 0; let mut x123: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x132, &mut x133, x131, (x84 as u32), x115); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x134, &mut x135, x116, 0xee00bc4f); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x136, &mut x137, x134, 0xffffffff); let mut x138: u32 = 0; let mut x139: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x138, &mut x139, x134, 0xffffffff); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x140, &mut x141, x134, 0xffffffff); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x142, &mut x143, x134, 0xbce6faad); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x144, &mut x145, x134, 0xa7179e84); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x146, &mut x147, x134, 0xf3b9cac2); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x148, &mut x149, x134, 0xfc632551); let mut x150: u32 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x150, &mut x151, 0x0, x149, x146); let mut x152: u32 = 0; let mut x153: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x147, x144); let mut x154: u32 = 0; let mut x155: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x145, x142); let mut x156: u32 = 0; let mut x157: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x143, x140); let mut x158: u32 = 0; let mut x159: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x141, x138); let x160: u32 = ((x159 as u32) + x139); let mut x161: u32 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x161, &mut x162, 0x0, x116, x148); let mut x163: u32 = 0; let mut x164: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x118, x150); let mut x165: u32 = 0; let mut x166: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x120, x152); let mut x167: u32 = 0; let mut x168: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x122, x154); let mut x169: u32 = 0; let mut x170: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x124, x156); let mut x171: u32 = 0; let mut x172: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x126, x158); let mut x173: u32 = 0; let mut x174: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x128, x160); let mut x175: u32 = 0; let mut x176: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x130, x136); let mut x177: u32 = 0; let mut x178: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x132, x137); let x179: u32 = ((x178 as u32) + (x133 as u32)); let mut x180: u32 = 0; let mut x181: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x180, &mut x181, x2, (arg2[7])); let mut x182: u32 = 0; let mut x183: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x182, &mut x183, x2, (arg2[6])); let mut x184: u32 = 0; let mut x185: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x184, &mut x185, x2, (arg2[5])); let mut x186: u32 = 0; let mut x187: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x186, &mut x187, x2, (arg2[4])); let mut x188: u32 = 0; let mut x189: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x188, &mut x189, x2, (arg2[3])); let mut x190: u32 = 0; let mut x191: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x190, &mut x191, x2, (arg2[2])); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x192, &mut x193, x2, (arg2[1])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x194, &mut x195, x2, (arg2[0])); let mut x196: u32 = 0; let mut x197: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x196, &mut x197, 0x0, x195, x192); let mut x198: u32 = 0; let mut x199: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x193, x190); let mut x200: u32 = 0; let mut x201: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x200, &mut x201, x199, x191, x188); let mut x202: u32 = 0; let mut x203: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x202, &mut x203, x201, x189, x186); let mut x204: u32 = 0; let mut x205: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x204, &mut x205, x203, x187, x184); let mut x206: u32 = 0; let mut x207: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x206, &mut x207, x205, x185, x182); let mut x208: u32 = 0; let mut x209: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x208, &mut x209, x207, x183, x180); let x210: u32 = ((x209 as u32) + x181); let mut x211: u32 = 0; let mut x212: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x211, &mut x212, 0x0, x163, x194); let mut x213: u32 = 0; let mut x214: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x213, &mut x214, x212, x165, x196); let mut x215: u32 = 0; let mut x216: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x215, &mut x216, x214, x167, x198); let mut x217: u32 = 0; let mut x218: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x217, &mut x218, x216, x169, x200); let mut x219: u32 = 0; let mut x220: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x219, &mut x220, x218, x171, x202); let mut x221: u32 = 0; let mut x222: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x221, &mut x222, x220, x173, x204); let mut x223: u32 = 0; let mut x224: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x223, &mut x224, x222, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x229, &mut x230, x211, 0xee00bc4f); let mut x231: u32 = 0; let mut x232: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x231, &mut x232, x229, 0xffffffff); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x233, &mut x234, x229, 0xffffffff); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x235, &mut x236, x229, 0xffffffff); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x237, &mut x238, x229, 0xbce6faad); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x239, &mut x240, x229, 0xa7179e84); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x241, &mut x242, x229, 0xf3b9cac2); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x243, &mut x244, x229, 0xfc632551); let mut x245: u32 = 0; let mut x246: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x245, &mut x246, 0x0, x244, x241); let mut x247: u32 = 0; let mut x248: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x247, &mut x248, x246, x242, x239); let mut x249: u32 = 0; let mut x250: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x249, &mut x250, x248, x240, x237); let mut x251: u32 = 0; let mut x252: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x251, &mut x252, x250, x238, x235); let mut x253: u32 = 0; let mut x254: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x236, x233); let x255: u32 = ((x254 as u32) + x234); let mut x256: u32 = 0; let mut x257: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x256, &mut x257, 0x0, x211, x243); let mut x258: u32 = 0; let mut x259: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x213, x245); let mut x260: u32 = 0; let mut x261: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x215, x247); let mut x262: u32 = 0; let mut x263: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x217, x249); let mut x264: u32 = 0; let mut x265: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x219, x251); let mut x266: u32 = 0; let mut x267: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x266, &mut x267, x265, x221, x253); let mut x268: u32 = 0; let mut x269: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x223, x255); let mut x270: u32 = 0; let mut x271: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x270, &mut x271, x269, x225, x231); let mut x272: u32 = 0; let mut x273: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x272, &mut x273, x271, x227, x232); let x274: u32 = ((x273 as u32) + (x228 as u32)); let mut x275: u32 = 0; let mut x276: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x275, &mut x276, x3, (arg2[7])); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x277, &mut x278, x3, (arg2[6])); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x279, &mut x280, x3, (arg2[5])); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x281, &mut x282, x3, (arg2[4])); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x283, &mut x284, x3, (arg2[3])); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x285, &mut x286, x3, (arg2[2])); let mut x287: u32 = 0; let mut x288: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x287, &mut x288, x3, (arg2[1])); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x289, &mut x290, x3, (arg2[0])); let mut x291: u32 = 0; let mut x292: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x291, &mut x292, 0x0, x290, x287); let mut x293: u32 = 0; let mut x294: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x293, &mut x294, x292, x288, x285); let mut x295: u32 = 0; let mut x296: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x295, &mut x296, x294, x286, x283); let mut x297: u32 = 0; let mut x298: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x297, &mut x298, x296, x284, x281); let mut x299: u32 = 0; let mut x300: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x299, &mut x300, x298, x282, x279); let mut x301: u32 = 0; let mut x302: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x301, &mut x302, x300, x280, x277); let mut x303: u32 = 0; let mut x304: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x278, x275); let x305: u32 = ((x304 as u32) + x276); let mut x306: u32 = 0; let mut x307: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x306, &mut x307, 0x0, x258, x289); let mut x308: u32 = 0; let mut x309: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x308, &mut x309, x307, x260, x291); let mut x310: u32 = 0; let mut x311: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x262, x293); let mut x312: u32 = 0; let mut x313: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x312, &mut x313, x311, x264, x295); let mut x314: u32 = 0; let mut x315: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x266, x297); let mut x316: u32 = 0; let mut x317: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x268, x299); let mut x318: u32 = 0; let mut x319: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x270, x301); let mut x320: u32 = 0; let mut x321: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x272, x303); let mut x322: u32 = 0; let mut x323: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x274, x305); let mut x324: u32 = 0; let mut x325: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x324, &mut x325, x306, 0xee00bc4f); let mut x326: u32 = 0; let mut x327: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x326, &mut x327, x324, 0xffffffff); let mut x328: u32 = 0; let mut x329: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x328, &mut x329, x324, 0xffffffff); let mut x330: u32 = 0; let mut x331: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x330, &mut x331, x324, 0xffffffff); let mut x332: u32 = 0; let mut x333: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x332, &mut x333, x324, 0xbce6faad); let mut x334: u32 = 0; let mut x335: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x334, &mut x335, x324, 0xa7179e84); let mut x336: u32 = 0; let mut x337: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x336, &mut x337, x324, 0xf3b9cac2); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x338, &mut x339, x324, 0xfc632551); let mut x340: u32 = 0; let mut x341: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x340, &mut x341, 0x0, x339, x336); let mut x342: u32 = 0; let mut x343: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x342, &mut x343, x341, x337, x334); let mut x344: u32 = 0; let mut x345: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x344, &mut x345, x343, x335, x332); let mut x346: u32 = 0; let mut x347: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x346, &mut x347, x345, x333, x330); let mut x348: u32 = 0; let mut x349: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x348, &mut x349, x347, x331, x328); let x350: u32 = ((x349 as u32) + x329); let mut x351: u32 = 0; let mut x352: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x351, &mut x352, 0x0, x306, x338); let mut x353: u32 = 0; let mut x354: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x308, x340); let mut x355: u32 = 0; let mut x356: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x310, x342); let mut x357: u32 = 0; let mut x358: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x357, &mut x358, x356, x312, x344); let mut x359: u32 = 0; let mut x360: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x359, &mut x360, x358, x314, x346); let mut x361: u32 = 0; let mut x362: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x361, &mut x362, x360, x316, x348); let mut x363: u32 = 0; let mut x364: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x363, &mut x364, x362, x318, x350); let mut x365: u32 = 0; let mut x366: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x365, &mut x366, x364, x320, x326); let mut x367: u32 = 0; let mut x368: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x367, &mut x368, x366, x322, x327); let x369: u32 = ((x368 as u32) + (x323 as u32)); let mut x370: u32 = 0; let mut x371: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x370, &mut x371, x4, (arg2[7])); let mut x372: u32 = 0; let mut x373: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x372, &mut x373, x4, (arg2[6])); let mut x374: u32 = 0; let mut x375: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x374, &mut x375, x4, (arg2[5])); let mut x376: u32 = 0; let mut x377: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x376, &mut x377, x4, (arg2[4])); let mut x378: u32 = 0; let mut x379: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x378, &mut x379, x4, (arg2[3])); let mut x380: u32 = 0; let mut x381: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x380, &mut x381, x4, (arg2[2])); let mut x382: u32 = 0; let mut x383: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x382, &mut x383, x4, (arg2[1])); let mut x384: u32 = 0; let mut x385: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x384, &mut x385, x4, (arg2[0])); let mut x386: u32 = 0; let mut x387: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x386, &mut x387, 0x0, x385, x382); let mut x388: u32 = 0; let mut x389: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x388, &mut x389, x387, x383, x380); let mut x390: u32 = 0; let mut x391: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x390, &mut x391, x389, x381, x378); let mut x392: u32 = 0; let mut x393: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x392, &mut x393, x391, x379, x376); let mut x394: u32 = 0; let mut x395: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x394, &mut x395, x393, x377, x374); let mut x396: u32 = 0; let mut x397: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x396, &mut x397, x395, x375, x372); let mut x398: u32 = 0; let mut x399: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x398, &mut x399, x397, x373, x370); let x400: u32 = ((x399 as u32) + x371); let mut x401: u32 = 0; let mut x402: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x401, &mut x402, 0x0, x353, x384); let mut x403: u32 = 0; let mut x404: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x355, x386); let mut x405: u32 = 0; let mut x406: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x405, &mut x406, x404, x357, x388); let mut x407: u32 = 0; let mut x408: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x407, &mut x408, x406, x359, x390); let mut x409: u32 = 0; let mut x410: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x409, &mut x410, x408, x361, x392); let mut x411: u32 = 0; let mut x412: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x411, &mut x412, x410, x363, x394); let mut x413: u32 = 0; let mut x414: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x413, &mut x414, x412, x365, x396); let mut x415: u32 = 0; let mut x416: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x415, &mut x416, x414, x367, x398); let mut x417: u32 = 0; let mut x418: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x369, x400); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x419, &mut x420, x401, 0xee00bc4f); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x421, &mut x422, x419, 0xffffffff); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x423, &mut x424, x419, 0xffffffff); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x425, &mut x426, x419, 0xffffffff); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x427, &mut x428, x419, 0xbce6faad); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x429, &mut x430, x419, 0xa7179e84); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x431, &mut x432, x419, 0xf3b9cac2); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x433, &mut x434, x419, 0xfc632551); let mut x435: u32 = 0; let mut x436: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x435, &mut x436, 0x0, x434, x431); let mut x437: u32 = 0; let mut x438: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x437, &mut x438, x436, x432, x429); let mut x439: u32 = 0; let mut x440: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x439, &mut x440, x438, x430, x427); let mut x441: u32 = 0; let mut x442: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x441, &mut x442, x440, x428, x425); let mut x443: u32 = 0; let mut x444: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x443, &mut x444, x442, x426, x423); let x445: u32 = ((x444 as u32) + x424); let mut x446: u32 = 0; let mut x447: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x446, &mut x447, 0x0, x401, x433); let mut x448: u32 = 0; let mut x449: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x448, &mut x449, x447, x403, x435); let mut x450: u32 = 0; let mut x451: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x450, &mut x451, x449, x405, x437); let mut x452: u32 = 0; let mut x453: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x452, &mut x453, x451, x407, x439); let mut x454: u32 = 0; let mut x455: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x454, &mut x455, x453, x409, x441); let mut x456: u32 = 0; let mut x457: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x456, &mut x457, x455, x411, x443); let mut x458: u32 = 0; let mut x459: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x413, x445); let mut x460: u32 = 0; let mut x461: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x415, x421); let mut x462: u32 = 0; let mut x463: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x417, x422); let x464: u32 = ((x463 as u32) + (x418 as u32)); let mut x465: u32 = 0; let mut x466: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x465, &mut x466, x5, (arg2[7])); let mut x467: u32 = 0; let mut x468: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x467, &mut x468, x5, (arg2[6])); let mut x469: u32 = 0; let mut x470: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x469, &mut x470, x5, (arg2[5])); let mut x471: u32 = 0; let mut x472: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x471, &mut x472, x5, (arg2[4])); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x473, &mut x474, x5, (arg2[3])); let mut x475: u32 = 0; let mut x476: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x475, &mut x476, x5, (arg2[2])); let mut x477: u32 = 0; let mut x478: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x477, &mut x478, x5, (arg2[1])); let mut x479: u32 = 0; let mut x480: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x479, &mut x480, x5, (arg2[0])); let mut x481: u32 = 0; let mut x482: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x481, &mut x482, 0x0, x480, x477); let mut x483: u32 = 0; let mut x484: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x483, &mut x484, x482, x478, x475); let mut x485: u32 = 0; let mut x486: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x485, &mut x486, x484, x476, x473); let mut x487: u32 = 0; let mut x488: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x487, &mut x488, x486, x474, x471); let mut x489: u32 = 0; let mut x490: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x489, &mut x490, x488, x472, x469); let mut x491: u32 = 0; let mut x492: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x491, &mut x492, x490, x470, x467); let mut x493: u32 = 0; let mut x494: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x493, &mut x494, x492, x468, x465); let x495: u32 = ((x494 as u32) + x466); let mut x496: u32 = 0; let mut x497: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x496, &mut x497, 0x0, x448, x479); let mut x498: u32 = 0; let mut x499: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x498, &mut x499, x497, x450, x481); let mut x500: u32 = 0; let mut x501: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x500, &mut x501, x499, x452, x483); let mut x502: u32 = 0; let mut x503: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x502, &mut x503, x501, x454, x485); let mut x504: u32 = 0; let mut x505: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x504, &mut x505, x503, x456, x487); let mut x506: u32 = 0; let mut x507: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x506, &mut x507, x505, x458, x489); let mut x508: u32 = 0; let mut x509: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x508, &mut x509, x507, x460, x491); let mut x510: u32 = 0; let mut x511: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x510, &mut x511, x509, x462, x493); let mut x512: u32 = 0; let mut x513: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x512, &mut x513, x511, x464, x495); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x514, &mut x515, x496, 0xee00bc4f); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x516, &mut x517, x514, 0xffffffff); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x518, &mut x519, x514, 0xffffffff); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x520, &mut x521, x514, 0xffffffff); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x522, &mut x523, x514, 0xbce6faad); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x524, &mut x525, x514, 0xa7179e84); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x526, &mut x527, x514, 0xf3b9cac2); let mut x528: u32 = 0; let mut x529: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x528, &mut x529, x514, 0xfc632551); let mut x530: u32 = 0; let mut x531: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x530, &mut x531, 0x0, x529, x526); let mut x532: u32 = 0; let mut x533: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x527, x524); let mut x534: u32 = 0; let mut x535: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x525, x522); let mut x536: u32 = 0; let mut x537: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x523, x520); let mut x538: u32 = 0; let mut x539: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x521, x518); let x540: u32 = ((x539 as u32) + x519); let mut x541: u32 = 0; let mut x542: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x541, &mut x542, 0x0, x496, x528); let mut x543: u32 = 0; let mut x544: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x543, &mut x544, x542, x498, x530); let mut x545: u32 = 0; let mut x546: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x500, x532); let mut x547: u32 = 0; let mut x548: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x502, x534); let mut x549: u32 = 0; let mut x550: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x504, x536); let mut x551: u32 = 0; let mut x552: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x506, x538); let mut x553: u32 = 0; let mut x554: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x508, x540); let mut x555: u32 = 0; let mut x556: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x510, x516); let mut x557: u32 = 0; let mut x558: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x512, x517); let x559: u32 = ((x558 as u32) + (x513 as u32)); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x560, &mut x561, x6, (arg2[7])); let mut x562: u32 = 0; let mut x563: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x562, &mut x563, x6, (arg2[6])); let mut x564: u32 = 0; let mut x565: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x564, &mut x565, x6, (arg2[5])); let mut x566: u32 = 0; let mut x567: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x566, &mut x567, x6, (arg2[4])); let mut x568: u32 = 0; let mut x569: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x568, &mut x569, x6, (arg2[3])); let mut x570: u32 = 0; let mut x571: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x570, &mut x571, x6, (arg2[2])); let mut x572: u32 = 0; let mut x573: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x572, &mut x573, x6, (arg2[1])); let mut x574: u32 = 0; let mut x575: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x574, &mut x575, x6, (arg2[0])); let mut x576: u32 = 0; let mut x577: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x576, &mut x577, 0x0, x575, x572); let mut x578: u32 = 0; let mut x579: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x578, &mut x579, x577, x573, x570); let mut x580: u32 = 0; let mut x581: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x580, &mut x581, x579, x571, x568); let mut x582: u32 = 0; let mut x583: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x582, &mut x583, x581, x569, x566); let mut x584: u32 = 0; let mut x585: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x584, &mut x585, x583, x567, x564); let mut x586: u32 = 0; let mut x587: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x586, &mut x587, x585, x565, x562); let mut x588: u32 = 0; let mut x589: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x588, &mut x589, x587, x563, x560); let x590: u32 = ((x589 as u32) + x561); let mut x591: u32 = 0; let mut x592: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x591, &mut x592, 0x0, x543, x574); let mut x593: u32 = 0; let mut x594: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x545, x576); let mut x595: u32 = 0; let mut x596: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x595, &mut x596, x594, x547, x578); let mut x597: u32 = 0; let mut x598: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x597, &mut x598, x596, x549, x580); let mut x599: u32 = 0; let mut x600: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x599, &mut x600, x598, x551, x582); let mut x601: u32 = 0; let mut x602: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x601, &mut x602, x600, x553, x584); let mut x603: u32 = 0; let mut x604: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x603, &mut x604, x602, x555, x586); let mut x605: u32 = 0; let mut x606: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x605, &mut x606, x604, x557, x588); let mut x607: u32 = 0; let mut x608: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x607, &mut x608, x606, x559, x590); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x609, &mut x610, x591, 0xee00bc4f); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x611, &mut x612, x609, 0xffffffff); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x613, &mut x614, x609, 0xffffffff); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x615, &mut x616, x609, 0xffffffff); let mut x617: u32 = 0; let mut x618: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x617, &mut x618, x609, 0xbce6faad); let mut x619: u32 = 0; let mut x620: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x619, &mut x620, x609, 0xa7179e84); let mut x621: u32 = 0; let mut x622: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x621, &mut x622, x609, 0xf3b9cac2); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x623, &mut x624, x609, 0xfc632551); let mut x625: u32 = 0; let mut x626: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x625, &mut x626, 0x0, x624, x621); let mut x627: u32 = 0; let mut x628: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x622, x619); let mut x629: u32 = 0; let mut x630: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x620, x617); let mut x631: u32 = 0; let mut x632: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x618, x615); let mut x633: u32 = 0; let mut x634: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x616, x613); let x635: u32 = ((x634 as u32) + x614); let mut x636: u32 = 0; let mut x637: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x636, &mut x637, 0x0, x591, x623); let mut x638: u32 = 0; let mut x639: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x638, &mut x639, x637, x593, x625); let mut x640: u32 = 0; let mut x641: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x640, &mut x641, x639, x595, x627); let mut x642: u32 = 0; let mut x643: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x642, &mut x643, x641, x597, x629); let mut x644: u32 = 0; let mut x645: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x644, &mut x645, x643, x599, x631); let mut x646: u32 = 0; let mut x647: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x646, &mut x647, x645, x601, x633); let mut x648: u32 = 0; let mut x649: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x648, &mut x649, x647, x603, x635); let mut x650: u32 = 0; let mut x651: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x650, &mut x651, x649, x605, x611); let mut x652: u32 = 0; let mut x653: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x652, &mut x653, x651, x607, x612); let x654: u32 = ((x653 as u32) + (x608 as u32)); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x655, &mut x656, x7, (arg2[7])); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x657, &mut x658, x7, (arg2[6])); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x659, &mut x660, x7, (arg2[5])); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x661, &mut x662, x7, (arg2[4])); let mut x663: u32 = 0; let mut x664: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x663, &mut x664, x7, (arg2[3])); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x665, &mut x666, x7, (arg2[2])); let mut x667: u32 = 0; let mut x668: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x667, &mut x668, x7, (arg2[1])); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x669, &mut x670, x7, (arg2[0])); let mut x671: u32 = 0; let mut x672: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x671, &mut x672, 0x0, x670, x667); let mut x673: u32 = 0; let mut x674: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x668, x665); let mut x675: u32 = 0; let mut x676: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x666, x663); let mut x677: u32 = 0; let mut x678: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x677, &mut x678, x676, x664, x661); let mut x679: u32 = 0; let mut x680: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x679, &mut x680, x678, x662, x659); let mut x681: u32 = 0; let mut x682: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x681, &mut x682, x680, x660, x657); let mut x683: u32 = 0; let mut x684: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x658, x655); let x685: u32 = ((x684 as u32) + x656); let mut x686: u32 = 0; let mut x687: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x686, &mut x687, 0x0, x638, x669); let mut x688: u32 = 0; let mut x689: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x688, &mut x689, x687, x640, x671); let mut x690: u32 = 0; let mut x691: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x690, &mut x691, x689, x642, x673); let mut x692: u32 = 0; let mut x693: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x692, &mut x693, x691, x644, x675); let mut x694: u32 = 0; let mut x695: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x694, &mut x695, x693, x646, x677); let mut x696: u32 = 0; let mut x697: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x696, &mut x697, x695, x648, x679); let mut x698: u32 = 0; let mut x699: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x698, &mut x699, x697, x650, x681); let mut x700: u32 = 0; let mut x701: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x700, &mut x701, x699, x652, x683); let mut x702: u32 = 0; let mut x703: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x702, &mut x703, x701, x654, x685); let mut x704: u32 = 0; let mut x705: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x704, &mut x705, x686, 0xee00bc4f); let mut x706: u32 = 0; let mut x707: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x706, &mut x707, x704, 0xffffffff); let mut x708: u32 = 0; let mut x709: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x708, &mut x709, x704, 0xffffffff); let mut x710: u32 = 0; let mut x711: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x710, &mut x711, x704, 0xffffffff); let mut x712: u32 = 0; let mut x713: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x712, &mut x713, x704, 0xbce6faad); let mut x714: u32 = 0; let mut x715: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x714, &mut x715, x704, 0xa7179e84); let mut x716: u32 = 0; let mut x717: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x716, &mut x717, x704, 0xf3b9cac2); let mut x718: u32 = 0; let mut x719: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x718, &mut x719, x704, 0xfc632551); let mut x720: u32 = 0; let mut x721: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x720, &mut x721, 0x0, x719, x716); let mut x722: u32 = 0; let mut x723: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x722, &mut x723, x721, x717, x714); let mut x724: u32 = 0; let mut x725: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x724, &mut x725, x723, x715, x712); let mut x726: u32 = 0; let mut x727: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x726, &mut x727, x725, x713, x710); let mut x728: u32 = 0; let mut x729: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x728, &mut x729, x727, x711, x708); let x730: u32 = ((x729 as u32) + x709); let mut x731: u32 = 0; let mut x732: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x731, &mut x732, 0x0, x686, x718); let mut x733: u32 = 0; let mut x734: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x733, &mut x734, x732, x688, x720); let mut x735: u32 = 0; let mut x736: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x735, &mut x736, x734, x690, x722); let mut x737: u32 = 0; let mut x738: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x737, &mut x738, x736, x692, x724); let mut x739: u32 = 0; let mut x740: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x739, &mut x740, x738, x694, x726); let mut x741: u32 = 0; let mut x742: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x741, &mut x742, x740, x696, x728); let mut x743: u32 = 0; let mut x744: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x743, &mut x744, x742, x698, x730); let mut x745: u32 = 0; let mut x746: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x745, &mut x746, x744, x700, x706); let mut x747: u32 = 0; let mut x748: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x747, &mut x748, x746, x702, x707); let x749: u32 = ((x748 as u32) + (x703 as u32)); let mut x750: u32 = 0; let mut x751: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x750, &mut x751, 0x0, x733, 0xfc632551); let mut x752: u32 = 0; let mut x753: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x752, &mut x753, x751, x735, 0xf3b9cac2); let mut x754: u32 = 0; let mut x755: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x754, &mut x755, x753, x737, 0xa7179e84); let mut x756: u32 = 0; let mut x757: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x756, &mut x757, x755, x739, 0xbce6faad); let mut x758: u32 = 0; let mut x759: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x758, &mut x759, x757, x741, 0xffffffff); let mut x760: u32 = 0; let mut x761: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x760, &mut x761, x759, x743, 0xffffffff); let mut x762: u32 = 0; let mut x763: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x762, &mut x763, x761, x745, (0x0 as u32)); let mut x764: u32 = 0; let mut x765: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x764, &mut x765, x763, x747, 0xffffffff); let mut x766: u32 = 0; let mut x767: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x766, &mut x767, x765, x749, (0x0 as u32)); let mut x768: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x768, x767, x750, x733); let mut x769: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x769, x767, x752, x735); let mut x770: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x770, x767, x754, x737); let mut x771: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x771, x767, x756, x739); let mut x772: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x772, x767, x758, x741); let mut x773: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x773, x767, x760, x743); let mut x774: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x774, x767, x762, x745); let mut x775: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x775, x767, x764, x747); out1[0] = x768; out1[1] = x769; out1[2] = x770; out1[3] = x771; out1[4] = x772; out1[5] = x773; out1[6] = x774; out1[7] = x775; } /// The function fiat_p256_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_square(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg1[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg1[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg1[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg1[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg1[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg1[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg1[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg1[0])); let mut x25: u32 = 0; let mut x26: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x40, &mut x41, x23, 0xee00bc4f); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x48, &mut x49, x40, 0xbce6faad); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x50, &mut x51, x40, 0xa7179e84); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x52, &mut x53, x40, 0xf3b9cac2); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x54, &mut x55, x40, 0xfc632551); let mut x56: u32 = 0; let mut x57: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x56, &mut x57, 0x0, x55, x52); let mut x58: u32 = 0; let mut x59: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x58, &mut x59, x57, x53, x50); let mut x60: u32 = 0; let mut x61: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x60, &mut x61, x59, x51, x48); let mut x62: u32 = 0; let mut x63: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x62, &mut x63, x61, x49, x46); let mut x64: u32 = 0; let mut x65: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x47, x44); let x66: u32 = ((x65 as u32) + x45); let mut x67: u32 = 0; let mut x68: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x67, &mut x68, 0x0, x23, x54); let mut x69: u32 = 0; let mut x70: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x25, x56); let mut x71: u32 = 0; let mut x72: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x27, x58); let mut x73: u32 = 0; let mut x74: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x29, x60); let mut x75: u32 = 0; let mut x76: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x31, x62); let mut x77: u32 = 0; let mut x78: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x33, x64); let mut x79: u32 = 0; let mut x80: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x35, x66); let mut x81: u32 = 0; let mut x82: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x37, x42); let mut x83: u32 = 0; let mut x84: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x39, x43); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x85, &mut x86, x1, (arg1[7])); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x87, &mut x88, x1, (arg1[6])); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x89, &mut x90, x1, (arg1[5])); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg1[4])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x93, &mut x94, x1, (arg1[3])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x95, &mut x96, x1, (arg1[2])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x97, &mut x98, x1, (arg1[1])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x99, &mut x100, x1, (arg1[0])); let mut x101: u32 = 0; let mut x102: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x101, &mut x102, 0x0, x100, x97); let mut x103: u32 = 0; let mut x104: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x98, x95); let mut x105: u32 = 0; let mut x106: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x96, x93); let mut x107: u32 = 0; let mut x108: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x107, &mut x108, x106, x94, x91); let mut x109: u32 = 0; let mut x110: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x92, x89); let mut x111: u32 = 0; let mut x112: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x90, x87); let mut x113: u32 = 0; let mut x114: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x88, x85); let x115: u32 = ((x114 as u32) + x86); let mut x116: u32 = 0; let mut x117: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x116, &mut x117, 0x0, x69, x99); let mut x118: u32 = 0; let mut x119: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x71, x101); let mut x120: u32 = 0; let mut x121: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x73, x103); let mut x122: u32 = 0; let mut x123: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x132, &mut x133, x131, (x84 as u32), x115); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x134, &mut x135, x116, 0xee00bc4f); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x136, &mut x137, x134, 0xffffffff); let mut x138: u32 = 0; let mut x139: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x138, &mut x139, x134, 0xffffffff); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x140, &mut x141, x134, 0xffffffff); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x142, &mut x143, x134, 0xbce6faad); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x144, &mut x145, x134, 0xa7179e84); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x146, &mut x147, x134, 0xf3b9cac2); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x148, &mut x149, x134, 0xfc632551); let mut x150: u32 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x150, &mut x151, 0x0, x149, x146); let mut x152: u32 = 0; let mut x153: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x147, x144); let mut x154: u32 = 0; let mut x155: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x145, x142); let mut x156: u32 = 0; let mut x157: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x143, x140); let mut x158: u32 = 0; let mut x159: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x141, x138); let x160: u32 = ((x159 as u32) + x139); let mut x161: u32 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x161, &mut x162, 0x0, x116, x148); let mut x163: u32 = 0; let mut x164: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x118, x150); let mut x165: u32 = 0; let mut x166: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x120, x152); let mut x167: u32 = 0; let mut x168: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x122, x154); let mut x169: u32 = 0; let mut x170: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x124, x156); let mut x171: u32 = 0; let mut x172: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x126, x158); let mut x173: u32 = 0; let mut x174: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x128, x160); let mut x175: u32 = 0; let mut x176: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x130, x136); let mut x177: u32 = 0; let mut x178: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x132, x137); let x179: u32 = ((x178 as u32) + (x133 as u32)); let mut x180: u32 = 0; let mut x181: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x180, &mut x181, x2, (arg1[7])); let mut x182: u32 = 0; let mut x183: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x182, &mut x183, x2, (arg1[6])); let mut x184: u32 = 0; let mut x185: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x184, &mut x185, x2, (arg1[5])); let mut x186: u32 = 0; let mut x187: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x186, &mut x187, x2, (arg1[4])); let mut x188: u32 = 0; let mut x189: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x188, &mut x189, x2, (arg1[3])); let mut x190: u32 = 0; let mut x191: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x190, &mut x191, x2, (arg1[2])); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x192, &mut x193, x2, (arg1[1])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x194, &mut x195, x2, (arg1[0])); let mut x196: u32 = 0; let mut x197: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x196, &mut x197, 0x0, x195, x192); let mut x198: u32 = 0; let mut x199: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x193, x190); let mut x200: u32 = 0; let mut x201: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x200, &mut x201, x199, x191, x188); let mut x202: u32 = 0; let mut x203: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x202, &mut x203, x201, x189, x186); let mut x204: u32 = 0; let mut x205: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x204, &mut x205, x203, x187, x184); let mut x206: u32 = 0; let mut x207: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x206, &mut x207, x205, x185, x182); let mut x208: u32 = 0; let mut x209: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x208, &mut x209, x207, x183, x180); let x210: u32 = ((x209 as u32) + x181); let mut x211: u32 = 0; let mut x212: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x211, &mut x212, 0x0, x163, x194); let mut x213: u32 = 0; let mut x214: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x213, &mut x214, x212, x165, x196); let mut x215: u32 = 0; let mut x216: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x215, &mut x216, x214, x167, x198); let mut x217: u32 = 0; let mut x218: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x217, &mut x218, x216, x169, x200); let mut x219: u32 = 0; let mut x220: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x219, &mut x220, x218, x171, x202); let mut x221: u32 = 0; let mut x222: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x221, &mut x222, x220, x173, x204); let mut x223: u32 = 0; let mut x224: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x223, &mut x224, x222, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x229, &mut x230, x211, 0xee00bc4f); let mut x231: u32 = 0; let mut x232: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x231, &mut x232, x229, 0xffffffff); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x233, &mut x234, x229, 0xffffffff); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x235, &mut x236, x229, 0xffffffff); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x237, &mut x238, x229, 0xbce6faad); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x239, &mut x240, x229, 0xa7179e84); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x241, &mut x242, x229, 0xf3b9cac2); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x243, &mut x244, x229, 0xfc632551); let mut x245: u32 = 0; let mut x246: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x245, &mut x246, 0x0, x244, x241); let mut x247: u32 = 0; let mut x248: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x247, &mut x248, x246, x242, x239); let mut x249: u32 = 0; let mut x250: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x249, &mut x250, x248, x240, x237); let mut x251: u32 = 0; let mut x252: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x251, &mut x252, x250, x238, x235); let mut x253: u32 = 0; let mut x254: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x236, x233); let x255: u32 = ((x254 as u32) + x234); let mut x256: u32 = 0; let mut x257: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x256, &mut x257, 0x0, x211, x243); let mut x258: u32 = 0; let mut x259: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x213, x245); let mut x260: u32 = 0; let mut x261: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x215, x247); let mut x262: u32 = 0; let mut x263: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x217, x249); let mut x264: u32 = 0; let mut x265: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x219, x251); let mut x266: u32 = 0; let mut x267: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x266, &mut x267, x265, x221, x253); let mut x268: u32 = 0; let mut x269: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x223, x255); let mut x270: u32 = 0; let mut x271: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x270, &mut x271, x269, x225, x231); let mut x272: u32 = 0; let mut x273: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x272, &mut x273, x271, x227, x232); let x274: u32 = ((x273 as u32) + (x228 as u32)); let mut x275: u32 = 0; let mut x276: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x275, &mut x276, x3, (arg1[7])); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x277, &mut x278, x3, (arg1[6])); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x279, &mut x280, x3, (arg1[5])); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x281, &mut x282, x3, (arg1[4])); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x283, &mut x284, x3, (arg1[3])); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x285, &mut x286, x3, (arg1[2])); let mut x287: u32 = 0; let mut x288: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x287, &mut x288, x3, (arg1[1])); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x289, &mut x290, x3, (arg1[0])); let mut x291: u32 = 0; let mut x292: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x291, &mut x292, 0x0, x290, x287); let mut x293: u32 = 0; let mut x294: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x293, &mut x294, x292, x288, x285); let mut x295: u32 = 0; let mut x296: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x295, &mut x296, x294, x286, x283); let mut x297: u32 = 0; let mut x298: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x297, &mut x298, x296, x284, x281); let mut x299: u32 = 0; let mut x300: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x299, &mut x300, x298, x282, x279); let mut x301: u32 = 0; let mut x302: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x301, &mut x302, x300, x280, x277); let mut x303: u32 = 0; let mut x304: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x278, x275); let x305: u32 = ((x304 as u32) + x276); let mut x306: u32 = 0; let mut x307: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x306, &mut x307, 0x0, x258, x289); let mut x308: u32 = 0; let mut x309: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x308, &mut x309, x307, x260, x291); let mut x310: u32 = 0; let mut x311: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x262, x293); let mut x312: u32 = 0; let mut x313: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x312, &mut x313, x311, x264, x295); let mut x314: u32 = 0; let mut x315: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x266, x297); let mut x316: u32 = 0; let mut x317: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x268, x299); let mut x318: u32 = 0; let mut x319: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x270, x301); let mut x320: u32 = 0; let mut x321: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x272, x303); let mut x322: u32 = 0; let mut x323: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x274, x305); let mut x324: u32 = 0; let mut x325: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x324, &mut x325, x306, 0xee00bc4f); let mut x326: u32 = 0; let mut x327: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x326, &mut x327, x324, 0xffffffff); let mut x328: u32 = 0; let mut x329: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x328, &mut x329, x324, 0xffffffff); let mut x330: u32 = 0; let mut x331: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x330, &mut x331, x324, 0xffffffff); let mut x332: u32 = 0; let mut x333: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x332, &mut x333, x324, 0xbce6faad); let mut x334: u32 = 0; let mut x335: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x334, &mut x335, x324, 0xa7179e84); let mut x336: u32 = 0; let mut x337: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x336, &mut x337, x324, 0xf3b9cac2); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x338, &mut x339, x324, 0xfc632551); let mut x340: u32 = 0; let mut x341: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x340, &mut x341, 0x0, x339, x336); let mut x342: u32 = 0; let mut x343: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x342, &mut x343, x341, x337, x334); let mut x344: u32 = 0; let mut x345: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x344, &mut x345, x343, x335, x332); let mut x346: u32 = 0; let mut x347: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x346, &mut x347, x345, x333, x330); let mut x348: u32 = 0; let mut x349: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x348, &mut x349, x347, x331, x328); let x350: u32 = ((x349 as u32) + x329); let mut x351: u32 = 0; let mut x352: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x351, &mut x352, 0x0, x306, x338); let mut x353: u32 = 0; let mut x354: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x308, x340); let mut x355: u32 = 0; let mut x356: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x310, x342); let mut x357: u32 = 0; let mut x358: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x357, &mut x358, x356, x312, x344); let mut x359: u32 = 0; let mut x360: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x359, &mut x360, x358, x314, x346); let mut x361: u32 = 0; let mut x362: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x361, &mut x362, x360, x316, x348); let mut x363: u32 = 0; let mut x364: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x363, &mut x364, x362, x318, x350); let mut x365: u32 = 0; let mut x366: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x365, &mut x366, x364, x320, x326); let mut x367: u32 = 0; let mut x368: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x367, &mut x368, x366, x322, x327); let x369: u32 = ((x368 as u32) + (x323 as u32)); let mut x370: u32 = 0; let mut x371: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x370, &mut x371, x4, (arg1[7])); let mut x372: u32 = 0; let mut x373: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x372, &mut x373, x4, (arg1[6])); let mut x374: u32 = 0; let mut x375: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x374, &mut x375, x4, (arg1[5])); let mut x376: u32 = 0; let mut x377: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x376, &mut x377, x4, (arg1[4])); let mut x378: u32 = 0; let mut x379: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x378, &mut x379, x4, (arg1[3])); let mut x380: u32 = 0; let mut x381: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x380, &mut x381, x4, (arg1[2])); let mut x382: u32 = 0; let mut x383: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x382, &mut x383, x4, (arg1[1])); let mut x384: u32 = 0; let mut x385: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x384, &mut x385, x4, (arg1[0])); let mut x386: u32 = 0; let mut x387: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x386, &mut x387, 0x0, x385, x382); let mut x388: u32 = 0; let mut x389: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x388, &mut x389, x387, x383, x380); let mut x390: u32 = 0; let mut x391: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x390, &mut x391, x389, x381, x378); let mut x392: u32 = 0; let mut x393: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x392, &mut x393, x391, x379, x376); let mut x394: u32 = 0; let mut x395: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x394, &mut x395, x393, x377, x374); let mut x396: u32 = 0; let mut x397: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x396, &mut x397, x395, x375, x372); let mut x398: u32 = 0; let mut x399: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x398, &mut x399, x397, x373, x370); let x400: u32 = ((x399 as u32) + x371); let mut x401: u32 = 0; let mut x402: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x401, &mut x402, 0x0, x353, x384); let mut x403: u32 = 0; let mut x404: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x355, x386); let mut x405: u32 = 0; let mut x406: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x405, &mut x406, x404, x357, x388); let mut x407: u32 = 0; let mut x408: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x407, &mut x408, x406, x359, x390); let mut x409: u32 = 0; let mut x410: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x409, &mut x410, x408, x361, x392); let mut x411: u32 = 0; let mut x412: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x411, &mut x412, x410, x363, x394); let mut x413: u32 = 0; let mut x414: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x413, &mut x414, x412, x365, x396); let mut x415: u32 = 0; let mut x416: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x415, &mut x416, x414, x367, x398); let mut x417: u32 = 0; let mut x418: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x369, x400); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x419, &mut x420, x401, 0xee00bc4f); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x421, &mut x422, x419, 0xffffffff); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x423, &mut x424, x419, 0xffffffff); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x425, &mut x426, x419, 0xffffffff); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x427, &mut x428, x419, 0xbce6faad); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x429, &mut x430, x419, 0xa7179e84); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x431, &mut x432, x419, 0xf3b9cac2); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x433, &mut x434, x419, 0xfc632551); let mut x435: u32 = 0; let mut x436: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x435, &mut x436, 0x0, x434, x431); let mut x437: u32 = 0; let mut x438: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x437, &mut x438, x436, x432, x429); let mut x439: u32 = 0; let mut x440: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x439, &mut x440, x438, x430, x427); let mut x441: u32 = 0; let mut x442: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x441, &mut x442, x440, x428, x425); let mut x443: u32 = 0; let mut x444: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x443, &mut x444, x442, x426, x423); let x445: u32 = ((x444 as u32) + x424); let mut x446: u32 = 0; let mut x447: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x446, &mut x447, 0x0, x401, x433); let mut x448: u32 = 0; let mut x449: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x448, &mut x449, x447, x403, x435); let mut x450: u32 = 0; let mut x451: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x450, &mut x451, x449, x405, x437); let mut x452: u32 = 0; let mut x453: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x452, &mut x453, x451, x407, x439); let mut x454: u32 = 0; let mut x455: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x454, &mut x455, x453, x409, x441); let mut x456: u32 = 0; let mut x457: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x456, &mut x457, x455, x411, x443); let mut x458: u32 = 0; let mut x459: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x413, x445); let mut x460: u32 = 0; let mut x461: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x415, x421); let mut x462: u32 = 0; let mut x463: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x417, x422); let x464: u32 = ((x463 as u32) + (x418 as u32)); let mut x465: u32 = 0; let mut x466: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x465, &mut x466, x5, (arg1[7])); let mut x467: u32 = 0; let mut x468: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x467, &mut x468, x5, (arg1[6])); let mut x469: u32 = 0; let mut x470: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x469, &mut x470, x5, (arg1[5])); let mut x471: u32 = 0; let mut x472: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x471, &mut x472, x5, (arg1[4])); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x473, &mut x474, x5, (arg1[3])); let mut x475: u32 = 0; let mut x476: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x475, &mut x476, x5, (arg1[2])); let mut x477: u32 = 0; let mut x478: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x477, &mut x478, x5, (arg1[1])); let mut x479: u32 = 0; let mut x480: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x479, &mut x480, x5, (arg1[0])); let mut x481: u32 = 0; let mut x482: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x481, &mut x482, 0x0, x480, x477); let mut x483: u32 = 0; let mut x484: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x483, &mut x484, x482, x478, x475); let mut x485: u32 = 0; let mut x486: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x485, &mut x486, x484, x476, x473); let mut x487: u32 = 0; let mut x488: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x487, &mut x488, x486, x474, x471); let mut x489: u32 = 0; let mut x490: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x489, &mut x490, x488, x472, x469); let mut x491: u32 = 0; let mut x492: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x491, &mut x492, x490, x470, x467); let mut x493: u32 = 0; let mut x494: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x493, &mut x494, x492, x468, x465); let x495: u32 = ((x494 as u32) + x466); let mut x496: u32 = 0; let mut x497: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x496, &mut x497, 0x0, x448, x479); let mut x498: u32 = 0; let mut x499: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x498, &mut x499, x497, x450, x481); let mut x500: u32 = 0; let mut x501: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x500, &mut x501, x499, x452, x483); let mut x502: u32 = 0; let mut x503: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x502, &mut x503, x501, x454, x485); let mut x504: u32 = 0; let mut x505: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x504, &mut x505, x503, x456, x487); let mut x506: u32 = 0; let mut x507: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x506, &mut x507, x505, x458, x489); let mut x508: u32 = 0; let mut x509: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x508, &mut x509, x507, x460, x491); let mut x510: u32 = 0; let mut x511: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x510, &mut x511, x509, x462, x493); let mut x512: u32 = 0; let mut x513: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x512, &mut x513, x511, x464, x495); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x514, &mut x515, x496, 0xee00bc4f); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x516, &mut x517, x514, 0xffffffff); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x518, &mut x519, x514, 0xffffffff); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x520, &mut x521, x514, 0xffffffff); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x522, &mut x523, x514, 0xbce6faad); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x524, &mut x525, x514, 0xa7179e84); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x526, &mut x527, x514, 0xf3b9cac2); let mut x528: u32 = 0; let mut x529: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x528, &mut x529, x514, 0xfc632551); let mut x530: u32 = 0; let mut x531: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x530, &mut x531, 0x0, x529, x526); let mut x532: u32 = 0; let mut x533: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x527, x524); let mut x534: u32 = 0; let mut x535: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x525, x522); let mut x536: u32 = 0; let mut x537: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x523, x520); let mut x538: u32 = 0; let mut x539: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x521, x518); let x540: u32 = ((x539 as u32) + x519); let mut x541: u32 = 0; let mut x542: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x541, &mut x542, 0x0, x496, x528); let mut x543: u32 = 0; let mut x544: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x543, &mut x544, x542, x498, x530); let mut x545: u32 = 0; let mut x546: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x500, x532); let mut x547: u32 = 0; let mut x548: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x502, x534); let mut x549: u32 = 0; let mut x550: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x504, x536); let mut x551: u32 = 0; let mut x552: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x506, x538); let mut x553: u32 = 0; let mut x554: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x508, x540); let mut x555: u32 = 0; let mut x556: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x510, x516); let mut x557: u32 = 0; let mut x558: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x512, x517); let x559: u32 = ((x558 as u32) + (x513 as u32)); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x560, &mut x561, x6, (arg1[7])); let mut x562: u32 = 0; let mut x563: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x562, &mut x563, x6, (arg1[6])); let mut x564: u32 = 0; let mut x565: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x564, &mut x565, x6, (arg1[5])); let mut x566: u32 = 0; let mut x567: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x566, &mut x567, x6, (arg1[4])); let mut x568: u32 = 0; let mut x569: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x568, &mut x569, x6, (arg1[3])); let mut x570: u32 = 0; let mut x571: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x570, &mut x571, x6, (arg1[2])); let mut x572: u32 = 0; let mut x573: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x572, &mut x573, x6, (arg1[1])); let mut x574: u32 = 0; let mut x575: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x574, &mut x575, x6, (arg1[0])); let mut x576: u32 = 0; let mut x577: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x576, &mut x577, 0x0, x575, x572); let mut x578: u32 = 0; let mut x579: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x578, &mut x579, x577, x573, x570); let mut x580: u32 = 0; let mut x581: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x580, &mut x581, x579, x571, x568); let mut x582: u32 = 0; let mut x583: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x582, &mut x583, x581, x569, x566); let mut x584: u32 = 0; let mut x585: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x584, &mut x585, x583, x567, x564); let mut x586: u32 = 0; let mut x587: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x586, &mut x587, x585, x565, x562); let mut x588: u32 = 0; let mut x589: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x588, &mut x589, x587, x563, x560); let x590: u32 = ((x589 as u32) + x561); let mut x591: u32 = 0; let mut x592: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x591, &mut x592, 0x0, x543, x574); let mut x593: u32 = 0; let mut x594: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x545, x576); let mut x595: u32 = 0; let mut x596: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x595, &mut x596, x594, x547, x578); let mut x597: u32 = 0; let mut x598: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x597, &mut x598, x596, x549, x580); let mut x599: u32 = 0; let mut x600: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x599, &mut x600, x598, x551, x582); let mut x601: u32 = 0; let mut x602: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x601, &mut x602, x600, x553, x584); let mut x603: u32 = 0; let mut x604: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x603, &mut x604, x602, x555, x586); let mut x605: u32 = 0; let mut x606: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x605, &mut x606, x604, x557, x588); let mut x607: u32 = 0; let mut x608: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x607, &mut x608, x606, x559, x590); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x609, &mut x610, x591, 0xee00bc4f); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x611, &mut x612, x609, 0xffffffff); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x613, &mut x614, x609, 0xffffffff); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x615, &mut x616, x609, 0xffffffff); let mut x617: u32 = 0; let mut x618: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x617, &mut x618, x609, 0xbce6faad); let mut x619: u32 = 0; let mut x620: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x619, &mut x620, x609, 0xa7179e84); let mut x621: u32 = 0; let mut x622: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x621, &mut x622, x609, 0xf3b9cac2); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x623, &mut x624, x609, 0xfc632551); let mut x625: u32 = 0; let mut x626: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x625, &mut x626, 0x0, x624, x621); let mut x627: u32 = 0; let mut x628: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x622, x619); let mut x629: u32 = 0; let mut x630: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x620, x617); let mut x631: u32 = 0; let mut x632: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x618, x615); let mut x633: u32 = 0; let mut x634: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x616, x613); let x635: u32 = ((x634 as u32) + x614); let mut x636: u32 = 0; let mut x637: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x636, &mut x637, 0x0, x591, x623); let mut x638: u32 = 0; let mut x639: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x638, &mut x639, x637, x593, x625); let mut x640: u32 = 0; let mut x641: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x640, &mut x641, x639, x595, x627); let mut x642: u32 = 0; let mut x643: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x642, &mut x643, x641, x597, x629); let mut x644: u32 = 0; let mut x645: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x644, &mut x645, x643, x599, x631); let mut x646: u32 = 0; let mut x647: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x646, &mut x647, x645, x601, x633); let mut x648: u32 = 0; let mut x649: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x648, &mut x649, x647, x603, x635); let mut x650: u32 = 0; let mut x651: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x650, &mut x651, x649, x605, x611); let mut x652: u32 = 0; let mut x653: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x652, &mut x653, x651, x607, x612); let x654: u32 = ((x653 as u32) + (x608 as u32)); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x655, &mut x656, x7, (arg1[7])); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x657, &mut x658, x7, (arg1[6])); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x659, &mut x660, x7, (arg1[5])); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x661, &mut x662, x7, (arg1[4])); let mut x663: u32 = 0; let mut x664: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x663, &mut x664, x7, (arg1[3])); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x665, &mut x666, x7, (arg1[2])); let mut x667: u32 = 0; let mut x668: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x667, &mut x668, x7, (arg1[1])); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x669, &mut x670, x7, (arg1[0])); let mut x671: u32 = 0; let mut x672: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x671, &mut x672, 0x0, x670, x667); let mut x673: u32 = 0; let mut x674: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x668, x665); let mut x675: u32 = 0; let mut x676: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x666, x663); let mut x677: u32 = 0; let mut x678: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x677, &mut x678, x676, x664, x661); let mut x679: u32 = 0; let mut x680: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x679, &mut x680, x678, x662, x659); let mut x681: u32 = 0; let mut x682: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x681, &mut x682, x680, x660, x657); let mut x683: u32 = 0; let mut x684: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x658, x655); let x685: u32 = ((x684 as u32) + x656); let mut x686: u32 = 0; let mut x687: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x686, &mut x687, 0x0, x638, x669); let mut x688: u32 = 0; let mut x689: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x688, &mut x689, x687, x640, x671); let mut x690: u32 = 0; let mut x691: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x690, &mut x691, x689, x642, x673); let mut x692: u32 = 0; let mut x693: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x692, &mut x693, x691, x644, x675); let mut x694: u32 = 0; let mut x695: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x694, &mut x695, x693, x646, x677); let mut x696: u32 = 0; let mut x697: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x696, &mut x697, x695, x648, x679); let mut x698: u32 = 0; let mut x699: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x698, &mut x699, x697, x650, x681); let mut x700: u32 = 0; let mut x701: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x700, &mut x701, x699, x652, x683); let mut x702: u32 = 0; let mut x703: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x702, &mut x703, x701, x654, x685); let mut x704: u32 = 0; let mut x705: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x704, &mut x705, x686, 0xee00bc4f); let mut x706: u32 = 0; let mut x707: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x706, &mut x707, x704, 0xffffffff); let mut x708: u32 = 0; let mut x709: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x708, &mut x709, x704, 0xffffffff); let mut x710: u32 = 0; let mut x711: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x710, &mut x711, x704, 0xffffffff); let mut x712: u32 = 0; let mut x713: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x712, &mut x713, x704, 0xbce6faad); let mut x714: u32 = 0; let mut x715: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x714, &mut x715, x704, 0xa7179e84); let mut x716: u32 = 0; let mut x717: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x716, &mut x717, x704, 0xf3b9cac2); let mut x718: u32 = 0; let mut x719: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x718, &mut x719, x704, 0xfc632551); let mut x720: u32 = 0; let mut x721: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x720, &mut x721, 0x0, x719, x716); let mut x722: u32 = 0; let mut x723: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x722, &mut x723, x721, x717, x714); let mut x724: u32 = 0; let mut x725: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x724, &mut x725, x723, x715, x712); let mut x726: u32 = 0; let mut x727: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x726, &mut x727, x725, x713, x710); let mut x728: u32 = 0; let mut x729: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x728, &mut x729, x727, x711, x708); let x730: u32 = ((x729 as u32) + x709); let mut x731: u32 = 0; let mut x732: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x731, &mut x732, 0x0, x686, x718); let mut x733: u32 = 0; let mut x734: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x733, &mut x734, x732, x688, x720); let mut x735: u32 = 0; let mut x736: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x735, &mut x736, x734, x690, x722); let mut x737: u32 = 0; let mut x738: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x737, &mut x738, x736, x692, x724); let mut x739: u32 = 0; let mut x740: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x739, &mut x740, x738, x694, x726); let mut x741: u32 = 0; let mut x742: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x741, &mut x742, x740, x696, x728); let mut x743: u32 = 0; let mut x744: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x743, &mut x744, x742, x698, x730); let mut x745: u32 = 0; let mut x746: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x745, &mut x746, x744, x700, x706); let mut x747: u32 = 0; let mut x748: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x747, &mut x748, x746, x702, x707); let x749: u32 = ((x748 as u32) + (x703 as u32)); let mut x750: u32 = 0; let mut x751: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x750, &mut x751, 0x0, x733, 0xfc632551); let mut x752: u32 = 0; let mut x753: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x752, &mut x753, x751, x735, 0xf3b9cac2); let mut x754: u32 = 0; let mut x755: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x754, &mut x755, x753, x737, 0xa7179e84); let mut x756: u32 = 0; let mut x757: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x756, &mut x757, x755, x739, 0xbce6faad); let mut x758: u32 = 0; let mut x759: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x758, &mut x759, x757, x741, 0xffffffff); let mut x760: u32 = 0; let mut x761: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x760, &mut x761, x759, x743, 0xffffffff); let mut x762: u32 = 0; let mut x763: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x762, &mut x763, x761, x745, (0x0 as u32)); let mut x764: u32 = 0; let mut x765: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x764, &mut x765, x763, x747, 0xffffffff); let mut x766: u32 = 0; let mut x767: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x766, &mut x767, x765, x749, (0x0 as u32)); let mut x768: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x768, x767, x750, x733); let mut x769: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x769, x767, x752, x735); let mut x770: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x770, x767, x754, x737); let mut x771: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x771, x767, x756, x739); let mut x772: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x772, x767, x758, x741); let mut x773: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x773, x767, x760, x743); let mut x774: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x774, x767, x762, x745); let mut x775: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x775, x767, x764, x747); out1[0] = x768; out1[1] = x769; out1[2] = x770; out1[3] = x771; out1[4] = x772; out1[5] = x773; out1[6] = x774; out1[7] = x775; } /// The function fiat_p256_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_add(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x17, &mut x18, 0x0, x1, 0xfc632551); let mut x19: u32 = 0; let mut x20: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x19, &mut x20, x18, x3, 0xf3b9cac2); let mut x21: u32 = 0; let mut x22: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x21, &mut x22, x20, x5, 0xa7179e84); let mut x23: u32 = 0; let mut x24: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x23, &mut x24, x22, x7, 0xbce6faad); let mut x25: u32 = 0; let mut x26: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x25, &mut x26, x24, x9, 0xffffffff); let mut x27: u32 = 0; let mut x28: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x27, &mut x28, x26, x11, 0xffffffff); let mut x29: u32 = 0; let mut x30: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x29, &mut x30, x28, x13, (0x0 as u32)); let mut x31: u32 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x31, &mut x32, x30, x15, 0xffffffff); let mut x33: u32 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x33, &mut x34, x32, (x16 as u32), (0x0 as u32)); let mut x35: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x35, x34, x17, x1); let mut x36: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x36, x34, x19, x3); let mut x37: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x37, x34, x21, x5); let mut x38: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x38, x34, x23, x7); let mut x39: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x39, x34, x25, x9); let mut x40: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x40, x34, x27, x11); let mut x41: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x41, x34, x29, x13); let mut x42: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x42, x34, x31, x15); out1[0] = x35; out1[1] = x36; out1[2] = x37; out1[3] = x38; out1[4] = x39; out1[5] = x40; out1[6] = x41; out1[7] = x42; } /// The function fiat_p256_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_sub(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xfc632551)); let mut x20: u32 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xf3b9cac2)); let mut x22: u32 = 0; let mut x23: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xa7179e84)); let mut x24: u32 = 0; let mut x25: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0xbce6faad)); let mut x26: u32 = 0; let mut x27: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, x17); let mut x28: u32 = 0; let mut x29: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_p256_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_opp(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xfc632551)); let mut x20: u32 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xf3b9cac2)); let mut x22: u32 = 0; let mut x23: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xa7179e84)); let mut x24: u32 = 0; let mut x25: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0xbce6faad)); let mut x26: u32 = 0; let mut x27: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, x17); let mut x28: u32 = 0; let mut x29: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_p256_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_from_montgomery(out1: &mut fiat_p256_scalar_non_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x2, &mut x3, x1, 0xee00bc4f); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x6, &mut x7, x2, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x8, &mut x9, x2, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x10, &mut x11, x2, 0xbce6faad); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x12, &mut x13, x2, 0xa7179e84); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x14, &mut x15, x2, 0xf3b9cac2); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x16, &mut x17, x2, 0xfc632551); let mut x18: u32 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x17, x14); let mut x20: u32 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x15, x12); let mut x22: u32 = 0; let mut x23: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x13, x10); let mut x24: u32 = 0; let mut x25: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x11, x8); let mut x26: u32 = 0; let mut x27: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, x6); let mut x28: u32 = 0; let mut x29: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x28, &mut x29, 0x0, x1, x16); let mut x30: u32 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), x18); let mut x32: u32 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), x20); let mut x34: u32 = 0; let mut x35: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x34, &mut x35, x33, (0x0 as u32), x22); let mut x36: u32 = 0; let mut x37: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x36, &mut x37, x35, (0x0 as u32), x24); let mut x38: u32 = 0; let mut x39: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x38, &mut x39, x37, (0x0 as u32), x26); let mut x40: u32 = 0; let mut x41: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x40, &mut x41, x39, (0x0 as u32), ((x27 as u32) + x7)); let mut x42: u32 = 0; let mut x43: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), x4); let mut x44: u32 = 0; let mut x45: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x44, &mut x45, 0x0, x30, (arg1[1])); let mut x46: u32 = 0; let mut x47: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x46, &mut x47, x45, x32, (0x0 as u32)); let mut x48: u32 = 0; let mut x49: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x48, &mut x49, x47, x34, (0x0 as u32)); let mut x50: u32 = 0; let mut x51: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x50, &mut x51, x49, x36, (0x0 as u32)); let mut x52: u32 = 0; let mut x53: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x52, &mut x53, x51, x38, (0x0 as u32)); let mut x54: u32 = 0; let mut x55: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x54, &mut x55, x53, x40, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x56, &mut x57, x55, x42, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x58, &mut x59, x57, ((x43 as u32) + x5), (0x0 as u32)); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x60, &mut x61, x44, 0xee00bc4f); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x62, &mut x63, x60, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x64, &mut x65, x60, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x66, &mut x67, x60, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x68, &mut x69, x60, 0xbce6faad); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x70, &mut x71, x60, 0xa7179e84); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x72, &mut x73, x60, 0xf3b9cac2); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x74, &mut x75, x60, 0xfc632551); let mut x76: u32 = 0; let mut x77: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x76, &mut x77, 0x0, x75, x72); let mut x78: u32 = 0; let mut x79: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x78, &mut x79, x77, x73, x70); let mut x80: u32 = 0; let mut x81: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x80, &mut x81, x79, x71, x68); let mut x82: u32 = 0; let mut x83: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x82, &mut x83, x81, x69, x66); let mut x84: u32 = 0; let mut x85: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x84, &mut x85, x83, x67, x64); let mut x86: u32 = 0; let mut x87: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x86, &mut x87, 0x0, x44, x74); let mut x88: u32 = 0; let mut x89: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x46, x76); let mut x90: u32 = 0; let mut x91: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x48, x78); let mut x92: u32 = 0; let mut x93: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x92, &mut x93, x91, x50, x80); let mut x94: u32 = 0; let mut x95: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x94, &mut x95, x93, x52, x82); let mut x96: u32 = 0; let mut x97: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x96, &mut x97, x95, x54, x84); let mut x98: u32 = 0; let mut x99: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x56, ((x85 as u32) + x65)); let mut x100: u32 = 0; let mut x101: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x100, &mut x101, x99, x58, x62); let mut x102: u32 = 0; let mut x103: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x102, &mut x103, x101, (x59 as u32), x63); let mut x104: u32 = 0; let mut x105: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x104, &mut x105, 0x0, x88, (arg1[2])); let mut x106: u32 = 0; let mut x107: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x106, &mut x107, x105, x90, (0x0 as u32)); let mut x108: u32 = 0; let mut x109: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x108, &mut x109, x107, x92, (0x0 as u32)); let mut x110: u32 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x110, &mut x111, x109, x94, (0x0 as u32)); let mut x112: u32 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x96, (0x0 as u32)); let mut x114: u32 = 0; let mut x115: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x98, (0x0 as u32)); let mut x116: u32 = 0; let mut x117: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x100, (0x0 as u32)); let mut x118: u32 = 0; let mut x119: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x102, (0x0 as u32)); let mut x120: u32 = 0; let mut x121: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x120, &mut x121, x104, 0xee00bc4f); let mut x122: u32 = 0; let mut x123: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x122, &mut x123, x120, 0xffffffff); let mut x124: u32 = 0; let mut x125: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x124, &mut x125, x120, 0xffffffff); let mut x126: u32 = 0; let mut x127: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x126, &mut x127, x120, 0xffffffff); let mut x128: u32 = 0; let mut x129: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x128, &mut x129, x120, 0xbce6faad); let mut x130: u32 = 0; let mut x131: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x130, &mut x131, x120, 0xa7179e84); let mut x132: u32 = 0; let mut x133: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x132, &mut x133, x120, 0xf3b9cac2); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x134, &mut x135, x120, 0xfc632551); let mut x136: u32 = 0; let mut x137: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x136, &mut x137, 0x0, x135, x132); let mut x138: u32 = 0; let mut x139: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x138, &mut x139, x137, x133, x130); let mut x140: u32 = 0; let mut x141: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x140, &mut x141, x139, x131, x128); let mut x142: u32 = 0; let mut x143: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x142, &mut x143, x141, x129, x126); let mut x144: u32 = 0; let mut x145: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x144, &mut x145, x143, x127, x124); let mut x146: u32 = 0; let mut x147: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x146, &mut x147, 0x0, x104, x134); let mut x148: u32 = 0; let mut x149: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x148, &mut x149, x147, x106, x136); let mut x150: u32 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x150, &mut x151, x149, x108, x138); let mut x152: u32 = 0; let mut x153: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x110, x140); let mut x154: u32 = 0; let mut x155: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x112, x142); let mut x156: u32 = 0; let mut x157: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x114, x144); let mut x158: u32 = 0; let mut x159: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x116, ((x145 as u32) + x125)); let mut x160: u32 = 0; let mut x161: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x118, x122); let mut x162: u32 = 0; let mut x163: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x162, &mut x163, x161, ((x119 as u32) + (x103 as u32)), x123); let mut x164: u32 = 0; let mut x165: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x164, &mut x165, 0x0, x148, (arg1[3])); let mut x166: u32 = 0; let mut x167: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x150, (0x0 as u32)); let mut x168: u32 = 0; let mut x169: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x152, (0x0 as u32)); let mut x170: u32 = 0; let mut x171: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x154, (0x0 as u32)); let mut x172: u32 = 0; let mut x173: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x156, (0x0 as u32)); let mut x174: u32 = 0; let mut x175: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x158, (0x0 as u32)); let mut x176: u32 = 0; let mut x177: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x160, (0x0 as u32)); let mut x178: u32 = 0; let mut x179: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x162, (0x0 as u32)); let mut x180: u32 = 0; let mut x181: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x180, &mut x181, x164, 0xee00bc4f); let mut x182: u32 = 0; let mut x183: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x182, &mut x183, x180, 0xffffffff); let mut x184: u32 = 0; let mut x185: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x184, &mut x185, x180, 0xffffffff); let mut x186: u32 = 0; let mut x187: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x186, &mut x187, x180, 0xffffffff); let mut x188: u32 = 0; let mut x189: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x188, &mut x189, x180, 0xbce6faad); let mut x190: u32 = 0; let mut x191: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x190, &mut x191, x180, 0xa7179e84); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x192, &mut x193, x180, 0xf3b9cac2); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x194, &mut x195, x180, 0xfc632551); let mut x196: u32 = 0; let mut x197: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x196, &mut x197, 0x0, x195, x192); let mut x198: u32 = 0; let mut x199: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x193, x190); let mut x200: u32 = 0; let mut x201: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x200, &mut x201, x199, x191, x188); let mut x202: u32 = 0; let mut x203: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x202, &mut x203, x201, x189, x186); let mut x204: u32 = 0; let mut x205: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x204, &mut x205, x203, x187, x184); let mut x206: u32 = 0; let mut x207: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x206, &mut x207, 0x0, x164, x194); let mut x208: u32 = 0; let mut x209: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x208, &mut x209, x207, x166, x196); let mut x210: u32 = 0; let mut x211: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x210, &mut x211, x209, x168, x198); let mut x212: u32 = 0; let mut x213: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x212, &mut x213, x211, x170, x200); let mut x214: u32 = 0; let mut x215: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x214, &mut x215, x213, x172, x202); let mut x216: u32 = 0; let mut x217: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x216, &mut x217, x215, x174, x204); let mut x218: u32 = 0; let mut x219: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x218, &mut x219, x217, x176, ((x205 as u32) + x185)); let mut x220: u32 = 0; let mut x221: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x178, x182); let mut x222: u32 = 0; let mut x223: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x222, &mut x223, x221, ((x179 as u32) + (x163 as u32)), x183); let mut x224: u32 = 0; let mut x225: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x224, &mut x225, 0x0, x208, (arg1[4])); let mut x226: u32 = 0; let mut x227: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x226, &mut x227, x225, x210, (0x0 as u32)); let mut x228: u32 = 0; let mut x229: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x228, &mut x229, x227, x212, (0x0 as u32)); let mut x230: u32 = 0; let mut x231: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x230, &mut x231, x229, x214, (0x0 as u32)); let mut x232: u32 = 0; let mut x233: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x232, &mut x233, x231, x216, (0x0 as u32)); let mut x234: u32 = 0; let mut x235: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x218, (0x0 as u32)); let mut x236: u32 = 0; let mut x237: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x220, (0x0 as u32)); let mut x238: u32 = 0; let mut x239: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x222, (0x0 as u32)); let mut x240: u32 = 0; let mut x241: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x240, &mut x241, x224, 0xee00bc4f); let mut x242: u32 = 0; let mut x243: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x242, &mut x243, x240, 0xffffffff); let mut x244: u32 = 0; let mut x245: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x244, &mut x245, x240, 0xffffffff); let mut x246: u32 = 0; let mut x247: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x246, &mut x247, x240, 0xffffffff); let mut x248: u32 = 0; let mut x249: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x248, &mut x249, x240, 0xbce6faad); let mut x250: u32 = 0; let mut x251: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x250, &mut x251, x240, 0xa7179e84); let mut x252: u32 = 0; let mut x253: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x252, &mut x253, x240, 0xf3b9cac2); let mut x254: u32 = 0; let mut x255: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x254, &mut x255, x240, 0xfc632551); let mut x256: u32 = 0; let mut x257: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x256, &mut x257, 0x0, x255, x252); let mut x258: u32 = 0; let mut x259: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x253, x250); let mut x260: u32 = 0; let mut x261: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x251, x248); let mut x262: u32 = 0; let mut x263: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x249, x246); let mut x264: u32 = 0; let mut x265: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x247, x244); let mut x266: u32 = 0; let mut x267: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x266, &mut x267, 0x0, x224, x254); let mut x268: u32 = 0; let mut x269: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x226, x256); let mut x270: u32 = 0; let mut x271: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x270, &mut x271, x269, x228, x258); let mut x272: u32 = 0; let mut x273: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x272, &mut x273, x271, x230, x260); let mut x274: u32 = 0; let mut x275: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x274, &mut x275, x273, x232, x262); let mut x276: u32 = 0; let mut x277: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x276, &mut x277, x275, x234, x264); let mut x278: u32 = 0; let mut x279: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x278, &mut x279, x277, x236, ((x265 as u32) + x245)); let mut x280: u32 = 0; let mut x281: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x280, &mut x281, x279, x238, x242); let mut x282: u32 = 0; let mut x283: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x282, &mut x283, x281, ((x239 as u32) + (x223 as u32)), x243); let mut x284: u32 = 0; let mut x285: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x284, &mut x285, 0x0, x268, (arg1[5])); let mut x286: u32 = 0; let mut x287: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x270, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x272, (0x0 as u32)); let mut x290: u32 = 0; let mut x291: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x274, (0x0 as u32)); let mut x292: u32 = 0; let mut x293: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x276, (0x0 as u32)); let mut x294: u32 = 0; let mut x295: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x294, &mut x295, x293, x278, (0x0 as u32)); let mut x296: u32 = 0; let mut x297: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x296, &mut x297, x295, x280, (0x0 as u32)); let mut x298: u32 = 0; let mut x299: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x298, &mut x299, x297, x282, (0x0 as u32)); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x300, &mut x301, x284, 0xee00bc4f); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x302, &mut x303, x300, 0xffffffff); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x304, &mut x305, x300, 0xffffffff); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x306, &mut x307, x300, 0xffffffff); let mut x308: u32 = 0; let mut x309: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x308, &mut x309, x300, 0xbce6faad); let mut x310: u32 = 0; let mut x311: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x310, &mut x311, x300, 0xa7179e84); let mut x312: u32 = 0; let mut x313: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x312, &mut x313, x300, 0xf3b9cac2); let mut x314: u32 = 0; let mut x315: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x314, &mut x315, x300, 0xfc632551); let mut x316: u32 = 0; let mut x317: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x316, &mut x317, 0x0, x315, x312); let mut x318: u32 = 0; let mut x319: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x313, x310); let mut x320: u32 = 0; let mut x321: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x311, x308); let mut x322: u32 = 0; let mut x323: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x309, x306); let mut x324: u32 = 0; let mut x325: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x307, x304); let mut x326: u32 = 0; let mut x327: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x326, &mut x327, 0x0, x284, x314); let mut x328: u32 = 0; let mut x329: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x286, x316); let mut x330: u32 = 0; let mut x331: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x330, &mut x331, x329, x288, x318); let mut x332: u32 = 0; let mut x333: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x332, &mut x333, x331, x290, x320); let mut x334: u32 = 0; let mut x335: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x334, &mut x335, x333, x292, x322); let mut x336: u32 = 0; let mut x337: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x336, &mut x337, x335, x294, x324); let mut x338: u32 = 0; let mut x339: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x338, &mut x339, x337, x296, ((x325 as u32) + x305)); let mut x340: u32 = 0; let mut x341: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x340, &mut x341, x339, x298, x302); let mut x342: u32 = 0; let mut x343: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x342, &mut x343, x341, ((x299 as u32) + (x283 as u32)), x303); let mut x344: u32 = 0; let mut x345: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x344, &mut x345, 0x0, x328, (arg1[6])); let mut x346: u32 = 0; let mut x347: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x346, &mut x347, x345, x330, (0x0 as u32)); let mut x348: u32 = 0; let mut x349: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x348, &mut x349, x347, x332, (0x0 as u32)); let mut x350: u32 = 0; let mut x351: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x350, &mut x351, x349, x334, (0x0 as u32)); let mut x352: u32 = 0; let mut x353: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x352, &mut x353, x351, x336, (0x0 as u32)); let mut x354: u32 = 0; let mut x355: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x354, &mut x355, x353, x338, (0x0 as u32)); let mut x356: u32 = 0; let mut x357: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x356, &mut x357, x355, x340, (0x0 as u32)); let mut x358: u32 = 0; let mut x359: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x358, &mut x359, x357, x342, (0x0 as u32)); let mut x360: u32 = 0; let mut x361: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x360, &mut x361, x344, 0xee00bc4f); let mut x362: u32 = 0; let mut x363: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x362, &mut x363, x360, 0xffffffff); let mut x364: u32 = 0; let mut x365: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x364, &mut x365, x360, 0xffffffff); let mut x366: u32 = 0; let mut x367: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x366, &mut x367, x360, 0xffffffff); let mut x368: u32 = 0; let mut x369: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x368, &mut x369, x360, 0xbce6faad); let mut x370: u32 = 0; let mut x371: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x370, &mut x371, x360, 0xa7179e84); let mut x372: u32 = 0; let mut x373: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x372, &mut x373, x360, 0xf3b9cac2); let mut x374: u32 = 0; let mut x375: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x374, &mut x375, x360, 0xfc632551); let mut x376: u32 = 0; let mut x377: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x376, &mut x377, 0x0, x375, x372); let mut x378: u32 = 0; let mut x379: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x378, &mut x379, x377, x373, x370); let mut x380: u32 = 0; let mut x381: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x380, &mut x381, x379, x371, x368); let mut x382: u32 = 0; let mut x383: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x382, &mut x383, x381, x369, x366); let mut x384: u32 = 0; let mut x385: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x384, &mut x385, x383, x367, x364); let mut x386: u32 = 0; let mut x387: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x386, &mut x387, 0x0, x344, x374); let mut x388: u32 = 0; let mut x389: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x388, &mut x389, x387, x346, x376); let mut x390: u32 = 0; let mut x391: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x390, &mut x391, x389, x348, x378); let mut x392: u32 = 0; let mut x393: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x392, &mut x393, x391, x350, x380); let mut x394: u32 = 0; let mut x395: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x394, &mut x395, x393, x352, x382); let mut x396: u32 = 0; let mut x397: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x396, &mut x397, x395, x354, x384); let mut x398: u32 = 0; let mut x399: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x398, &mut x399, x397, x356, ((x385 as u32) + x365)); let mut x400: u32 = 0; let mut x401: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x400, &mut x401, x399, x358, x362); let mut x402: u32 = 0; let mut x403: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x402, &mut x403, x401, ((x359 as u32) + (x343 as u32)), x363); let mut x404: u32 = 0; let mut x405: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x404, &mut x405, 0x0, x388, (arg1[7])); let mut x406: u32 = 0; let mut x407: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x406, &mut x407, x405, x390, (0x0 as u32)); let mut x408: u32 = 0; let mut x409: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x408, &mut x409, x407, x392, (0x0 as u32)); let mut x410: u32 = 0; let mut x411: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x410, &mut x411, x409, x394, (0x0 as u32)); let mut x412: u32 = 0; let mut x413: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x396, (0x0 as u32)); let mut x414: u32 = 0; let mut x415: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x398, (0x0 as u32)); let mut x416: u32 = 0; let mut x417: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x400, (0x0 as u32)); let mut x418: u32 = 0; let mut x419: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x402, (0x0 as u32)); let mut x420: u32 = 0; let mut x421: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x420, &mut x421, x404, 0xee00bc4f); let mut x422: u32 = 0; let mut x423: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x422, &mut x423, x420, 0xffffffff); let mut x424: u32 = 0; let mut x425: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x424, &mut x425, x420, 0xffffffff); let mut x426: u32 = 0; let mut x427: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x426, &mut x427, x420, 0xffffffff); let mut x428: u32 = 0; let mut x429: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x428, &mut x429, x420, 0xbce6faad); let mut x430: u32 = 0; let mut x431: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x430, &mut x431, x420, 0xa7179e84); let mut x432: u32 = 0; let mut x433: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x432, &mut x433, x420, 0xf3b9cac2); let mut x434: u32 = 0; let mut x435: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x434, &mut x435, x420, 0xfc632551); let mut x436: u32 = 0; let mut x437: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x436, &mut x437, 0x0, x435, x432); let mut x438: u32 = 0; let mut x439: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x438, &mut x439, x437, x433, x430); let mut x440: u32 = 0; let mut x441: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x440, &mut x441, x439, x431, x428); let mut x442: u32 = 0; let mut x443: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x442, &mut x443, x441, x429, x426); let mut x444: u32 = 0; let mut x445: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x444, &mut x445, x443, x427, x424); let mut x446: u32 = 0; let mut x447: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x446, &mut x447, 0x0, x404, x434); let mut x448: u32 = 0; let mut x449: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x448, &mut x449, x447, x406, x436); let mut x450: u32 = 0; let mut x451: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x450, &mut x451, x449, x408, x438); let mut x452: u32 = 0; let mut x453: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x452, &mut x453, x451, x410, x440); let mut x454: u32 = 0; let mut x455: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x454, &mut x455, x453, x412, x442); let mut x456: u32 = 0; let mut x457: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x456, &mut x457, x455, x414, x444); let mut x458: u32 = 0; let mut x459: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x416, ((x445 as u32) + x425)); let mut x460: u32 = 0; let mut x461: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x418, x422); let mut x462: u32 = 0; let mut x463: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x462, &mut x463, x461, ((x419 as u32) + (x403 as u32)), x423); let mut x464: u32 = 0; let mut x465: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x464, &mut x465, 0x0, x448, 0xfc632551); let mut x466: u32 = 0; let mut x467: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x466, &mut x467, x465, x450, 0xf3b9cac2); let mut x468: u32 = 0; let mut x469: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x468, &mut x469, x467, x452, 0xa7179e84); let mut x470: u32 = 0; let mut x471: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x470, &mut x471, x469, x454, 0xbce6faad); let mut x472: u32 = 0; let mut x473: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x472, &mut x473, x471, x456, 0xffffffff); let mut x474: u32 = 0; let mut x475: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x474, &mut x475, x473, x458, 0xffffffff); let mut x476: u32 = 0; let mut x477: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x476, &mut x477, x475, x460, (0x0 as u32)); let mut x478: u32 = 0; let mut x479: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x478, &mut x479, x477, x462, 0xffffffff); let mut x480: u32 = 0; let mut x481: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x480, &mut x481, x479, (x463 as u32), (0x0 as u32)); let mut x482: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x482, x481, x464, x448); let mut x483: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x483, x481, x466, x450); let mut x484: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x484, x481, x468, x452); let mut x485: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x485, x481, x470, x454); let mut x486: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x486, x481, x472, x456); let mut x487: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x487, x481, x474, x458); let mut x488: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x488, x481, x476, x460); let mut x489: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x489, x481, x478, x462); out1[0] = x482; out1[1] = x483; out1[2] = x484; out1[3] = x485; out1[4] = x486; out1[5] = x487; out1[6] = x488; out1[7] = x489; } /// The function fiat_p256_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_to_montgomery(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x9, &mut x10, x8, 0x66e12d94); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x11, &mut x12, x8, 0xf3d95620); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x13, &mut x14, x8, 0x2845b239); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x15, &mut x16, x8, 0x2b6bec59); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x17, &mut x18, x8, 0x4699799c); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x19, &mut x20, x8, 0x49bd6fa6); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x21, &mut x22, x8, 0x83244c95); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x23, &mut x24, x8, 0xbe79eea2); let mut x25: u32 = 0; let mut x26: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x39, &mut x40, x23, 0xee00bc4f); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x41, &mut x42, x39, 0xffffffff); let mut x43: u32 = 0; let mut x44: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x43, &mut x44, x39, 0xffffffff); let mut x45: u32 = 0; let mut x46: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x45, &mut x46, x39, 0xffffffff); let mut x47: u32 = 0; let mut x48: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x47, &mut x48, x39, 0xbce6faad); let mut x49: u32 = 0; let mut x50: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x49, &mut x50, x39, 0xa7179e84); let mut x51: u32 = 0; let mut x52: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x51, &mut x52, x39, 0xf3b9cac2); let mut x53: u32 = 0; let mut x54: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x53, &mut x54, x39, 0xfc632551); let mut x55: u32 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u32 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x52, x49); let mut x59: u32 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x50, x47); let mut x61: u32 = 0; let mut x62: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x48, x45); let mut x63: u32 = 0; let mut x64: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x46, x43); let mut x65: u32 = 0; let mut x66: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x65, &mut x66, 0x0, x23, x53); let mut x67: u32 = 0; let mut x68: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x67, &mut x68, x66, x25, x55); let mut x69: u32 = 0; let mut x70: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x27, x57); let mut x71: u32 = 0; let mut x72: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x71, &mut x72, x70, x29, x59); let mut x73: u32 = 0; let mut x74: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x31, x61); let mut x75: u32 = 0; let mut x76: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x33, x63); let mut x77: u32 = 0; let mut x78: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x35, ((x64 as u32) + x44)); let mut x79: u32 = 0; let mut x80: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x37, x41); let mut x81: u32 = 0; let mut x82: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x81, &mut x82, x80, ((x38 as u32) + x10), x42); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x83, &mut x84, x1, 0x66e12d94); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x85, &mut x86, x1, 0xf3d95620); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x87, &mut x88, x1, 0x2845b239); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x89, &mut x90, x1, 0x2b6bec59); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x91, &mut x92, x1, 0x4699799c); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x93, &mut x94, x1, 0x49bd6fa6); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x95, &mut x96, x1, 0x83244c95); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x97, &mut x98, x1, 0xbe79eea2); let mut x99: u32 = 0; let mut x100: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x99, &mut x100, 0x0, x98, x95); let mut x101: u32 = 0; let mut x102: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x101, &mut x102, x100, x96, x93); let mut x103: u32 = 0; let mut x104: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x94, x91); let mut x105: u32 = 0; let mut x106: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x92, x89); let mut x107: u32 = 0; let mut x108: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x107, &mut x108, x106, x90, x87); let mut x109: u32 = 0; let mut x110: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x88, x85); let mut x111: u32 = 0; let mut x112: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x86, x83); let mut x113: u32 = 0; let mut x114: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x113, &mut x114, 0x0, x67, x97); let mut x115: u32 = 0; let mut x116: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x69, x99); let mut x117: u32 = 0; let mut x118: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x71, x101); let mut x119: u32 = 0; let mut x120: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x73, x103); let mut x121: u32 = 0; let mut x122: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x121, &mut x122, x120, x75, x105); let mut x123: u32 = 0; let mut x124: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x123, &mut x124, x122, x77, x107); let mut x125: u32 = 0; let mut x126: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x125, &mut x126, x124, x79, x109); let mut x127: u32 = 0; let mut x128: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x127, &mut x128, x126, x81, x111); let mut x129: u32 = 0; let mut x130: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x129, &mut x130, x113, 0xee00bc4f); let mut x131: u32 = 0; let mut x132: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x131, &mut x132, x129, 0xffffffff); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x133, &mut x134, x129, 0xffffffff); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x135, &mut x136, x129, 0xffffffff); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x137, &mut x138, x129, 0xbce6faad); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x139, &mut x140, x129, 0xa7179e84); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x141, &mut x142, x129, 0xf3b9cac2); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x143, &mut x144, x129, 0xfc632551); let mut x145: u32 = 0; let mut x146: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x145, &mut x146, 0x0, x144, x141); let mut x147: u32 = 0; let mut x148: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x147, &mut x148, x146, x142, x139); let mut x149: u32 = 0; let mut x150: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x149, &mut x150, x148, x140, x137); let mut x151: u32 = 0; let mut x152: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x151, &mut x152, x150, x138, x135); let mut x153: u32 = 0; let mut x154: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x153, &mut x154, x152, x136, x133); let mut x155: u32 = 0; let mut x156: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x155, &mut x156, 0x0, x113, x143); let mut x157: u32 = 0; let mut x158: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x157, &mut x158, x156, x115, x145); let mut x159: u32 = 0; let mut x160: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x159, &mut x160, x158, x117, x147); let mut x161: u32 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x119, x149); let mut x163: u32 = 0; let mut x164: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x121, x151); let mut x165: u32 = 0; let mut x166: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x123, x153); let mut x167: u32 = 0; let mut x168: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x125, ((x154 as u32) + x134)); let mut x169: u32 = 0; let mut x170: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x127, x131); let mut x171: u32 = 0; let mut x172: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x171, &mut x172, x170, (((x128 as u32) + (x82 as u32)) + ((x112 as u32) + x84)), x132); let mut x173: u32 = 0; let mut x174: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x173, &mut x174, x2, 0x66e12d94); let mut x175: u32 = 0; let mut x176: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x175, &mut x176, x2, 0xf3d95620); let mut x177: u32 = 0; let mut x178: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x177, &mut x178, x2, 0x2845b239); let mut x179: u32 = 0; let mut x180: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x179, &mut x180, x2, 0x2b6bec59); let mut x181: u32 = 0; let mut x182: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x181, &mut x182, x2, 0x4699799c); let mut x183: u32 = 0; let mut x184: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x183, &mut x184, x2, 0x49bd6fa6); let mut x185: u32 = 0; let mut x186: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x185, &mut x186, x2, 0x83244c95); let mut x187: u32 = 0; let mut x188: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x187, &mut x188, x2, 0xbe79eea2); let mut x189: u32 = 0; let mut x190: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x189, &mut x190, 0x0, x188, x185); let mut x191: u32 = 0; let mut x192: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x191, &mut x192, x190, x186, x183); let mut x193: u32 = 0; let mut x194: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x193, &mut x194, x192, x184, x181); let mut x195: u32 = 0; let mut x196: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x195, &mut x196, x194, x182, x179); let mut x197: u32 = 0; let mut x198: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x197, &mut x198, x196, x180, x177); let mut x199: u32 = 0; let mut x200: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x199, &mut x200, x198, x178, x175); let mut x201: u32 = 0; let mut x202: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x201, &mut x202, x200, x176, x173); let mut x203: u32 = 0; let mut x204: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x203, &mut x204, 0x0, x157, x187); let mut x205: u32 = 0; let mut x206: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x205, &mut x206, x204, x159, x189); let mut x207: u32 = 0; let mut x208: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x207, &mut x208, x206, x161, x191); let mut x209: u32 = 0; let mut x210: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x209, &mut x210, x208, x163, x193); let mut x211: u32 = 0; let mut x212: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x211, &mut x212, x210, x165, x195); let mut x213: u32 = 0; let mut x214: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x213, &mut x214, x212, x167, x197); let mut x215: u32 = 0; let mut x216: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x215, &mut x216, x214, x169, x199); let mut x217: u32 = 0; let mut x218: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x217, &mut x218, x216, x171, x201); let mut x219: u32 = 0; let mut x220: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x219, &mut x220, x203, 0xee00bc4f); let mut x221: u32 = 0; let mut x222: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x221, &mut x222, x219, 0xffffffff); let mut x223: u32 = 0; let mut x224: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x223, &mut x224, x219, 0xffffffff); let mut x225: u32 = 0; let mut x226: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x225, &mut x226, x219, 0xffffffff); let mut x227: u32 = 0; let mut x228: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x227, &mut x228, x219, 0xbce6faad); let mut x229: u32 = 0; let mut x230: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x229, &mut x230, x219, 0xa7179e84); let mut x231: u32 = 0; let mut x232: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x231, &mut x232, x219, 0xf3b9cac2); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x233, &mut x234, x219, 0xfc632551); let mut x235: u32 = 0; let mut x236: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u32 = 0; let mut x238: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x237, &mut x238, x236, x232, x229); let mut x239: u32 = 0; let mut x240: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x239, &mut x240, x238, x230, x227); let mut x241: u32 = 0; let mut x242: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x241, &mut x242, x240, x228, x225); let mut x243: u32 = 0; let mut x244: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x243, &mut x244, x242, x226, x223); let mut x245: u32 = 0; let mut x246: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x245, &mut x246, 0x0, x203, x233); let mut x247: u32 = 0; let mut x248: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x247, &mut x248, x246, x205, x235); let mut x249: u32 = 0; let mut x250: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x249, &mut x250, x248, x207, x237); let mut x251: u32 = 0; let mut x252: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x251, &mut x252, x250, x209, x239); let mut x253: u32 = 0; let mut x254: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x211, x241); let mut x255: u32 = 0; let mut x256: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x255, &mut x256, x254, x213, x243); let mut x257: u32 = 0; let mut x258: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x257, &mut x258, x256, x215, ((x244 as u32) + x224)); let mut x259: u32 = 0; let mut x260: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x217, x221); let mut x261: u32 = 0; let mut x262: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x261, &mut x262, x260, (((x218 as u32) + (x172 as u32)) + ((x202 as u32) + x174)), x222); let mut x263: u32 = 0; let mut x264: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x263, &mut x264, x3, 0x66e12d94); let mut x265: u32 = 0; let mut x266: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x265, &mut x266, x3, 0xf3d95620); let mut x267: u32 = 0; let mut x268: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x267, &mut x268, x3, 0x2845b239); let mut x269: u32 = 0; let mut x270: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x269, &mut x270, x3, 0x2b6bec59); let mut x271: u32 = 0; let mut x272: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x271, &mut x272, x3, 0x4699799c); let mut x273: u32 = 0; let mut x274: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x273, &mut x274, x3, 0x49bd6fa6); let mut x275: u32 = 0; let mut x276: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x275, &mut x276, x3, 0x83244c95); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x277, &mut x278, x3, 0xbe79eea2); let mut x279: u32 = 0; let mut x280: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x279, &mut x280, 0x0, x278, x275); let mut x281: u32 = 0; let mut x282: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x281, &mut x282, x280, x276, x273); let mut x283: u32 = 0; let mut x284: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x283, &mut x284, x282, x274, x271); let mut x285: u32 = 0; let mut x286: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x285, &mut x286, x284, x272, x269); let mut x287: u32 = 0; let mut x288: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x287, &mut x288, x286, x270, x267); let mut x289: u32 = 0; let mut x290: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x289, &mut x290, x288, x268, x265); let mut x291: u32 = 0; let mut x292: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x291, &mut x292, x290, x266, x263); let mut x293: u32 = 0; let mut x294: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x293, &mut x294, 0x0, x247, x277); let mut x295: u32 = 0; let mut x296: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x295, &mut x296, x294, x249, x279); let mut x297: u32 = 0; let mut x298: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x297, &mut x298, x296, x251, x281); let mut x299: u32 = 0; let mut x300: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x299, &mut x300, x298, x253, x283); let mut x301: u32 = 0; let mut x302: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x301, &mut x302, x300, x255, x285); let mut x303: u32 = 0; let mut x304: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x257, x287); let mut x305: u32 = 0; let mut x306: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x305, &mut x306, x304, x259, x289); let mut x307: u32 = 0; let mut x308: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x307, &mut x308, x306, x261, x291); let mut x309: u32 = 0; let mut x310: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x309, &mut x310, x293, 0xee00bc4f); let mut x311: u32 = 0; let mut x312: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x311, &mut x312, x309, 0xffffffff); let mut x313: u32 = 0; let mut x314: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x313, &mut x314, x309, 0xffffffff); let mut x315: u32 = 0; let mut x316: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x315, &mut x316, x309, 0xffffffff); let mut x317: u32 = 0; let mut x318: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x317, &mut x318, x309, 0xbce6faad); let mut x319: u32 = 0; let mut x320: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x319, &mut x320, x309, 0xa7179e84); let mut x321: u32 = 0; let mut x322: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x321, &mut x322, x309, 0xf3b9cac2); let mut x323: u32 = 0; let mut x324: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x323, &mut x324, x309, 0xfc632551); let mut x325: u32 = 0; let mut x326: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x325, &mut x326, 0x0, x324, x321); let mut x327: u32 = 0; let mut x328: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x327, &mut x328, x326, x322, x319); let mut x329: u32 = 0; let mut x330: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x329, &mut x330, x328, x320, x317); let mut x331: u32 = 0; let mut x332: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x331, &mut x332, x330, x318, x315); let mut x333: u32 = 0; let mut x334: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x316, x313); let mut x335: u32 = 0; let mut x336: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x335, &mut x336, 0x0, x293, x323); let mut x337: u32 = 0; let mut x338: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x337, &mut x338, x336, x295, x325); let mut x339: u32 = 0; let mut x340: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x339, &mut x340, x338, x297, x327); let mut x341: u32 = 0; let mut x342: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x341, &mut x342, x340, x299, x329); let mut x343: u32 = 0; let mut x344: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x343, &mut x344, x342, x301, x331); let mut x345: u32 = 0; let mut x346: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x345, &mut x346, x344, x303, x333); let mut x347: u32 = 0; let mut x348: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x347, &mut x348, x346, x305, ((x334 as u32) + x314)); let mut x349: u32 = 0; let mut x350: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x349, &mut x350, x348, x307, x311); let mut x351: u32 = 0; let mut x352: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x351, &mut x352, x350, (((x308 as u32) + (x262 as u32)) + ((x292 as u32) + x264)), x312); let mut x353: u32 = 0; let mut x354: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x353, &mut x354, x4, 0x66e12d94); let mut x355: u32 = 0; let mut x356: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x355, &mut x356, x4, 0xf3d95620); let mut x357: u32 = 0; let mut x358: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x357, &mut x358, x4, 0x2845b239); let mut x359: u32 = 0; let mut x360: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x359, &mut x360, x4, 0x2b6bec59); let mut x361: u32 = 0; let mut x362: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x361, &mut x362, x4, 0x4699799c); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x363, &mut x364, x4, 0x49bd6fa6); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x365, &mut x366, x4, 0x83244c95); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x367, &mut x368, x4, 0xbe79eea2); let mut x369: u32 = 0; let mut x370: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x369, &mut x370, 0x0, x368, x365); let mut x371: u32 = 0; let mut x372: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x371, &mut x372, x370, x366, x363); let mut x373: u32 = 0; let mut x374: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x373, &mut x374, x372, x364, x361); let mut x375: u32 = 0; let mut x376: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x375, &mut x376, x374, x362, x359); let mut x377: u32 = 0; let mut x378: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x360, x357); let mut x379: u32 = 0; let mut x380: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x358, x355); let mut x381: u32 = 0; let mut x382: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x356, x353); let mut x383: u32 = 0; let mut x384: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x383, &mut x384, 0x0, x337, x367); let mut x385: u32 = 0; let mut x386: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x339, x369); let mut x387: u32 = 0; let mut x388: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x341, x371); let mut x389: u32 = 0; let mut x390: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x343, x373); let mut x391: u32 = 0; let mut x392: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x345, x375); let mut x393: u32 = 0; let mut x394: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x393, &mut x394, x392, x347, x377); let mut x395: u32 = 0; let mut x396: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x395, &mut x396, x394, x349, x379); let mut x397: u32 = 0; let mut x398: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x397, &mut x398, x396, x351, x381); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x399, &mut x400, x383, 0xee00bc4f); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x401, &mut x402, x399, 0xffffffff); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x403, &mut x404, x399, 0xffffffff); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x405, &mut x406, x399, 0xffffffff); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x407, &mut x408, x399, 0xbce6faad); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x409, &mut x410, x399, 0xa7179e84); let mut x411: u32 = 0; let mut x412: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x411, &mut x412, x399, 0xf3b9cac2); let mut x413: u32 = 0; let mut x414: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x413, &mut x414, x399, 0xfc632551); let mut x415: u32 = 0; let mut x416: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x415, &mut x416, 0x0, x414, x411); let mut x417: u32 = 0; let mut x418: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x412, x409); let mut x419: u32 = 0; let mut x420: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x419, &mut x420, x418, x410, x407); let mut x421: u32 = 0; let mut x422: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x421, &mut x422, x420, x408, x405); let mut x423: u32 = 0; let mut x424: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x423, &mut x424, x422, x406, x403); let mut x425: u32 = 0; let mut x426: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x425, &mut x426, 0x0, x383, x413); let mut x427: u32 = 0; let mut x428: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x427, &mut x428, x426, x385, x415); let mut x429: u32 = 0; let mut x430: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x429, &mut x430, x428, x387, x417); let mut x431: u32 = 0; let mut x432: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x431, &mut x432, x430, x389, x419); let mut x433: u32 = 0; let mut x434: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x433, &mut x434, x432, x391, x421); let mut x435: u32 = 0; let mut x436: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x435, &mut x436, x434, x393, x423); let mut x437: u32 = 0; let mut x438: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x437, &mut x438, x436, x395, ((x424 as u32) + x404)); let mut x439: u32 = 0; let mut x440: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x439, &mut x440, x438, x397, x401); let mut x441: u32 = 0; let mut x442: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x441, &mut x442, x440, (((x398 as u32) + (x352 as u32)) + ((x382 as u32) + x354)), x402); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x443, &mut x444, x5, 0x66e12d94); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x445, &mut x446, x5, 0xf3d95620); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x447, &mut x448, x5, 0x2845b239); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x449, &mut x450, x5, 0x2b6bec59); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x451, &mut x452, x5, 0x4699799c); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x453, &mut x454, x5, 0x49bd6fa6); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x455, &mut x456, x5, 0x83244c95); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x457, &mut x458, x5, 0xbe79eea2); let mut x459: u32 = 0; let mut x460: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x459, &mut x460, 0x0, x458, x455); let mut x461: u32 = 0; let mut x462: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x456, x453); let mut x463: u32 = 0; let mut x464: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x454, x451); let mut x465: u32 = 0; let mut x466: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x452, x449); let mut x467: u32 = 0; let mut x468: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x450, x447); let mut x469: u32 = 0; let mut x470: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x448, x445); let mut x471: u32 = 0; let mut x472: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x446, x443); let mut x473: u32 = 0; let mut x474: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x473, &mut x474, 0x0, x427, x457); let mut x475: u32 = 0; let mut x476: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x475, &mut x476, x474, x429, x459); let mut x477: u32 = 0; let mut x478: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x477, &mut x478, x476, x431, x461); let mut x479: u32 = 0; let mut x480: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x479, &mut x480, x478, x433, x463); let mut x481: u32 = 0; let mut x482: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x481, &mut x482, x480, x435, x465); let mut x483: u32 = 0; let mut x484: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x483, &mut x484, x482, x437, x467); let mut x485: u32 = 0; let mut x486: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x485, &mut x486, x484, x439, x469); let mut x487: u32 = 0; let mut x488: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x487, &mut x488, x486, x441, x471); let mut x489: u32 = 0; let mut x490: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x489, &mut x490, x473, 0xee00bc4f); let mut x491: u32 = 0; let mut x492: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x491, &mut x492, x489, 0xffffffff); let mut x493: u32 = 0; let mut x494: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x493, &mut x494, x489, 0xffffffff); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x495, &mut x496, x489, 0xffffffff); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x497, &mut x498, x489, 0xbce6faad); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x499, &mut x500, x489, 0xa7179e84); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x501, &mut x502, x489, 0xf3b9cac2); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x503, &mut x504, x489, 0xfc632551); let mut x505: u32 = 0; let mut x506: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x505, &mut x506, 0x0, x504, x501); let mut x507: u32 = 0; let mut x508: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x507, &mut x508, x506, x502, x499); let mut x509: u32 = 0; let mut x510: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x509, &mut x510, x508, x500, x497); let mut x511: u32 = 0; let mut x512: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x511, &mut x512, x510, x498, x495); let mut x513: u32 = 0; let mut x514: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x513, &mut x514, x512, x496, x493); let mut x515: u32 = 0; let mut x516: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x515, &mut x516, 0x0, x473, x503); let mut x517: u32 = 0; let mut x518: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x517, &mut x518, x516, x475, x505); let mut x519: u32 = 0; let mut x520: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x519, &mut x520, x518, x477, x507); let mut x521: u32 = 0; let mut x522: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x521, &mut x522, x520, x479, x509); let mut x523: u32 = 0; let mut x524: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x523, &mut x524, x522, x481, x511); let mut x525: u32 = 0; let mut x526: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x525, &mut x526, x524, x483, x513); let mut x527: u32 = 0; let mut x528: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x527, &mut x528, x526, x485, ((x514 as u32) + x494)); let mut x529: u32 = 0; let mut x530: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x529, &mut x530, x528, x487, x491); let mut x531: u32 = 0; let mut x532: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x531, &mut x532, x530, (((x488 as u32) + (x442 as u32)) + ((x472 as u32) + x444)), x492); let mut x533: u32 = 0; let mut x534: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x533, &mut x534, x6, 0x66e12d94); let mut x535: u32 = 0; let mut x536: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x535, &mut x536, x6, 0xf3d95620); let mut x537: u32 = 0; let mut x538: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x537, &mut x538, x6, 0x2845b239); let mut x539: u32 = 0; let mut x540: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x539, &mut x540, x6, 0x2b6bec59); let mut x541: u32 = 0; let mut x542: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x541, &mut x542, x6, 0x4699799c); let mut x543: u32 = 0; let mut x544: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x543, &mut x544, x6, 0x49bd6fa6); let mut x545: u32 = 0; let mut x546: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x545, &mut x546, x6, 0x83244c95); let mut x547: u32 = 0; let mut x548: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x547, &mut x548, x6, 0xbe79eea2); let mut x549: u32 = 0; let mut x550: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x549, &mut x550, 0x0, x548, x545); let mut x551: u32 = 0; let mut x552: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x546, x543); let mut x553: u32 = 0; let mut x554: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x544, x541); let mut x555: u32 = 0; let mut x556: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x542, x539); let mut x557: u32 = 0; let mut x558: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x540, x537); let mut x559: u32 = 0; let mut x560: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x538, x535); let mut x561: u32 = 0; let mut x562: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x561, &mut x562, x560, x536, x533); let mut x563: u32 = 0; let mut x564: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x563, &mut x564, 0x0, x517, x547); let mut x565: u32 = 0; let mut x566: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x565, &mut x566, x564, x519, x549); let mut x567: u32 = 0; let mut x568: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x567, &mut x568, x566, x521, x551); let mut x569: u32 = 0; let mut x570: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x569, &mut x570, x568, x523, x553); let mut x571: u32 = 0; let mut x572: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x571, &mut x572, x570, x525, x555); let mut x573: u32 = 0; let mut x574: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x573, &mut x574, x572, x527, x557); let mut x575: u32 = 0; let mut x576: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x529, x559); let mut x577: u32 = 0; let mut x578: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x531, x561); let mut x579: u32 = 0; let mut x580: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x579, &mut x580, x563, 0xee00bc4f); let mut x581: u32 = 0; let mut x582: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x581, &mut x582, x579, 0xffffffff); let mut x583: u32 = 0; let mut x584: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x583, &mut x584, x579, 0xffffffff); let mut x585: u32 = 0; let mut x586: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x585, &mut x586, x579, 0xffffffff); let mut x587: u32 = 0; let mut x588: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x587, &mut x588, x579, 0xbce6faad); let mut x589: u32 = 0; let mut x590: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x589, &mut x590, x579, 0xa7179e84); let mut x591: u32 = 0; let mut x592: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x591, &mut x592, x579, 0xf3b9cac2); let mut x593: u32 = 0; let mut x594: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x593, &mut x594, x579, 0xfc632551); let mut x595: u32 = 0; let mut x596: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x595, &mut x596, 0x0, x594, x591); let mut x597: u32 = 0; let mut x598: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x597, &mut x598, x596, x592, x589); let mut x599: u32 = 0; let mut x600: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x599, &mut x600, x598, x590, x587); let mut x601: u32 = 0; let mut x602: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x601, &mut x602, x600, x588, x585); let mut x603: u32 = 0; let mut x604: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x603, &mut x604, x602, x586, x583); let mut x605: u32 = 0; let mut x606: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x605, &mut x606, 0x0, x563, x593); let mut x607: u32 = 0; let mut x608: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x607, &mut x608, x606, x565, x595); let mut x609: u32 = 0; let mut x610: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x609, &mut x610, x608, x567, x597); let mut x611: u32 = 0; let mut x612: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x611, &mut x612, x610, x569, x599); let mut x613: u32 = 0; let mut x614: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x613, &mut x614, x612, x571, x601); let mut x615: u32 = 0; let mut x616: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x615, &mut x616, x614, x573, x603); let mut x617: u32 = 0; let mut x618: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x617, &mut x618, x616, x575, ((x604 as u32) + x584)); let mut x619: u32 = 0; let mut x620: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x619, &mut x620, x618, x577, x581); let mut x621: u32 = 0; let mut x622: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x621, &mut x622, x620, (((x578 as u32) + (x532 as u32)) + ((x562 as u32) + x534)), x582); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x623, &mut x624, x7, 0x66e12d94); let mut x625: u32 = 0; let mut x626: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x625, &mut x626, x7, 0xf3d95620); let mut x627: u32 = 0; let mut x628: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x627, &mut x628, x7, 0x2845b239); let mut x629: u32 = 0; let mut x630: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x629, &mut x630, x7, 0x2b6bec59); let mut x631: u32 = 0; let mut x632: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x631, &mut x632, x7, 0x4699799c); let mut x633: u32 = 0; let mut x634: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x633, &mut x634, x7, 0x49bd6fa6); let mut x635: u32 = 0; let mut x636: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x635, &mut x636, x7, 0x83244c95); let mut x637: u32 = 0; let mut x638: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x637, &mut x638, x7, 0xbe79eea2); let mut x639: u32 = 0; let mut x640: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x639, &mut x640, 0x0, x638, x635); let mut x641: u32 = 0; let mut x642: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x636, x633); let mut x643: u32 = 0; let mut x644: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x634, x631); let mut x645: u32 = 0; let mut x646: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x645, &mut x646, x644, x632, x629); let mut x647: u32 = 0; let mut x648: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x647, &mut x648, x646, x630, x627); let mut x649: u32 = 0; let mut x650: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x649, &mut x650, x648, x628, x625); let mut x651: u32 = 0; let mut x652: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x651, &mut x652, x650, x626, x623); let mut x653: u32 = 0; let mut x654: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x653, &mut x654, 0x0, x607, x637); let mut x655: u32 = 0; let mut x656: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x655, &mut x656, x654, x609, x639); let mut x657: u32 = 0; let mut x658: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x657, &mut x658, x656, x611, x641); let mut x659: u32 = 0; let mut x660: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x659, &mut x660, x658, x613, x643); let mut x661: u32 = 0; let mut x662: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x661, &mut x662, x660, x615, x645); let mut x663: u32 = 0; let mut x664: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x663, &mut x664, x662, x617, x647); let mut x665: u32 = 0; let mut x666: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x665, &mut x666, x664, x619, x649); let mut x667: u32 = 0; let mut x668: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x667, &mut x668, x666, x621, x651); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x669, &mut x670, x653, 0xee00bc4f); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x671, &mut x672, x669, 0xffffffff); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x673, &mut x674, x669, 0xffffffff); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x675, &mut x676, x669, 0xffffffff); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x677, &mut x678, x669, 0xbce6faad); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x679, &mut x680, x669, 0xa7179e84); let mut x681: u32 = 0; let mut x682: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x681, &mut x682, x669, 0xf3b9cac2); let mut x683: u32 = 0; let mut x684: u32 = 0; fiat_p256_scalar_mulx_u32(&mut x683, &mut x684, x669, 0xfc632551); let mut x685: u32 = 0; let mut x686: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x685, &mut x686, 0x0, x684, x681); let mut x687: u32 = 0; let mut x688: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x687, &mut x688, x686, x682, x679); let mut x689: u32 = 0; let mut x690: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x689, &mut x690, x688, x680, x677); let mut x691: u32 = 0; let mut x692: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x691, &mut x692, x690, x678, x675); let mut x693: u32 = 0; let mut x694: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x693, &mut x694, x692, x676, x673); let mut x695: u32 = 0; let mut x696: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x695, &mut x696, 0x0, x653, x683); let mut x697: u32 = 0; let mut x698: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x697, &mut x698, x696, x655, x685); let mut x699: u32 = 0; let mut x700: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x699, &mut x700, x698, x657, x687); let mut x701: u32 = 0; let mut x702: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x701, &mut x702, x700, x659, x689); let mut x703: u32 = 0; let mut x704: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x703, &mut x704, x702, x661, x691); let mut x705: u32 = 0; let mut x706: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x705, &mut x706, x704, x663, x693); let mut x707: u32 = 0; let mut x708: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x707, &mut x708, x706, x665, ((x694 as u32) + x674)); let mut x709: u32 = 0; let mut x710: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x709, &mut x710, x708, x667, x671); let mut x711: u32 = 0; let mut x712: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x711, &mut x712, x710, (((x668 as u32) + (x622 as u32)) + ((x652 as u32) + x624)), x672); let mut x713: u32 = 0; let mut x714: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x713, &mut x714, 0x0, x697, 0xfc632551); let mut x715: u32 = 0; let mut x716: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x715, &mut x716, x714, x699, 0xf3b9cac2); let mut x717: u32 = 0; let mut x718: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x717, &mut x718, x716, x701, 0xa7179e84); let mut x719: u32 = 0; let mut x720: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x719, &mut x720, x718, x703, 0xbce6faad); let mut x721: u32 = 0; let mut x722: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x721, &mut x722, x720, x705, 0xffffffff); let mut x723: u32 = 0; let mut x724: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x723, &mut x724, x722, x707, 0xffffffff); let mut x725: u32 = 0; let mut x726: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x725, &mut x726, x724, x709, (0x0 as u32)); let mut x727: u32 = 0; let mut x728: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x727, &mut x728, x726, x711, 0xffffffff); let mut x729: u32 = 0; let mut x730: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x729, &mut x730, x728, (x712 as u32), (0x0 as u32)); let mut x731: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x731, x730, x713, x697); let mut x732: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x732, x730, x715, x699); let mut x733: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x733, x730, x717, x701); let mut x734: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x734, x730, x719, x703); let mut x735: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x735, x730, x721, x705); let mut x736: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x736, x730, x723, x707); let mut x737: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x737, x730, x725, x709); let mut x738: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x738, x730, x727, x711); out1[0] = x731; out1[1] = x732; out1[2] = x733; out1[3] = x734; out1[4] = x735; out1[5] = x736; out1[6] = x737; out1[7] = x738; } /// The function fiat_p256_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p256_scalar_nonzero(out1: &mut u32, arg1: &[u32; 8]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); *out1 = x1; } /// The function fiat_p256_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_scalar_selectznz(out1: &mut [u32; 8], arg1: fiat_p256_scalar_u1, arg2: &[u32; 8], arg3: &[u32; 8]) { let mut x1: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p256_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p256_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u32; 8]) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[6]); let x3: u32 = (arg1[5]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[3]); let x6: u32 = (arg1[2]); let x7: u32 = (arg1[1]); let x8: u32 = (arg1[0]); let x9: u8 = ((x8 & (0xff as u32)) as u8); let x10: u32 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u32)) as u8); let x12: u32 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u8 = ((x12 >> 8) as u8); let x15: u8 = ((x7 & (0xff as u32)) as u8); let x16: u32 = (x7 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u32 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u32)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x6 & (0xff as u32)) as u8); let x22: u32 = (x6 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u32 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u32)) as u8); let x26: u8 = ((x24 >> 8) as u8); let x27: u8 = ((x5 & (0xff as u32)) as u8); let x28: u32 = (x5 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u32 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u32)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x4 & (0xff as u32)) as u8); let x34: u32 = (x4 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u32 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u32)) as u8); let x38: u8 = ((x36 >> 8) as u8); let x39: u8 = ((x3 & (0xff as u32)) as u8); let x40: u32 = (x3 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u8 = ((x2 & (0xff as u32)) as u8); let x46: u32 = (x2 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u32 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u32)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u8 = ((x1 & (0xff as u32)) as u8); let x52: u32 = (x1 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u32 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u32)) as u8); let x56: u8 = ((x54 >> 8) as u8); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x26; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x38; out1[20] = x39; out1[21] = x41; out1[22] = x43; out1[23] = x44; out1[24] = x45; out1[25] = x47; out1[26] = x49; out1[27] = x50; out1[28] = x51; out1[29] = x53; out1[30] = x55; out1[31] = x56; } /// The function fiat_p256_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_scalar_from_bytes(out1: &mut [u32; 8], arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 24); let x2: u32 = (((arg1[30]) as u32) << 16); let x3: u32 = (((arg1[29]) as u32) << 8); let x4: u8 = (arg1[28]); let x5: u32 = (((arg1[27]) as u32) << 24); let x6: u32 = (((arg1[26]) as u32) << 16); let x7: u32 = (((arg1[25]) as u32) << 8); let x8: u8 = (arg1[24]); let x9: u32 = (((arg1[23]) as u32) << 24); let x10: u32 = (((arg1[22]) as u32) << 16); let x11: u32 = (((arg1[21]) as u32) << 8); let x12: u8 = (arg1[20]); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 24); let x18: u32 = (((arg1[14]) as u32) << 16); let x19: u32 = (((arg1[13]) as u32) << 8); let x20: u8 = (arg1[12]); let x21: u32 = (((arg1[11]) as u32) << 24); let x22: u32 = (((arg1[10]) as u32) << 16); let x23: u32 = (((arg1[9]) as u32) << 8); let x24: u8 = (arg1[8]); let x25: u32 = (((arg1[7]) as u32) << 24); let x26: u32 = (((arg1[6]) as u32) << 16); let x27: u32 = (((arg1[5]) as u32) << 8); let x28: u8 = (arg1[4]); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x27 + (x28 as u32)); let x37: u32 = (x26 + x36); let x38: u32 = (x25 + x37); let x39: u32 = (x23 + (x24 as u32)); let x40: u32 = (x22 + x39); let x41: u32 = (x21 + x40); let x42: u32 = (x19 + (x20 as u32)); let x43: u32 = (x18 + x42); let x44: u32 = (x17 + x43); let x45: u32 = (x15 + (x16 as u32)); let x46: u32 = (x14 + x45); let x47: u32 = (x13 + x46); let x48: u32 = (x11 + (x12 as u32)); let x49: u32 = (x10 + x48); let x50: u32 = (x9 + x49); let x51: u32 = (x7 + (x8 as u32)); let x52: u32 = (x6 + x51); let x53: u32 = (x5 + x52); let x54: u32 = (x3 + (x4 as u32)); let x55: u32 = (x2 + x54); let x56: u32 = (x1 + x55); out1[0] = x35; out1[1] = x38; out1[2] = x41; out1[3] = x44; out1[4] = x47; out1[5] = x50; out1[6] = x53; out1[7] = x56; } /// The function fiat_p256_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_set_one(out1: &mut fiat_p256_scalar_montgomery_domain_field_element) { out1[0] = 0x39cdaaf; out1[1] = 0xc46353d; out1[2] = 0x58e8617b; out1[3] = 0x43190552; out1[4] = (0x0 as u32); out1[5] = (0x0 as u32); out1[6] = 0xffffffff; out1[7] = (0x0 as u32); } /// The function fiat_p256_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_scalar_msat(out1: &mut [u32; 9]) { out1[0] = 0xfc632551; out1[1] = 0xf3b9cac2; out1[2] = 0xa7179e84; out1[3] = 0xbce6faad; out1[4] = 0xffffffff; out1[5] = 0xffffffff; out1[6] = (0x0 as u32); out1[7] = 0xffffffff; out1[8] = (0x0 as u32); } /// The function fiat_p256_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_scalar_divstep(out1: &mut u32, out2: &mut [u32; 9], out3: &mut [u32; 9], out4: &mut [u32; 8], out5: &mut [u32; 8], arg1: u32, arg2: &[u32; 9], arg3: &[u32; 9], arg4: &[u32; 8], arg5: &[u32; 8]) { let mut x1: u32 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_p256_scalar_u1 = (((x1 >> 31) as fiat_p256_scalar_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_p256_scalar_u1)); let mut x4: u32 = 0; let mut x5: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; let mut x17: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x16, &mut x17, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x18: u32 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), (!(arg2[1]))); let mut x20: u32 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), (!(arg2[2]))); let mut x22: u32 = 0; let mut x23: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[3]))); let mut x24: u32 = 0; let mut x25: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[4]))); let mut x26: u32 = 0; let mut x27: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[5]))); let mut x28: u32 = 0; let mut x29: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[6]))); let mut x30: u32 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[7]))); let mut x32: u32 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[8]))); let mut x34: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x34, x3, (arg3[0]), x16); let mut x35: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x35, x3, (arg3[1]), x18); let mut x36: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x36, x3, (arg3[2]), x20); let mut x37: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x37, x3, (arg3[3]), x22); let mut x38: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x38, x3, (arg3[4]), x24); let mut x39: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x39, x3, (arg3[5]), x26); let mut x40: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x40, x3, (arg3[6]), x28); let mut x41: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x41, x3, (arg3[7]), x30); let mut x42: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x42, x3, (arg3[8]), x32); let mut x43: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x43, x3, (arg4[0]), (arg5[0])); let mut x44: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x44, x3, (arg4[1]), (arg5[1])); let mut x45: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x45, x3, (arg4[2]), (arg5[2])); let mut x46: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x46, x3, (arg4[3]), (arg5[3])); let mut x47: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x47, x3, (arg4[4]), (arg5[4])); let mut x48: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x48, x3, (arg4[5]), (arg5[5])); let mut x49: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x49, x3, (arg4[6]), (arg5[6])); let mut x50: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x50, x3, (arg4[7]), (arg5[7])); let mut x51: u32 = 0; let mut x52: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x51, &mut x52, 0x0, x43, x43); let mut x53: u32 = 0; let mut x54: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x44, x44); let mut x55: u32 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x45, x45); let mut x57: u32 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x46, x46); let mut x59: u32 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x47, x47); let mut x61: u32 = 0; let mut x62: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x48, x48); let mut x63: u32 = 0; let mut x64: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x49, x49); let mut x65: u32 = 0; let mut x66: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x50, x50); let mut x67: u32 = 0; let mut x68: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x67, &mut x68, 0x0, x51, 0xfc632551); let mut x69: u32 = 0; let mut x70: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x69, &mut x70, x68, x53, 0xf3b9cac2); let mut x71: u32 = 0; let mut x72: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x71, &mut x72, x70, x55, 0xa7179e84); let mut x73: u32 = 0; let mut x74: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x73, &mut x74, x72, x57, 0xbce6faad); let mut x75: u32 = 0; let mut x76: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x75, &mut x76, x74, x59, 0xffffffff); let mut x77: u32 = 0; let mut x78: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x77, &mut x78, x76, x61, 0xffffffff); let mut x79: u32 = 0; let mut x80: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x79, &mut x80, x78, x63, (0x0 as u32)); let mut x81: u32 = 0; let mut x82: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x81, &mut x82, x80, x65, 0xffffffff); let mut x83: u32 = 0; let mut x84: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x83, &mut x84, x82, (x66 as u32), (0x0 as u32)); let x85: u32 = (arg4[7]); let x86: u32 = (arg4[6]); let x87: u32 = (arg4[5]); let x88: u32 = (arg4[4]); let x89: u32 = (arg4[3]); let x90: u32 = (arg4[2]); let x91: u32 = (arg4[1]); let x92: u32 = (arg4[0]); let mut x93: u32 = 0; let mut x94: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x93, &mut x94, 0x0, (0x0 as u32), x92); let mut x95: u32 = 0; let mut x96: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x91); let mut x97: u32 = 0; let mut x98: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x97, &mut x98, x96, (0x0 as u32), x90); let mut x99: u32 = 0; let mut x100: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x99, &mut x100, x98, (0x0 as u32), x89); let mut x101: u32 = 0; let mut x102: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x101, &mut x102, x100, (0x0 as u32), x88); let mut x103: u32 = 0; let mut x104: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x103, &mut x104, x102, (0x0 as u32), x87); let mut x105: u32 = 0; let mut x106: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x105, &mut x106, x104, (0x0 as u32), x86); let mut x107: u32 = 0; let mut x108: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x107, &mut x108, x106, (0x0 as u32), x85); let mut x109: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x109, x108, (0x0 as u32), 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x110, &mut x111, 0x0, x93, (x109 & 0xfc632551)); let mut x112: u32 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x95, (x109 & 0xf3b9cac2)); let mut x114: u32 = 0; let mut x115: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x97, (x109 & 0xa7179e84)); let mut x116: u32 = 0; let mut x117: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x99, (x109 & 0xbce6faad)); let mut x118: u32 = 0; let mut x119: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x101, x109); let mut x120: u32 = 0; let mut x121: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x103, x109); let mut x122: u32 = 0; let mut x123: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x105, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x107, x109); let mut x126: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x126, x3, (arg5[0]), x110); let mut x127: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x127, x3, (arg5[1]), x112); let mut x128: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x128, x3, (arg5[2]), x114); let mut x129: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x129, x3, (arg5[3]), x116); let mut x130: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x130, x3, (arg5[4]), x118); let mut x131: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x131, x3, (arg5[5]), x120); let mut x132: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x132, x3, (arg5[6]), x122); let mut x133: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x133, x3, (arg5[7]), x124); let x134: fiat_p256_scalar_u1 = ((x34 & (0x1 as u32)) as fiat_p256_scalar_u1); let mut x135: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x135, x134, (0x0 as u32), x7); let mut x136: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x136, x134, (0x0 as u32), x8); let mut x137: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x137, x134, (0x0 as u32), x9); let mut x138: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x138, x134, (0x0 as u32), x10); let mut x139: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x139, x134, (0x0 as u32), x11); let mut x140: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x140, x134, (0x0 as u32), x12); let mut x141: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x141, x134, (0x0 as u32), x13); let mut x142: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x142, x134, (0x0 as u32), x14); let mut x143: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x143, x134, (0x0 as u32), x15); let mut x144: u32 = 0; let mut x145: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x144, &mut x145, 0x0, x34, x135); let mut x146: u32 = 0; let mut x147: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x146, &mut x147, x145, x35, x136); let mut x148: u32 = 0; let mut x149: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x148, &mut x149, x147, x36, x137); let mut x150: u32 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x150, &mut x151, x149, x37, x138); let mut x152: u32 = 0; let mut x153: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x38, x139); let mut x154: u32 = 0; let mut x155: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x39, x140); let mut x156: u32 = 0; let mut x157: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x40, x141); let mut x158: u32 = 0; let mut x159: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x41, x142); let mut x160: u32 = 0; let mut x161: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x42, x143); let mut x162: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x162, x134, (0x0 as u32), x43); let mut x163: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x163, x134, (0x0 as u32), x44); let mut x164: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x164, x134, (0x0 as u32), x45); let mut x165: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x165, x134, (0x0 as u32), x46); let mut x166: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x166, x134, (0x0 as u32), x47); let mut x167: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x167, x134, (0x0 as u32), x48); let mut x168: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x168, x134, (0x0 as u32), x49); let mut x169: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x169, x134, (0x0 as u32), x50); let mut x170: u32 = 0; let mut x171: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x170, &mut x171, 0x0, x126, x162); let mut x172: u32 = 0; let mut x173: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x127, x163); let mut x174: u32 = 0; let mut x175: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x128, x164); let mut x176: u32 = 0; let mut x177: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x129, x165); let mut x178: u32 = 0; let mut x179: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x130, x166); let mut x180: u32 = 0; let mut x181: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x131, x167); let mut x182: u32 = 0; let mut x183: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x132, x168); let mut x184: u32 = 0; let mut x185: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x133, x169); let mut x186: u32 = 0; let mut x187: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x186, &mut x187, 0x0, x170, 0xfc632551); let mut x188: u32 = 0; let mut x189: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x188, &mut x189, x187, x172, 0xf3b9cac2); let mut x190: u32 = 0; let mut x191: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x190, &mut x191, x189, x174, 0xa7179e84); let mut x192: u32 = 0; let mut x193: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x192, &mut x193, x191, x176, 0xbce6faad); let mut x194: u32 = 0; let mut x195: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x194, &mut x195, x193, x178, 0xffffffff); let mut x196: u32 = 0; let mut x197: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x196, &mut x197, x195, x180, 0xffffffff); let mut x198: u32 = 0; let mut x199: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x198, &mut x199, x197, x182, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x200, &mut x201, x199, x184, 0xffffffff); let mut x202: u32 = 0; let mut x203: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u32(&mut x202, &mut x203, x201, (x185 as u32), (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u32(&mut x204, &mut x205, 0x0, x6, (0x1 as u32)); let x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); let x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); let x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); let x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); let x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); let x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); let x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); let x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); let x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); let mut x215: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x215, x84, x67, x51); let mut x216: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x216, x84, x69, x53); let mut x217: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x217, x84, x71, x55); let mut x218: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x218, x84, x73, x57); let mut x219: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x219, x84, x75, x59); let mut x220: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x220, x84, x77, x61); let mut x221: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x221, x84, x79, x63); let mut x222: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x222, x84, x81, x65); let mut x223: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x223, x203, x186, x170); let mut x224: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x224, x203, x188, x172); let mut x225: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x225, x203, x190, x174); let mut x226: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x226, x203, x192, x176); let mut x227: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x227, x203, x194, x178); let mut x228: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x228, x203, x196, x180); let mut x229: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x229, x203, x198, x182); let mut x230: u32 = 0; fiat_p256_scalar_cmovznz_u32(&mut x230, x203, x200, x184); *out1 = x204; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out3[0] = x206; out3[1] = x207; out3[2] = x208; out3[3] = x209; out3[4] = x210; out3[5] = x211; out3[6] = x212; out3[7] = x213; out3[8] = x214; out4[0] = x215; out4[1] = x216; out4[2] = x217; out4[3] = x218; out4[4] = x219; out4[5] = x220; out4[6] = x221; out4[7] = x222; out5[0] = x223; out5[1] = x224; out5[2] = x225; out5[3] = x226; out5[4] = x227; out5[5] = x228; out5[6] = x229; out5[7] = x230; } /// The function fiat_p256_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p256_scalar_divstep_precomp(out1: &mut [u32; 8]) { out1[0] = 0xb7fcfbb5; out1[1] = 0xd739262f; out1[2] = 0x20074414; out1[3] = 0x8ac6f75d; out1[4] = 0xb5e3c256; out1[5] = 0xc67428bf; out1[6] = 0xeda7aedf; out1[7] = 0x444962f2; } fiat-crypto-0.2.2/src/p256_scalar_64.rs000064400000000000000000002546221046102023000155700ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p256_scalar 64 '2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p256_scalar //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 (from "2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p256_scalar_u1 = u8; pub type fiat_p256_scalar_i1 = i8; pub type fiat_p256_scalar_u2 = u8; pub type fiat_p256_scalar_i2 = i8; /** The type fiat_p256_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_scalar_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p256_scalar_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p256_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p256_scalar_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_p256_scalar_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p256_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p256_scalar_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_scalar_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p256_scalar_u1, arg1: fiat_p256_scalar_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p256_scalar_u1 = ((x1 >> 64) as fiat_p256_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p256_scalar_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p256_scalar_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p256_scalar_u1, arg1: fiat_p256_scalar_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p256_scalar_i1 = ((x1 >> 64) as fiat_p256_scalar_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p256_scalar_i2) - (x2 as fiat_p256_scalar_i2)) as fiat_p256_scalar_u1); } /// The function fiat_p256_scalar_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_scalar_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p256_scalar_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_scalar_cmovznz_u64(out1: &mut u64, arg1: fiat_p256_scalar_u1, arg2: u64, arg3: u64) { let x1: fiat_p256_scalar_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p256_scalar_i2) - (x1 as fiat_p256_scalar_i2)) as fiat_p256_scalar_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p256_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_mul(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x20, &mut x21, x11, 0xccd1c8aaee00bc4f); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x22, &mut x23, x20, 0xffffffff00000000); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x26, &mut x27, x20, 0xbce6faada7179e84); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x28, &mut x29, x20, 0xf3b9cac2fc632551); let mut x30: u64 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg2[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x49, &mut x50, x1, (arg2[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x51, &mut x52, x1, (arg2[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x53, &mut x54, x1, (arg2[0])); let mut x55: u64 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x72, &mut x73, x62, 0xccd1c8aaee00bc4f); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x74, &mut x75, x72, 0xffffffff00000000); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x76, &mut x77, x72, 0xffffffffffffffff); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x78, &mut x79, x72, 0xbce6faada7179e84); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x80, &mut x81, x72, 0xf3b9cac2fc632551); let mut x82: u64 = 0; let mut x83: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x100, &mut x101, x2, (arg2[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x102, &mut x103, x2, (arg2[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x104, &mut x105, x2, (arg2[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x106, &mut x107, x2, (arg2[0])); let mut x108: u64 = 0; let mut x109: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x125, &mut x126, x115, 0xccd1c8aaee00bc4f); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x127, &mut x128, x125, 0xffffffff00000000); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x129, &mut x130, x125, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x131, &mut x132, x125, 0xbce6faada7179e84); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x133, &mut x134, x125, 0xf3b9cac2fc632551); let mut x135: u64 = 0; let mut x136: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x153, &mut x154, x3, (arg2[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x155, &mut x156, x3, (arg2[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x157, &mut x158, x3, (arg2[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x159, &mut x160, x3, (arg2[0])); let mut x161: u64 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x178, &mut x179, x168, 0xccd1c8aaee00bc4f); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x180, &mut x181, x178, 0xffffffff00000000); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x182, &mut x183, x178, 0xffffffffffffffff); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x184, &mut x185, x178, 0xbce6faada7179e84); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x186, &mut x187, x178, 0xf3b9cac2fc632551); let mut x188: u64 = 0; let mut x189: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xf3b9cac2fc632551); let mut x208: u64 = 0; let mut x209: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xbce6faada7179e84); let mut x210: u64 = 0; let mut x211: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xffffffffffffffff); let mut x212: u64 = 0; let mut x213: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffff00000000); let mut x214: u64 = 0; let mut x215: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_p256_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_square(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x20, &mut x21, x11, 0xccd1c8aaee00bc4f); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x22, &mut x23, x20, 0xffffffff00000000); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x26, &mut x27, x20, 0xbce6faada7179e84); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x28, &mut x29, x20, 0xf3b9cac2fc632551); let mut x30: u64 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg1[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x49, &mut x50, x1, (arg1[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x51, &mut x52, x1, (arg1[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x53, &mut x54, x1, (arg1[0])); let mut x55: u64 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x72, &mut x73, x62, 0xccd1c8aaee00bc4f); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x74, &mut x75, x72, 0xffffffff00000000); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x76, &mut x77, x72, 0xffffffffffffffff); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x78, &mut x79, x72, 0xbce6faada7179e84); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x80, &mut x81, x72, 0xf3b9cac2fc632551); let mut x82: u64 = 0; let mut x83: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x100, &mut x101, x2, (arg1[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x102, &mut x103, x2, (arg1[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x104, &mut x105, x2, (arg1[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x106, &mut x107, x2, (arg1[0])); let mut x108: u64 = 0; let mut x109: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x125, &mut x126, x115, 0xccd1c8aaee00bc4f); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x127, &mut x128, x125, 0xffffffff00000000); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x129, &mut x130, x125, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x131, &mut x132, x125, 0xbce6faada7179e84); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x133, &mut x134, x125, 0xf3b9cac2fc632551); let mut x135: u64 = 0; let mut x136: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x153, &mut x154, x3, (arg1[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x155, &mut x156, x3, (arg1[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x157, &mut x158, x3, (arg1[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x159, &mut x160, x3, (arg1[0])); let mut x161: u64 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x178, &mut x179, x168, 0xccd1c8aaee00bc4f); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x180, &mut x181, x178, 0xffffffff00000000); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x182, &mut x183, x178, 0xffffffffffffffff); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x184, &mut x185, x178, 0xbce6faada7179e84); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x186, &mut x187, x178, 0xf3b9cac2fc632551); let mut x188: u64 = 0; let mut x189: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xf3b9cac2fc632551); let mut x208: u64 = 0; let mut x209: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xbce6faada7179e84); let mut x210: u64 = 0; let mut x211: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xffffffffffffffff); let mut x212: u64 = 0; let mut x213: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffff00000000); let mut x214: u64 = 0; let mut x215: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_p256_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_add(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, 0xf3b9cac2fc632551); let mut x11: u64 = 0; let mut x12: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0xbce6faada7179e84); let mut x13: u64 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x13, &mut x14, x12, x5, 0xffffffffffffffff); let mut x15: u64 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0xffffffff00000000); let mut x17: u64 = 0; let mut x18: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_p256_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_sub(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element, arg2: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xf3b9cac2fc632551)); let mut x12: u64 = 0; let mut x13: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xbce6faada7179e84)); let mut x14: u64 = 0; let mut x15: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff00000000)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p256_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_opp(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xf3b9cac2fc632551)); let mut x12: u64 = 0; let mut x13: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xbce6faada7179e84)); let mut x14: u64 = 0; let mut x15: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, (x9 & 0xffffffff00000000)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_p256_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_from_montgomery(out1: &mut fiat_p256_scalar_non_montgomery_domain_field_element, arg1: &fiat_p256_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x2, &mut x3, x1, 0xccd1c8aaee00bc4f); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x4, &mut x5, x2, 0xffffffff00000000); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x6, &mut x7, x2, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x8, &mut x9, x2, 0xbce6faada7179e84); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x10, &mut x11, x2, 0xf3b9cac2fc632551); let mut x12: u64 = 0; let mut x13: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, x11, x8); let mut x14: u64 = 0; let mut x15: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x9, x6); let mut x16: u64 = 0; let mut x17: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, x4); let mut x18: u64 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x18, &mut x19, 0x0, x1, x10); let mut x20: u64 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), x12); let mut x22: u64 = 0; let mut x23: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x22, &mut x23, x21, (0x0 as u64), x14); let mut x24: u64 = 0; let mut x25: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x24, &mut x25, x23, (0x0 as u64), x16); let mut x26: u64 = 0; let mut x27: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x26, &mut x27, 0x0, x20, (arg1[1])); let mut x28: u64 = 0; let mut x29: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x28, &mut x29, x27, x22, (0x0 as u64)); let mut x30: u64 = 0; let mut x31: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x30, &mut x31, x29, x24, (0x0 as u64)); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x32, &mut x33, x26, 0xccd1c8aaee00bc4f); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x34, &mut x35, x32, 0xffffffff00000000); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x36, &mut x37, x32, 0xffffffffffffffff); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x38, &mut x39, x32, 0xbce6faada7179e84); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x40, &mut x41, x32, 0xf3b9cac2fc632551); let mut x42: u64 = 0; let mut x43: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x42, &mut x43, 0x0, x41, x38); let mut x44: u64 = 0; let mut x45: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x44, &mut x45, x43, x39, x36); let mut x46: u64 = 0; let mut x47: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x46, &mut x47, x45, x37, x34); let mut x48: u64 = 0; let mut x49: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x48, &mut x49, 0x0, x26, x40); let mut x50: u64 = 0; let mut x51: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x50, &mut x51, x49, x28, x42); let mut x52: u64 = 0; let mut x53: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x52, &mut x53, x51, x30, x44); let mut x54: u64 = 0; let mut x55: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x54, &mut x55, x53, ((x31 as u64) + ((x25 as u64) + ((x17 as u64) + x5))), x46); let mut x56: u64 = 0; let mut x57: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x56, &mut x57, 0x0, x50, (arg1[2])); let mut x58: u64 = 0; let mut x59: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x58, &mut x59, x57, x52, (0x0 as u64)); let mut x60: u64 = 0; let mut x61: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x60, &mut x61, x59, x54, (0x0 as u64)); let mut x62: u64 = 0; let mut x63: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x62, &mut x63, x56, 0xccd1c8aaee00bc4f); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x64, &mut x65, x62, 0xffffffff00000000); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x66, &mut x67, x62, 0xffffffffffffffff); let mut x68: u64 = 0; let mut x69: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x68, &mut x69, x62, 0xbce6faada7179e84); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x70, &mut x71, x62, 0xf3b9cac2fc632551); let mut x72: u64 = 0; let mut x73: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x72, &mut x73, 0x0, x71, x68); let mut x74: u64 = 0; let mut x75: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x74, &mut x75, x73, x69, x66); let mut x76: u64 = 0; let mut x77: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x76, &mut x77, x75, x67, x64); let mut x78: u64 = 0; let mut x79: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x78, &mut x79, 0x0, x56, x70); let mut x80: u64 = 0; let mut x81: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x80, &mut x81, x79, x58, x72); let mut x82: u64 = 0; let mut x83: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x60, x74); let mut x84: u64 = 0; let mut x85: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x84, &mut x85, x83, ((x61 as u64) + ((x55 as u64) + ((x47 as u64) + x35))), x76); let mut x86: u64 = 0; let mut x87: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x86, &mut x87, 0x0, x80, (arg1[3])); let mut x88: u64 = 0; let mut x89: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x82, (0x0 as u64)); let mut x90: u64 = 0; let mut x91: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x90, &mut x91, x89, x84, (0x0 as u64)); let mut x92: u64 = 0; let mut x93: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x92, &mut x93, x86, 0xccd1c8aaee00bc4f); let mut x94: u64 = 0; let mut x95: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x94, &mut x95, x92, 0xffffffff00000000); let mut x96: u64 = 0; let mut x97: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x96, &mut x97, x92, 0xffffffffffffffff); let mut x98: u64 = 0; let mut x99: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x98, &mut x99, x92, 0xbce6faada7179e84); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x100, &mut x101, x92, 0xf3b9cac2fc632551); let mut x102: u64 = 0; let mut x103: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x102, &mut x103, 0x0, x101, x98); let mut x104: u64 = 0; let mut x105: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x104, &mut x105, x103, x99, x96); let mut x106: u64 = 0; let mut x107: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x106, &mut x107, x105, x97, x94); let mut x108: u64 = 0; let mut x109: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x108, &mut x109, 0x0, x86, x100); let mut x110: u64 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x110, &mut x111, x109, x88, x102); let mut x112: u64 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x112, &mut x113, x111, x90, x104); let mut x114: u64 = 0; let mut x115: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x114, &mut x115, x113, ((x91 as u64) + ((x85 as u64) + ((x77 as u64) + x65))), x106); let x116: u64 = ((x115 as u64) + ((x107 as u64) + x95)); let mut x117: u64 = 0; let mut x118: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x117, &mut x118, 0x0, x110, 0xf3b9cac2fc632551); let mut x119: u64 = 0; let mut x120: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x119, &mut x120, x118, x112, 0xbce6faada7179e84); let mut x121: u64 = 0; let mut x122: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x121, &mut x122, x120, x114, 0xffffffffffffffff); let mut x123: u64 = 0; let mut x124: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x123, &mut x124, x122, x116, 0xffffffff00000000); let mut x125: u64 = 0; let mut x126: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x125, &mut x126, x124, (0x0 as u64), (0x0 as u64)); let mut x127: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x127, x126, x117, x110); let mut x128: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x128, x126, x119, x112); let mut x129: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x129, x126, x121, x114); let mut x130: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x130, x126, x123, x116); out1[0] = x127; out1[1] = x128; out1[2] = x129; out1[3] = x130; } /// The function fiat_p256_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_to_montgomery(out1: &mut fiat_p256_scalar_montgomery_domain_field_element, arg1: &fiat_p256_scalar_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x5, &mut x6, x4, 0x66e12d94f3d95620); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x7, &mut x8, x4, 0x2845b2392b6bec59); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x9, &mut x10, x4, 0x4699799c49bd6fa6); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x11, &mut x12, x4, 0x83244c95be79eea2); let mut x13: u64 = 0; let mut x14: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x19, &mut x20, x11, 0xccd1c8aaee00bc4f); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x21, &mut x22, x19, 0xffffffff00000000); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x23, &mut x24, x19, 0xffffffffffffffff); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x25, &mut x26, x19, 0xbce6faada7179e84); let mut x27: u64 = 0; let mut x28: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x27, &mut x28, x19, 0xf3b9cac2fc632551); let mut x29: u64 = 0; let mut x30: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x29, &mut x30, 0x0, x28, x25); let mut x31: u64 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x31, &mut x32, x30, x26, x23); let mut x33: u64 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x24, x21); let mut x35: u64 = 0; let mut x36: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x35, &mut x36, 0x0, x11, x27); let mut x37: u64 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x13, x29); let mut x39: u64 = 0; let mut x40: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x15, x31); let mut x41: u64 = 0; let mut x42: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x17, x33); let mut x43: u64 = 0; let mut x44: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x43, &mut x44, x42, ((x18 as u64) + x6), ((x34 as u64) + x22)); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x45, &mut x46, x1, 0x66e12d94f3d95620); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x47, &mut x48, x1, 0x2845b2392b6bec59); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x49, &mut x50, x1, 0x4699799c49bd6fa6); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x51, &mut x52, x1, 0x83244c95be79eea2); let mut x53: u64 = 0; let mut x54: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x53, &mut x54, 0x0, x52, x49); let mut x55: u64 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x55, &mut x56, x54, x50, x47); let mut x57: u64 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x48, x45); let mut x59: u64 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x59, &mut x60, 0x0, x37, x51); let mut x61: u64 = 0; let mut x62: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x61, &mut x62, x60, x39, x53); let mut x63: u64 = 0; let mut x64: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x63, &mut x64, x62, x41, x55); let mut x65: u64 = 0; let mut x66: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x65, &mut x66, x64, x43, x57); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x67, &mut x68, x59, 0xccd1c8aaee00bc4f); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x69, &mut x70, x67, 0xffffffff00000000); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x71, &mut x72, x67, 0xffffffffffffffff); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x73, &mut x74, x67, 0xbce6faada7179e84); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x75, &mut x76, x67, 0xf3b9cac2fc632551); let mut x77: u64 = 0; let mut x78: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x77, &mut x78, 0x0, x76, x73); let mut x79: u64 = 0; let mut x80: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x79, &mut x80, x78, x74, x71); let mut x81: u64 = 0; let mut x82: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x81, &mut x82, x80, x72, x69); let mut x83: u64 = 0; let mut x84: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x83, &mut x84, 0x0, x59, x75); let mut x85: u64 = 0; let mut x86: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x61, x77); let mut x87: u64 = 0; let mut x88: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x63, x79); let mut x89: u64 = 0; let mut x90: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x89, &mut x90, x88, x65, x81); let mut x91: u64 = 0; let mut x92: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x91, &mut x92, x90, (((x66 as u64) + (x44 as u64)) + ((x58 as u64) + x46)), ((x82 as u64) + x70)); let mut x93: u64 = 0; let mut x94: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x93, &mut x94, x2, 0x66e12d94f3d95620); let mut x95: u64 = 0; let mut x96: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x95, &mut x96, x2, 0x2845b2392b6bec59); let mut x97: u64 = 0; let mut x98: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x97, &mut x98, x2, 0x4699799c49bd6fa6); let mut x99: u64 = 0; let mut x100: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x99, &mut x100, x2, 0x83244c95be79eea2); let mut x101: u64 = 0; let mut x102: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x101, &mut x102, 0x0, x100, x97); let mut x103: u64 = 0; let mut x104: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x103, &mut x104, x102, x98, x95); let mut x105: u64 = 0; let mut x106: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x105, &mut x106, x104, x96, x93); let mut x107: u64 = 0; let mut x108: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x107, &mut x108, 0x0, x85, x99); let mut x109: u64 = 0; let mut x110: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x109, &mut x110, x108, x87, x101); let mut x111: u64 = 0; let mut x112: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x111, &mut x112, x110, x89, x103); let mut x113: u64 = 0; let mut x114: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x113, &mut x114, x112, x91, x105); let mut x115: u64 = 0; let mut x116: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x115, &mut x116, x107, 0xccd1c8aaee00bc4f); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x117, &mut x118, x115, 0xffffffff00000000); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x119, &mut x120, x115, 0xffffffffffffffff); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x121, &mut x122, x115, 0xbce6faada7179e84); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x123, &mut x124, x115, 0xf3b9cac2fc632551); let mut x125: u64 = 0; let mut x126: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let mut x129: u64 = 0; let mut x130: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x129, &mut x130, x128, x120, x117); let mut x131: u64 = 0; let mut x132: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x131, &mut x132, 0x0, x107, x123); let mut x133: u64 = 0; let mut x134: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x109, x125); let mut x135: u64 = 0; let mut x136: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x111, x127); let mut x137: u64 = 0; let mut x138: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x113, x129); let mut x139: u64 = 0; let mut x140: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x139, &mut x140, x138, (((x114 as u64) + (x92 as u64)) + ((x106 as u64) + x94)), ((x130 as u64) + x118)); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x141, &mut x142, x3, 0x66e12d94f3d95620); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x143, &mut x144, x3, 0x2845b2392b6bec59); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x145, &mut x146, x3, 0x4699799c49bd6fa6); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x147, &mut x148, x3, 0x83244c95be79eea2); let mut x149: u64 = 0; let mut x150: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x149, &mut x150, 0x0, x148, x145); let mut x151: u64 = 0; let mut x152: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x151, &mut x152, x150, x146, x143); let mut x153: u64 = 0; let mut x154: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x153, &mut x154, x152, x144, x141); let mut x155: u64 = 0; let mut x156: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x155, &mut x156, 0x0, x133, x147); let mut x157: u64 = 0; let mut x158: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x157, &mut x158, x156, x135, x149); let mut x159: u64 = 0; let mut x160: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x159, &mut x160, x158, x137, x151); let mut x161: u64 = 0; let mut x162: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x161, &mut x162, x160, x139, x153); let mut x163: u64 = 0; let mut x164: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x163, &mut x164, x155, 0xccd1c8aaee00bc4f); let mut x165: u64 = 0; let mut x166: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x165, &mut x166, x163, 0xffffffff00000000); let mut x167: u64 = 0; let mut x168: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x167, &mut x168, x163, 0xffffffffffffffff); let mut x169: u64 = 0; let mut x170: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x169, &mut x170, x163, 0xbce6faada7179e84); let mut x171: u64 = 0; let mut x172: u64 = 0; fiat_p256_scalar_mulx_u64(&mut x171, &mut x172, x163, 0xf3b9cac2fc632551); let mut x173: u64 = 0; let mut x174: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x173, &mut x174, 0x0, x172, x169); let mut x175: u64 = 0; let mut x176: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x170, x167); let mut x177: u64 = 0; let mut x178: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x168, x165); let mut x179: u64 = 0; let mut x180: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x179, &mut x180, 0x0, x155, x171); let mut x181: u64 = 0; let mut x182: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x181, &mut x182, x180, x157, x173); let mut x183: u64 = 0; let mut x184: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x183, &mut x184, x182, x159, x175); let mut x185: u64 = 0; let mut x186: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x185, &mut x186, x184, x161, x177); let mut x187: u64 = 0; let mut x188: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x187, &mut x188, x186, (((x162 as u64) + (x140 as u64)) + ((x154 as u64) + x142)), ((x178 as u64) + x166)); let mut x189: u64 = 0; let mut x190: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x189, &mut x190, 0x0, x181, 0xf3b9cac2fc632551); let mut x191: u64 = 0; let mut x192: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x191, &mut x192, x190, x183, 0xbce6faada7179e84); let mut x193: u64 = 0; let mut x194: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x193, &mut x194, x192, x185, 0xffffffffffffffff); let mut x195: u64 = 0; let mut x196: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x195, &mut x196, x194, x187, 0xffffffff00000000); let mut x197: u64 = 0; let mut x198: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x197, &mut x198, x196, (x188 as u64), (0x0 as u64)); let mut x199: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x199, x198, x189, x181); let mut x200: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x200, x198, x191, x183); let mut x201: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x201, x198, x193, x185); let mut x202: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x202, x198, x195, x187); out1[0] = x199; out1[1] = x200; out1[2] = x201; out1[3] = x202; } /// The function fiat_p256_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p256_scalar_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_p256_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_scalar_selectznz(out1: &mut [u64; 4], arg1: fiat_p256_scalar_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_p256_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p256_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u8 = ((x58 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x53; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; } /// The function fiat_p256_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_scalar_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 56); let x2: u64 = (((arg1[30]) as u64) << 48); let x3: u64 = (((arg1[29]) as u64) << 40); let x4: u64 = (((arg1[28]) as u64) << 32); let x5: u64 = (((arg1[27]) as u64) << 24); let x6: u64 = (((arg1[26]) as u64) << 16); let x7: u64 = (((arg1[25]) as u64) << 8); let x8: u8 = (arg1[24]); let x9: u64 = (((arg1[23]) as u64) << 56); let x10: u64 = (((arg1[22]) as u64) << 48); let x11: u64 = (((arg1[21]) as u64) << 40); let x12: u64 = (((arg1[20]) as u64) << 32); let x13: u64 = (((arg1[19]) as u64) << 24); let x14: u64 = (((arg1[18]) as u64) << 16); let x15: u64 = (((arg1[17]) as u64) << 8); let x16: u8 = (arg1[16]); let x17: u64 = (((arg1[15]) as u64) << 56); let x18: u64 = (((arg1[14]) as u64) << 48); let x19: u64 = (((arg1[13]) as u64) << 40); let x20: u64 = (((arg1[12]) as u64) << 32); let x21: u64 = (((arg1[11]) as u64) << 24); let x22: u64 = (((arg1[10]) as u64) << 16); let x23: u64 = (((arg1[9]) as u64) << 8); let x24: u8 = (arg1[8]); let x25: u64 = (((arg1[7]) as u64) << 56); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x25 + x38); let x40: u64 = (x23 + (x24 as u64)); let x41: u64 = (x22 + x40); let x42: u64 = (x21 + x41); let x43: u64 = (x20 + x42); let x44: u64 = (x19 + x43); let x45: u64 = (x18 + x44); let x46: u64 = (x17 + x45); let x47: u64 = (x15 + (x16 as u64)); let x48: u64 = (x14 + x47); let x49: u64 = (x13 + x48); let x50: u64 = (x12 + x49); let x51: u64 = (x11 + x50); let x52: u64 = (x10 + x51); let x53: u64 = (x9 + x52); let x54: u64 = (x7 + (x8 as u64)); let x55: u64 = (x6 + x54); let x56: u64 = (x5 + x55); let x57: u64 = (x4 + x56); let x58: u64 = (x3 + x57); let x59: u64 = (x2 + x58); let x60: u64 = (x1 + x59); out1[0] = x39; out1[1] = x46; out1[2] = x53; out1[3] = x60; } /// The function fiat_p256_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p256_scalar_set_one(out1: &mut fiat_p256_scalar_montgomery_domain_field_element) { out1[0] = 0xc46353d039cdaaf; out1[1] = 0x4319055258e8617b; out1[2] = (0x0 as u64); out1[3] = 0xffffffff; } /// The function fiat_p256_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_scalar_msat(out1: &mut [u64; 5]) { out1[0] = 0xf3b9cac2fc632551; out1[1] = 0xbce6faada7179e84; out1[2] = 0xffffffffffffffff; out1[3] = 0xffffffff00000000; out1[4] = (0x0 as u64); } /// The function fiat_p256_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_scalar_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p256_scalar_u1 = (((x1 >> 63) as fiat_p256_scalar_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p256_scalar_u1)); let mut x4: u64 = 0; let mut x5: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, 0xf3b9cac2fc632551); let mut x41: u64 = 0; let mut x42: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0xbce6faada7179e84); let mut x43: u64 = 0; let mut x44: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x43, &mut x44, x42, x35, 0xffffffffffffffff); let mut x45: u64 = 0; let mut x46: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0xffffffff00000000); let mut x47: u64 = 0; let mut x48: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, (x61 & 0xf3b9cac2fc632551)); let mut x64: u64 = 0; let mut x65: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x55, (x61 & 0xbce6faada7179e84)); let mut x66: u64 = 0; let mut x67: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x57, x61); let mut x68: u64 = 0; let mut x69: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x59, (x61 & 0xffffffff00000000)); let mut x70: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_p256_scalar_u1 = ((x22 & (0x1 as u64)) as fiat_p256_scalar_u1); let mut x75: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, 0xf3b9cac2fc632551); let mut x104: u64 = 0; let mut x105: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0xbce6faada7179e84); let mut x106: u64 = 0; let mut x107: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x106, &mut x107, x105, x98, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0xffffffff00000000); let mut x110: u64 = 0; let mut x111: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_p256_scalar_u1 = 0; fiat_p256_scalar_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_p256_scalar_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_p256_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p256_scalar_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0xd739262fb7fcfbb5; out1[1] = 0x8ac6f75d20074414; out1[2] = 0xc67428bfb5e3c256; out1[3] = 0x444962f2eda7aedf; } fiat-crypto-0.2.2/src/p384_32.rs000064400000000000000000014277741046102023000142530ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p384 32 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p384 //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) in //! if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p384_u1 = u8; pub type fiat_p384_i1 = i8; pub type fiat_p384_u2 = u8; pub type fiat_p384_i2 = i8; /** The type fiat_p384_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_montgomery_domain_field_element(pub [u32; 12]); impl core::ops::Index for fiat_p384_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p384_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_non_montgomery_domain_field_element(pub [u32; 12]); impl core::ops::Index for fiat_p384_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p384_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_addcarryx_u32(out1: &mut u32, out2: &mut fiat_p384_u1, arg1: fiat_p384_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_p384_u1 = ((x1 >> 32) as fiat_p384_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p384_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_subborrowx_u32(out1: &mut u32, out2: &mut fiat_p384_u1, arg1: fiat_p384_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_p384_i1 = ((x1 >> 32) as fiat_p384_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p384_i2) - (x2 as fiat_p384_i2)) as fiat_p384_u1); } /// The function fiat_p384_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_p384_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_cmovznz_u32(out1: &mut u32, arg1: fiat_p384_u1, arg2: u32, arg3: u32) { let x1: fiat_p384_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p384_i2) - (x1 as fiat_p384_i2)) as fiat_p384_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p384_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_mul(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_mulx_u32(&mut x13, &mut x14, x12, (arg2[11])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_mulx_u32(&mut x15, &mut x16, x12, (arg2[10])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_mulx_u32(&mut x17, &mut x18, x12, (arg2[9])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_mulx_u32(&mut x19, &mut x20, x12, (arg2[8])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p384_mulx_u32(&mut x21, &mut x22, x12, (arg2[7])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_mulx_u32(&mut x23, &mut x24, x12, (arg2[6])); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_mulx_u32(&mut x25, &mut x26, x12, (arg2[5])); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_mulx_u32(&mut x27, &mut x28, x12, (arg2[4])); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_mulx_u32(&mut x29, &mut x30, x12, (arg2[3])); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_mulx_u32(&mut x31, &mut x32, x12, (arg2[2])); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_mulx_u32(&mut x33, &mut x34, x12, (arg2[1])); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_mulx_u32(&mut x35, &mut x36, x12, (arg2[0])); let mut x37: u32 = 0; let mut x38: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u32 = 0; let mut x40: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x39, &mut x40, x38, x34, x31); let mut x41: u32 = 0; let mut x42: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x41, &mut x42, x40, x32, x29); let mut x43: u32 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x43, &mut x44, x42, x30, x27); let mut x45: u32 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x45, &mut x46, x44, x28, x25); let mut x47: u32 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x47, &mut x48, x46, x26, x23); let mut x49: u32 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x49, &mut x50, x48, x24, x21); let mut x51: u32 = 0; let mut x52: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x51, &mut x52, x50, x22, x19); let mut x53: u32 = 0; let mut x54: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x53, &mut x54, x52, x20, x17); let mut x55: u32 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x55, &mut x56, x54, x18, x15); let mut x57: u32 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x57, &mut x58, x56, x16, x13); let x59: u32 = ((x58 as u32) + x14); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p384_mulx_u32(&mut x60, &mut x61, x35, 0xffffffff); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p384_mulx_u32(&mut x62, &mut x63, x35, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p384_mulx_u32(&mut x64, &mut x65, x35, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p384_mulx_u32(&mut x66, &mut x67, x35, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p384_mulx_u32(&mut x68, &mut x69, x35, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p384_mulx_u32(&mut x70, &mut x71, x35, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p384_mulx_u32(&mut x72, &mut x73, x35, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p384_mulx_u32(&mut x74, &mut x75, x35, 0xfffffffe); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p384_mulx_u32(&mut x76, &mut x77, x35, 0xffffffff); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p384_mulx_u32(&mut x78, &mut x79, x35, 0xffffffff); let mut x80: u32 = 0; let mut x81: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x80, &mut x81, 0x0, x77, x74); let mut x82: u32 = 0; let mut x83: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x82, &mut x83, x81, x75, x72); let mut x84: u32 = 0; let mut x85: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x84, &mut x85, x83, x73, x70); let mut x86: u32 = 0; let mut x87: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x86, &mut x87, x85, x71, x68); let mut x88: u32 = 0; let mut x89: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x88, &mut x89, x87, x69, x66); let mut x90: u32 = 0; let mut x91: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x90, &mut x91, x89, x67, x64); let mut x92: u32 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x92, &mut x93, x91, x65, x62); let mut x94: u32 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x94, &mut x95, x93, x63, x60); let x96: u32 = ((x95 as u32) + x61); let mut x97: u32 = 0; let mut x98: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x97, &mut x98, 0x0, x35, x78); let mut x99: u32 = 0; let mut x100: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x99, &mut x100, x98, x37, x79); let mut x101: u32 = 0; let mut x102: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x101, &mut x102, x100, x39, (0x0 as u32)); let mut x103: u32 = 0; let mut x104: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x103, &mut x104, x102, x41, x76); let mut x105: u32 = 0; let mut x106: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x105, &mut x106, x104, x43, x80); let mut x107: u32 = 0; let mut x108: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x107, &mut x108, x106, x45, x82); let mut x109: u32 = 0; let mut x110: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x109, &mut x110, x108, x47, x84); let mut x111: u32 = 0; let mut x112: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x111, &mut x112, x110, x49, x86); let mut x113: u32 = 0; let mut x114: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x113, &mut x114, x112, x51, x88); let mut x115: u32 = 0; let mut x116: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x115, &mut x116, x114, x53, x90); let mut x117: u32 = 0; let mut x118: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x117, &mut x118, x116, x55, x92); let mut x119: u32 = 0; let mut x120: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x119, &mut x120, x118, x57, x94); let mut x121: u32 = 0; let mut x122: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x121, &mut x122, x120, x59, x96); let mut x123: u32 = 0; let mut x124: u32 = 0; fiat_p384_mulx_u32(&mut x123, &mut x124, x1, (arg2[11])); let mut x125: u32 = 0; let mut x126: u32 = 0; fiat_p384_mulx_u32(&mut x125, &mut x126, x1, (arg2[10])); let mut x127: u32 = 0; let mut x128: u32 = 0; fiat_p384_mulx_u32(&mut x127, &mut x128, x1, (arg2[9])); let mut x129: u32 = 0; let mut x130: u32 = 0; fiat_p384_mulx_u32(&mut x129, &mut x130, x1, (arg2[8])); let mut x131: u32 = 0; let mut x132: u32 = 0; fiat_p384_mulx_u32(&mut x131, &mut x132, x1, (arg2[7])); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p384_mulx_u32(&mut x133, &mut x134, x1, (arg2[6])); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_mulx_u32(&mut x135, &mut x136, x1, (arg2[5])); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p384_mulx_u32(&mut x137, &mut x138, x1, (arg2[4])); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p384_mulx_u32(&mut x139, &mut x140, x1, (arg2[3])); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p384_mulx_u32(&mut x141, &mut x142, x1, (arg2[2])); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p384_mulx_u32(&mut x143, &mut x144, x1, (arg2[1])); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p384_mulx_u32(&mut x145, &mut x146, x1, (arg2[0])); let mut x147: u32 = 0; let mut x148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x147, &mut x148, 0x0, x146, x143); let mut x149: u32 = 0; let mut x150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x149, &mut x150, x148, x144, x141); let mut x151: u32 = 0; let mut x152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x151, &mut x152, x150, x142, x139); let mut x153: u32 = 0; let mut x154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x153, &mut x154, x152, x140, x137); let mut x155: u32 = 0; let mut x156: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x155, &mut x156, x154, x138, x135); let mut x157: u32 = 0; let mut x158: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x157, &mut x158, x156, x136, x133); let mut x159: u32 = 0; let mut x160: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x159, &mut x160, x158, x134, x131); let mut x161: u32 = 0; let mut x162: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x161, &mut x162, x160, x132, x129); let mut x163: u32 = 0; let mut x164: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x163, &mut x164, x162, x130, x127); let mut x165: u32 = 0; let mut x166: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x165, &mut x166, x164, x128, x125); let mut x167: u32 = 0; let mut x168: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x167, &mut x168, x166, x126, x123); let x169: u32 = ((x168 as u32) + x124); let mut x170: u32 = 0; let mut x171: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x170, &mut x171, 0x0, x99, x145); let mut x172: u32 = 0; let mut x173: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x172, &mut x173, x171, x101, x147); let mut x174: u32 = 0; let mut x175: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x174, &mut x175, x173, x103, x149); let mut x176: u32 = 0; let mut x177: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x176, &mut x177, x175, x105, x151); let mut x178: u32 = 0; let mut x179: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x178, &mut x179, x177, x107, x153); let mut x180: u32 = 0; let mut x181: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x180, &mut x181, x179, x109, x155); let mut x182: u32 = 0; let mut x183: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x182, &mut x183, x181, x111, x157); let mut x184: u32 = 0; let mut x185: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x184, &mut x185, x183, x113, x159); let mut x186: u32 = 0; let mut x187: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x186, &mut x187, x185, x115, x161); let mut x188: u32 = 0; let mut x189: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x188, &mut x189, x187, x117, x163); let mut x190: u32 = 0; let mut x191: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x190, &mut x191, x189, x119, x165); let mut x192: u32 = 0; let mut x193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x192, &mut x193, x191, x121, x167); let mut x194: u32 = 0; let mut x195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x194, &mut x195, x193, (x122 as u32), x169); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_p384_mulx_u32(&mut x196, &mut x197, x170, 0xffffffff); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_p384_mulx_u32(&mut x198, &mut x199, x170, 0xffffffff); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_p384_mulx_u32(&mut x200, &mut x201, x170, 0xffffffff); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_p384_mulx_u32(&mut x202, &mut x203, x170, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_p384_mulx_u32(&mut x204, &mut x205, x170, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_p384_mulx_u32(&mut x206, &mut x207, x170, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p384_mulx_u32(&mut x208, &mut x209, x170, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p384_mulx_u32(&mut x210, &mut x211, x170, 0xfffffffe); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_p384_mulx_u32(&mut x212, &mut x213, x170, 0xffffffff); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_mulx_u32(&mut x214, &mut x215, x170, 0xffffffff); let mut x216: u32 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x216, &mut x217, 0x0, x213, x210); let mut x218: u32 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x218, &mut x219, x217, x211, x208); let mut x220: u32 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x220, &mut x221, x219, x209, x206); let mut x222: u32 = 0; let mut x223: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x222, &mut x223, x221, x207, x204); let mut x224: u32 = 0; let mut x225: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x224, &mut x225, x223, x205, x202); let mut x226: u32 = 0; let mut x227: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x226, &mut x227, x225, x203, x200); let mut x228: u32 = 0; let mut x229: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x228, &mut x229, x227, x201, x198); let mut x230: u32 = 0; let mut x231: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x230, &mut x231, x229, x199, x196); let x232: u32 = ((x231 as u32) + x197); let mut x233: u32 = 0; let mut x234: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x233, &mut x234, 0x0, x170, x214); let mut x235: u32 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x235, &mut x236, x234, x172, x215); let mut x237: u32 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x237, &mut x238, x236, x174, (0x0 as u32)); let mut x239: u32 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x239, &mut x240, x238, x176, x212); let mut x241: u32 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x241, &mut x242, x240, x178, x216); let mut x243: u32 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x243, &mut x244, x242, x180, x218); let mut x245: u32 = 0; let mut x246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x245, &mut x246, x244, x182, x220); let mut x247: u32 = 0; let mut x248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x247, &mut x248, x246, x184, x222); let mut x249: u32 = 0; let mut x250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x249, &mut x250, x248, x186, x224); let mut x251: u32 = 0; let mut x252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x251, &mut x252, x250, x188, x226); let mut x253: u32 = 0; let mut x254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x253, &mut x254, x252, x190, x228); let mut x255: u32 = 0; let mut x256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x255, &mut x256, x254, x192, x230); let mut x257: u32 = 0; let mut x258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x257, &mut x258, x256, x194, x232); let x259: u32 = ((x258 as u32) + (x195 as u32)); let mut x260: u32 = 0; let mut x261: u32 = 0; fiat_p384_mulx_u32(&mut x260, &mut x261, x2, (arg2[11])); let mut x262: u32 = 0; let mut x263: u32 = 0; fiat_p384_mulx_u32(&mut x262, &mut x263, x2, (arg2[10])); let mut x264: u32 = 0; let mut x265: u32 = 0; fiat_p384_mulx_u32(&mut x264, &mut x265, x2, (arg2[9])); let mut x266: u32 = 0; let mut x267: u32 = 0; fiat_p384_mulx_u32(&mut x266, &mut x267, x2, (arg2[8])); let mut x268: u32 = 0; let mut x269: u32 = 0; fiat_p384_mulx_u32(&mut x268, &mut x269, x2, (arg2[7])); let mut x270: u32 = 0; let mut x271: u32 = 0; fiat_p384_mulx_u32(&mut x270, &mut x271, x2, (arg2[6])); let mut x272: u32 = 0; let mut x273: u32 = 0; fiat_p384_mulx_u32(&mut x272, &mut x273, x2, (arg2[5])); let mut x274: u32 = 0; let mut x275: u32 = 0; fiat_p384_mulx_u32(&mut x274, &mut x275, x2, (arg2[4])); let mut x276: u32 = 0; let mut x277: u32 = 0; fiat_p384_mulx_u32(&mut x276, &mut x277, x2, (arg2[3])); let mut x278: u32 = 0; let mut x279: u32 = 0; fiat_p384_mulx_u32(&mut x278, &mut x279, x2, (arg2[2])); let mut x280: u32 = 0; let mut x281: u32 = 0; fiat_p384_mulx_u32(&mut x280, &mut x281, x2, (arg2[1])); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_p384_mulx_u32(&mut x282, &mut x283, x2, (arg2[0])); let mut x284: u32 = 0; let mut x285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x284, &mut x285, 0x0, x283, x280); let mut x286: u32 = 0; let mut x287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x286, &mut x287, x285, x281, x278); let mut x288: u32 = 0; let mut x289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x288, &mut x289, x287, x279, x276); let mut x290: u32 = 0; let mut x291: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x290, &mut x291, x289, x277, x274); let mut x292: u32 = 0; let mut x293: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x292, &mut x293, x291, x275, x272); let mut x294: u32 = 0; let mut x295: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x294, &mut x295, x293, x273, x270); let mut x296: u32 = 0; let mut x297: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x296, &mut x297, x295, x271, x268); let mut x298: u32 = 0; let mut x299: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x298, &mut x299, x297, x269, x266); let mut x300: u32 = 0; let mut x301: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x300, &mut x301, x299, x267, x264); let mut x302: u32 = 0; let mut x303: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x302, &mut x303, x301, x265, x262); let mut x304: u32 = 0; let mut x305: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x304, &mut x305, x303, x263, x260); let x306: u32 = ((x305 as u32) + x261); let mut x307: u32 = 0; let mut x308: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x307, &mut x308, 0x0, x235, x282); let mut x309: u32 = 0; let mut x310: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x309, &mut x310, x308, x237, x284); let mut x311: u32 = 0; let mut x312: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x311, &mut x312, x310, x239, x286); let mut x313: u32 = 0; let mut x314: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x313, &mut x314, x312, x241, x288); let mut x315: u32 = 0; let mut x316: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x315, &mut x316, x314, x243, x290); let mut x317: u32 = 0; let mut x318: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x317, &mut x318, x316, x245, x292); let mut x319: u32 = 0; let mut x320: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x319, &mut x320, x318, x247, x294); let mut x321: u32 = 0; let mut x322: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x321, &mut x322, x320, x249, x296); let mut x323: u32 = 0; let mut x324: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x323, &mut x324, x322, x251, x298); let mut x325: u32 = 0; let mut x326: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x325, &mut x326, x324, x253, x300); let mut x327: u32 = 0; let mut x328: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x327, &mut x328, x326, x255, x302); let mut x329: u32 = 0; let mut x330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x329, &mut x330, x328, x257, x304); let mut x331: u32 = 0; let mut x332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x331, &mut x332, x330, x259, x306); let mut x333: u32 = 0; let mut x334: u32 = 0; fiat_p384_mulx_u32(&mut x333, &mut x334, x307, 0xffffffff); let mut x335: u32 = 0; let mut x336: u32 = 0; fiat_p384_mulx_u32(&mut x335, &mut x336, x307, 0xffffffff); let mut x337: u32 = 0; let mut x338: u32 = 0; fiat_p384_mulx_u32(&mut x337, &mut x338, x307, 0xffffffff); let mut x339: u32 = 0; let mut x340: u32 = 0; fiat_p384_mulx_u32(&mut x339, &mut x340, x307, 0xffffffff); let mut x341: u32 = 0; let mut x342: u32 = 0; fiat_p384_mulx_u32(&mut x341, &mut x342, x307, 0xffffffff); let mut x343: u32 = 0; let mut x344: u32 = 0; fiat_p384_mulx_u32(&mut x343, &mut x344, x307, 0xffffffff); let mut x345: u32 = 0; let mut x346: u32 = 0; fiat_p384_mulx_u32(&mut x345, &mut x346, x307, 0xffffffff); let mut x347: u32 = 0; let mut x348: u32 = 0; fiat_p384_mulx_u32(&mut x347, &mut x348, x307, 0xfffffffe); let mut x349: u32 = 0; let mut x350: u32 = 0; fiat_p384_mulx_u32(&mut x349, &mut x350, x307, 0xffffffff); let mut x351: u32 = 0; let mut x352: u32 = 0; fiat_p384_mulx_u32(&mut x351, &mut x352, x307, 0xffffffff); let mut x353: u32 = 0; let mut x354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x353, &mut x354, 0x0, x350, x347); let mut x355: u32 = 0; let mut x356: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x355, &mut x356, x354, x348, x345); let mut x357: u32 = 0; let mut x358: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x357, &mut x358, x356, x346, x343); let mut x359: u32 = 0; let mut x360: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x359, &mut x360, x358, x344, x341); let mut x361: u32 = 0; let mut x362: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x361, &mut x362, x360, x342, x339); let mut x363: u32 = 0; let mut x364: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x363, &mut x364, x362, x340, x337); let mut x365: u32 = 0; let mut x366: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x365, &mut x366, x364, x338, x335); let mut x367: u32 = 0; let mut x368: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x367, &mut x368, x366, x336, x333); let x369: u32 = ((x368 as u32) + x334); let mut x370: u32 = 0; let mut x371: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x370, &mut x371, 0x0, x307, x351); let mut x372: u32 = 0; let mut x373: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x372, &mut x373, x371, x309, x352); let mut x374: u32 = 0; let mut x375: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x374, &mut x375, x373, x311, (0x0 as u32)); let mut x376: u32 = 0; let mut x377: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x376, &mut x377, x375, x313, x349); let mut x378: u32 = 0; let mut x379: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x378, &mut x379, x377, x315, x353); let mut x380: u32 = 0; let mut x381: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x380, &mut x381, x379, x317, x355); let mut x382: u32 = 0; let mut x383: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x382, &mut x383, x381, x319, x357); let mut x384: u32 = 0; let mut x385: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x384, &mut x385, x383, x321, x359); let mut x386: u32 = 0; let mut x387: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x386, &mut x387, x385, x323, x361); let mut x388: u32 = 0; let mut x389: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x388, &mut x389, x387, x325, x363); let mut x390: u32 = 0; let mut x391: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x390, &mut x391, x389, x327, x365); let mut x392: u32 = 0; let mut x393: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x392, &mut x393, x391, x329, x367); let mut x394: u32 = 0; let mut x395: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x394, &mut x395, x393, x331, x369); let x396: u32 = ((x395 as u32) + (x332 as u32)); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_p384_mulx_u32(&mut x397, &mut x398, x3, (arg2[11])); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_p384_mulx_u32(&mut x399, &mut x400, x3, (arg2[10])); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_p384_mulx_u32(&mut x401, &mut x402, x3, (arg2[9])); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_p384_mulx_u32(&mut x403, &mut x404, x3, (arg2[8])); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p384_mulx_u32(&mut x405, &mut x406, x3, (arg2[7])); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p384_mulx_u32(&mut x407, &mut x408, x3, (arg2[6])); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p384_mulx_u32(&mut x409, &mut x410, x3, (arg2[5])); let mut x411: u32 = 0; let mut x412: u32 = 0; fiat_p384_mulx_u32(&mut x411, &mut x412, x3, (arg2[4])); let mut x413: u32 = 0; let mut x414: u32 = 0; fiat_p384_mulx_u32(&mut x413, &mut x414, x3, (arg2[3])); let mut x415: u32 = 0; let mut x416: u32 = 0; fiat_p384_mulx_u32(&mut x415, &mut x416, x3, (arg2[2])); let mut x417: u32 = 0; let mut x418: u32 = 0; fiat_p384_mulx_u32(&mut x417, &mut x418, x3, (arg2[1])); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p384_mulx_u32(&mut x419, &mut x420, x3, (arg2[0])); let mut x421: u32 = 0; let mut x422: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x421, &mut x422, 0x0, x420, x417); let mut x423: u32 = 0; let mut x424: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x423, &mut x424, x422, x418, x415); let mut x425: u32 = 0; let mut x426: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x425, &mut x426, x424, x416, x413); let mut x427: u32 = 0; let mut x428: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x427, &mut x428, x426, x414, x411); let mut x429: u32 = 0; let mut x430: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x429, &mut x430, x428, x412, x409); let mut x431: u32 = 0; let mut x432: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x431, &mut x432, x430, x410, x407); let mut x433: u32 = 0; let mut x434: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x433, &mut x434, x432, x408, x405); let mut x435: u32 = 0; let mut x436: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x435, &mut x436, x434, x406, x403); let mut x437: u32 = 0; let mut x438: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x437, &mut x438, x436, x404, x401); let mut x439: u32 = 0; let mut x440: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x439, &mut x440, x438, x402, x399); let mut x441: u32 = 0; let mut x442: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x441, &mut x442, x440, x400, x397); let x443: u32 = ((x442 as u32) + x398); let mut x444: u32 = 0; let mut x445: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x444, &mut x445, 0x0, x372, x419); let mut x446: u32 = 0; let mut x447: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x446, &mut x447, x445, x374, x421); let mut x448: u32 = 0; let mut x449: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x448, &mut x449, x447, x376, x423); let mut x450: u32 = 0; let mut x451: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x450, &mut x451, x449, x378, x425); let mut x452: u32 = 0; let mut x453: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x452, &mut x453, x451, x380, x427); let mut x454: u32 = 0; let mut x455: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x454, &mut x455, x453, x382, x429); let mut x456: u32 = 0; let mut x457: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x456, &mut x457, x455, x384, x431); let mut x458: u32 = 0; let mut x459: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x458, &mut x459, x457, x386, x433); let mut x460: u32 = 0; let mut x461: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x460, &mut x461, x459, x388, x435); let mut x462: u32 = 0; let mut x463: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x462, &mut x463, x461, x390, x437); let mut x464: u32 = 0; let mut x465: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x464, &mut x465, x463, x392, x439); let mut x466: u32 = 0; let mut x467: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x466, &mut x467, x465, x394, x441); let mut x468: u32 = 0; let mut x469: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x468, &mut x469, x467, x396, x443); let mut x470: u32 = 0; let mut x471: u32 = 0; fiat_p384_mulx_u32(&mut x470, &mut x471, x444, 0xffffffff); let mut x472: u32 = 0; let mut x473: u32 = 0; fiat_p384_mulx_u32(&mut x472, &mut x473, x444, 0xffffffff); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_p384_mulx_u32(&mut x474, &mut x475, x444, 0xffffffff); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_p384_mulx_u32(&mut x476, &mut x477, x444, 0xffffffff); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_p384_mulx_u32(&mut x478, &mut x479, x444, 0xffffffff); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_p384_mulx_u32(&mut x480, &mut x481, x444, 0xffffffff); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_p384_mulx_u32(&mut x482, &mut x483, x444, 0xffffffff); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_p384_mulx_u32(&mut x484, &mut x485, x444, 0xfffffffe); let mut x486: u32 = 0; let mut x487: u32 = 0; fiat_p384_mulx_u32(&mut x486, &mut x487, x444, 0xffffffff); let mut x488: u32 = 0; let mut x489: u32 = 0; fiat_p384_mulx_u32(&mut x488, &mut x489, x444, 0xffffffff); let mut x490: u32 = 0; let mut x491: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x490, &mut x491, 0x0, x487, x484); let mut x492: u32 = 0; let mut x493: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x492, &mut x493, x491, x485, x482); let mut x494: u32 = 0; let mut x495: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x494, &mut x495, x493, x483, x480); let mut x496: u32 = 0; let mut x497: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x496, &mut x497, x495, x481, x478); let mut x498: u32 = 0; let mut x499: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x498, &mut x499, x497, x479, x476); let mut x500: u32 = 0; let mut x501: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x500, &mut x501, x499, x477, x474); let mut x502: u32 = 0; let mut x503: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x502, &mut x503, x501, x475, x472); let mut x504: u32 = 0; let mut x505: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x504, &mut x505, x503, x473, x470); let x506: u32 = ((x505 as u32) + x471); let mut x507: u32 = 0; let mut x508: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x507, &mut x508, 0x0, x444, x488); let mut x509: u32 = 0; let mut x510: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x509, &mut x510, x508, x446, x489); let mut x511: u32 = 0; let mut x512: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x511, &mut x512, x510, x448, (0x0 as u32)); let mut x513: u32 = 0; let mut x514: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x513, &mut x514, x512, x450, x486); let mut x515: u32 = 0; let mut x516: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x515, &mut x516, x514, x452, x490); let mut x517: u32 = 0; let mut x518: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x517, &mut x518, x516, x454, x492); let mut x519: u32 = 0; let mut x520: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x519, &mut x520, x518, x456, x494); let mut x521: u32 = 0; let mut x522: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x521, &mut x522, x520, x458, x496); let mut x523: u32 = 0; let mut x524: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x523, &mut x524, x522, x460, x498); let mut x525: u32 = 0; let mut x526: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x525, &mut x526, x524, x462, x500); let mut x527: u32 = 0; let mut x528: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x527, &mut x528, x526, x464, x502); let mut x529: u32 = 0; let mut x530: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x529, &mut x530, x528, x466, x504); let mut x531: u32 = 0; let mut x532: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x531, &mut x532, x530, x468, x506); let x533: u32 = ((x532 as u32) + (x469 as u32)); let mut x534: u32 = 0; let mut x535: u32 = 0; fiat_p384_mulx_u32(&mut x534, &mut x535, x4, (arg2[11])); let mut x536: u32 = 0; let mut x537: u32 = 0; fiat_p384_mulx_u32(&mut x536, &mut x537, x4, (arg2[10])); let mut x538: u32 = 0; let mut x539: u32 = 0; fiat_p384_mulx_u32(&mut x538, &mut x539, x4, (arg2[9])); let mut x540: u32 = 0; let mut x541: u32 = 0; fiat_p384_mulx_u32(&mut x540, &mut x541, x4, (arg2[8])); let mut x542: u32 = 0; let mut x543: u32 = 0; fiat_p384_mulx_u32(&mut x542, &mut x543, x4, (arg2[7])); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_p384_mulx_u32(&mut x544, &mut x545, x4, (arg2[6])); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_p384_mulx_u32(&mut x546, &mut x547, x4, (arg2[5])); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_p384_mulx_u32(&mut x548, &mut x549, x4, (arg2[4])); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_p384_mulx_u32(&mut x550, &mut x551, x4, (arg2[3])); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_p384_mulx_u32(&mut x552, &mut x553, x4, (arg2[2])); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_p384_mulx_u32(&mut x554, &mut x555, x4, (arg2[1])); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_p384_mulx_u32(&mut x556, &mut x557, x4, (arg2[0])); let mut x558: u32 = 0; let mut x559: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x558, &mut x559, 0x0, x557, x554); let mut x560: u32 = 0; let mut x561: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x560, &mut x561, x559, x555, x552); let mut x562: u32 = 0; let mut x563: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x562, &mut x563, x561, x553, x550); let mut x564: u32 = 0; let mut x565: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x564, &mut x565, x563, x551, x548); let mut x566: u32 = 0; let mut x567: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x566, &mut x567, x565, x549, x546); let mut x568: u32 = 0; let mut x569: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x568, &mut x569, x567, x547, x544); let mut x570: u32 = 0; let mut x571: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x570, &mut x571, x569, x545, x542); let mut x572: u32 = 0; let mut x573: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x572, &mut x573, x571, x543, x540); let mut x574: u32 = 0; let mut x575: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x574, &mut x575, x573, x541, x538); let mut x576: u32 = 0; let mut x577: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x576, &mut x577, x575, x539, x536); let mut x578: u32 = 0; let mut x579: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x578, &mut x579, x577, x537, x534); let x580: u32 = ((x579 as u32) + x535); let mut x581: u32 = 0; let mut x582: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x581, &mut x582, 0x0, x509, x556); let mut x583: u32 = 0; let mut x584: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x583, &mut x584, x582, x511, x558); let mut x585: u32 = 0; let mut x586: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x585, &mut x586, x584, x513, x560); let mut x587: u32 = 0; let mut x588: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x587, &mut x588, x586, x515, x562); let mut x589: u32 = 0; let mut x590: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x589, &mut x590, x588, x517, x564); let mut x591: u32 = 0; let mut x592: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x591, &mut x592, x590, x519, x566); let mut x593: u32 = 0; let mut x594: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x593, &mut x594, x592, x521, x568); let mut x595: u32 = 0; let mut x596: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x595, &mut x596, x594, x523, x570); let mut x597: u32 = 0; let mut x598: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x597, &mut x598, x596, x525, x572); let mut x599: u32 = 0; let mut x600: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x599, &mut x600, x598, x527, x574); let mut x601: u32 = 0; let mut x602: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x601, &mut x602, x600, x529, x576); let mut x603: u32 = 0; let mut x604: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x603, &mut x604, x602, x531, x578); let mut x605: u32 = 0; let mut x606: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x605, &mut x606, x604, x533, x580); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_p384_mulx_u32(&mut x607, &mut x608, x581, 0xffffffff); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_p384_mulx_u32(&mut x609, &mut x610, x581, 0xffffffff); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_p384_mulx_u32(&mut x611, &mut x612, x581, 0xffffffff); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_p384_mulx_u32(&mut x613, &mut x614, x581, 0xffffffff); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_p384_mulx_u32(&mut x615, &mut x616, x581, 0xffffffff); let mut x617: u32 = 0; let mut x618: u32 = 0; fiat_p384_mulx_u32(&mut x617, &mut x618, x581, 0xffffffff); let mut x619: u32 = 0; let mut x620: u32 = 0; fiat_p384_mulx_u32(&mut x619, &mut x620, x581, 0xffffffff); let mut x621: u32 = 0; let mut x622: u32 = 0; fiat_p384_mulx_u32(&mut x621, &mut x622, x581, 0xfffffffe); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_p384_mulx_u32(&mut x623, &mut x624, x581, 0xffffffff); let mut x625: u32 = 0; let mut x626: u32 = 0; fiat_p384_mulx_u32(&mut x625, &mut x626, x581, 0xffffffff); let mut x627: u32 = 0; let mut x628: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x627, &mut x628, 0x0, x624, x621); let mut x629: u32 = 0; let mut x630: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x629, &mut x630, x628, x622, x619); let mut x631: u32 = 0; let mut x632: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x631, &mut x632, x630, x620, x617); let mut x633: u32 = 0; let mut x634: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x633, &mut x634, x632, x618, x615); let mut x635: u32 = 0; let mut x636: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x635, &mut x636, x634, x616, x613); let mut x637: u32 = 0; let mut x638: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x637, &mut x638, x636, x614, x611); let mut x639: u32 = 0; let mut x640: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x639, &mut x640, x638, x612, x609); let mut x641: u32 = 0; let mut x642: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x641, &mut x642, x640, x610, x607); let x643: u32 = ((x642 as u32) + x608); let mut x644: u32 = 0; let mut x645: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x644, &mut x645, 0x0, x581, x625); let mut x646: u32 = 0; let mut x647: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x646, &mut x647, x645, x583, x626); let mut x648: u32 = 0; let mut x649: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x648, &mut x649, x647, x585, (0x0 as u32)); let mut x650: u32 = 0; let mut x651: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x650, &mut x651, x649, x587, x623); let mut x652: u32 = 0; let mut x653: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x652, &mut x653, x651, x589, x627); let mut x654: u32 = 0; let mut x655: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x654, &mut x655, x653, x591, x629); let mut x656: u32 = 0; let mut x657: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x656, &mut x657, x655, x593, x631); let mut x658: u32 = 0; let mut x659: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x658, &mut x659, x657, x595, x633); let mut x660: u32 = 0; let mut x661: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x660, &mut x661, x659, x597, x635); let mut x662: u32 = 0; let mut x663: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x662, &mut x663, x661, x599, x637); let mut x664: u32 = 0; let mut x665: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x664, &mut x665, x663, x601, x639); let mut x666: u32 = 0; let mut x667: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x666, &mut x667, x665, x603, x641); let mut x668: u32 = 0; let mut x669: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x668, &mut x669, x667, x605, x643); let x670: u32 = ((x669 as u32) + (x606 as u32)); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_p384_mulx_u32(&mut x671, &mut x672, x5, (arg2[11])); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_p384_mulx_u32(&mut x673, &mut x674, x5, (arg2[10])); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_p384_mulx_u32(&mut x675, &mut x676, x5, (arg2[9])); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_p384_mulx_u32(&mut x677, &mut x678, x5, (arg2[8])); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_p384_mulx_u32(&mut x679, &mut x680, x5, (arg2[7])); let mut x681: u32 = 0; let mut x682: u32 = 0; fiat_p384_mulx_u32(&mut x681, &mut x682, x5, (arg2[6])); let mut x683: u32 = 0; let mut x684: u32 = 0; fiat_p384_mulx_u32(&mut x683, &mut x684, x5, (arg2[5])); let mut x685: u32 = 0; let mut x686: u32 = 0; fiat_p384_mulx_u32(&mut x685, &mut x686, x5, (arg2[4])); let mut x687: u32 = 0; let mut x688: u32 = 0; fiat_p384_mulx_u32(&mut x687, &mut x688, x5, (arg2[3])); let mut x689: u32 = 0; let mut x690: u32 = 0; fiat_p384_mulx_u32(&mut x689, &mut x690, x5, (arg2[2])); let mut x691: u32 = 0; let mut x692: u32 = 0; fiat_p384_mulx_u32(&mut x691, &mut x692, x5, (arg2[1])); let mut x693: u32 = 0; let mut x694: u32 = 0; fiat_p384_mulx_u32(&mut x693, &mut x694, x5, (arg2[0])); let mut x695: u32 = 0; let mut x696: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x695, &mut x696, 0x0, x694, x691); let mut x697: u32 = 0; let mut x698: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x697, &mut x698, x696, x692, x689); let mut x699: u32 = 0; let mut x700: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x699, &mut x700, x698, x690, x687); let mut x701: u32 = 0; let mut x702: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x701, &mut x702, x700, x688, x685); let mut x703: u32 = 0; let mut x704: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x703, &mut x704, x702, x686, x683); let mut x705: u32 = 0; let mut x706: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x705, &mut x706, x704, x684, x681); let mut x707: u32 = 0; let mut x708: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x707, &mut x708, x706, x682, x679); let mut x709: u32 = 0; let mut x710: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x709, &mut x710, x708, x680, x677); let mut x711: u32 = 0; let mut x712: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x711, &mut x712, x710, x678, x675); let mut x713: u32 = 0; let mut x714: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x713, &mut x714, x712, x676, x673); let mut x715: u32 = 0; let mut x716: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x715, &mut x716, x714, x674, x671); let x717: u32 = ((x716 as u32) + x672); let mut x718: u32 = 0; let mut x719: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x718, &mut x719, 0x0, x646, x693); let mut x720: u32 = 0; let mut x721: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x720, &mut x721, x719, x648, x695); let mut x722: u32 = 0; let mut x723: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x722, &mut x723, x721, x650, x697); let mut x724: u32 = 0; let mut x725: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x724, &mut x725, x723, x652, x699); let mut x726: u32 = 0; let mut x727: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x726, &mut x727, x725, x654, x701); let mut x728: u32 = 0; let mut x729: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x728, &mut x729, x727, x656, x703); let mut x730: u32 = 0; let mut x731: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x730, &mut x731, x729, x658, x705); let mut x732: u32 = 0; let mut x733: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x732, &mut x733, x731, x660, x707); let mut x734: u32 = 0; let mut x735: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x734, &mut x735, x733, x662, x709); let mut x736: u32 = 0; let mut x737: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x736, &mut x737, x735, x664, x711); let mut x738: u32 = 0; let mut x739: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x738, &mut x739, x737, x666, x713); let mut x740: u32 = 0; let mut x741: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x740, &mut x741, x739, x668, x715); let mut x742: u32 = 0; let mut x743: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x742, &mut x743, x741, x670, x717); let mut x744: u32 = 0; let mut x745: u32 = 0; fiat_p384_mulx_u32(&mut x744, &mut x745, x718, 0xffffffff); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_p384_mulx_u32(&mut x746, &mut x747, x718, 0xffffffff); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_p384_mulx_u32(&mut x748, &mut x749, x718, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_p384_mulx_u32(&mut x750, &mut x751, x718, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_p384_mulx_u32(&mut x752, &mut x753, x718, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_p384_mulx_u32(&mut x754, &mut x755, x718, 0xffffffff); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_p384_mulx_u32(&mut x756, &mut x757, x718, 0xffffffff); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_p384_mulx_u32(&mut x758, &mut x759, x718, 0xfffffffe); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_p384_mulx_u32(&mut x760, &mut x761, x718, 0xffffffff); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_p384_mulx_u32(&mut x762, &mut x763, x718, 0xffffffff); let mut x764: u32 = 0; let mut x765: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x764, &mut x765, 0x0, x761, x758); let mut x766: u32 = 0; let mut x767: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x766, &mut x767, x765, x759, x756); let mut x768: u32 = 0; let mut x769: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x768, &mut x769, x767, x757, x754); let mut x770: u32 = 0; let mut x771: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x770, &mut x771, x769, x755, x752); let mut x772: u32 = 0; let mut x773: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x772, &mut x773, x771, x753, x750); let mut x774: u32 = 0; let mut x775: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x774, &mut x775, x773, x751, x748); let mut x776: u32 = 0; let mut x777: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x776, &mut x777, x775, x749, x746); let mut x778: u32 = 0; let mut x779: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x778, &mut x779, x777, x747, x744); let x780: u32 = ((x779 as u32) + x745); let mut x781: u32 = 0; let mut x782: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x781, &mut x782, 0x0, x718, x762); let mut x783: u32 = 0; let mut x784: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x783, &mut x784, x782, x720, x763); let mut x785: u32 = 0; let mut x786: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x785, &mut x786, x784, x722, (0x0 as u32)); let mut x787: u32 = 0; let mut x788: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x787, &mut x788, x786, x724, x760); let mut x789: u32 = 0; let mut x790: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x789, &mut x790, x788, x726, x764); let mut x791: u32 = 0; let mut x792: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x791, &mut x792, x790, x728, x766); let mut x793: u32 = 0; let mut x794: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x793, &mut x794, x792, x730, x768); let mut x795: u32 = 0; let mut x796: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x795, &mut x796, x794, x732, x770); let mut x797: u32 = 0; let mut x798: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x797, &mut x798, x796, x734, x772); let mut x799: u32 = 0; let mut x800: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x799, &mut x800, x798, x736, x774); let mut x801: u32 = 0; let mut x802: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x801, &mut x802, x800, x738, x776); let mut x803: u32 = 0; let mut x804: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x803, &mut x804, x802, x740, x778); let mut x805: u32 = 0; let mut x806: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x805, &mut x806, x804, x742, x780); let x807: u32 = ((x806 as u32) + (x743 as u32)); let mut x808: u32 = 0; let mut x809: u32 = 0; fiat_p384_mulx_u32(&mut x808, &mut x809, x6, (arg2[11])); let mut x810: u32 = 0; let mut x811: u32 = 0; fiat_p384_mulx_u32(&mut x810, &mut x811, x6, (arg2[10])); let mut x812: u32 = 0; let mut x813: u32 = 0; fiat_p384_mulx_u32(&mut x812, &mut x813, x6, (arg2[9])); let mut x814: u32 = 0; let mut x815: u32 = 0; fiat_p384_mulx_u32(&mut x814, &mut x815, x6, (arg2[8])); let mut x816: u32 = 0; let mut x817: u32 = 0; fiat_p384_mulx_u32(&mut x816, &mut x817, x6, (arg2[7])); let mut x818: u32 = 0; let mut x819: u32 = 0; fiat_p384_mulx_u32(&mut x818, &mut x819, x6, (arg2[6])); let mut x820: u32 = 0; let mut x821: u32 = 0; fiat_p384_mulx_u32(&mut x820, &mut x821, x6, (arg2[5])); let mut x822: u32 = 0; let mut x823: u32 = 0; fiat_p384_mulx_u32(&mut x822, &mut x823, x6, (arg2[4])); let mut x824: u32 = 0; let mut x825: u32 = 0; fiat_p384_mulx_u32(&mut x824, &mut x825, x6, (arg2[3])); let mut x826: u32 = 0; let mut x827: u32 = 0; fiat_p384_mulx_u32(&mut x826, &mut x827, x6, (arg2[2])); let mut x828: u32 = 0; let mut x829: u32 = 0; fiat_p384_mulx_u32(&mut x828, &mut x829, x6, (arg2[1])); let mut x830: u32 = 0; let mut x831: u32 = 0; fiat_p384_mulx_u32(&mut x830, &mut x831, x6, (arg2[0])); let mut x832: u32 = 0; let mut x833: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x832, &mut x833, 0x0, x831, x828); let mut x834: u32 = 0; let mut x835: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x834, &mut x835, x833, x829, x826); let mut x836: u32 = 0; let mut x837: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x836, &mut x837, x835, x827, x824); let mut x838: u32 = 0; let mut x839: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x838, &mut x839, x837, x825, x822); let mut x840: u32 = 0; let mut x841: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x840, &mut x841, x839, x823, x820); let mut x842: u32 = 0; let mut x843: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x842, &mut x843, x841, x821, x818); let mut x844: u32 = 0; let mut x845: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x844, &mut x845, x843, x819, x816); let mut x846: u32 = 0; let mut x847: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x846, &mut x847, x845, x817, x814); let mut x848: u32 = 0; let mut x849: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x848, &mut x849, x847, x815, x812); let mut x850: u32 = 0; let mut x851: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x850, &mut x851, x849, x813, x810); let mut x852: u32 = 0; let mut x853: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x852, &mut x853, x851, x811, x808); let x854: u32 = ((x853 as u32) + x809); let mut x855: u32 = 0; let mut x856: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x855, &mut x856, 0x0, x783, x830); let mut x857: u32 = 0; let mut x858: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x857, &mut x858, x856, x785, x832); let mut x859: u32 = 0; let mut x860: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x859, &mut x860, x858, x787, x834); let mut x861: u32 = 0; let mut x862: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x861, &mut x862, x860, x789, x836); let mut x863: u32 = 0; let mut x864: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x863, &mut x864, x862, x791, x838); let mut x865: u32 = 0; let mut x866: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x865, &mut x866, x864, x793, x840); let mut x867: u32 = 0; let mut x868: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x867, &mut x868, x866, x795, x842); let mut x869: u32 = 0; let mut x870: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x869, &mut x870, x868, x797, x844); let mut x871: u32 = 0; let mut x872: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x871, &mut x872, x870, x799, x846); let mut x873: u32 = 0; let mut x874: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x873, &mut x874, x872, x801, x848); let mut x875: u32 = 0; let mut x876: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x875, &mut x876, x874, x803, x850); let mut x877: u32 = 0; let mut x878: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x877, &mut x878, x876, x805, x852); let mut x879: u32 = 0; let mut x880: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x879, &mut x880, x878, x807, x854); let mut x881: u32 = 0; let mut x882: u32 = 0; fiat_p384_mulx_u32(&mut x881, &mut x882, x855, 0xffffffff); let mut x883: u32 = 0; let mut x884: u32 = 0; fiat_p384_mulx_u32(&mut x883, &mut x884, x855, 0xffffffff); let mut x885: u32 = 0; let mut x886: u32 = 0; fiat_p384_mulx_u32(&mut x885, &mut x886, x855, 0xffffffff); let mut x887: u32 = 0; let mut x888: u32 = 0; fiat_p384_mulx_u32(&mut x887, &mut x888, x855, 0xffffffff); let mut x889: u32 = 0; let mut x890: u32 = 0; fiat_p384_mulx_u32(&mut x889, &mut x890, x855, 0xffffffff); let mut x891: u32 = 0; let mut x892: u32 = 0; fiat_p384_mulx_u32(&mut x891, &mut x892, x855, 0xffffffff); let mut x893: u32 = 0; let mut x894: u32 = 0; fiat_p384_mulx_u32(&mut x893, &mut x894, x855, 0xffffffff); let mut x895: u32 = 0; let mut x896: u32 = 0; fiat_p384_mulx_u32(&mut x895, &mut x896, x855, 0xfffffffe); let mut x897: u32 = 0; let mut x898: u32 = 0; fiat_p384_mulx_u32(&mut x897, &mut x898, x855, 0xffffffff); let mut x899: u32 = 0; let mut x900: u32 = 0; fiat_p384_mulx_u32(&mut x899, &mut x900, x855, 0xffffffff); let mut x901: u32 = 0; let mut x902: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x901, &mut x902, 0x0, x898, x895); let mut x903: u32 = 0; let mut x904: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x903, &mut x904, x902, x896, x893); let mut x905: u32 = 0; let mut x906: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x905, &mut x906, x904, x894, x891); let mut x907: u32 = 0; let mut x908: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x907, &mut x908, x906, x892, x889); let mut x909: u32 = 0; let mut x910: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x909, &mut x910, x908, x890, x887); let mut x911: u32 = 0; let mut x912: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x911, &mut x912, x910, x888, x885); let mut x913: u32 = 0; let mut x914: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x913, &mut x914, x912, x886, x883); let mut x915: u32 = 0; let mut x916: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x915, &mut x916, x914, x884, x881); let x917: u32 = ((x916 as u32) + x882); let mut x918: u32 = 0; let mut x919: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x918, &mut x919, 0x0, x855, x899); let mut x920: u32 = 0; let mut x921: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x920, &mut x921, x919, x857, x900); let mut x922: u32 = 0; let mut x923: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x922, &mut x923, x921, x859, (0x0 as u32)); let mut x924: u32 = 0; let mut x925: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x924, &mut x925, x923, x861, x897); let mut x926: u32 = 0; let mut x927: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x926, &mut x927, x925, x863, x901); let mut x928: u32 = 0; let mut x929: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x928, &mut x929, x927, x865, x903); let mut x930: u32 = 0; let mut x931: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x930, &mut x931, x929, x867, x905); let mut x932: u32 = 0; let mut x933: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x932, &mut x933, x931, x869, x907); let mut x934: u32 = 0; let mut x935: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x934, &mut x935, x933, x871, x909); let mut x936: u32 = 0; let mut x937: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x936, &mut x937, x935, x873, x911); let mut x938: u32 = 0; let mut x939: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x938, &mut x939, x937, x875, x913); let mut x940: u32 = 0; let mut x941: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x940, &mut x941, x939, x877, x915); let mut x942: u32 = 0; let mut x943: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x942, &mut x943, x941, x879, x917); let x944: u32 = ((x943 as u32) + (x880 as u32)); let mut x945: u32 = 0; let mut x946: u32 = 0; fiat_p384_mulx_u32(&mut x945, &mut x946, x7, (arg2[11])); let mut x947: u32 = 0; let mut x948: u32 = 0; fiat_p384_mulx_u32(&mut x947, &mut x948, x7, (arg2[10])); let mut x949: u32 = 0; let mut x950: u32 = 0; fiat_p384_mulx_u32(&mut x949, &mut x950, x7, (arg2[9])); let mut x951: u32 = 0; let mut x952: u32 = 0; fiat_p384_mulx_u32(&mut x951, &mut x952, x7, (arg2[8])); let mut x953: u32 = 0; let mut x954: u32 = 0; fiat_p384_mulx_u32(&mut x953, &mut x954, x7, (arg2[7])); let mut x955: u32 = 0; let mut x956: u32 = 0; fiat_p384_mulx_u32(&mut x955, &mut x956, x7, (arg2[6])); let mut x957: u32 = 0; let mut x958: u32 = 0; fiat_p384_mulx_u32(&mut x957, &mut x958, x7, (arg2[5])); let mut x959: u32 = 0; let mut x960: u32 = 0; fiat_p384_mulx_u32(&mut x959, &mut x960, x7, (arg2[4])); let mut x961: u32 = 0; let mut x962: u32 = 0; fiat_p384_mulx_u32(&mut x961, &mut x962, x7, (arg2[3])); let mut x963: u32 = 0; let mut x964: u32 = 0; fiat_p384_mulx_u32(&mut x963, &mut x964, x7, (arg2[2])); let mut x965: u32 = 0; let mut x966: u32 = 0; fiat_p384_mulx_u32(&mut x965, &mut x966, x7, (arg2[1])); let mut x967: u32 = 0; let mut x968: u32 = 0; fiat_p384_mulx_u32(&mut x967, &mut x968, x7, (arg2[0])); let mut x969: u32 = 0; let mut x970: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x969, &mut x970, 0x0, x968, x965); let mut x971: u32 = 0; let mut x972: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x971, &mut x972, x970, x966, x963); let mut x973: u32 = 0; let mut x974: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x973, &mut x974, x972, x964, x961); let mut x975: u32 = 0; let mut x976: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x975, &mut x976, x974, x962, x959); let mut x977: u32 = 0; let mut x978: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x977, &mut x978, x976, x960, x957); let mut x979: u32 = 0; let mut x980: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x979, &mut x980, x978, x958, x955); let mut x981: u32 = 0; let mut x982: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x981, &mut x982, x980, x956, x953); let mut x983: u32 = 0; let mut x984: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x983, &mut x984, x982, x954, x951); let mut x985: u32 = 0; let mut x986: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x985, &mut x986, x984, x952, x949); let mut x987: u32 = 0; let mut x988: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x987, &mut x988, x986, x950, x947); let mut x989: u32 = 0; let mut x990: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x989, &mut x990, x988, x948, x945); let x991: u32 = ((x990 as u32) + x946); let mut x992: u32 = 0; let mut x993: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x992, &mut x993, 0x0, x920, x967); let mut x994: u32 = 0; let mut x995: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x994, &mut x995, x993, x922, x969); let mut x996: u32 = 0; let mut x997: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x996, &mut x997, x995, x924, x971); let mut x998: u32 = 0; let mut x999: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x998, &mut x999, x997, x926, x973); let mut x1000: u32 = 0; let mut x1001: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1000, &mut x1001, x999, x928, x975); let mut x1002: u32 = 0; let mut x1003: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1002, &mut x1003, x1001, x930, x977); let mut x1004: u32 = 0; let mut x1005: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1004, &mut x1005, x1003, x932, x979); let mut x1006: u32 = 0; let mut x1007: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1006, &mut x1007, x1005, x934, x981); let mut x1008: u32 = 0; let mut x1009: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1008, &mut x1009, x1007, x936, x983); let mut x1010: u32 = 0; let mut x1011: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1010, &mut x1011, x1009, x938, x985); let mut x1012: u32 = 0; let mut x1013: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1012, &mut x1013, x1011, x940, x987); let mut x1014: u32 = 0; let mut x1015: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1014, &mut x1015, x1013, x942, x989); let mut x1016: u32 = 0; let mut x1017: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1016, &mut x1017, x1015, x944, x991); let mut x1018: u32 = 0; let mut x1019: u32 = 0; fiat_p384_mulx_u32(&mut x1018, &mut x1019, x992, 0xffffffff); let mut x1020: u32 = 0; let mut x1021: u32 = 0; fiat_p384_mulx_u32(&mut x1020, &mut x1021, x992, 0xffffffff); let mut x1022: u32 = 0; let mut x1023: u32 = 0; fiat_p384_mulx_u32(&mut x1022, &mut x1023, x992, 0xffffffff); let mut x1024: u32 = 0; let mut x1025: u32 = 0; fiat_p384_mulx_u32(&mut x1024, &mut x1025, x992, 0xffffffff); let mut x1026: u32 = 0; let mut x1027: u32 = 0; fiat_p384_mulx_u32(&mut x1026, &mut x1027, x992, 0xffffffff); let mut x1028: u32 = 0; let mut x1029: u32 = 0; fiat_p384_mulx_u32(&mut x1028, &mut x1029, x992, 0xffffffff); let mut x1030: u32 = 0; let mut x1031: u32 = 0; fiat_p384_mulx_u32(&mut x1030, &mut x1031, x992, 0xffffffff); let mut x1032: u32 = 0; let mut x1033: u32 = 0; fiat_p384_mulx_u32(&mut x1032, &mut x1033, x992, 0xfffffffe); let mut x1034: u32 = 0; let mut x1035: u32 = 0; fiat_p384_mulx_u32(&mut x1034, &mut x1035, x992, 0xffffffff); let mut x1036: u32 = 0; let mut x1037: u32 = 0; fiat_p384_mulx_u32(&mut x1036, &mut x1037, x992, 0xffffffff); let mut x1038: u32 = 0; let mut x1039: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1038, &mut x1039, 0x0, x1035, x1032); let mut x1040: u32 = 0; let mut x1041: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1040, &mut x1041, x1039, x1033, x1030); let mut x1042: u32 = 0; let mut x1043: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1042, &mut x1043, x1041, x1031, x1028); let mut x1044: u32 = 0; let mut x1045: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1044, &mut x1045, x1043, x1029, x1026); let mut x1046: u32 = 0; let mut x1047: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1046, &mut x1047, x1045, x1027, x1024); let mut x1048: u32 = 0; let mut x1049: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1048, &mut x1049, x1047, x1025, x1022); let mut x1050: u32 = 0; let mut x1051: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1050, &mut x1051, x1049, x1023, x1020); let mut x1052: u32 = 0; let mut x1053: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1052, &mut x1053, x1051, x1021, x1018); let x1054: u32 = ((x1053 as u32) + x1019); let mut x1055: u32 = 0; let mut x1056: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1055, &mut x1056, 0x0, x992, x1036); let mut x1057: u32 = 0; let mut x1058: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1057, &mut x1058, x1056, x994, x1037); let mut x1059: u32 = 0; let mut x1060: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1059, &mut x1060, x1058, x996, (0x0 as u32)); let mut x1061: u32 = 0; let mut x1062: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1061, &mut x1062, x1060, x998, x1034); let mut x1063: u32 = 0; let mut x1064: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1063, &mut x1064, x1062, x1000, x1038); let mut x1065: u32 = 0; let mut x1066: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1065, &mut x1066, x1064, x1002, x1040); let mut x1067: u32 = 0; let mut x1068: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1067, &mut x1068, x1066, x1004, x1042); let mut x1069: u32 = 0; let mut x1070: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1069, &mut x1070, x1068, x1006, x1044); let mut x1071: u32 = 0; let mut x1072: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1071, &mut x1072, x1070, x1008, x1046); let mut x1073: u32 = 0; let mut x1074: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1073, &mut x1074, x1072, x1010, x1048); let mut x1075: u32 = 0; let mut x1076: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1075, &mut x1076, x1074, x1012, x1050); let mut x1077: u32 = 0; let mut x1078: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1077, &mut x1078, x1076, x1014, x1052); let mut x1079: u32 = 0; let mut x1080: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1079, &mut x1080, x1078, x1016, x1054); let x1081: u32 = ((x1080 as u32) + (x1017 as u32)); let mut x1082: u32 = 0; let mut x1083: u32 = 0; fiat_p384_mulx_u32(&mut x1082, &mut x1083, x8, (arg2[11])); let mut x1084: u32 = 0; let mut x1085: u32 = 0; fiat_p384_mulx_u32(&mut x1084, &mut x1085, x8, (arg2[10])); let mut x1086: u32 = 0; let mut x1087: u32 = 0; fiat_p384_mulx_u32(&mut x1086, &mut x1087, x8, (arg2[9])); let mut x1088: u32 = 0; let mut x1089: u32 = 0; fiat_p384_mulx_u32(&mut x1088, &mut x1089, x8, (arg2[8])); let mut x1090: u32 = 0; let mut x1091: u32 = 0; fiat_p384_mulx_u32(&mut x1090, &mut x1091, x8, (arg2[7])); let mut x1092: u32 = 0; let mut x1093: u32 = 0; fiat_p384_mulx_u32(&mut x1092, &mut x1093, x8, (arg2[6])); let mut x1094: u32 = 0; let mut x1095: u32 = 0; fiat_p384_mulx_u32(&mut x1094, &mut x1095, x8, (arg2[5])); let mut x1096: u32 = 0; let mut x1097: u32 = 0; fiat_p384_mulx_u32(&mut x1096, &mut x1097, x8, (arg2[4])); let mut x1098: u32 = 0; let mut x1099: u32 = 0; fiat_p384_mulx_u32(&mut x1098, &mut x1099, x8, (arg2[3])); let mut x1100: u32 = 0; let mut x1101: u32 = 0; fiat_p384_mulx_u32(&mut x1100, &mut x1101, x8, (arg2[2])); let mut x1102: u32 = 0; let mut x1103: u32 = 0; fiat_p384_mulx_u32(&mut x1102, &mut x1103, x8, (arg2[1])); let mut x1104: u32 = 0; let mut x1105: u32 = 0; fiat_p384_mulx_u32(&mut x1104, &mut x1105, x8, (arg2[0])); let mut x1106: u32 = 0; let mut x1107: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1106, &mut x1107, 0x0, x1105, x1102); let mut x1108: u32 = 0; let mut x1109: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1108, &mut x1109, x1107, x1103, x1100); let mut x1110: u32 = 0; let mut x1111: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1110, &mut x1111, x1109, x1101, x1098); let mut x1112: u32 = 0; let mut x1113: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1112, &mut x1113, x1111, x1099, x1096); let mut x1114: u32 = 0; let mut x1115: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1114, &mut x1115, x1113, x1097, x1094); let mut x1116: u32 = 0; let mut x1117: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1116, &mut x1117, x1115, x1095, x1092); let mut x1118: u32 = 0; let mut x1119: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1118, &mut x1119, x1117, x1093, x1090); let mut x1120: u32 = 0; let mut x1121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1120, &mut x1121, x1119, x1091, x1088); let mut x1122: u32 = 0; let mut x1123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1122, &mut x1123, x1121, x1089, x1086); let mut x1124: u32 = 0; let mut x1125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1124, &mut x1125, x1123, x1087, x1084); let mut x1126: u32 = 0; let mut x1127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1126, &mut x1127, x1125, x1085, x1082); let x1128: u32 = ((x1127 as u32) + x1083); let mut x1129: u32 = 0; let mut x1130: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1129, &mut x1130, 0x0, x1057, x1104); let mut x1131: u32 = 0; let mut x1132: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1131, &mut x1132, x1130, x1059, x1106); let mut x1133: u32 = 0; let mut x1134: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1133, &mut x1134, x1132, x1061, x1108); let mut x1135: u32 = 0; let mut x1136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1135, &mut x1136, x1134, x1063, x1110); let mut x1137: u32 = 0; let mut x1138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1137, &mut x1138, x1136, x1065, x1112); let mut x1139: u32 = 0; let mut x1140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1139, &mut x1140, x1138, x1067, x1114); let mut x1141: u32 = 0; let mut x1142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1141, &mut x1142, x1140, x1069, x1116); let mut x1143: u32 = 0; let mut x1144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1143, &mut x1144, x1142, x1071, x1118); let mut x1145: u32 = 0; let mut x1146: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1145, &mut x1146, x1144, x1073, x1120); let mut x1147: u32 = 0; let mut x1148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1147, &mut x1148, x1146, x1075, x1122); let mut x1149: u32 = 0; let mut x1150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1149, &mut x1150, x1148, x1077, x1124); let mut x1151: u32 = 0; let mut x1152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1151, &mut x1152, x1150, x1079, x1126); let mut x1153: u32 = 0; let mut x1154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1153, &mut x1154, x1152, x1081, x1128); let mut x1155: u32 = 0; let mut x1156: u32 = 0; fiat_p384_mulx_u32(&mut x1155, &mut x1156, x1129, 0xffffffff); let mut x1157: u32 = 0; let mut x1158: u32 = 0; fiat_p384_mulx_u32(&mut x1157, &mut x1158, x1129, 0xffffffff); let mut x1159: u32 = 0; let mut x1160: u32 = 0; fiat_p384_mulx_u32(&mut x1159, &mut x1160, x1129, 0xffffffff); let mut x1161: u32 = 0; let mut x1162: u32 = 0; fiat_p384_mulx_u32(&mut x1161, &mut x1162, x1129, 0xffffffff); let mut x1163: u32 = 0; let mut x1164: u32 = 0; fiat_p384_mulx_u32(&mut x1163, &mut x1164, x1129, 0xffffffff); let mut x1165: u32 = 0; let mut x1166: u32 = 0; fiat_p384_mulx_u32(&mut x1165, &mut x1166, x1129, 0xffffffff); let mut x1167: u32 = 0; let mut x1168: u32 = 0; fiat_p384_mulx_u32(&mut x1167, &mut x1168, x1129, 0xffffffff); let mut x1169: u32 = 0; let mut x1170: u32 = 0; fiat_p384_mulx_u32(&mut x1169, &mut x1170, x1129, 0xfffffffe); let mut x1171: u32 = 0; let mut x1172: u32 = 0; fiat_p384_mulx_u32(&mut x1171, &mut x1172, x1129, 0xffffffff); let mut x1173: u32 = 0; let mut x1174: u32 = 0; fiat_p384_mulx_u32(&mut x1173, &mut x1174, x1129, 0xffffffff); let mut x1175: u32 = 0; let mut x1176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1175, &mut x1176, 0x0, x1172, x1169); let mut x1177: u32 = 0; let mut x1178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1177, &mut x1178, x1176, x1170, x1167); let mut x1179: u32 = 0; let mut x1180: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1179, &mut x1180, x1178, x1168, x1165); let mut x1181: u32 = 0; let mut x1182: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1181, &mut x1182, x1180, x1166, x1163); let mut x1183: u32 = 0; let mut x1184: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1183, &mut x1184, x1182, x1164, x1161); let mut x1185: u32 = 0; let mut x1186: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1185, &mut x1186, x1184, x1162, x1159); let mut x1187: u32 = 0; let mut x1188: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1187, &mut x1188, x1186, x1160, x1157); let mut x1189: u32 = 0; let mut x1190: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1189, &mut x1190, x1188, x1158, x1155); let x1191: u32 = ((x1190 as u32) + x1156); let mut x1192: u32 = 0; let mut x1193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1192, &mut x1193, 0x0, x1129, x1173); let mut x1194: u32 = 0; let mut x1195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1194, &mut x1195, x1193, x1131, x1174); let mut x1196: u32 = 0; let mut x1197: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1196, &mut x1197, x1195, x1133, (0x0 as u32)); let mut x1198: u32 = 0; let mut x1199: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1198, &mut x1199, x1197, x1135, x1171); let mut x1200: u32 = 0; let mut x1201: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1200, &mut x1201, x1199, x1137, x1175); let mut x1202: u32 = 0; let mut x1203: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1202, &mut x1203, x1201, x1139, x1177); let mut x1204: u32 = 0; let mut x1205: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1204, &mut x1205, x1203, x1141, x1179); let mut x1206: u32 = 0; let mut x1207: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1206, &mut x1207, x1205, x1143, x1181); let mut x1208: u32 = 0; let mut x1209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1208, &mut x1209, x1207, x1145, x1183); let mut x1210: u32 = 0; let mut x1211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1210, &mut x1211, x1209, x1147, x1185); let mut x1212: u32 = 0; let mut x1213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1212, &mut x1213, x1211, x1149, x1187); let mut x1214: u32 = 0; let mut x1215: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1214, &mut x1215, x1213, x1151, x1189); let mut x1216: u32 = 0; let mut x1217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1216, &mut x1217, x1215, x1153, x1191); let x1218: u32 = ((x1217 as u32) + (x1154 as u32)); let mut x1219: u32 = 0; let mut x1220: u32 = 0; fiat_p384_mulx_u32(&mut x1219, &mut x1220, x9, (arg2[11])); let mut x1221: u32 = 0; let mut x1222: u32 = 0; fiat_p384_mulx_u32(&mut x1221, &mut x1222, x9, (arg2[10])); let mut x1223: u32 = 0; let mut x1224: u32 = 0; fiat_p384_mulx_u32(&mut x1223, &mut x1224, x9, (arg2[9])); let mut x1225: u32 = 0; let mut x1226: u32 = 0; fiat_p384_mulx_u32(&mut x1225, &mut x1226, x9, (arg2[8])); let mut x1227: u32 = 0; let mut x1228: u32 = 0; fiat_p384_mulx_u32(&mut x1227, &mut x1228, x9, (arg2[7])); let mut x1229: u32 = 0; let mut x1230: u32 = 0; fiat_p384_mulx_u32(&mut x1229, &mut x1230, x9, (arg2[6])); let mut x1231: u32 = 0; let mut x1232: u32 = 0; fiat_p384_mulx_u32(&mut x1231, &mut x1232, x9, (arg2[5])); let mut x1233: u32 = 0; let mut x1234: u32 = 0; fiat_p384_mulx_u32(&mut x1233, &mut x1234, x9, (arg2[4])); let mut x1235: u32 = 0; let mut x1236: u32 = 0; fiat_p384_mulx_u32(&mut x1235, &mut x1236, x9, (arg2[3])); let mut x1237: u32 = 0; let mut x1238: u32 = 0; fiat_p384_mulx_u32(&mut x1237, &mut x1238, x9, (arg2[2])); let mut x1239: u32 = 0; let mut x1240: u32 = 0; fiat_p384_mulx_u32(&mut x1239, &mut x1240, x9, (arg2[1])); let mut x1241: u32 = 0; let mut x1242: u32 = 0; fiat_p384_mulx_u32(&mut x1241, &mut x1242, x9, (arg2[0])); let mut x1243: u32 = 0; let mut x1244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1243, &mut x1244, 0x0, x1242, x1239); let mut x1245: u32 = 0; let mut x1246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1245, &mut x1246, x1244, x1240, x1237); let mut x1247: u32 = 0; let mut x1248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1247, &mut x1248, x1246, x1238, x1235); let mut x1249: u32 = 0; let mut x1250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1249, &mut x1250, x1248, x1236, x1233); let mut x1251: u32 = 0; let mut x1252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1251, &mut x1252, x1250, x1234, x1231); let mut x1253: u32 = 0; let mut x1254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1253, &mut x1254, x1252, x1232, x1229); let mut x1255: u32 = 0; let mut x1256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1255, &mut x1256, x1254, x1230, x1227); let mut x1257: u32 = 0; let mut x1258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1257, &mut x1258, x1256, x1228, x1225); let mut x1259: u32 = 0; let mut x1260: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1259, &mut x1260, x1258, x1226, x1223); let mut x1261: u32 = 0; let mut x1262: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1261, &mut x1262, x1260, x1224, x1221); let mut x1263: u32 = 0; let mut x1264: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1263, &mut x1264, x1262, x1222, x1219); let x1265: u32 = ((x1264 as u32) + x1220); let mut x1266: u32 = 0; let mut x1267: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1266, &mut x1267, 0x0, x1194, x1241); let mut x1268: u32 = 0; let mut x1269: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1268, &mut x1269, x1267, x1196, x1243); let mut x1270: u32 = 0; let mut x1271: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1270, &mut x1271, x1269, x1198, x1245); let mut x1272: u32 = 0; let mut x1273: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1272, &mut x1273, x1271, x1200, x1247); let mut x1274: u32 = 0; let mut x1275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1274, &mut x1275, x1273, x1202, x1249); let mut x1276: u32 = 0; let mut x1277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1276, &mut x1277, x1275, x1204, x1251); let mut x1278: u32 = 0; let mut x1279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1278, &mut x1279, x1277, x1206, x1253); let mut x1280: u32 = 0; let mut x1281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1280, &mut x1281, x1279, x1208, x1255); let mut x1282: u32 = 0; let mut x1283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1282, &mut x1283, x1281, x1210, x1257); let mut x1284: u32 = 0; let mut x1285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1284, &mut x1285, x1283, x1212, x1259); let mut x1286: u32 = 0; let mut x1287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1286, &mut x1287, x1285, x1214, x1261); let mut x1288: u32 = 0; let mut x1289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1288, &mut x1289, x1287, x1216, x1263); let mut x1290: u32 = 0; let mut x1291: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1290, &mut x1291, x1289, x1218, x1265); let mut x1292: u32 = 0; let mut x1293: u32 = 0; fiat_p384_mulx_u32(&mut x1292, &mut x1293, x1266, 0xffffffff); let mut x1294: u32 = 0; let mut x1295: u32 = 0; fiat_p384_mulx_u32(&mut x1294, &mut x1295, x1266, 0xffffffff); let mut x1296: u32 = 0; let mut x1297: u32 = 0; fiat_p384_mulx_u32(&mut x1296, &mut x1297, x1266, 0xffffffff); let mut x1298: u32 = 0; let mut x1299: u32 = 0; fiat_p384_mulx_u32(&mut x1298, &mut x1299, x1266, 0xffffffff); let mut x1300: u32 = 0; let mut x1301: u32 = 0; fiat_p384_mulx_u32(&mut x1300, &mut x1301, x1266, 0xffffffff); let mut x1302: u32 = 0; let mut x1303: u32 = 0; fiat_p384_mulx_u32(&mut x1302, &mut x1303, x1266, 0xffffffff); let mut x1304: u32 = 0; let mut x1305: u32 = 0; fiat_p384_mulx_u32(&mut x1304, &mut x1305, x1266, 0xffffffff); let mut x1306: u32 = 0; let mut x1307: u32 = 0; fiat_p384_mulx_u32(&mut x1306, &mut x1307, x1266, 0xfffffffe); let mut x1308: u32 = 0; let mut x1309: u32 = 0; fiat_p384_mulx_u32(&mut x1308, &mut x1309, x1266, 0xffffffff); let mut x1310: u32 = 0; let mut x1311: u32 = 0; fiat_p384_mulx_u32(&mut x1310, &mut x1311, x1266, 0xffffffff); let mut x1312: u32 = 0; let mut x1313: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1312, &mut x1313, 0x0, x1309, x1306); let mut x1314: u32 = 0; let mut x1315: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1314, &mut x1315, x1313, x1307, x1304); let mut x1316: u32 = 0; let mut x1317: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1316, &mut x1317, x1315, x1305, x1302); let mut x1318: u32 = 0; let mut x1319: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1318, &mut x1319, x1317, x1303, x1300); let mut x1320: u32 = 0; let mut x1321: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1320, &mut x1321, x1319, x1301, x1298); let mut x1322: u32 = 0; let mut x1323: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1322, &mut x1323, x1321, x1299, x1296); let mut x1324: u32 = 0; let mut x1325: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1324, &mut x1325, x1323, x1297, x1294); let mut x1326: u32 = 0; let mut x1327: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1326, &mut x1327, x1325, x1295, x1292); let x1328: u32 = ((x1327 as u32) + x1293); let mut x1329: u32 = 0; let mut x1330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1329, &mut x1330, 0x0, x1266, x1310); let mut x1331: u32 = 0; let mut x1332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1331, &mut x1332, x1330, x1268, x1311); let mut x1333: u32 = 0; let mut x1334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1333, &mut x1334, x1332, x1270, (0x0 as u32)); let mut x1335: u32 = 0; let mut x1336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1335, &mut x1336, x1334, x1272, x1308); let mut x1337: u32 = 0; let mut x1338: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1337, &mut x1338, x1336, x1274, x1312); let mut x1339: u32 = 0; let mut x1340: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1339, &mut x1340, x1338, x1276, x1314); let mut x1341: u32 = 0; let mut x1342: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1341, &mut x1342, x1340, x1278, x1316); let mut x1343: u32 = 0; let mut x1344: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1343, &mut x1344, x1342, x1280, x1318); let mut x1345: u32 = 0; let mut x1346: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1345, &mut x1346, x1344, x1282, x1320); let mut x1347: u32 = 0; let mut x1348: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1347, &mut x1348, x1346, x1284, x1322); let mut x1349: u32 = 0; let mut x1350: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1349, &mut x1350, x1348, x1286, x1324); let mut x1351: u32 = 0; let mut x1352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1351, &mut x1352, x1350, x1288, x1326); let mut x1353: u32 = 0; let mut x1354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1353, &mut x1354, x1352, x1290, x1328); let x1355: u32 = ((x1354 as u32) + (x1291 as u32)); let mut x1356: u32 = 0; let mut x1357: u32 = 0; fiat_p384_mulx_u32(&mut x1356, &mut x1357, x10, (arg2[11])); let mut x1358: u32 = 0; let mut x1359: u32 = 0; fiat_p384_mulx_u32(&mut x1358, &mut x1359, x10, (arg2[10])); let mut x1360: u32 = 0; let mut x1361: u32 = 0; fiat_p384_mulx_u32(&mut x1360, &mut x1361, x10, (arg2[9])); let mut x1362: u32 = 0; let mut x1363: u32 = 0; fiat_p384_mulx_u32(&mut x1362, &mut x1363, x10, (arg2[8])); let mut x1364: u32 = 0; let mut x1365: u32 = 0; fiat_p384_mulx_u32(&mut x1364, &mut x1365, x10, (arg2[7])); let mut x1366: u32 = 0; let mut x1367: u32 = 0; fiat_p384_mulx_u32(&mut x1366, &mut x1367, x10, (arg2[6])); let mut x1368: u32 = 0; let mut x1369: u32 = 0; fiat_p384_mulx_u32(&mut x1368, &mut x1369, x10, (arg2[5])); let mut x1370: u32 = 0; let mut x1371: u32 = 0; fiat_p384_mulx_u32(&mut x1370, &mut x1371, x10, (arg2[4])); let mut x1372: u32 = 0; let mut x1373: u32 = 0; fiat_p384_mulx_u32(&mut x1372, &mut x1373, x10, (arg2[3])); let mut x1374: u32 = 0; let mut x1375: u32 = 0; fiat_p384_mulx_u32(&mut x1374, &mut x1375, x10, (arg2[2])); let mut x1376: u32 = 0; let mut x1377: u32 = 0; fiat_p384_mulx_u32(&mut x1376, &mut x1377, x10, (arg2[1])); let mut x1378: u32 = 0; let mut x1379: u32 = 0; fiat_p384_mulx_u32(&mut x1378, &mut x1379, x10, (arg2[0])); let mut x1380: u32 = 0; let mut x1381: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1380, &mut x1381, 0x0, x1379, x1376); let mut x1382: u32 = 0; let mut x1383: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1382, &mut x1383, x1381, x1377, x1374); let mut x1384: u32 = 0; let mut x1385: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1384, &mut x1385, x1383, x1375, x1372); let mut x1386: u32 = 0; let mut x1387: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1386, &mut x1387, x1385, x1373, x1370); let mut x1388: u32 = 0; let mut x1389: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1388, &mut x1389, x1387, x1371, x1368); let mut x1390: u32 = 0; let mut x1391: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1390, &mut x1391, x1389, x1369, x1366); let mut x1392: u32 = 0; let mut x1393: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1392, &mut x1393, x1391, x1367, x1364); let mut x1394: u32 = 0; let mut x1395: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1394, &mut x1395, x1393, x1365, x1362); let mut x1396: u32 = 0; let mut x1397: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1396, &mut x1397, x1395, x1363, x1360); let mut x1398: u32 = 0; let mut x1399: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1398, &mut x1399, x1397, x1361, x1358); let mut x1400: u32 = 0; let mut x1401: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1400, &mut x1401, x1399, x1359, x1356); let x1402: u32 = ((x1401 as u32) + x1357); let mut x1403: u32 = 0; let mut x1404: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1403, &mut x1404, 0x0, x1331, x1378); let mut x1405: u32 = 0; let mut x1406: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1405, &mut x1406, x1404, x1333, x1380); let mut x1407: u32 = 0; let mut x1408: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1407, &mut x1408, x1406, x1335, x1382); let mut x1409: u32 = 0; let mut x1410: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1409, &mut x1410, x1408, x1337, x1384); let mut x1411: u32 = 0; let mut x1412: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1411, &mut x1412, x1410, x1339, x1386); let mut x1413: u32 = 0; let mut x1414: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1413, &mut x1414, x1412, x1341, x1388); let mut x1415: u32 = 0; let mut x1416: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1415, &mut x1416, x1414, x1343, x1390); let mut x1417: u32 = 0; let mut x1418: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1417, &mut x1418, x1416, x1345, x1392); let mut x1419: u32 = 0; let mut x1420: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1419, &mut x1420, x1418, x1347, x1394); let mut x1421: u32 = 0; let mut x1422: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1421, &mut x1422, x1420, x1349, x1396); let mut x1423: u32 = 0; let mut x1424: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1423, &mut x1424, x1422, x1351, x1398); let mut x1425: u32 = 0; let mut x1426: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1425, &mut x1426, x1424, x1353, x1400); let mut x1427: u32 = 0; let mut x1428: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1427, &mut x1428, x1426, x1355, x1402); let mut x1429: u32 = 0; let mut x1430: u32 = 0; fiat_p384_mulx_u32(&mut x1429, &mut x1430, x1403, 0xffffffff); let mut x1431: u32 = 0; let mut x1432: u32 = 0; fiat_p384_mulx_u32(&mut x1431, &mut x1432, x1403, 0xffffffff); let mut x1433: u32 = 0; let mut x1434: u32 = 0; fiat_p384_mulx_u32(&mut x1433, &mut x1434, x1403, 0xffffffff); let mut x1435: u32 = 0; let mut x1436: u32 = 0; fiat_p384_mulx_u32(&mut x1435, &mut x1436, x1403, 0xffffffff); let mut x1437: u32 = 0; let mut x1438: u32 = 0; fiat_p384_mulx_u32(&mut x1437, &mut x1438, x1403, 0xffffffff); let mut x1439: u32 = 0; let mut x1440: u32 = 0; fiat_p384_mulx_u32(&mut x1439, &mut x1440, x1403, 0xffffffff); let mut x1441: u32 = 0; let mut x1442: u32 = 0; fiat_p384_mulx_u32(&mut x1441, &mut x1442, x1403, 0xffffffff); let mut x1443: u32 = 0; let mut x1444: u32 = 0; fiat_p384_mulx_u32(&mut x1443, &mut x1444, x1403, 0xfffffffe); let mut x1445: u32 = 0; let mut x1446: u32 = 0; fiat_p384_mulx_u32(&mut x1445, &mut x1446, x1403, 0xffffffff); let mut x1447: u32 = 0; let mut x1448: u32 = 0; fiat_p384_mulx_u32(&mut x1447, &mut x1448, x1403, 0xffffffff); let mut x1449: u32 = 0; let mut x1450: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1449, &mut x1450, 0x0, x1446, x1443); let mut x1451: u32 = 0; let mut x1452: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1451, &mut x1452, x1450, x1444, x1441); let mut x1453: u32 = 0; let mut x1454: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1453, &mut x1454, x1452, x1442, x1439); let mut x1455: u32 = 0; let mut x1456: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1455, &mut x1456, x1454, x1440, x1437); let mut x1457: u32 = 0; let mut x1458: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1457, &mut x1458, x1456, x1438, x1435); let mut x1459: u32 = 0; let mut x1460: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1459, &mut x1460, x1458, x1436, x1433); let mut x1461: u32 = 0; let mut x1462: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1461, &mut x1462, x1460, x1434, x1431); let mut x1463: u32 = 0; let mut x1464: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1463, &mut x1464, x1462, x1432, x1429); let x1465: u32 = ((x1464 as u32) + x1430); let mut x1466: u32 = 0; let mut x1467: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1466, &mut x1467, 0x0, x1403, x1447); let mut x1468: u32 = 0; let mut x1469: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1468, &mut x1469, x1467, x1405, x1448); let mut x1470: u32 = 0; let mut x1471: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1470, &mut x1471, x1469, x1407, (0x0 as u32)); let mut x1472: u32 = 0; let mut x1473: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1472, &mut x1473, x1471, x1409, x1445); let mut x1474: u32 = 0; let mut x1475: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1474, &mut x1475, x1473, x1411, x1449); let mut x1476: u32 = 0; let mut x1477: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1476, &mut x1477, x1475, x1413, x1451); let mut x1478: u32 = 0; let mut x1479: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1478, &mut x1479, x1477, x1415, x1453); let mut x1480: u32 = 0; let mut x1481: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1480, &mut x1481, x1479, x1417, x1455); let mut x1482: u32 = 0; let mut x1483: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1482, &mut x1483, x1481, x1419, x1457); let mut x1484: u32 = 0; let mut x1485: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1484, &mut x1485, x1483, x1421, x1459); let mut x1486: u32 = 0; let mut x1487: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1486, &mut x1487, x1485, x1423, x1461); let mut x1488: u32 = 0; let mut x1489: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1488, &mut x1489, x1487, x1425, x1463); let mut x1490: u32 = 0; let mut x1491: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1490, &mut x1491, x1489, x1427, x1465); let x1492: u32 = ((x1491 as u32) + (x1428 as u32)); let mut x1493: u32 = 0; let mut x1494: u32 = 0; fiat_p384_mulx_u32(&mut x1493, &mut x1494, x11, (arg2[11])); let mut x1495: u32 = 0; let mut x1496: u32 = 0; fiat_p384_mulx_u32(&mut x1495, &mut x1496, x11, (arg2[10])); let mut x1497: u32 = 0; let mut x1498: u32 = 0; fiat_p384_mulx_u32(&mut x1497, &mut x1498, x11, (arg2[9])); let mut x1499: u32 = 0; let mut x1500: u32 = 0; fiat_p384_mulx_u32(&mut x1499, &mut x1500, x11, (arg2[8])); let mut x1501: u32 = 0; let mut x1502: u32 = 0; fiat_p384_mulx_u32(&mut x1501, &mut x1502, x11, (arg2[7])); let mut x1503: u32 = 0; let mut x1504: u32 = 0; fiat_p384_mulx_u32(&mut x1503, &mut x1504, x11, (arg2[6])); let mut x1505: u32 = 0; let mut x1506: u32 = 0; fiat_p384_mulx_u32(&mut x1505, &mut x1506, x11, (arg2[5])); let mut x1507: u32 = 0; let mut x1508: u32 = 0; fiat_p384_mulx_u32(&mut x1507, &mut x1508, x11, (arg2[4])); let mut x1509: u32 = 0; let mut x1510: u32 = 0; fiat_p384_mulx_u32(&mut x1509, &mut x1510, x11, (arg2[3])); let mut x1511: u32 = 0; let mut x1512: u32 = 0; fiat_p384_mulx_u32(&mut x1511, &mut x1512, x11, (arg2[2])); let mut x1513: u32 = 0; let mut x1514: u32 = 0; fiat_p384_mulx_u32(&mut x1513, &mut x1514, x11, (arg2[1])); let mut x1515: u32 = 0; let mut x1516: u32 = 0; fiat_p384_mulx_u32(&mut x1515, &mut x1516, x11, (arg2[0])); let mut x1517: u32 = 0; let mut x1518: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1517, &mut x1518, 0x0, x1516, x1513); let mut x1519: u32 = 0; let mut x1520: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1519, &mut x1520, x1518, x1514, x1511); let mut x1521: u32 = 0; let mut x1522: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1521, &mut x1522, x1520, x1512, x1509); let mut x1523: u32 = 0; let mut x1524: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1523, &mut x1524, x1522, x1510, x1507); let mut x1525: u32 = 0; let mut x1526: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1525, &mut x1526, x1524, x1508, x1505); let mut x1527: u32 = 0; let mut x1528: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1527, &mut x1528, x1526, x1506, x1503); let mut x1529: u32 = 0; let mut x1530: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1529, &mut x1530, x1528, x1504, x1501); let mut x1531: u32 = 0; let mut x1532: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1531, &mut x1532, x1530, x1502, x1499); let mut x1533: u32 = 0; let mut x1534: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1533, &mut x1534, x1532, x1500, x1497); let mut x1535: u32 = 0; let mut x1536: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1535, &mut x1536, x1534, x1498, x1495); let mut x1537: u32 = 0; let mut x1538: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1537, &mut x1538, x1536, x1496, x1493); let x1539: u32 = ((x1538 as u32) + x1494); let mut x1540: u32 = 0; let mut x1541: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1540, &mut x1541, 0x0, x1468, x1515); let mut x1542: u32 = 0; let mut x1543: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1542, &mut x1543, x1541, x1470, x1517); let mut x1544: u32 = 0; let mut x1545: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1544, &mut x1545, x1543, x1472, x1519); let mut x1546: u32 = 0; let mut x1547: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1546, &mut x1547, x1545, x1474, x1521); let mut x1548: u32 = 0; let mut x1549: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1548, &mut x1549, x1547, x1476, x1523); let mut x1550: u32 = 0; let mut x1551: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1550, &mut x1551, x1549, x1478, x1525); let mut x1552: u32 = 0; let mut x1553: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1552, &mut x1553, x1551, x1480, x1527); let mut x1554: u32 = 0; let mut x1555: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1554, &mut x1555, x1553, x1482, x1529); let mut x1556: u32 = 0; let mut x1557: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1556, &mut x1557, x1555, x1484, x1531); let mut x1558: u32 = 0; let mut x1559: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1558, &mut x1559, x1557, x1486, x1533); let mut x1560: u32 = 0; let mut x1561: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1560, &mut x1561, x1559, x1488, x1535); let mut x1562: u32 = 0; let mut x1563: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1562, &mut x1563, x1561, x1490, x1537); let mut x1564: u32 = 0; let mut x1565: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1564, &mut x1565, x1563, x1492, x1539); let mut x1566: u32 = 0; let mut x1567: u32 = 0; fiat_p384_mulx_u32(&mut x1566, &mut x1567, x1540, 0xffffffff); let mut x1568: u32 = 0; let mut x1569: u32 = 0; fiat_p384_mulx_u32(&mut x1568, &mut x1569, x1540, 0xffffffff); let mut x1570: u32 = 0; let mut x1571: u32 = 0; fiat_p384_mulx_u32(&mut x1570, &mut x1571, x1540, 0xffffffff); let mut x1572: u32 = 0; let mut x1573: u32 = 0; fiat_p384_mulx_u32(&mut x1572, &mut x1573, x1540, 0xffffffff); let mut x1574: u32 = 0; let mut x1575: u32 = 0; fiat_p384_mulx_u32(&mut x1574, &mut x1575, x1540, 0xffffffff); let mut x1576: u32 = 0; let mut x1577: u32 = 0; fiat_p384_mulx_u32(&mut x1576, &mut x1577, x1540, 0xffffffff); let mut x1578: u32 = 0; let mut x1579: u32 = 0; fiat_p384_mulx_u32(&mut x1578, &mut x1579, x1540, 0xffffffff); let mut x1580: u32 = 0; let mut x1581: u32 = 0; fiat_p384_mulx_u32(&mut x1580, &mut x1581, x1540, 0xfffffffe); let mut x1582: u32 = 0; let mut x1583: u32 = 0; fiat_p384_mulx_u32(&mut x1582, &mut x1583, x1540, 0xffffffff); let mut x1584: u32 = 0; let mut x1585: u32 = 0; fiat_p384_mulx_u32(&mut x1584, &mut x1585, x1540, 0xffffffff); let mut x1586: u32 = 0; let mut x1587: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1586, &mut x1587, 0x0, x1583, x1580); let mut x1588: u32 = 0; let mut x1589: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1588, &mut x1589, x1587, x1581, x1578); let mut x1590: u32 = 0; let mut x1591: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1590, &mut x1591, x1589, x1579, x1576); let mut x1592: u32 = 0; let mut x1593: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1592, &mut x1593, x1591, x1577, x1574); let mut x1594: u32 = 0; let mut x1595: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1594, &mut x1595, x1593, x1575, x1572); let mut x1596: u32 = 0; let mut x1597: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1596, &mut x1597, x1595, x1573, x1570); let mut x1598: u32 = 0; let mut x1599: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1598, &mut x1599, x1597, x1571, x1568); let mut x1600: u32 = 0; let mut x1601: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1600, &mut x1601, x1599, x1569, x1566); let x1602: u32 = ((x1601 as u32) + x1567); let mut x1603: u32 = 0; let mut x1604: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1603, &mut x1604, 0x0, x1540, x1584); let mut x1605: u32 = 0; let mut x1606: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1605, &mut x1606, x1604, x1542, x1585); let mut x1607: u32 = 0; let mut x1608: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1607, &mut x1608, x1606, x1544, (0x0 as u32)); let mut x1609: u32 = 0; let mut x1610: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1609, &mut x1610, x1608, x1546, x1582); let mut x1611: u32 = 0; let mut x1612: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1611, &mut x1612, x1610, x1548, x1586); let mut x1613: u32 = 0; let mut x1614: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1613, &mut x1614, x1612, x1550, x1588); let mut x1615: u32 = 0; let mut x1616: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1615, &mut x1616, x1614, x1552, x1590); let mut x1617: u32 = 0; let mut x1618: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1617, &mut x1618, x1616, x1554, x1592); let mut x1619: u32 = 0; let mut x1620: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1619, &mut x1620, x1618, x1556, x1594); let mut x1621: u32 = 0; let mut x1622: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1621, &mut x1622, x1620, x1558, x1596); let mut x1623: u32 = 0; let mut x1624: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1623, &mut x1624, x1622, x1560, x1598); let mut x1625: u32 = 0; let mut x1626: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1625, &mut x1626, x1624, x1562, x1600); let mut x1627: u32 = 0; let mut x1628: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1627, &mut x1628, x1626, x1564, x1602); let x1629: u32 = ((x1628 as u32) + (x1565 as u32)); let mut x1630: u32 = 0; let mut x1631: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1630, &mut x1631, 0x0, x1605, 0xffffffff); let mut x1632: u32 = 0; let mut x1633: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1632, &mut x1633, x1631, x1607, (0x0 as u32)); let mut x1634: u32 = 0; let mut x1635: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1634, &mut x1635, x1633, x1609, (0x0 as u32)); let mut x1636: u32 = 0; let mut x1637: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1636, &mut x1637, x1635, x1611, 0xffffffff); let mut x1638: u32 = 0; let mut x1639: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1638, &mut x1639, x1637, x1613, 0xfffffffe); let mut x1640: u32 = 0; let mut x1641: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1640, &mut x1641, x1639, x1615, 0xffffffff); let mut x1642: u32 = 0; let mut x1643: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1642, &mut x1643, x1641, x1617, 0xffffffff); let mut x1644: u32 = 0; let mut x1645: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1644, &mut x1645, x1643, x1619, 0xffffffff); let mut x1646: u32 = 0; let mut x1647: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1646, &mut x1647, x1645, x1621, 0xffffffff); let mut x1648: u32 = 0; let mut x1649: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1648, &mut x1649, x1647, x1623, 0xffffffff); let mut x1650: u32 = 0; let mut x1651: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1650, &mut x1651, x1649, x1625, 0xffffffff); let mut x1652: u32 = 0; let mut x1653: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1652, &mut x1653, x1651, x1627, 0xffffffff); let mut x1654: u32 = 0; let mut x1655: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1654, &mut x1655, x1653, x1629, (0x0 as u32)); let mut x1656: u32 = 0; fiat_p384_cmovznz_u32(&mut x1656, x1655, x1630, x1605); let mut x1657: u32 = 0; fiat_p384_cmovznz_u32(&mut x1657, x1655, x1632, x1607); let mut x1658: u32 = 0; fiat_p384_cmovznz_u32(&mut x1658, x1655, x1634, x1609); let mut x1659: u32 = 0; fiat_p384_cmovznz_u32(&mut x1659, x1655, x1636, x1611); let mut x1660: u32 = 0; fiat_p384_cmovznz_u32(&mut x1660, x1655, x1638, x1613); let mut x1661: u32 = 0; fiat_p384_cmovznz_u32(&mut x1661, x1655, x1640, x1615); let mut x1662: u32 = 0; fiat_p384_cmovznz_u32(&mut x1662, x1655, x1642, x1617); let mut x1663: u32 = 0; fiat_p384_cmovznz_u32(&mut x1663, x1655, x1644, x1619); let mut x1664: u32 = 0; fiat_p384_cmovznz_u32(&mut x1664, x1655, x1646, x1621); let mut x1665: u32 = 0; fiat_p384_cmovznz_u32(&mut x1665, x1655, x1648, x1623); let mut x1666: u32 = 0; fiat_p384_cmovznz_u32(&mut x1666, x1655, x1650, x1625); let mut x1667: u32 = 0; fiat_p384_cmovznz_u32(&mut x1667, x1655, x1652, x1627); out1[0] = x1656; out1[1] = x1657; out1[2] = x1658; out1[3] = x1659; out1[4] = x1660; out1[5] = x1661; out1[6] = x1662; out1[7] = x1663; out1[8] = x1664; out1[9] = x1665; out1[10] = x1666; out1[11] = x1667; } /// The function fiat_p384_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_square(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_mulx_u32(&mut x13, &mut x14, x12, (arg1[11])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_mulx_u32(&mut x15, &mut x16, x12, (arg1[10])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_mulx_u32(&mut x17, &mut x18, x12, (arg1[9])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_mulx_u32(&mut x19, &mut x20, x12, (arg1[8])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p384_mulx_u32(&mut x21, &mut x22, x12, (arg1[7])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_mulx_u32(&mut x23, &mut x24, x12, (arg1[6])); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_mulx_u32(&mut x25, &mut x26, x12, (arg1[5])); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_mulx_u32(&mut x27, &mut x28, x12, (arg1[4])); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_mulx_u32(&mut x29, &mut x30, x12, (arg1[3])); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_mulx_u32(&mut x31, &mut x32, x12, (arg1[2])); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_mulx_u32(&mut x33, &mut x34, x12, (arg1[1])); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_mulx_u32(&mut x35, &mut x36, x12, (arg1[0])); let mut x37: u32 = 0; let mut x38: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u32 = 0; let mut x40: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x39, &mut x40, x38, x34, x31); let mut x41: u32 = 0; let mut x42: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x41, &mut x42, x40, x32, x29); let mut x43: u32 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x43, &mut x44, x42, x30, x27); let mut x45: u32 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x45, &mut x46, x44, x28, x25); let mut x47: u32 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x47, &mut x48, x46, x26, x23); let mut x49: u32 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x49, &mut x50, x48, x24, x21); let mut x51: u32 = 0; let mut x52: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x51, &mut x52, x50, x22, x19); let mut x53: u32 = 0; let mut x54: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x53, &mut x54, x52, x20, x17); let mut x55: u32 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x55, &mut x56, x54, x18, x15); let mut x57: u32 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x57, &mut x58, x56, x16, x13); let x59: u32 = ((x58 as u32) + x14); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p384_mulx_u32(&mut x60, &mut x61, x35, 0xffffffff); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p384_mulx_u32(&mut x62, &mut x63, x35, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p384_mulx_u32(&mut x64, &mut x65, x35, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p384_mulx_u32(&mut x66, &mut x67, x35, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p384_mulx_u32(&mut x68, &mut x69, x35, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p384_mulx_u32(&mut x70, &mut x71, x35, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p384_mulx_u32(&mut x72, &mut x73, x35, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p384_mulx_u32(&mut x74, &mut x75, x35, 0xfffffffe); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p384_mulx_u32(&mut x76, &mut x77, x35, 0xffffffff); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p384_mulx_u32(&mut x78, &mut x79, x35, 0xffffffff); let mut x80: u32 = 0; let mut x81: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x80, &mut x81, 0x0, x77, x74); let mut x82: u32 = 0; let mut x83: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x82, &mut x83, x81, x75, x72); let mut x84: u32 = 0; let mut x85: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x84, &mut x85, x83, x73, x70); let mut x86: u32 = 0; let mut x87: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x86, &mut x87, x85, x71, x68); let mut x88: u32 = 0; let mut x89: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x88, &mut x89, x87, x69, x66); let mut x90: u32 = 0; let mut x91: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x90, &mut x91, x89, x67, x64); let mut x92: u32 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x92, &mut x93, x91, x65, x62); let mut x94: u32 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x94, &mut x95, x93, x63, x60); let x96: u32 = ((x95 as u32) + x61); let mut x97: u32 = 0; let mut x98: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x97, &mut x98, 0x0, x35, x78); let mut x99: u32 = 0; let mut x100: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x99, &mut x100, x98, x37, x79); let mut x101: u32 = 0; let mut x102: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x101, &mut x102, x100, x39, (0x0 as u32)); let mut x103: u32 = 0; let mut x104: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x103, &mut x104, x102, x41, x76); let mut x105: u32 = 0; let mut x106: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x105, &mut x106, x104, x43, x80); let mut x107: u32 = 0; let mut x108: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x107, &mut x108, x106, x45, x82); let mut x109: u32 = 0; let mut x110: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x109, &mut x110, x108, x47, x84); let mut x111: u32 = 0; let mut x112: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x111, &mut x112, x110, x49, x86); let mut x113: u32 = 0; let mut x114: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x113, &mut x114, x112, x51, x88); let mut x115: u32 = 0; let mut x116: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x115, &mut x116, x114, x53, x90); let mut x117: u32 = 0; let mut x118: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x117, &mut x118, x116, x55, x92); let mut x119: u32 = 0; let mut x120: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x119, &mut x120, x118, x57, x94); let mut x121: u32 = 0; let mut x122: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x121, &mut x122, x120, x59, x96); let mut x123: u32 = 0; let mut x124: u32 = 0; fiat_p384_mulx_u32(&mut x123, &mut x124, x1, (arg1[11])); let mut x125: u32 = 0; let mut x126: u32 = 0; fiat_p384_mulx_u32(&mut x125, &mut x126, x1, (arg1[10])); let mut x127: u32 = 0; let mut x128: u32 = 0; fiat_p384_mulx_u32(&mut x127, &mut x128, x1, (arg1[9])); let mut x129: u32 = 0; let mut x130: u32 = 0; fiat_p384_mulx_u32(&mut x129, &mut x130, x1, (arg1[8])); let mut x131: u32 = 0; let mut x132: u32 = 0; fiat_p384_mulx_u32(&mut x131, &mut x132, x1, (arg1[7])); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p384_mulx_u32(&mut x133, &mut x134, x1, (arg1[6])); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_mulx_u32(&mut x135, &mut x136, x1, (arg1[5])); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p384_mulx_u32(&mut x137, &mut x138, x1, (arg1[4])); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p384_mulx_u32(&mut x139, &mut x140, x1, (arg1[3])); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p384_mulx_u32(&mut x141, &mut x142, x1, (arg1[2])); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p384_mulx_u32(&mut x143, &mut x144, x1, (arg1[1])); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p384_mulx_u32(&mut x145, &mut x146, x1, (arg1[0])); let mut x147: u32 = 0; let mut x148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x147, &mut x148, 0x0, x146, x143); let mut x149: u32 = 0; let mut x150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x149, &mut x150, x148, x144, x141); let mut x151: u32 = 0; let mut x152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x151, &mut x152, x150, x142, x139); let mut x153: u32 = 0; let mut x154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x153, &mut x154, x152, x140, x137); let mut x155: u32 = 0; let mut x156: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x155, &mut x156, x154, x138, x135); let mut x157: u32 = 0; let mut x158: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x157, &mut x158, x156, x136, x133); let mut x159: u32 = 0; let mut x160: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x159, &mut x160, x158, x134, x131); let mut x161: u32 = 0; let mut x162: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x161, &mut x162, x160, x132, x129); let mut x163: u32 = 0; let mut x164: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x163, &mut x164, x162, x130, x127); let mut x165: u32 = 0; let mut x166: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x165, &mut x166, x164, x128, x125); let mut x167: u32 = 0; let mut x168: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x167, &mut x168, x166, x126, x123); let x169: u32 = ((x168 as u32) + x124); let mut x170: u32 = 0; let mut x171: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x170, &mut x171, 0x0, x99, x145); let mut x172: u32 = 0; let mut x173: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x172, &mut x173, x171, x101, x147); let mut x174: u32 = 0; let mut x175: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x174, &mut x175, x173, x103, x149); let mut x176: u32 = 0; let mut x177: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x176, &mut x177, x175, x105, x151); let mut x178: u32 = 0; let mut x179: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x178, &mut x179, x177, x107, x153); let mut x180: u32 = 0; let mut x181: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x180, &mut x181, x179, x109, x155); let mut x182: u32 = 0; let mut x183: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x182, &mut x183, x181, x111, x157); let mut x184: u32 = 0; let mut x185: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x184, &mut x185, x183, x113, x159); let mut x186: u32 = 0; let mut x187: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x186, &mut x187, x185, x115, x161); let mut x188: u32 = 0; let mut x189: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x188, &mut x189, x187, x117, x163); let mut x190: u32 = 0; let mut x191: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x190, &mut x191, x189, x119, x165); let mut x192: u32 = 0; let mut x193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x192, &mut x193, x191, x121, x167); let mut x194: u32 = 0; let mut x195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x194, &mut x195, x193, (x122 as u32), x169); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_p384_mulx_u32(&mut x196, &mut x197, x170, 0xffffffff); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_p384_mulx_u32(&mut x198, &mut x199, x170, 0xffffffff); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_p384_mulx_u32(&mut x200, &mut x201, x170, 0xffffffff); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_p384_mulx_u32(&mut x202, &mut x203, x170, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_p384_mulx_u32(&mut x204, &mut x205, x170, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_p384_mulx_u32(&mut x206, &mut x207, x170, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p384_mulx_u32(&mut x208, &mut x209, x170, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p384_mulx_u32(&mut x210, &mut x211, x170, 0xfffffffe); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_p384_mulx_u32(&mut x212, &mut x213, x170, 0xffffffff); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_mulx_u32(&mut x214, &mut x215, x170, 0xffffffff); let mut x216: u32 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x216, &mut x217, 0x0, x213, x210); let mut x218: u32 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x218, &mut x219, x217, x211, x208); let mut x220: u32 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x220, &mut x221, x219, x209, x206); let mut x222: u32 = 0; let mut x223: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x222, &mut x223, x221, x207, x204); let mut x224: u32 = 0; let mut x225: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x224, &mut x225, x223, x205, x202); let mut x226: u32 = 0; let mut x227: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x226, &mut x227, x225, x203, x200); let mut x228: u32 = 0; let mut x229: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x228, &mut x229, x227, x201, x198); let mut x230: u32 = 0; let mut x231: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x230, &mut x231, x229, x199, x196); let x232: u32 = ((x231 as u32) + x197); let mut x233: u32 = 0; let mut x234: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x233, &mut x234, 0x0, x170, x214); let mut x235: u32 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x235, &mut x236, x234, x172, x215); let mut x237: u32 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x237, &mut x238, x236, x174, (0x0 as u32)); let mut x239: u32 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x239, &mut x240, x238, x176, x212); let mut x241: u32 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x241, &mut x242, x240, x178, x216); let mut x243: u32 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x243, &mut x244, x242, x180, x218); let mut x245: u32 = 0; let mut x246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x245, &mut x246, x244, x182, x220); let mut x247: u32 = 0; let mut x248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x247, &mut x248, x246, x184, x222); let mut x249: u32 = 0; let mut x250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x249, &mut x250, x248, x186, x224); let mut x251: u32 = 0; let mut x252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x251, &mut x252, x250, x188, x226); let mut x253: u32 = 0; let mut x254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x253, &mut x254, x252, x190, x228); let mut x255: u32 = 0; let mut x256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x255, &mut x256, x254, x192, x230); let mut x257: u32 = 0; let mut x258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x257, &mut x258, x256, x194, x232); let x259: u32 = ((x258 as u32) + (x195 as u32)); let mut x260: u32 = 0; let mut x261: u32 = 0; fiat_p384_mulx_u32(&mut x260, &mut x261, x2, (arg1[11])); let mut x262: u32 = 0; let mut x263: u32 = 0; fiat_p384_mulx_u32(&mut x262, &mut x263, x2, (arg1[10])); let mut x264: u32 = 0; let mut x265: u32 = 0; fiat_p384_mulx_u32(&mut x264, &mut x265, x2, (arg1[9])); let mut x266: u32 = 0; let mut x267: u32 = 0; fiat_p384_mulx_u32(&mut x266, &mut x267, x2, (arg1[8])); let mut x268: u32 = 0; let mut x269: u32 = 0; fiat_p384_mulx_u32(&mut x268, &mut x269, x2, (arg1[7])); let mut x270: u32 = 0; let mut x271: u32 = 0; fiat_p384_mulx_u32(&mut x270, &mut x271, x2, (arg1[6])); let mut x272: u32 = 0; let mut x273: u32 = 0; fiat_p384_mulx_u32(&mut x272, &mut x273, x2, (arg1[5])); let mut x274: u32 = 0; let mut x275: u32 = 0; fiat_p384_mulx_u32(&mut x274, &mut x275, x2, (arg1[4])); let mut x276: u32 = 0; let mut x277: u32 = 0; fiat_p384_mulx_u32(&mut x276, &mut x277, x2, (arg1[3])); let mut x278: u32 = 0; let mut x279: u32 = 0; fiat_p384_mulx_u32(&mut x278, &mut x279, x2, (arg1[2])); let mut x280: u32 = 0; let mut x281: u32 = 0; fiat_p384_mulx_u32(&mut x280, &mut x281, x2, (arg1[1])); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_p384_mulx_u32(&mut x282, &mut x283, x2, (arg1[0])); let mut x284: u32 = 0; let mut x285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x284, &mut x285, 0x0, x283, x280); let mut x286: u32 = 0; let mut x287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x286, &mut x287, x285, x281, x278); let mut x288: u32 = 0; let mut x289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x288, &mut x289, x287, x279, x276); let mut x290: u32 = 0; let mut x291: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x290, &mut x291, x289, x277, x274); let mut x292: u32 = 0; let mut x293: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x292, &mut x293, x291, x275, x272); let mut x294: u32 = 0; let mut x295: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x294, &mut x295, x293, x273, x270); let mut x296: u32 = 0; let mut x297: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x296, &mut x297, x295, x271, x268); let mut x298: u32 = 0; let mut x299: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x298, &mut x299, x297, x269, x266); let mut x300: u32 = 0; let mut x301: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x300, &mut x301, x299, x267, x264); let mut x302: u32 = 0; let mut x303: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x302, &mut x303, x301, x265, x262); let mut x304: u32 = 0; let mut x305: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x304, &mut x305, x303, x263, x260); let x306: u32 = ((x305 as u32) + x261); let mut x307: u32 = 0; let mut x308: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x307, &mut x308, 0x0, x235, x282); let mut x309: u32 = 0; let mut x310: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x309, &mut x310, x308, x237, x284); let mut x311: u32 = 0; let mut x312: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x311, &mut x312, x310, x239, x286); let mut x313: u32 = 0; let mut x314: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x313, &mut x314, x312, x241, x288); let mut x315: u32 = 0; let mut x316: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x315, &mut x316, x314, x243, x290); let mut x317: u32 = 0; let mut x318: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x317, &mut x318, x316, x245, x292); let mut x319: u32 = 0; let mut x320: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x319, &mut x320, x318, x247, x294); let mut x321: u32 = 0; let mut x322: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x321, &mut x322, x320, x249, x296); let mut x323: u32 = 0; let mut x324: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x323, &mut x324, x322, x251, x298); let mut x325: u32 = 0; let mut x326: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x325, &mut x326, x324, x253, x300); let mut x327: u32 = 0; let mut x328: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x327, &mut x328, x326, x255, x302); let mut x329: u32 = 0; let mut x330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x329, &mut x330, x328, x257, x304); let mut x331: u32 = 0; let mut x332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x331, &mut x332, x330, x259, x306); let mut x333: u32 = 0; let mut x334: u32 = 0; fiat_p384_mulx_u32(&mut x333, &mut x334, x307, 0xffffffff); let mut x335: u32 = 0; let mut x336: u32 = 0; fiat_p384_mulx_u32(&mut x335, &mut x336, x307, 0xffffffff); let mut x337: u32 = 0; let mut x338: u32 = 0; fiat_p384_mulx_u32(&mut x337, &mut x338, x307, 0xffffffff); let mut x339: u32 = 0; let mut x340: u32 = 0; fiat_p384_mulx_u32(&mut x339, &mut x340, x307, 0xffffffff); let mut x341: u32 = 0; let mut x342: u32 = 0; fiat_p384_mulx_u32(&mut x341, &mut x342, x307, 0xffffffff); let mut x343: u32 = 0; let mut x344: u32 = 0; fiat_p384_mulx_u32(&mut x343, &mut x344, x307, 0xffffffff); let mut x345: u32 = 0; let mut x346: u32 = 0; fiat_p384_mulx_u32(&mut x345, &mut x346, x307, 0xffffffff); let mut x347: u32 = 0; let mut x348: u32 = 0; fiat_p384_mulx_u32(&mut x347, &mut x348, x307, 0xfffffffe); let mut x349: u32 = 0; let mut x350: u32 = 0; fiat_p384_mulx_u32(&mut x349, &mut x350, x307, 0xffffffff); let mut x351: u32 = 0; let mut x352: u32 = 0; fiat_p384_mulx_u32(&mut x351, &mut x352, x307, 0xffffffff); let mut x353: u32 = 0; let mut x354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x353, &mut x354, 0x0, x350, x347); let mut x355: u32 = 0; let mut x356: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x355, &mut x356, x354, x348, x345); let mut x357: u32 = 0; let mut x358: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x357, &mut x358, x356, x346, x343); let mut x359: u32 = 0; let mut x360: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x359, &mut x360, x358, x344, x341); let mut x361: u32 = 0; let mut x362: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x361, &mut x362, x360, x342, x339); let mut x363: u32 = 0; let mut x364: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x363, &mut x364, x362, x340, x337); let mut x365: u32 = 0; let mut x366: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x365, &mut x366, x364, x338, x335); let mut x367: u32 = 0; let mut x368: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x367, &mut x368, x366, x336, x333); let x369: u32 = ((x368 as u32) + x334); let mut x370: u32 = 0; let mut x371: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x370, &mut x371, 0x0, x307, x351); let mut x372: u32 = 0; let mut x373: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x372, &mut x373, x371, x309, x352); let mut x374: u32 = 0; let mut x375: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x374, &mut x375, x373, x311, (0x0 as u32)); let mut x376: u32 = 0; let mut x377: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x376, &mut x377, x375, x313, x349); let mut x378: u32 = 0; let mut x379: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x378, &mut x379, x377, x315, x353); let mut x380: u32 = 0; let mut x381: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x380, &mut x381, x379, x317, x355); let mut x382: u32 = 0; let mut x383: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x382, &mut x383, x381, x319, x357); let mut x384: u32 = 0; let mut x385: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x384, &mut x385, x383, x321, x359); let mut x386: u32 = 0; let mut x387: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x386, &mut x387, x385, x323, x361); let mut x388: u32 = 0; let mut x389: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x388, &mut x389, x387, x325, x363); let mut x390: u32 = 0; let mut x391: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x390, &mut x391, x389, x327, x365); let mut x392: u32 = 0; let mut x393: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x392, &mut x393, x391, x329, x367); let mut x394: u32 = 0; let mut x395: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x394, &mut x395, x393, x331, x369); let x396: u32 = ((x395 as u32) + (x332 as u32)); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_p384_mulx_u32(&mut x397, &mut x398, x3, (arg1[11])); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_p384_mulx_u32(&mut x399, &mut x400, x3, (arg1[10])); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_p384_mulx_u32(&mut x401, &mut x402, x3, (arg1[9])); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_p384_mulx_u32(&mut x403, &mut x404, x3, (arg1[8])); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p384_mulx_u32(&mut x405, &mut x406, x3, (arg1[7])); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p384_mulx_u32(&mut x407, &mut x408, x3, (arg1[6])); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p384_mulx_u32(&mut x409, &mut x410, x3, (arg1[5])); let mut x411: u32 = 0; let mut x412: u32 = 0; fiat_p384_mulx_u32(&mut x411, &mut x412, x3, (arg1[4])); let mut x413: u32 = 0; let mut x414: u32 = 0; fiat_p384_mulx_u32(&mut x413, &mut x414, x3, (arg1[3])); let mut x415: u32 = 0; let mut x416: u32 = 0; fiat_p384_mulx_u32(&mut x415, &mut x416, x3, (arg1[2])); let mut x417: u32 = 0; let mut x418: u32 = 0; fiat_p384_mulx_u32(&mut x417, &mut x418, x3, (arg1[1])); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p384_mulx_u32(&mut x419, &mut x420, x3, (arg1[0])); let mut x421: u32 = 0; let mut x422: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x421, &mut x422, 0x0, x420, x417); let mut x423: u32 = 0; let mut x424: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x423, &mut x424, x422, x418, x415); let mut x425: u32 = 0; let mut x426: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x425, &mut x426, x424, x416, x413); let mut x427: u32 = 0; let mut x428: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x427, &mut x428, x426, x414, x411); let mut x429: u32 = 0; let mut x430: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x429, &mut x430, x428, x412, x409); let mut x431: u32 = 0; let mut x432: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x431, &mut x432, x430, x410, x407); let mut x433: u32 = 0; let mut x434: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x433, &mut x434, x432, x408, x405); let mut x435: u32 = 0; let mut x436: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x435, &mut x436, x434, x406, x403); let mut x437: u32 = 0; let mut x438: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x437, &mut x438, x436, x404, x401); let mut x439: u32 = 0; let mut x440: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x439, &mut x440, x438, x402, x399); let mut x441: u32 = 0; let mut x442: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x441, &mut x442, x440, x400, x397); let x443: u32 = ((x442 as u32) + x398); let mut x444: u32 = 0; let mut x445: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x444, &mut x445, 0x0, x372, x419); let mut x446: u32 = 0; let mut x447: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x446, &mut x447, x445, x374, x421); let mut x448: u32 = 0; let mut x449: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x448, &mut x449, x447, x376, x423); let mut x450: u32 = 0; let mut x451: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x450, &mut x451, x449, x378, x425); let mut x452: u32 = 0; let mut x453: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x452, &mut x453, x451, x380, x427); let mut x454: u32 = 0; let mut x455: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x454, &mut x455, x453, x382, x429); let mut x456: u32 = 0; let mut x457: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x456, &mut x457, x455, x384, x431); let mut x458: u32 = 0; let mut x459: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x458, &mut x459, x457, x386, x433); let mut x460: u32 = 0; let mut x461: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x460, &mut x461, x459, x388, x435); let mut x462: u32 = 0; let mut x463: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x462, &mut x463, x461, x390, x437); let mut x464: u32 = 0; let mut x465: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x464, &mut x465, x463, x392, x439); let mut x466: u32 = 0; let mut x467: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x466, &mut x467, x465, x394, x441); let mut x468: u32 = 0; let mut x469: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x468, &mut x469, x467, x396, x443); let mut x470: u32 = 0; let mut x471: u32 = 0; fiat_p384_mulx_u32(&mut x470, &mut x471, x444, 0xffffffff); let mut x472: u32 = 0; let mut x473: u32 = 0; fiat_p384_mulx_u32(&mut x472, &mut x473, x444, 0xffffffff); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_p384_mulx_u32(&mut x474, &mut x475, x444, 0xffffffff); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_p384_mulx_u32(&mut x476, &mut x477, x444, 0xffffffff); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_p384_mulx_u32(&mut x478, &mut x479, x444, 0xffffffff); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_p384_mulx_u32(&mut x480, &mut x481, x444, 0xffffffff); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_p384_mulx_u32(&mut x482, &mut x483, x444, 0xffffffff); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_p384_mulx_u32(&mut x484, &mut x485, x444, 0xfffffffe); let mut x486: u32 = 0; let mut x487: u32 = 0; fiat_p384_mulx_u32(&mut x486, &mut x487, x444, 0xffffffff); let mut x488: u32 = 0; let mut x489: u32 = 0; fiat_p384_mulx_u32(&mut x488, &mut x489, x444, 0xffffffff); let mut x490: u32 = 0; let mut x491: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x490, &mut x491, 0x0, x487, x484); let mut x492: u32 = 0; let mut x493: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x492, &mut x493, x491, x485, x482); let mut x494: u32 = 0; let mut x495: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x494, &mut x495, x493, x483, x480); let mut x496: u32 = 0; let mut x497: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x496, &mut x497, x495, x481, x478); let mut x498: u32 = 0; let mut x499: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x498, &mut x499, x497, x479, x476); let mut x500: u32 = 0; let mut x501: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x500, &mut x501, x499, x477, x474); let mut x502: u32 = 0; let mut x503: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x502, &mut x503, x501, x475, x472); let mut x504: u32 = 0; let mut x505: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x504, &mut x505, x503, x473, x470); let x506: u32 = ((x505 as u32) + x471); let mut x507: u32 = 0; let mut x508: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x507, &mut x508, 0x0, x444, x488); let mut x509: u32 = 0; let mut x510: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x509, &mut x510, x508, x446, x489); let mut x511: u32 = 0; let mut x512: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x511, &mut x512, x510, x448, (0x0 as u32)); let mut x513: u32 = 0; let mut x514: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x513, &mut x514, x512, x450, x486); let mut x515: u32 = 0; let mut x516: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x515, &mut x516, x514, x452, x490); let mut x517: u32 = 0; let mut x518: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x517, &mut x518, x516, x454, x492); let mut x519: u32 = 0; let mut x520: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x519, &mut x520, x518, x456, x494); let mut x521: u32 = 0; let mut x522: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x521, &mut x522, x520, x458, x496); let mut x523: u32 = 0; let mut x524: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x523, &mut x524, x522, x460, x498); let mut x525: u32 = 0; let mut x526: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x525, &mut x526, x524, x462, x500); let mut x527: u32 = 0; let mut x528: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x527, &mut x528, x526, x464, x502); let mut x529: u32 = 0; let mut x530: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x529, &mut x530, x528, x466, x504); let mut x531: u32 = 0; let mut x532: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x531, &mut x532, x530, x468, x506); let x533: u32 = ((x532 as u32) + (x469 as u32)); let mut x534: u32 = 0; let mut x535: u32 = 0; fiat_p384_mulx_u32(&mut x534, &mut x535, x4, (arg1[11])); let mut x536: u32 = 0; let mut x537: u32 = 0; fiat_p384_mulx_u32(&mut x536, &mut x537, x4, (arg1[10])); let mut x538: u32 = 0; let mut x539: u32 = 0; fiat_p384_mulx_u32(&mut x538, &mut x539, x4, (arg1[9])); let mut x540: u32 = 0; let mut x541: u32 = 0; fiat_p384_mulx_u32(&mut x540, &mut x541, x4, (arg1[8])); let mut x542: u32 = 0; let mut x543: u32 = 0; fiat_p384_mulx_u32(&mut x542, &mut x543, x4, (arg1[7])); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_p384_mulx_u32(&mut x544, &mut x545, x4, (arg1[6])); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_p384_mulx_u32(&mut x546, &mut x547, x4, (arg1[5])); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_p384_mulx_u32(&mut x548, &mut x549, x4, (arg1[4])); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_p384_mulx_u32(&mut x550, &mut x551, x4, (arg1[3])); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_p384_mulx_u32(&mut x552, &mut x553, x4, (arg1[2])); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_p384_mulx_u32(&mut x554, &mut x555, x4, (arg1[1])); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_p384_mulx_u32(&mut x556, &mut x557, x4, (arg1[0])); let mut x558: u32 = 0; let mut x559: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x558, &mut x559, 0x0, x557, x554); let mut x560: u32 = 0; let mut x561: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x560, &mut x561, x559, x555, x552); let mut x562: u32 = 0; let mut x563: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x562, &mut x563, x561, x553, x550); let mut x564: u32 = 0; let mut x565: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x564, &mut x565, x563, x551, x548); let mut x566: u32 = 0; let mut x567: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x566, &mut x567, x565, x549, x546); let mut x568: u32 = 0; let mut x569: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x568, &mut x569, x567, x547, x544); let mut x570: u32 = 0; let mut x571: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x570, &mut x571, x569, x545, x542); let mut x572: u32 = 0; let mut x573: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x572, &mut x573, x571, x543, x540); let mut x574: u32 = 0; let mut x575: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x574, &mut x575, x573, x541, x538); let mut x576: u32 = 0; let mut x577: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x576, &mut x577, x575, x539, x536); let mut x578: u32 = 0; let mut x579: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x578, &mut x579, x577, x537, x534); let x580: u32 = ((x579 as u32) + x535); let mut x581: u32 = 0; let mut x582: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x581, &mut x582, 0x0, x509, x556); let mut x583: u32 = 0; let mut x584: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x583, &mut x584, x582, x511, x558); let mut x585: u32 = 0; let mut x586: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x585, &mut x586, x584, x513, x560); let mut x587: u32 = 0; let mut x588: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x587, &mut x588, x586, x515, x562); let mut x589: u32 = 0; let mut x590: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x589, &mut x590, x588, x517, x564); let mut x591: u32 = 0; let mut x592: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x591, &mut x592, x590, x519, x566); let mut x593: u32 = 0; let mut x594: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x593, &mut x594, x592, x521, x568); let mut x595: u32 = 0; let mut x596: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x595, &mut x596, x594, x523, x570); let mut x597: u32 = 0; let mut x598: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x597, &mut x598, x596, x525, x572); let mut x599: u32 = 0; let mut x600: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x599, &mut x600, x598, x527, x574); let mut x601: u32 = 0; let mut x602: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x601, &mut x602, x600, x529, x576); let mut x603: u32 = 0; let mut x604: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x603, &mut x604, x602, x531, x578); let mut x605: u32 = 0; let mut x606: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x605, &mut x606, x604, x533, x580); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_p384_mulx_u32(&mut x607, &mut x608, x581, 0xffffffff); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_p384_mulx_u32(&mut x609, &mut x610, x581, 0xffffffff); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_p384_mulx_u32(&mut x611, &mut x612, x581, 0xffffffff); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_p384_mulx_u32(&mut x613, &mut x614, x581, 0xffffffff); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_p384_mulx_u32(&mut x615, &mut x616, x581, 0xffffffff); let mut x617: u32 = 0; let mut x618: u32 = 0; fiat_p384_mulx_u32(&mut x617, &mut x618, x581, 0xffffffff); let mut x619: u32 = 0; let mut x620: u32 = 0; fiat_p384_mulx_u32(&mut x619, &mut x620, x581, 0xffffffff); let mut x621: u32 = 0; let mut x622: u32 = 0; fiat_p384_mulx_u32(&mut x621, &mut x622, x581, 0xfffffffe); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_p384_mulx_u32(&mut x623, &mut x624, x581, 0xffffffff); let mut x625: u32 = 0; let mut x626: u32 = 0; fiat_p384_mulx_u32(&mut x625, &mut x626, x581, 0xffffffff); let mut x627: u32 = 0; let mut x628: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x627, &mut x628, 0x0, x624, x621); let mut x629: u32 = 0; let mut x630: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x629, &mut x630, x628, x622, x619); let mut x631: u32 = 0; let mut x632: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x631, &mut x632, x630, x620, x617); let mut x633: u32 = 0; let mut x634: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x633, &mut x634, x632, x618, x615); let mut x635: u32 = 0; let mut x636: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x635, &mut x636, x634, x616, x613); let mut x637: u32 = 0; let mut x638: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x637, &mut x638, x636, x614, x611); let mut x639: u32 = 0; let mut x640: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x639, &mut x640, x638, x612, x609); let mut x641: u32 = 0; let mut x642: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x641, &mut x642, x640, x610, x607); let x643: u32 = ((x642 as u32) + x608); let mut x644: u32 = 0; let mut x645: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x644, &mut x645, 0x0, x581, x625); let mut x646: u32 = 0; let mut x647: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x646, &mut x647, x645, x583, x626); let mut x648: u32 = 0; let mut x649: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x648, &mut x649, x647, x585, (0x0 as u32)); let mut x650: u32 = 0; let mut x651: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x650, &mut x651, x649, x587, x623); let mut x652: u32 = 0; let mut x653: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x652, &mut x653, x651, x589, x627); let mut x654: u32 = 0; let mut x655: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x654, &mut x655, x653, x591, x629); let mut x656: u32 = 0; let mut x657: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x656, &mut x657, x655, x593, x631); let mut x658: u32 = 0; let mut x659: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x658, &mut x659, x657, x595, x633); let mut x660: u32 = 0; let mut x661: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x660, &mut x661, x659, x597, x635); let mut x662: u32 = 0; let mut x663: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x662, &mut x663, x661, x599, x637); let mut x664: u32 = 0; let mut x665: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x664, &mut x665, x663, x601, x639); let mut x666: u32 = 0; let mut x667: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x666, &mut x667, x665, x603, x641); let mut x668: u32 = 0; let mut x669: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x668, &mut x669, x667, x605, x643); let x670: u32 = ((x669 as u32) + (x606 as u32)); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_p384_mulx_u32(&mut x671, &mut x672, x5, (arg1[11])); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_p384_mulx_u32(&mut x673, &mut x674, x5, (arg1[10])); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_p384_mulx_u32(&mut x675, &mut x676, x5, (arg1[9])); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_p384_mulx_u32(&mut x677, &mut x678, x5, (arg1[8])); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_p384_mulx_u32(&mut x679, &mut x680, x5, (arg1[7])); let mut x681: u32 = 0; let mut x682: u32 = 0; fiat_p384_mulx_u32(&mut x681, &mut x682, x5, (arg1[6])); let mut x683: u32 = 0; let mut x684: u32 = 0; fiat_p384_mulx_u32(&mut x683, &mut x684, x5, (arg1[5])); let mut x685: u32 = 0; let mut x686: u32 = 0; fiat_p384_mulx_u32(&mut x685, &mut x686, x5, (arg1[4])); let mut x687: u32 = 0; let mut x688: u32 = 0; fiat_p384_mulx_u32(&mut x687, &mut x688, x5, (arg1[3])); let mut x689: u32 = 0; let mut x690: u32 = 0; fiat_p384_mulx_u32(&mut x689, &mut x690, x5, (arg1[2])); let mut x691: u32 = 0; let mut x692: u32 = 0; fiat_p384_mulx_u32(&mut x691, &mut x692, x5, (arg1[1])); let mut x693: u32 = 0; let mut x694: u32 = 0; fiat_p384_mulx_u32(&mut x693, &mut x694, x5, (arg1[0])); let mut x695: u32 = 0; let mut x696: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x695, &mut x696, 0x0, x694, x691); let mut x697: u32 = 0; let mut x698: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x697, &mut x698, x696, x692, x689); let mut x699: u32 = 0; let mut x700: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x699, &mut x700, x698, x690, x687); let mut x701: u32 = 0; let mut x702: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x701, &mut x702, x700, x688, x685); let mut x703: u32 = 0; let mut x704: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x703, &mut x704, x702, x686, x683); let mut x705: u32 = 0; let mut x706: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x705, &mut x706, x704, x684, x681); let mut x707: u32 = 0; let mut x708: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x707, &mut x708, x706, x682, x679); let mut x709: u32 = 0; let mut x710: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x709, &mut x710, x708, x680, x677); let mut x711: u32 = 0; let mut x712: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x711, &mut x712, x710, x678, x675); let mut x713: u32 = 0; let mut x714: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x713, &mut x714, x712, x676, x673); let mut x715: u32 = 0; let mut x716: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x715, &mut x716, x714, x674, x671); let x717: u32 = ((x716 as u32) + x672); let mut x718: u32 = 0; let mut x719: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x718, &mut x719, 0x0, x646, x693); let mut x720: u32 = 0; let mut x721: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x720, &mut x721, x719, x648, x695); let mut x722: u32 = 0; let mut x723: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x722, &mut x723, x721, x650, x697); let mut x724: u32 = 0; let mut x725: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x724, &mut x725, x723, x652, x699); let mut x726: u32 = 0; let mut x727: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x726, &mut x727, x725, x654, x701); let mut x728: u32 = 0; let mut x729: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x728, &mut x729, x727, x656, x703); let mut x730: u32 = 0; let mut x731: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x730, &mut x731, x729, x658, x705); let mut x732: u32 = 0; let mut x733: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x732, &mut x733, x731, x660, x707); let mut x734: u32 = 0; let mut x735: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x734, &mut x735, x733, x662, x709); let mut x736: u32 = 0; let mut x737: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x736, &mut x737, x735, x664, x711); let mut x738: u32 = 0; let mut x739: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x738, &mut x739, x737, x666, x713); let mut x740: u32 = 0; let mut x741: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x740, &mut x741, x739, x668, x715); let mut x742: u32 = 0; let mut x743: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x742, &mut x743, x741, x670, x717); let mut x744: u32 = 0; let mut x745: u32 = 0; fiat_p384_mulx_u32(&mut x744, &mut x745, x718, 0xffffffff); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_p384_mulx_u32(&mut x746, &mut x747, x718, 0xffffffff); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_p384_mulx_u32(&mut x748, &mut x749, x718, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_p384_mulx_u32(&mut x750, &mut x751, x718, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_p384_mulx_u32(&mut x752, &mut x753, x718, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_p384_mulx_u32(&mut x754, &mut x755, x718, 0xffffffff); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_p384_mulx_u32(&mut x756, &mut x757, x718, 0xffffffff); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_p384_mulx_u32(&mut x758, &mut x759, x718, 0xfffffffe); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_p384_mulx_u32(&mut x760, &mut x761, x718, 0xffffffff); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_p384_mulx_u32(&mut x762, &mut x763, x718, 0xffffffff); let mut x764: u32 = 0; let mut x765: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x764, &mut x765, 0x0, x761, x758); let mut x766: u32 = 0; let mut x767: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x766, &mut x767, x765, x759, x756); let mut x768: u32 = 0; let mut x769: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x768, &mut x769, x767, x757, x754); let mut x770: u32 = 0; let mut x771: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x770, &mut x771, x769, x755, x752); let mut x772: u32 = 0; let mut x773: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x772, &mut x773, x771, x753, x750); let mut x774: u32 = 0; let mut x775: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x774, &mut x775, x773, x751, x748); let mut x776: u32 = 0; let mut x777: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x776, &mut x777, x775, x749, x746); let mut x778: u32 = 0; let mut x779: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x778, &mut x779, x777, x747, x744); let x780: u32 = ((x779 as u32) + x745); let mut x781: u32 = 0; let mut x782: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x781, &mut x782, 0x0, x718, x762); let mut x783: u32 = 0; let mut x784: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x783, &mut x784, x782, x720, x763); let mut x785: u32 = 0; let mut x786: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x785, &mut x786, x784, x722, (0x0 as u32)); let mut x787: u32 = 0; let mut x788: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x787, &mut x788, x786, x724, x760); let mut x789: u32 = 0; let mut x790: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x789, &mut x790, x788, x726, x764); let mut x791: u32 = 0; let mut x792: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x791, &mut x792, x790, x728, x766); let mut x793: u32 = 0; let mut x794: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x793, &mut x794, x792, x730, x768); let mut x795: u32 = 0; let mut x796: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x795, &mut x796, x794, x732, x770); let mut x797: u32 = 0; let mut x798: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x797, &mut x798, x796, x734, x772); let mut x799: u32 = 0; let mut x800: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x799, &mut x800, x798, x736, x774); let mut x801: u32 = 0; let mut x802: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x801, &mut x802, x800, x738, x776); let mut x803: u32 = 0; let mut x804: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x803, &mut x804, x802, x740, x778); let mut x805: u32 = 0; let mut x806: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x805, &mut x806, x804, x742, x780); let x807: u32 = ((x806 as u32) + (x743 as u32)); let mut x808: u32 = 0; let mut x809: u32 = 0; fiat_p384_mulx_u32(&mut x808, &mut x809, x6, (arg1[11])); let mut x810: u32 = 0; let mut x811: u32 = 0; fiat_p384_mulx_u32(&mut x810, &mut x811, x6, (arg1[10])); let mut x812: u32 = 0; let mut x813: u32 = 0; fiat_p384_mulx_u32(&mut x812, &mut x813, x6, (arg1[9])); let mut x814: u32 = 0; let mut x815: u32 = 0; fiat_p384_mulx_u32(&mut x814, &mut x815, x6, (arg1[8])); let mut x816: u32 = 0; let mut x817: u32 = 0; fiat_p384_mulx_u32(&mut x816, &mut x817, x6, (arg1[7])); let mut x818: u32 = 0; let mut x819: u32 = 0; fiat_p384_mulx_u32(&mut x818, &mut x819, x6, (arg1[6])); let mut x820: u32 = 0; let mut x821: u32 = 0; fiat_p384_mulx_u32(&mut x820, &mut x821, x6, (arg1[5])); let mut x822: u32 = 0; let mut x823: u32 = 0; fiat_p384_mulx_u32(&mut x822, &mut x823, x6, (arg1[4])); let mut x824: u32 = 0; let mut x825: u32 = 0; fiat_p384_mulx_u32(&mut x824, &mut x825, x6, (arg1[3])); let mut x826: u32 = 0; let mut x827: u32 = 0; fiat_p384_mulx_u32(&mut x826, &mut x827, x6, (arg1[2])); let mut x828: u32 = 0; let mut x829: u32 = 0; fiat_p384_mulx_u32(&mut x828, &mut x829, x6, (arg1[1])); let mut x830: u32 = 0; let mut x831: u32 = 0; fiat_p384_mulx_u32(&mut x830, &mut x831, x6, (arg1[0])); let mut x832: u32 = 0; let mut x833: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x832, &mut x833, 0x0, x831, x828); let mut x834: u32 = 0; let mut x835: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x834, &mut x835, x833, x829, x826); let mut x836: u32 = 0; let mut x837: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x836, &mut x837, x835, x827, x824); let mut x838: u32 = 0; let mut x839: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x838, &mut x839, x837, x825, x822); let mut x840: u32 = 0; let mut x841: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x840, &mut x841, x839, x823, x820); let mut x842: u32 = 0; let mut x843: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x842, &mut x843, x841, x821, x818); let mut x844: u32 = 0; let mut x845: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x844, &mut x845, x843, x819, x816); let mut x846: u32 = 0; let mut x847: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x846, &mut x847, x845, x817, x814); let mut x848: u32 = 0; let mut x849: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x848, &mut x849, x847, x815, x812); let mut x850: u32 = 0; let mut x851: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x850, &mut x851, x849, x813, x810); let mut x852: u32 = 0; let mut x853: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x852, &mut x853, x851, x811, x808); let x854: u32 = ((x853 as u32) + x809); let mut x855: u32 = 0; let mut x856: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x855, &mut x856, 0x0, x783, x830); let mut x857: u32 = 0; let mut x858: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x857, &mut x858, x856, x785, x832); let mut x859: u32 = 0; let mut x860: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x859, &mut x860, x858, x787, x834); let mut x861: u32 = 0; let mut x862: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x861, &mut x862, x860, x789, x836); let mut x863: u32 = 0; let mut x864: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x863, &mut x864, x862, x791, x838); let mut x865: u32 = 0; let mut x866: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x865, &mut x866, x864, x793, x840); let mut x867: u32 = 0; let mut x868: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x867, &mut x868, x866, x795, x842); let mut x869: u32 = 0; let mut x870: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x869, &mut x870, x868, x797, x844); let mut x871: u32 = 0; let mut x872: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x871, &mut x872, x870, x799, x846); let mut x873: u32 = 0; let mut x874: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x873, &mut x874, x872, x801, x848); let mut x875: u32 = 0; let mut x876: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x875, &mut x876, x874, x803, x850); let mut x877: u32 = 0; let mut x878: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x877, &mut x878, x876, x805, x852); let mut x879: u32 = 0; let mut x880: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x879, &mut x880, x878, x807, x854); let mut x881: u32 = 0; let mut x882: u32 = 0; fiat_p384_mulx_u32(&mut x881, &mut x882, x855, 0xffffffff); let mut x883: u32 = 0; let mut x884: u32 = 0; fiat_p384_mulx_u32(&mut x883, &mut x884, x855, 0xffffffff); let mut x885: u32 = 0; let mut x886: u32 = 0; fiat_p384_mulx_u32(&mut x885, &mut x886, x855, 0xffffffff); let mut x887: u32 = 0; let mut x888: u32 = 0; fiat_p384_mulx_u32(&mut x887, &mut x888, x855, 0xffffffff); let mut x889: u32 = 0; let mut x890: u32 = 0; fiat_p384_mulx_u32(&mut x889, &mut x890, x855, 0xffffffff); let mut x891: u32 = 0; let mut x892: u32 = 0; fiat_p384_mulx_u32(&mut x891, &mut x892, x855, 0xffffffff); let mut x893: u32 = 0; let mut x894: u32 = 0; fiat_p384_mulx_u32(&mut x893, &mut x894, x855, 0xffffffff); let mut x895: u32 = 0; let mut x896: u32 = 0; fiat_p384_mulx_u32(&mut x895, &mut x896, x855, 0xfffffffe); let mut x897: u32 = 0; let mut x898: u32 = 0; fiat_p384_mulx_u32(&mut x897, &mut x898, x855, 0xffffffff); let mut x899: u32 = 0; let mut x900: u32 = 0; fiat_p384_mulx_u32(&mut x899, &mut x900, x855, 0xffffffff); let mut x901: u32 = 0; let mut x902: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x901, &mut x902, 0x0, x898, x895); let mut x903: u32 = 0; let mut x904: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x903, &mut x904, x902, x896, x893); let mut x905: u32 = 0; let mut x906: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x905, &mut x906, x904, x894, x891); let mut x907: u32 = 0; let mut x908: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x907, &mut x908, x906, x892, x889); let mut x909: u32 = 0; let mut x910: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x909, &mut x910, x908, x890, x887); let mut x911: u32 = 0; let mut x912: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x911, &mut x912, x910, x888, x885); let mut x913: u32 = 0; let mut x914: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x913, &mut x914, x912, x886, x883); let mut x915: u32 = 0; let mut x916: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x915, &mut x916, x914, x884, x881); let x917: u32 = ((x916 as u32) + x882); let mut x918: u32 = 0; let mut x919: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x918, &mut x919, 0x0, x855, x899); let mut x920: u32 = 0; let mut x921: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x920, &mut x921, x919, x857, x900); let mut x922: u32 = 0; let mut x923: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x922, &mut x923, x921, x859, (0x0 as u32)); let mut x924: u32 = 0; let mut x925: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x924, &mut x925, x923, x861, x897); let mut x926: u32 = 0; let mut x927: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x926, &mut x927, x925, x863, x901); let mut x928: u32 = 0; let mut x929: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x928, &mut x929, x927, x865, x903); let mut x930: u32 = 0; let mut x931: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x930, &mut x931, x929, x867, x905); let mut x932: u32 = 0; let mut x933: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x932, &mut x933, x931, x869, x907); let mut x934: u32 = 0; let mut x935: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x934, &mut x935, x933, x871, x909); let mut x936: u32 = 0; let mut x937: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x936, &mut x937, x935, x873, x911); let mut x938: u32 = 0; let mut x939: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x938, &mut x939, x937, x875, x913); let mut x940: u32 = 0; let mut x941: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x940, &mut x941, x939, x877, x915); let mut x942: u32 = 0; let mut x943: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x942, &mut x943, x941, x879, x917); let x944: u32 = ((x943 as u32) + (x880 as u32)); let mut x945: u32 = 0; let mut x946: u32 = 0; fiat_p384_mulx_u32(&mut x945, &mut x946, x7, (arg1[11])); let mut x947: u32 = 0; let mut x948: u32 = 0; fiat_p384_mulx_u32(&mut x947, &mut x948, x7, (arg1[10])); let mut x949: u32 = 0; let mut x950: u32 = 0; fiat_p384_mulx_u32(&mut x949, &mut x950, x7, (arg1[9])); let mut x951: u32 = 0; let mut x952: u32 = 0; fiat_p384_mulx_u32(&mut x951, &mut x952, x7, (arg1[8])); let mut x953: u32 = 0; let mut x954: u32 = 0; fiat_p384_mulx_u32(&mut x953, &mut x954, x7, (arg1[7])); let mut x955: u32 = 0; let mut x956: u32 = 0; fiat_p384_mulx_u32(&mut x955, &mut x956, x7, (arg1[6])); let mut x957: u32 = 0; let mut x958: u32 = 0; fiat_p384_mulx_u32(&mut x957, &mut x958, x7, (arg1[5])); let mut x959: u32 = 0; let mut x960: u32 = 0; fiat_p384_mulx_u32(&mut x959, &mut x960, x7, (arg1[4])); let mut x961: u32 = 0; let mut x962: u32 = 0; fiat_p384_mulx_u32(&mut x961, &mut x962, x7, (arg1[3])); let mut x963: u32 = 0; let mut x964: u32 = 0; fiat_p384_mulx_u32(&mut x963, &mut x964, x7, (arg1[2])); let mut x965: u32 = 0; let mut x966: u32 = 0; fiat_p384_mulx_u32(&mut x965, &mut x966, x7, (arg1[1])); let mut x967: u32 = 0; let mut x968: u32 = 0; fiat_p384_mulx_u32(&mut x967, &mut x968, x7, (arg1[0])); let mut x969: u32 = 0; let mut x970: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x969, &mut x970, 0x0, x968, x965); let mut x971: u32 = 0; let mut x972: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x971, &mut x972, x970, x966, x963); let mut x973: u32 = 0; let mut x974: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x973, &mut x974, x972, x964, x961); let mut x975: u32 = 0; let mut x976: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x975, &mut x976, x974, x962, x959); let mut x977: u32 = 0; let mut x978: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x977, &mut x978, x976, x960, x957); let mut x979: u32 = 0; let mut x980: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x979, &mut x980, x978, x958, x955); let mut x981: u32 = 0; let mut x982: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x981, &mut x982, x980, x956, x953); let mut x983: u32 = 0; let mut x984: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x983, &mut x984, x982, x954, x951); let mut x985: u32 = 0; let mut x986: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x985, &mut x986, x984, x952, x949); let mut x987: u32 = 0; let mut x988: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x987, &mut x988, x986, x950, x947); let mut x989: u32 = 0; let mut x990: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x989, &mut x990, x988, x948, x945); let x991: u32 = ((x990 as u32) + x946); let mut x992: u32 = 0; let mut x993: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x992, &mut x993, 0x0, x920, x967); let mut x994: u32 = 0; let mut x995: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x994, &mut x995, x993, x922, x969); let mut x996: u32 = 0; let mut x997: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x996, &mut x997, x995, x924, x971); let mut x998: u32 = 0; let mut x999: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x998, &mut x999, x997, x926, x973); let mut x1000: u32 = 0; let mut x1001: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1000, &mut x1001, x999, x928, x975); let mut x1002: u32 = 0; let mut x1003: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1002, &mut x1003, x1001, x930, x977); let mut x1004: u32 = 0; let mut x1005: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1004, &mut x1005, x1003, x932, x979); let mut x1006: u32 = 0; let mut x1007: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1006, &mut x1007, x1005, x934, x981); let mut x1008: u32 = 0; let mut x1009: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1008, &mut x1009, x1007, x936, x983); let mut x1010: u32 = 0; let mut x1011: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1010, &mut x1011, x1009, x938, x985); let mut x1012: u32 = 0; let mut x1013: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1012, &mut x1013, x1011, x940, x987); let mut x1014: u32 = 0; let mut x1015: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1014, &mut x1015, x1013, x942, x989); let mut x1016: u32 = 0; let mut x1017: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1016, &mut x1017, x1015, x944, x991); let mut x1018: u32 = 0; let mut x1019: u32 = 0; fiat_p384_mulx_u32(&mut x1018, &mut x1019, x992, 0xffffffff); let mut x1020: u32 = 0; let mut x1021: u32 = 0; fiat_p384_mulx_u32(&mut x1020, &mut x1021, x992, 0xffffffff); let mut x1022: u32 = 0; let mut x1023: u32 = 0; fiat_p384_mulx_u32(&mut x1022, &mut x1023, x992, 0xffffffff); let mut x1024: u32 = 0; let mut x1025: u32 = 0; fiat_p384_mulx_u32(&mut x1024, &mut x1025, x992, 0xffffffff); let mut x1026: u32 = 0; let mut x1027: u32 = 0; fiat_p384_mulx_u32(&mut x1026, &mut x1027, x992, 0xffffffff); let mut x1028: u32 = 0; let mut x1029: u32 = 0; fiat_p384_mulx_u32(&mut x1028, &mut x1029, x992, 0xffffffff); let mut x1030: u32 = 0; let mut x1031: u32 = 0; fiat_p384_mulx_u32(&mut x1030, &mut x1031, x992, 0xffffffff); let mut x1032: u32 = 0; let mut x1033: u32 = 0; fiat_p384_mulx_u32(&mut x1032, &mut x1033, x992, 0xfffffffe); let mut x1034: u32 = 0; let mut x1035: u32 = 0; fiat_p384_mulx_u32(&mut x1034, &mut x1035, x992, 0xffffffff); let mut x1036: u32 = 0; let mut x1037: u32 = 0; fiat_p384_mulx_u32(&mut x1036, &mut x1037, x992, 0xffffffff); let mut x1038: u32 = 0; let mut x1039: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1038, &mut x1039, 0x0, x1035, x1032); let mut x1040: u32 = 0; let mut x1041: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1040, &mut x1041, x1039, x1033, x1030); let mut x1042: u32 = 0; let mut x1043: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1042, &mut x1043, x1041, x1031, x1028); let mut x1044: u32 = 0; let mut x1045: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1044, &mut x1045, x1043, x1029, x1026); let mut x1046: u32 = 0; let mut x1047: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1046, &mut x1047, x1045, x1027, x1024); let mut x1048: u32 = 0; let mut x1049: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1048, &mut x1049, x1047, x1025, x1022); let mut x1050: u32 = 0; let mut x1051: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1050, &mut x1051, x1049, x1023, x1020); let mut x1052: u32 = 0; let mut x1053: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1052, &mut x1053, x1051, x1021, x1018); let x1054: u32 = ((x1053 as u32) + x1019); let mut x1055: u32 = 0; let mut x1056: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1055, &mut x1056, 0x0, x992, x1036); let mut x1057: u32 = 0; let mut x1058: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1057, &mut x1058, x1056, x994, x1037); let mut x1059: u32 = 0; let mut x1060: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1059, &mut x1060, x1058, x996, (0x0 as u32)); let mut x1061: u32 = 0; let mut x1062: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1061, &mut x1062, x1060, x998, x1034); let mut x1063: u32 = 0; let mut x1064: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1063, &mut x1064, x1062, x1000, x1038); let mut x1065: u32 = 0; let mut x1066: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1065, &mut x1066, x1064, x1002, x1040); let mut x1067: u32 = 0; let mut x1068: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1067, &mut x1068, x1066, x1004, x1042); let mut x1069: u32 = 0; let mut x1070: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1069, &mut x1070, x1068, x1006, x1044); let mut x1071: u32 = 0; let mut x1072: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1071, &mut x1072, x1070, x1008, x1046); let mut x1073: u32 = 0; let mut x1074: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1073, &mut x1074, x1072, x1010, x1048); let mut x1075: u32 = 0; let mut x1076: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1075, &mut x1076, x1074, x1012, x1050); let mut x1077: u32 = 0; let mut x1078: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1077, &mut x1078, x1076, x1014, x1052); let mut x1079: u32 = 0; let mut x1080: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1079, &mut x1080, x1078, x1016, x1054); let x1081: u32 = ((x1080 as u32) + (x1017 as u32)); let mut x1082: u32 = 0; let mut x1083: u32 = 0; fiat_p384_mulx_u32(&mut x1082, &mut x1083, x8, (arg1[11])); let mut x1084: u32 = 0; let mut x1085: u32 = 0; fiat_p384_mulx_u32(&mut x1084, &mut x1085, x8, (arg1[10])); let mut x1086: u32 = 0; let mut x1087: u32 = 0; fiat_p384_mulx_u32(&mut x1086, &mut x1087, x8, (arg1[9])); let mut x1088: u32 = 0; let mut x1089: u32 = 0; fiat_p384_mulx_u32(&mut x1088, &mut x1089, x8, (arg1[8])); let mut x1090: u32 = 0; let mut x1091: u32 = 0; fiat_p384_mulx_u32(&mut x1090, &mut x1091, x8, (arg1[7])); let mut x1092: u32 = 0; let mut x1093: u32 = 0; fiat_p384_mulx_u32(&mut x1092, &mut x1093, x8, (arg1[6])); let mut x1094: u32 = 0; let mut x1095: u32 = 0; fiat_p384_mulx_u32(&mut x1094, &mut x1095, x8, (arg1[5])); let mut x1096: u32 = 0; let mut x1097: u32 = 0; fiat_p384_mulx_u32(&mut x1096, &mut x1097, x8, (arg1[4])); let mut x1098: u32 = 0; let mut x1099: u32 = 0; fiat_p384_mulx_u32(&mut x1098, &mut x1099, x8, (arg1[3])); let mut x1100: u32 = 0; let mut x1101: u32 = 0; fiat_p384_mulx_u32(&mut x1100, &mut x1101, x8, (arg1[2])); let mut x1102: u32 = 0; let mut x1103: u32 = 0; fiat_p384_mulx_u32(&mut x1102, &mut x1103, x8, (arg1[1])); let mut x1104: u32 = 0; let mut x1105: u32 = 0; fiat_p384_mulx_u32(&mut x1104, &mut x1105, x8, (arg1[0])); let mut x1106: u32 = 0; let mut x1107: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1106, &mut x1107, 0x0, x1105, x1102); let mut x1108: u32 = 0; let mut x1109: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1108, &mut x1109, x1107, x1103, x1100); let mut x1110: u32 = 0; let mut x1111: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1110, &mut x1111, x1109, x1101, x1098); let mut x1112: u32 = 0; let mut x1113: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1112, &mut x1113, x1111, x1099, x1096); let mut x1114: u32 = 0; let mut x1115: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1114, &mut x1115, x1113, x1097, x1094); let mut x1116: u32 = 0; let mut x1117: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1116, &mut x1117, x1115, x1095, x1092); let mut x1118: u32 = 0; let mut x1119: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1118, &mut x1119, x1117, x1093, x1090); let mut x1120: u32 = 0; let mut x1121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1120, &mut x1121, x1119, x1091, x1088); let mut x1122: u32 = 0; let mut x1123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1122, &mut x1123, x1121, x1089, x1086); let mut x1124: u32 = 0; let mut x1125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1124, &mut x1125, x1123, x1087, x1084); let mut x1126: u32 = 0; let mut x1127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1126, &mut x1127, x1125, x1085, x1082); let x1128: u32 = ((x1127 as u32) + x1083); let mut x1129: u32 = 0; let mut x1130: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1129, &mut x1130, 0x0, x1057, x1104); let mut x1131: u32 = 0; let mut x1132: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1131, &mut x1132, x1130, x1059, x1106); let mut x1133: u32 = 0; let mut x1134: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1133, &mut x1134, x1132, x1061, x1108); let mut x1135: u32 = 0; let mut x1136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1135, &mut x1136, x1134, x1063, x1110); let mut x1137: u32 = 0; let mut x1138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1137, &mut x1138, x1136, x1065, x1112); let mut x1139: u32 = 0; let mut x1140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1139, &mut x1140, x1138, x1067, x1114); let mut x1141: u32 = 0; let mut x1142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1141, &mut x1142, x1140, x1069, x1116); let mut x1143: u32 = 0; let mut x1144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1143, &mut x1144, x1142, x1071, x1118); let mut x1145: u32 = 0; let mut x1146: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1145, &mut x1146, x1144, x1073, x1120); let mut x1147: u32 = 0; let mut x1148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1147, &mut x1148, x1146, x1075, x1122); let mut x1149: u32 = 0; let mut x1150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1149, &mut x1150, x1148, x1077, x1124); let mut x1151: u32 = 0; let mut x1152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1151, &mut x1152, x1150, x1079, x1126); let mut x1153: u32 = 0; let mut x1154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1153, &mut x1154, x1152, x1081, x1128); let mut x1155: u32 = 0; let mut x1156: u32 = 0; fiat_p384_mulx_u32(&mut x1155, &mut x1156, x1129, 0xffffffff); let mut x1157: u32 = 0; let mut x1158: u32 = 0; fiat_p384_mulx_u32(&mut x1157, &mut x1158, x1129, 0xffffffff); let mut x1159: u32 = 0; let mut x1160: u32 = 0; fiat_p384_mulx_u32(&mut x1159, &mut x1160, x1129, 0xffffffff); let mut x1161: u32 = 0; let mut x1162: u32 = 0; fiat_p384_mulx_u32(&mut x1161, &mut x1162, x1129, 0xffffffff); let mut x1163: u32 = 0; let mut x1164: u32 = 0; fiat_p384_mulx_u32(&mut x1163, &mut x1164, x1129, 0xffffffff); let mut x1165: u32 = 0; let mut x1166: u32 = 0; fiat_p384_mulx_u32(&mut x1165, &mut x1166, x1129, 0xffffffff); let mut x1167: u32 = 0; let mut x1168: u32 = 0; fiat_p384_mulx_u32(&mut x1167, &mut x1168, x1129, 0xffffffff); let mut x1169: u32 = 0; let mut x1170: u32 = 0; fiat_p384_mulx_u32(&mut x1169, &mut x1170, x1129, 0xfffffffe); let mut x1171: u32 = 0; let mut x1172: u32 = 0; fiat_p384_mulx_u32(&mut x1171, &mut x1172, x1129, 0xffffffff); let mut x1173: u32 = 0; let mut x1174: u32 = 0; fiat_p384_mulx_u32(&mut x1173, &mut x1174, x1129, 0xffffffff); let mut x1175: u32 = 0; let mut x1176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1175, &mut x1176, 0x0, x1172, x1169); let mut x1177: u32 = 0; let mut x1178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1177, &mut x1178, x1176, x1170, x1167); let mut x1179: u32 = 0; let mut x1180: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1179, &mut x1180, x1178, x1168, x1165); let mut x1181: u32 = 0; let mut x1182: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1181, &mut x1182, x1180, x1166, x1163); let mut x1183: u32 = 0; let mut x1184: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1183, &mut x1184, x1182, x1164, x1161); let mut x1185: u32 = 0; let mut x1186: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1185, &mut x1186, x1184, x1162, x1159); let mut x1187: u32 = 0; let mut x1188: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1187, &mut x1188, x1186, x1160, x1157); let mut x1189: u32 = 0; let mut x1190: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1189, &mut x1190, x1188, x1158, x1155); let x1191: u32 = ((x1190 as u32) + x1156); let mut x1192: u32 = 0; let mut x1193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1192, &mut x1193, 0x0, x1129, x1173); let mut x1194: u32 = 0; let mut x1195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1194, &mut x1195, x1193, x1131, x1174); let mut x1196: u32 = 0; let mut x1197: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1196, &mut x1197, x1195, x1133, (0x0 as u32)); let mut x1198: u32 = 0; let mut x1199: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1198, &mut x1199, x1197, x1135, x1171); let mut x1200: u32 = 0; let mut x1201: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1200, &mut x1201, x1199, x1137, x1175); let mut x1202: u32 = 0; let mut x1203: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1202, &mut x1203, x1201, x1139, x1177); let mut x1204: u32 = 0; let mut x1205: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1204, &mut x1205, x1203, x1141, x1179); let mut x1206: u32 = 0; let mut x1207: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1206, &mut x1207, x1205, x1143, x1181); let mut x1208: u32 = 0; let mut x1209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1208, &mut x1209, x1207, x1145, x1183); let mut x1210: u32 = 0; let mut x1211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1210, &mut x1211, x1209, x1147, x1185); let mut x1212: u32 = 0; let mut x1213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1212, &mut x1213, x1211, x1149, x1187); let mut x1214: u32 = 0; let mut x1215: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1214, &mut x1215, x1213, x1151, x1189); let mut x1216: u32 = 0; let mut x1217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1216, &mut x1217, x1215, x1153, x1191); let x1218: u32 = ((x1217 as u32) + (x1154 as u32)); let mut x1219: u32 = 0; let mut x1220: u32 = 0; fiat_p384_mulx_u32(&mut x1219, &mut x1220, x9, (arg1[11])); let mut x1221: u32 = 0; let mut x1222: u32 = 0; fiat_p384_mulx_u32(&mut x1221, &mut x1222, x9, (arg1[10])); let mut x1223: u32 = 0; let mut x1224: u32 = 0; fiat_p384_mulx_u32(&mut x1223, &mut x1224, x9, (arg1[9])); let mut x1225: u32 = 0; let mut x1226: u32 = 0; fiat_p384_mulx_u32(&mut x1225, &mut x1226, x9, (arg1[8])); let mut x1227: u32 = 0; let mut x1228: u32 = 0; fiat_p384_mulx_u32(&mut x1227, &mut x1228, x9, (arg1[7])); let mut x1229: u32 = 0; let mut x1230: u32 = 0; fiat_p384_mulx_u32(&mut x1229, &mut x1230, x9, (arg1[6])); let mut x1231: u32 = 0; let mut x1232: u32 = 0; fiat_p384_mulx_u32(&mut x1231, &mut x1232, x9, (arg1[5])); let mut x1233: u32 = 0; let mut x1234: u32 = 0; fiat_p384_mulx_u32(&mut x1233, &mut x1234, x9, (arg1[4])); let mut x1235: u32 = 0; let mut x1236: u32 = 0; fiat_p384_mulx_u32(&mut x1235, &mut x1236, x9, (arg1[3])); let mut x1237: u32 = 0; let mut x1238: u32 = 0; fiat_p384_mulx_u32(&mut x1237, &mut x1238, x9, (arg1[2])); let mut x1239: u32 = 0; let mut x1240: u32 = 0; fiat_p384_mulx_u32(&mut x1239, &mut x1240, x9, (arg1[1])); let mut x1241: u32 = 0; let mut x1242: u32 = 0; fiat_p384_mulx_u32(&mut x1241, &mut x1242, x9, (arg1[0])); let mut x1243: u32 = 0; let mut x1244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1243, &mut x1244, 0x0, x1242, x1239); let mut x1245: u32 = 0; let mut x1246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1245, &mut x1246, x1244, x1240, x1237); let mut x1247: u32 = 0; let mut x1248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1247, &mut x1248, x1246, x1238, x1235); let mut x1249: u32 = 0; let mut x1250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1249, &mut x1250, x1248, x1236, x1233); let mut x1251: u32 = 0; let mut x1252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1251, &mut x1252, x1250, x1234, x1231); let mut x1253: u32 = 0; let mut x1254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1253, &mut x1254, x1252, x1232, x1229); let mut x1255: u32 = 0; let mut x1256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1255, &mut x1256, x1254, x1230, x1227); let mut x1257: u32 = 0; let mut x1258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1257, &mut x1258, x1256, x1228, x1225); let mut x1259: u32 = 0; let mut x1260: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1259, &mut x1260, x1258, x1226, x1223); let mut x1261: u32 = 0; let mut x1262: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1261, &mut x1262, x1260, x1224, x1221); let mut x1263: u32 = 0; let mut x1264: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1263, &mut x1264, x1262, x1222, x1219); let x1265: u32 = ((x1264 as u32) + x1220); let mut x1266: u32 = 0; let mut x1267: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1266, &mut x1267, 0x0, x1194, x1241); let mut x1268: u32 = 0; let mut x1269: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1268, &mut x1269, x1267, x1196, x1243); let mut x1270: u32 = 0; let mut x1271: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1270, &mut x1271, x1269, x1198, x1245); let mut x1272: u32 = 0; let mut x1273: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1272, &mut x1273, x1271, x1200, x1247); let mut x1274: u32 = 0; let mut x1275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1274, &mut x1275, x1273, x1202, x1249); let mut x1276: u32 = 0; let mut x1277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1276, &mut x1277, x1275, x1204, x1251); let mut x1278: u32 = 0; let mut x1279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1278, &mut x1279, x1277, x1206, x1253); let mut x1280: u32 = 0; let mut x1281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1280, &mut x1281, x1279, x1208, x1255); let mut x1282: u32 = 0; let mut x1283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1282, &mut x1283, x1281, x1210, x1257); let mut x1284: u32 = 0; let mut x1285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1284, &mut x1285, x1283, x1212, x1259); let mut x1286: u32 = 0; let mut x1287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1286, &mut x1287, x1285, x1214, x1261); let mut x1288: u32 = 0; let mut x1289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1288, &mut x1289, x1287, x1216, x1263); let mut x1290: u32 = 0; let mut x1291: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1290, &mut x1291, x1289, x1218, x1265); let mut x1292: u32 = 0; let mut x1293: u32 = 0; fiat_p384_mulx_u32(&mut x1292, &mut x1293, x1266, 0xffffffff); let mut x1294: u32 = 0; let mut x1295: u32 = 0; fiat_p384_mulx_u32(&mut x1294, &mut x1295, x1266, 0xffffffff); let mut x1296: u32 = 0; let mut x1297: u32 = 0; fiat_p384_mulx_u32(&mut x1296, &mut x1297, x1266, 0xffffffff); let mut x1298: u32 = 0; let mut x1299: u32 = 0; fiat_p384_mulx_u32(&mut x1298, &mut x1299, x1266, 0xffffffff); let mut x1300: u32 = 0; let mut x1301: u32 = 0; fiat_p384_mulx_u32(&mut x1300, &mut x1301, x1266, 0xffffffff); let mut x1302: u32 = 0; let mut x1303: u32 = 0; fiat_p384_mulx_u32(&mut x1302, &mut x1303, x1266, 0xffffffff); let mut x1304: u32 = 0; let mut x1305: u32 = 0; fiat_p384_mulx_u32(&mut x1304, &mut x1305, x1266, 0xffffffff); let mut x1306: u32 = 0; let mut x1307: u32 = 0; fiat_p384_mulx_u32(&mut x1306, &mut x1307, x1266, 0xfffffffe); let mut x1308: u32 = 0; let mut x1309: u32 = 0; fiat_p384_mulx_u32(&mut x1308, &mut x1309, x1266, 0xffffffff); let mut x1310: u32 = 0; let mut x1311: u32 = 0; fiat_p384_mulx_u32(&mut x1310, &mut x1311, x1266, 0xffffffff); let mut x1312: u32 = 0; let mut x1313: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1312, &mut x1313, 0x0, x1309, x1306); let mut x1314: u32 = 0; let mut x1315: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1314, &mut x1315, x1313, x1307, x1304); let mut x1316: u32 = 0; let mut x1317: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1316, &mut x1317, x1315, x1305, x1302); let mut x1318: u32 = 0; let mut x1319: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1318, &mut x1319, x1317, x1303, x1300); let mut x1320: u32 = 0; let mut x1321: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1320, &mut x1321, x1319, x1301, x1298); let mut x1322: u32 = 0; let mut x1323: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1322, &mut x1323, x1321, x1299, x1296); let mut x1324: u32 = 0; let mut x1325: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1324, &mut x1325, x1323, x1297, x1294); let mut x1326: u32 = 0; let mut x1327: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1326, &mut x1327, x1325, x1295, x1292); let x1328: u32 = ((x1327 as u32) + x1293); let mut x1329: u32 = 0; let mut x1330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1329, &mut x1330, 0x0, x1266, x1310); let mut x1331: u32 = 0; let mut x1332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1331, &mut x1332, x1330, x1268, x1311); let mut x1333: u32 = 0; let mut x1334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1333, &mut x1334, x1332, x1270, (0x0 as u32)); let mut x1335: u32 = 0; let mut x1336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1335, &mut x1336, x1334, x1272, x1308); let mut x1337: u32 = 0; let mut x1338: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1337, &mut x1338, x1336, x1274, x1312); let mut x1339: u32 = 0; let mut x1340: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1339, &mut x1340, x1338, x1276, x1314); let mut x1341: u32 = 0; let mut x1342: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1341, &mut x1342, x1340, x1278, x1316); let mut x1343: u32 = 0; let mut x1344: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1343, &mut x1344, x1342, x1280, x1318); let mut x1345: u32 = 0; let mut x1346: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1345, &mut x1346, x1344, x1282, x1320); let mut x1347: u32 = 0; let mut x1348: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1347, &mut x1348, x1346, x1284, x1322); let mut x1349: u32 = 0; let mut x1350: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1349, &mut x1350, x1348, x1286, x1324); let mut x1351: u32 = 0; let mut x1352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1351, &mut x1352, x1350, x1288, x1326); let mut x1353: u32 = 0; let mut x1354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1353, &mut x1354, x1352, x1290, x1328); let x1355: u32 = ((x1354 as u32) + (x1291 as u32)); let mut x1356: u32 = 0; let mut x1357: u32 = 0; fiat_p384_mulx_u32(&mut x1356, &mut x1357, x10, (arg1[11])); let mut x1358: u32 = 0; let mut x1359: u32 = 0; fiat_p384_mulx_u32(&mut x1358, &mut x1359, x10, (arg1[10])); let mut x1360: u32 = 0; let mut x1361: u32 = 0; fiat_p384_mulx_u32(&mut x1360, &mut x1361, x10, (arg1[9])); let mut x1362: u32 = 0; let mut x1363: u32 = 0; fiat_p384_mulx_u32(&mut x1362, &mut x1363, x10, (arg1[8])); let mut x1364: u32 = 0; let mut x1365: u32 = 0; fiat_p384_mulx_u32(&mut x1364, &mut x1365, x10, (arg1[7])); let mut x1366: u32 = 0; let mut x1367: u32 = 0; fiat_p384_mulx_u32(&mut x1366, &mut x1367, x10, (arg1[6])); let mut x1368: u32 = 0; let mut x1369: u32 = 0; fiat_p384_mulx_u32(&mut x1368, &mut x1369, x10, (arg1[5])); let mut x1370: u32 = 0; let mut x1371: u32 = 0; fiat_p384_mulx_u32(&mut x1370, &mut x1371, x10, (arg1[4])); let mut x1372: u32 = 0; let mut x1373: u32 = 0; fiat_p384_mulx_u32(&mut x1372, &mut x1373, x10, (arg1[3])); let mut x1374: u32 = 0; let mut x1375: u32 = 0; fiat_p384_mulx_u32(&mut x1374, &mut x1375, x10, (arg1[2])); let mut x1376: u32 = 0; let mut x1377: u32 = 0; fiat_p384_mulx_u32(&mut x1376, &mut x1377, x10, (arg1[1])); let mut x1378: u32 = 0; let mut x1379: u32 = 0; fiat_p384_mulx_u32(&mut x1378, &mut x1379, x10, (arg1[0])); let mut x1380: u32 = 0; let mut x1381: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1380, &mut x1381, 0x0, x1379, x1376); let mut x1382: u32 = 0; let mut x1383: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1382, &mut x1383, x1381, x1377, x1374); let mut x1384: u32 = 0; let mut x1385: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1384, &mut x1385, x1383, x1375, x1372); let mut x1386: u32 = 0; let mut x1387: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1386, &mut x1387, x1385, x1373, x1370); let mut x1388: u32 = 0; let mut x1389: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1388, &mut x1389, x1387, x1371, x1368); let mut x1390: u32 = 0; let mut x1391: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1390, &mut x1391, x1389, x1369, x1366); let mut x1392: u32 = 0; let mut x1393: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1392, &mut x1393, x1391, x1367, x1364); let mut x1394: u32 = 0; let mut x1395: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1394, &mut x1395, x1393, x1365, x1362); let mut x1396: u32 = 0; let mut x1397: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1396, &mut x1397, x1395, x1363, x1360); let mut x1398: u32 = 0; let mut x1399: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1398, &mut x1399, x1397, x1361, x1358); let mut x1400: u32 = 0; let mut x1401: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1400, &mut x1401, x1399, x1359, x1356); let x1402: u32 = ((x1401 as u32) + x1357); let mut x1403: u32 = 0; let mut x1404: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1403, &mut x1404, 0x0, x1331, x1378); let mut x1405: u32 = 0; let mut x1406: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1405, &mut x1406, x1404, x1333, x1380); let mut x1407: u32 = 0; let mut x1408: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1407, &mut x1408, x1406, x1335, x1382); let mut x1409: u32 = 0; let mut x1410: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1409, &mut x1410, x1408, x1337, x1384); let mut x1411: u32 = 0; let mut x1412: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1411, &mut x1412, x1410, x1339, x1386); let mut x1413: u32 = 0; let mut x1414: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1413, &mut x1414, x1412, x1341, x1388); let mut x1415: u32 = 0; let mut x1416: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1415, &mut x1416, x1414, x1343, x1390); let mut x1417: u32 = 0; let mut x1418: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1417, &mut x1418, x1416, x1345, x1392); let mut x1419: u32 = 0; let mut x1420: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1419, &mut x1420, x1418, x1347, x1394); let mut x1421: u32 = 0; let mut x1422: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1421, &mut x1422, x1420, x1349, x1396); let mut x1423: u32 = 0; let mut x1424: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1423, &mut x1424, x1422, x1351, x1398); let mut x1425: u32 = 0; let mut x1426: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1425, &mut x1426, x1424, x1353, x1400); let mut x1427: u32 = 0; let mut x1428: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1427, &mut x1428, x1426, x1355, x1402); let mut x1429: u32 = 0; let mut x1430: u32 = 0; fiat_p384_mulx_u32(&mut x1429, &mut x1430, x1403, 0xffffffff); let mut x1431: u32 = 0; let mut x1432: u32 = 0; fiat_p384_mulx_u32(&mut x1431, &mut x1432, x1403, 0xffffffff); let mut x1433: u32 = 0; let mut x1434: u32 = 0; fiat_p384_mulx_u32(&mut x1433, &mut x1434, x1403, 0xffffffff); let mut x1435: u32 = 0; let mut x1436: u32 = 0; fiat_p384_mulx_u32(&mut x1435, &mut x1436, x1403, 0xffffffff); let mut x1437: u32 = 0; let mut x1438: u32 = 0; fiat_p384_mulx_u32(&mut x1437, &mut x1438, x1403, 0xffffffff); let mut x1439: u32 = 0; let mut x1440: u32 = 0; fiat_p384_mulx_u32(&mut x1439, &mut x1440, x1403, 0xffffffff); let mut x1441: u32 = 0; let mut x1442: u32 = 0; fiat_p384_mulx_u32(&mut x1441, &mut x1442, x1403, 0xffffffff); let mut x1443: u32 = 0; let mut x1444: u32 = 0; fiat_p384_mulx_u32(&mut x1443, &mut x1444, x1403, 0xfffffffe); let mut x1445: u32 = 0; let mut x1446: u32 = 0; fiat_p384_mulx_u32(&mut x1445, &mut x1446, x1403, 0xffffffff); let mut x1447: u32 = 0; let mut x1448: u32 = 0; fiat_p384_mulx_u32(&mut x1447, &mut x1448, x1403, 0xffffffff); let mut x1449: u32 = 0; let mut x1450: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1449, &mut x1450, 0x0, x1446, x1443); let mut x1451: u32 = 0; let mut x1452: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1451, &mut x1452, x1450, x1444, x1441); let mut x1453: u32 = 0; let mut x1454: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1453, &mut x1454, x1452, x1442, x1439); let mut x1455: u32 = 0; let mut x1456: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1455, &mut x1456, x1454, x1440, x1437); let mut x1457: u32 = 0; let mut x1458: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1457, &mut x1458, x1456, x1438, x1435); let mut x1459: u32 = 0; let mut x1460: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1459, &mut x1460, x1458, x1436, x1433); let mut x1461: u32 = 0; let mut x1462: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1461, &mut x1462, x1460, x1434, x1431); let mut x1463: u32 = 0; let mut x1464: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1463, &mut x1464, x1462, x1432, x1429); let x1465: u32 = ((x1464 as u32) + x1430); let mut x1466: u32 = 0; let mut x1467: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1466, &mut x1467, 0x0, x1403, x1447); let mut x1468: u32 = 0; let mut x1469: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1468, &mut x1469, x1467, x1405, x1448); let mut x1470: u32 = 0; let mut x1471: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1470, &mut x1471, x1469, x1407, (0x0 as u32)); let mut x1472: u32 = 0; let mut x1473: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1472, &mut x1473, x1471, x1409, x1445); let mut x1474: u32 = 0; let mut x1475: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1474, &mut x1475, x1473, x1411, x1449); let mut x1476: u32 = 0; let mut x1477: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1476, &mut x1477, x1475, x1413, x1451); let mut x1478: u32 = 0; let mut x1479: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1478, &mut x1479, x1477, x1415, x1453); let mut x1480: u32 = 0; let mut x1481: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1480, &mut x1481, x1479, x1417, x1455); let mut x1482: u32 = 0; let mut x1483: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1482, &mut x1483, x1481, x1419, x1457); let mut x1484: u32 = 0; let mut x1485: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1484, &mut x1485, x1483, x1421, x1459); let mut x1486: u32 = 0; let mut x1487: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1486, &mut x1487, x1485, x1423, x1461); let mut x1488: u32 = 0; let mut x1489: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1488, &mut x1489, x1487, x1425, x1463); let mut x1490: u32 = 0; let mut x1491: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1490, &mut x1491, x1489, x1427, x1465); let x1492: u32 = ((x1491 as u32) + (x1428 as u32)); let mut x1493: u32 = 0; let mut x1494: u32 = 0; fiat_p384_mulx_u32(&mut x1493, &mut x1494, x11, (arg1[11])); let mut x1495: u32 = 0; let mut x1496: u32 = 0; fiat_p384_mulx_u32(&mut x1495, &mut x1496, x11, (arg1[10])); let mut x1497: u32 = 0; let mut x1498: u32 = 0; fiat_p384_mulx_u32(&mut x1497, &mut x1498, x11, (arg1[9])); let mut x1499: u32 = 0; let mut x1500: u32 = 0; fiat_p384_mulx_u32(&mut x1499, &mut x1500, x11, (arg1[8])); let mut x1501: u32 = 0; let mut x1502: u32 = 0; fiat_p384_mulx_u32(&mut x1501, &mut x1502, x11, (arg1[7])); let mut x1503: u32 = 0; let mut x1504: u32 = 0; fiat_p384_mulx_u32(&mut x1503, &mut x1504, x11, (arg1[6])); let mut x1505: u32 = 0; let mut x1506: u32 = 0; fiat_p384_mulx_u32(&mut x1505, &mut x1506, x11, (arg1[5])); let mut x1507: u32 = 0; let mut x1508: u32 = 0; fiat_p384_mulx_u32(&mut x1507, &mut x1508, x11, (arg1[4])); let mut x1509: u32 = 0; let mut x1510: u32 = 0; fiat_p384_mulx_u32(&mut x1509, &mut x1510, x11, (arg1[3])); let mut x1511: u32 = 0; let mut x1512: u32 = 0; fiat_p384_mulx_u32(&mut x1511, &mut x1512, x11, (arg1[2])); let mut x1513: u32 = 0; let mut x1514: u32 = 0; fiat_p384_mulx_u32(&mut x1513, &mut x1514, x11, (arg1[1])); let mut x1515: u32 = 0; let mut x1516: u32 = 0; fiat_p384_mulx_u32(&mut x1515, &mut x1516, x11, (arg1[0])); let mut x1517: u32 = 0; let mut x1518: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1517, &mut x1518, 0x0, x1516, x1513); let mut x1519: u32 = 0; let mut x1520: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1519, &mut x1520, x1518, x1514, x1511); let mut x1521: u32 = 0; let mut x1522: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1521, &mut x1522, x1520, x1512, x1509); let mut x1523: u32 = 0; let mut x1524: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1523, &mut x1524, x1522, x1510, x1507); let mut x1525: u32 = 0; let mut x1526: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1525, &mut x1526, x1524, x1508, x1505); let mut x1527: u32 = 0; let mut x1528: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1527, &mut x1528, x1526, x1506, x1503); let mut x1529: u32 = 0; let mut x1530: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1529, &mut x1530, x1528, x1504, x1501); let mut x1531: u32 = 0; let mut x1532: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1531, &mut x1532, x1530, x1502, x1499); let mut x1533: u32 = 0; let mut x1534: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1533, &mut x1534, x1532, x1500, x1497); let mut x1535: u32 = 0; let mut x1536: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1535, &mut x1536, x1534, x1498, x1495); let mut x1537: u32 = 0; let mut x1538: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1537, &mut x1538, x1536, x1496, x1493); let x1539: u32 = ((x1538 as u32) + x1494); let mut x1540: u32 = 0; let mut x1541: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1540, &mut x1541, 0x0, x1468, x1515); let mut x1542: u32 = 0; let mut x1543: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1542, &mut x1543, x1541, x1470, x1517); let mut x1544: u32 = 0; let mut x1545: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1544, &mut x1545, x1543, x1472, x1519); let mut x1546: u32 = 0; let mut x1547: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1546, &mut x1547, x1545, x1474, x1521); let mut x1548: u32 = 0; let mut x1549: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1548, &mut x1549, x1547, x1476, x1523); let mut x1550: u32 = 0; let mut x1551: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1550, &mut x1551, x1549, x1478, x1525); let mut x1552: u32 = 0; let mut x1553: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1552, &mut x1553, x1551, x1480, x1527); let mut x1554: u32 = 0; let mut x1555: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1554, &mut x1555, x1553, x1482, x1529); let mut x1556: u32 = 0; let mut x1557: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1556, &mut x1557, x1555, x1484, x1531); let mut x1558: u32 = 0; let mut x1559: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1558, &mut x1559, x1557, x1486, x1533); let mut x1560: u32 = 0; let mut x1561: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1560, &mut x1561, x1559, x1488, x1535); let mut x1562: u32 = 0; let mut x1563: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1562, &mut x1563, x1561, x1490, x1537); let mut x1564: u32 = 0; let mut x1565: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1564, &mut x1565, x1563, x1492, x1539); let mut x1566: u32 = 0; let mut x1567: u32 = 0; fiat_p384_mulx_u32(&mut x1566, &mut x1567, x1540, 0xffffffff); let mut x1568: u32 = 0; let mut x1569: u32 = 0; fiat_p384_mulx_u32(&mut x1568, &mut x1569, x1540, 0xffffffff); let mut x1570: u32 = 0; let mut x1571: u32 = 0; fiat_p384_mulx_u32(&mut x1570, &mut x1571, x1540, 0xffffffff); let mut x1572: u32 = 0; let mut x1573: u32 = 0; fiat_p384_mulx_u32(&mut x1572, &mut x1573, x1540, 0xffffffff); let mut x1574: u32 = 0; let mut x1575: u32 = 0; fiat_p384_mulx_u32(&mut x1574, &mut x1575, x1540, 0xffffffff); let mut x1576: u32 = 0; let mut x1577: u32 = 0; fiat_p384_mulx_u32(&mut x1576, &mut x1577, x1540, 0xffffffff); let mut x1578: u32 = 0; let mut x1579: u32 = 0; fiat_p384_mulx_u32(&mut x1578, &mut x1579, x1540, 0xffffffff); let mut x1580: u32 = 0; let mut x1581: u32 = 0; fiat_p384_mulx_u32(&mut x1580, &mut x1581, x1540, 0xfffffffe); let mut x1582: u32 = 0; let mut x1583: u32 = 0; fiat_p384_mulx_u32(&mut x1582, &mut x1583, x1540, 0xffffffff); let mut x1584: u32 = 0; let mut x1585: u32 = 0; fiat_p384_mulx_u32(&mut x1584, &mut x1585, x1540, 0xffffffff); let mut x1586: u32 = 0; let mut x1587: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1586, &mut x1587, 0x0, x1583, x1580); let mut x1588: u32 = 0; let mut x1589: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1588, &mut x1589, x1587, x1581, x1578); let mut x1590: u32 = 0; let mut x1591: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1590, &mut x1591, x1589, x1579, x1576); let mut x1592: u32 = 0; let mut x1593: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1592, &mut x1593, x1591, x1577, x1574); let mut x1594: u32 = 0; let mut x1595: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1594, &mut x1595, x1593, x1575, x1572); let mut x1596: u32 = 0; let mut x1597: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1596, &mut x1597, x1595, x1573, x1570); let mut x1598: u32 = 0; let mut x1599: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1598, &mut x1599, x1597, x1571, x1568); let mut x1600: u32 = 0; let mut x1601: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1600, &mut x1601, x1599, x1569, x1566); let x1602: u32 = ((x1601 as u32) + x1567); let mut x1603: u32 = 0; let mut x1604: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1603, &mut x1604, 0x0, x1540, x1584); let mut x1605: u32 = 0; let mut x1606: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1605, &mut x1606, x1604, x1542, x1585); let mut x1607: u32 = 0; let mut x1608: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1607, &mut x1608, x1606, x1544, (0x0 as u32)); let mut x1609: u32 = 0; let mut x1610: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1609, &mut x1610, x1608, x1546, x1582); let mut x1611: u32 = 0; let mut x1612: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1611, &mut x1612, x1610, x1548, x1586); let mut x1613: u32 = 0; let mut x1614: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1613, &mut x1614, x1612, x1550, x1588); let mut x1615: u32 = 0; let mut x1616: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1615, &mut x1616, x1614, x1552, x1590); let mut x1617: u32 = 0; let mut x1618: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1617, &mut x1618, x1616, x1554, x1592); let mut x1619: u32 = 0; let mut x1620: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1619, &mut x1620, x1618, x1556, x1594); let mut x1621: u32 = 0; let mut x1622: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1621, &mut x1622, x1620, x1558, x1596); let mut x1623: u32 = 0; let mut x1624: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1623, &mut x1624, x1622, x1560, x1598); let mut x1625: u32 = 0; let mut x1626: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1625, &mut x1626, x1624, x1562, x1600); let mut x1627: u32 = 0; let mut x1628: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1627, &mut x1628, x1626, x1564, x1602); let x1629: u32 = ((x1628 as u32) + (x1565 as u32)); let mut x1630: u32 = 0; let mut x1631: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1630, &mut x1631, 0x0, x1605, 0xffffffff); let mut x1632: u32 = 0; let mut x1633: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1632, &mut x1633, x1631, x1607, (0x0 as u32)); let mut x1634: u32 = 0; let mut x1635: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1634, &mut x1635, x1633, x1609, (0x0 as u32)); let mut x1636: u32 = 0; let mut x1637: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1636, &mut x1637, x1635, x1611, 0xffffffff); let mut x1638: u32 = 0; let mut x1639: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1638, &mut x1639, x1637, x1613, 0xfffffffe); let mut x1640: u32 = 0; let mut x1641: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1640, &mut x1641, x1639, x1615, 0xffffffff); let mut x1642: u32 = 0; let mut x1643: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1642, &mut x1643, x1641, x1617, 0xffffffff); let mut x1644: u32 = 0; let mut x1645: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1644, &mut x1645, x1643, x1619, 0xffffffff); let mut x1646: u32 = 0; let mut x1647: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1646, &mut x1647, x1645, x1621, 0xffffffff); let mut x1648: u32 = 0; let mut x1649: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1648, &mut x1649, x1647, x1623, 0xffffffff); let mut x1650: u32 = 0; let mut x1651: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1650, &mut x1651, x1649, x1625, 0xffffffff); let mut x1652: u32 = 0; let mut x1653: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1652, &mut x1653, x1651, x1627, 0xffffffff); let mut x1654: u32 = 0; let mut x1655: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1654, &mut x1655, x1653, x1629, (0x0 as u32)); let mut x1656: u32 = 0; fiat_p384_cmovznz_u32(&mut x1656, x1655, x1630, x1605); let mut x1657: u32 = 0; fiat_p384_cmovznz_u32(&mut x1657, x1655, x1632, x1607); let mut x1658: u32 = 0; fiat_p384_cmovznz_u32(&mut x1658, x1655, x1634, x1609); let mut x1659: u32 = 0; fiat_p384_cmovznz_u32(&mut x1659, x1655, x1636, x1611); let mut x1660: u32 = 0; fiat_p384_cmovznz_u32(&mut x1660, x1655, x1638, x1613); let mut x1661: u32 = 0; fiat_p384_cmovznz_u32(&mut x1661, x1655, x1640, x1615); let mut x1662: u32 = 0; fiat_p384_cmovznz_u32(&mut x1662, x1655, x1642, x1617); let mut x1663: u32 = 0; fiat_p384_cmovznz_u32(&mut x1663, x1655, x1644, x1619); let mut x1664: u32 = 0; fiat_p384_cmovznz_u32(&mut x1664, x1655, x1646, x1621); let mut x1665: u32 = 0; fiat_p384_cmovznz_u32(&mut x1665, x1655, x1648, x1623); let mut x1666: u32 = 0; fiat_p384_cmovznz_u32(&mut x1666, x1655, x1650, x1625); let mut x1667: u32 = 0; fiat_p384_cmovznz_u32(&mut x1667, x1655, x1652, x1627); out1[0] = x1656; out1[1] = x1657; out1[2] = x1658; out1[3] = x1659; out1[4] = x1660; out1[5] = x1661; out1[6] = x1662; out1[7] = x1663; out1[8] = x1664; out1[9] = x1665; out1[10] = x1666; out1[11] = x1667; } /// The function fiat_p384_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_add(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x17, &mut x18, x16, (arg1[8]), (arg2[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x19, &mut x20, x18, (arg1[9]), (arg2[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x21, &mut x22, x20, (arg1[10]), (arg2[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x23, &mut x24, x22, (arg1[11]), (arg2[11])); let mut x25: u32 = 0; let mut x26: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x25, &mut x26, 0x0, x1, 0xffffffff); let mut x27: u32 = 0; let mut x28: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x27, &mut x28, x26, x3, (0x0 as u32)); let mut x29: u32 = 0; let mut x30: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x29, &mut x30, x28, x5, (0x0 as u32)); let mut x31: u32 = 0; let mut x32: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x31, &mut x32, x30, x7, 0xffffffff); let mut x33: u32 = 0; let mut x34: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x33, &mut x34, x32, x9, 0xfffffffe); let mut x35: u32 = 0; let mut x36: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x35, &mut x36, x34, x11, 0xffffffff); let mut x37: u32 = 0; let mut x38: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x37, &mut x38, x36, x13, 0xffffffff); let mut x39: u32 = 0; let mut x40: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x39, &mut x40, x38, x15, 0xffffffff); let mut x41: u32 = 0; let mut x42: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x41, &mut x42, x40, x17, 0xffffffff); let mut x43: u32 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x43, &mut x44, x42, x19, 0xffffffff); let mut x45: u32 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x45, &mut x46, x44, x21, 0xffffffff); let mut x47: u32 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x47, &mut x48, x46, x23, 0xffffffff); let mut x49: u32 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x49, &mut x50, x48, (x24 as u32), (0x0 as u32)); let mut x51: u32 = 0; fiat_p384_cmovznz_u32(&mut x51, x50, x25, x1); let mut x52: u32 = 0; fiat_p384_cmovznz_u32(&mut x52, x50, x27, x3); let mut x53: u32 = 0; fiat_p384_cmovznz_u32(&mut x53, x50, x29, x5); let mut x54: u32 = 0; fiat_p384_cmovznz_u32(&mut x54, x50, x31, x7); let mut x55: u32 = 0; fiat_p384_cmovznz_u32(&mut x55, x50, x33, x9); let mut x56: u32 = 0; fiat_p384_cmovznz_u32(&mut x56, x50, x35, x11); let mut x57: u32 = 0; fiat_p384_cmovznz_u32(&mut x57, x50, x37, x13); let mut x58: u32 = 0; fiat_p384_cmovznz_u32(&mut x58, x50, x39, x15); let mut x59: u32 = 0; fiat_p384_cmovznz_u32(&mut x59, x50, x41, x17); let mut x60: u32 = 0; fiat_p384_cmovznz_u32(&mut x60, x50, x43, x19); let mut x61: u32 = 0; fiat_p384_cmovznz_u32(&mut x61, x50, x45, x21); let mut x62: u32 = 0; fiat_p384_cmovznz_u32(&mut x62, x50, x47, x23); out1[0] = x51; out1[1] = x52; out1[2] = x53; out1[3] = x54; out1[4] = x55; out1[5] = x56; out1[6] = x57; out1[7] = x58; out1[8] = x59; out1[9] = x60; out1[10] = x61; out1[11] = x62; } /// The function fiat_p384_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_sub(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x17, &mut x18, x16, (arg1[8]), (arg2[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x19, &mut x20, x18, (arg1[9]), (arg2[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x21, &mut x22, x20, (arg1[10]), (arg2[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x23, &mut x24, x22, (arg1[11]), (arg2[11])); let mut x25: u32 = 0; fiat_p384_cmovznz_u32(&mut x25, x24, (0x0 as u32), 0xffffffff); let mut x26: u32 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x26, &mut x27, 0x0, x1, x25); let mut x28: u32 = 0; let mut x29: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x28, &mut x29, x27, x3, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x30, &mut x31, x29, x5, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x32, &mut x33, x31, x7, x25); let mut x34: u32 = 0; let mut x35: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x34, &mut x35, x33, x9, (x25 & 0xfffffffe)); let mut x36: u32 = 0; let mut x37: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x36, &mut x37, x35, x11, x25); let mut x38: u32 = 0; let mut x39: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x38, &mut x39, x37, x13, x25); let mut x40: u32 = 0; let mut x41: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x40, &mut x41, x39, x15, x25); let mut x42: u32 = 0; let mut x43: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x42, &mut x43, x41, x17, x25); let mut x44: u32 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x44, &mut x45, x43, x19, x25); let mut x46: u32 = 0; let mut x47: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x46, &mut x47, x45, x21, x25); let mut x48: u32 = 0; let mut x49: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x48, &mut x49, x47, x23, x25); out1[0] = x26; out1[1] = x28; out1[2] = x30; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x38; out1[7] = x40; out1[8] = x42; out1[9] = x44; out1[10] = x46; out1[11] = x48; } /// The function fiat_p384_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_opp(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x17, &mut x18, x16, (0x0 as u32), (arg1[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x19, &mut x20, x18, (0x0 as u32), (arg1[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x21, &mut x22, x20, (0x0 as u32), (arg1[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x23, &mut x24, x22, (0x0 as u32), (arg1[11])); let mut x25: u32 = 0; fiat_p384_cmovznz_u32(&mut x25, x24, (0x0 as u32), 0xffffffff); let mut x26: u32 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x26, &mut x27, 0x0, x1, x25); let mut x28: u32 = 0; let mut x29: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x28, &mut x29, x27, x3, (0x0 as u32)); let mut x30: u32 = 0; let mut x31: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x30, &mut x31, x29, x5, (0x0 as u32)); let mut x32: u32 = 0; let mut x33: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x32, &mut x33, x31, x7, x25); let mut x34: u32 = 0; let mut x35: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x34, &mut x35, x33, x9, (x25 & 0xfffffffe)); let mut x36: u32 = 0; let mut x37: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x36, &mut x37, x35, x11, x25); let mut x38: u32 = 0; let mut x39: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x38, &mut x39, x37, x13, x25); let mut x40: u32 = 0; let mut x41: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x40, &mut x41, x39, x15, x25); let mut x42: u32 = 0; let mut x43: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x42, &mut x43, x41, x17, x25); let mut x44: u32 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x44, &mut x45, x43, x19, x25); let mut x46: u32 = 0; let mut x47: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x46, &mut x47, x45, x21, x25); let mut x48: u32 = 0; let mut x49: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x48, &mut x49, x47, x23, x25); out1[0] = x26; out1[1] = x28; out1[2] = x30; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x38; out1[7] = x40; out1[8] = x42; out1[9] = x44; out1[10] = x46; out1[11] = x48; } /// The function fiat_p384_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^12) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_from_montgomery(out1: &mut fiat_p384_non_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_p384_mulx_u32(&mut x2, &mut x3, x1, 0xffffffff); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_p384_mulx_u32(&mut x4, &mut x5, x1, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_p384_mulx_u32(&mut x6, &mut x7, x1, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p384_mulx_u32(&mut x8, &mut x9, x1, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p384_mulx_u32(&mut x10, &mut x11, x1, 0xffffffff); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p384_mulx_u32(&mut x12, &mut x13, x1, 0xffffffff); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_p384_mulx_u32(&mut x14, &mut x15, x1, 0xffffffff); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_p384_mulx_u32(&mut x16, &mut x17, x1, 0xfffffffe); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_p384_mulx_u32(&mut x18, &mut x19, x1, 0xffffffff); let mut x20: u32 = 0; let mut x21: u32 = 0; fiat_p384_mulx_u32(&mut x20, &mut x21, x1, 0xffffffff); let mut x22: u32 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x22, &mut x23, 0x0, x19, x16); let mut x24: u32 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x24, &mut x25, x23, x17, x14); let mut x26: u32 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x26, &mut x27, x25, x15, x12); let mut x28: u32 = 0; let mut x29: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x28, &mut x29, x27, x13, x10); let mut x30: u32 = 0; let mut x31: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x30, &mut x31, x29, x11, x8); let mut x32: u32 = 0; let mut x33: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x32, &mut x33, x31, x9, x6); let mut x34: u32 = 0; let mut x35: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x34, &mut x35, x33, x7, x4); let mut x36: u32 = 0; let mut x37: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x36, &mut x37, x35, x5, x2); let mut x38: u32 = 0; let mut x39: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x38, &mut x39, 0x0, x1, x20); let mut x40: u32 = 0; let mut x41: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x40, &mut x41, 0x0, ((x39 as u32) + x21), (arg1[1])); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_p384_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_p384_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_p384_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_p384_mulx_u32(&mut x48, &mut x49, x40, 0xffffffff); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_p384_mulx_u32(&mut x50, &mut x51, x40, 0xffffffff); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_p384_mulx_u32(&mut x52, &mut x53, x40, 0xffffffff); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_p384_mulx_u32(&mut x54, &mut x55, x40, 0xffffffff); let mut x56: u32 = 0; let mut x57: u32 = 0; fiat_p384_mulx_u32(&mut x56, &mut x57, x40, 0xfffffffe); let mut x58: u32 = 0; let mut x59: u32 = 0; fiat_p384_mulx_u32(&mut x58, &mut x59, x40, 0xffffffff); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p384_mulx_u32(&mut x60, &mut x61, x40, 0xffffffff); let mut x62: u32 = 0; let mut x63: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x62, &mut x63, 0x0, x59, x56); let mut x64: u32 = 0; let mut x65: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x64, &mut x65, x63, x57, x54); let mut x66: u32 = 0; let mut x67: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x66, &mut x67, x65, x55, x52); let mut x68: u32 = 0; let mut x69: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x68, &mut x69, x67, x53, x50); let mut x70: u32 = 0; let mut x71: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x70, &mut x71, x69, x51, x48); let mut x72: u32 = 0; let mut x73: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x72, &mut x73, x71, x49, x46); let mut x74: u32 = 0; let mut x75: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x74, &mut x75, x73, x47, x44); let mut x76: u32 = 0; let mut x77: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x76, &mut x77, x75, x45, x42); let mut x78: u32 = 0; let mut x79: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x78, &mut x79, 0x0, x40, x60); let mut x80: u32 = 0; let mut x81: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x80, &mut x81, x79, (x41 as u32), x61); let mut x82: u32 = 0; let mut x83: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x82, &mut x83, x81, x18, (0x0 as u32)); let mut x84: u32 = 0; let mut x85: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x84, &mut x85, x83, x22, x58); let mut x86: u32 = 0; let mut x87: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x86, &mut x87, x85, x24, x62); let mut x88: u32 = 0; let mut x89: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x88, &mut x89, x87, x26, x64); let mut x90: u32 = 0; let mut x91: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x90, &mut x91, x89, x28, x66); let mut x92: u32 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x92, &mut x93, x91, x30, x68); let mut x94: u32 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x94, &mut x95, x93, x32, x70); let mut x96: u32 = 0; let mut x97: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x96, &mut x97, x95, x34, x72); let mut x98: u32 = 0; let mut x99: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x98, &mut x99, x97, x36, x74); let mut x100: u32 = 0; let mut x101: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x100, &mut x101, x99, ((x37 as u32) + x3), x76); let mut x102: u32 = 0; let mut x103: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x102, &mut x103, x101, (0x0 as u32), ((x77 as u32) + x43)); let mut x104: u32 = 0; let mut x105: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x104, &mut x105, 0x0, x80, (arg1[2])); let mut x106: u32 = 0; let mut x107: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x106, &mut x107, x105, x82, (0x0 as u32)); let mut x108: u32 = 0; let mut x109: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x108, &mut x109, x107, x84, (0x0 as u32)); let mut x110: u32 = 0; let mut x111: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x110, &mut x111, x109, x86, (0x0 as u32)); let mut x112: u32 = 0; let mut x113: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x112, &mut x113, x111, x88, (0x0 as u32)); let mut x114: u32 = 0; let mut x115: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x114, &mut x115, x113, x90, (0x0 as u32)); let mut x116: u32 = 0; let mut x117: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x116, &mut x117, x115, x92, (0x0 as u32)); let mut x118: u32 = 0; let mut x119: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x118, &mut x119, x117, x94, (0x0 as u32)); let mut x120: u32 = 0; let mut x121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x120, &mut x121, x119, x96, (0x0 as u32)); let mut x122: u32 = 0; let mut x123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x122, &mut x123, x121, x98, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x124, &mut x125, x123, x100, (0x0 as u32)); let mut x126: u32 = 0; let mut x127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x126, &mut x127, x125, x102, (0x0 as u32)); let mut x128: u32 = 0; let mut x129: u32 = 0; fiat_p384_mulx_u32(&mut x128, &mut x129, x104, 0xffffffff); let mut x130: u32 = 0; let mut x131: u32 = 0; fiat_p384_mulx_u32(&mut x130, &mut x131, x104, 0xffffffff); let mut x132: u32 = 0; let mut x133: u32 = 0; fiat_p384_mulx_u32(&mut x132, &mut x133, x104, 0xffffffff); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_p384_mulx_u32(&mut x134, &mut x135, x104, 0xffffffff); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_p384_mulx_u32(&mut x136, &mut x137, x104, 0xffffffff); let mut x138: u32 = 0; let mut x139: u32 = 0; fiat_p384_mulx_u32(&mut x138, &mut x139, x104, 0xffffffff); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_p384_mulx_u32(&mut x140, &mut x141, x104, 0xffffffff); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_p384_mulx_u32(&mut x142, &mut x143, x104, 0xfffffffe); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_p384_mulx_u32(&mut x144, &mut x145, x104, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_p384_mulx_u32(&mut x146, &mut x147, x104, 0xffffffff); let mut x148: u32 = 0; let mut x149: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x148, &mut x149, 0x0, x145, x142); let mut x150: u32 = 0; let mut x151: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x150, &mut x151, x149, x143, x140); let mut x152: u32 = 0; let mut x153: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x152, &mut x153, x151, x141, x138); let mut x154: u32 = 0; let mut x155: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x154, &mut x155, x153, x139, x136); let mut x156: u32 = 0; let mut x157: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x156, &mut x157, x155, x137, x134); let mut x158: u32 = 0; let mut x159: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x158, &mut x159, x157, x135, x132); let mut x160: u32 = 0; let mut x161: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x160, &mut x161, x159, x133, x130); let mut x162: u32 = 0; let mut x163: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x162, &mut x163, x161, x131, x128); let mut x164: u32 = 0; let mut x165: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x164, &mut x165, 0x0, x104, x146); let mut x166: u32 = 0; let mut x167: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x166, &mut x167, x165, x106, x147); let mut x168: u32 = 0; let mut x169: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x168, &mut x169, x167, x108, (0x0 as u32)); let mut x170: u32 = 0; let mut x171: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x170, &mut x171, x169, x110, x144); let mut x172: u32 = 0; let mut x173: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x172, &mut x173, x171, x112, x148); let mut x174: u32 = 0; let mut x175: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x174, &mut x175, x173, x114, x150); let mut x176: u32 = 0; let mut x177: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x176, &mut x177, x175, x116, x152); let mut x178: u32 = 0; let mut x179: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x178, &mut x179, x177, x118, x154); let mut x180: u32 = 0; let mut x181: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x180, &mut x181, x179, x120, x156); let mut x182: u32 = 0; let mut x183: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x182, &mut x183, x181, x122, x158); let mut x184: u32 = 0; let mut x185: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x184, &mut x185, x183, x124, x160); let mut x186: u32 = 0; let mut x187: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x186, &mut x187, x185, x126, x162); let mut x188: u32 = 0; let mut x189: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x188, &mut x189, x187, ((x127 as u32) + (x103 as u32)), ((x163 as u32) + x129)); let mut x190: u32 = 0; let mut x191: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x190, &mut x191, 0x0, x166, (arg1[3])); let mut x192: u32 = 0; let mut x193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x192, &mut x193, x191, x168, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x194, &mut x195, x193, x170, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x196, &mut x197, x195, x172, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x198, &mut x199, x197, x174, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x200, &mut x201, x199, x176, (0x0 as u32)); let mut x202: u32 = 0; let mut x203: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x202, &mut x203, x201, x178, (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x204, &mut x205, x203, x180, (0x0 as u32)); let mut x206: u32 = 0; let mut x207: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x206, &mut x207, x205, x182, (0x0 as u32)); let mut x208: u32 = 0; let mut x209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x208, &mut x209, x207, x184, (0x0 as u32)); let mut x210: u32 = 0; let mut x211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x210, &mut x211, x209, x186, (0x0 as u32)); let mut x212: u32 = 0; let mut x213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x212, &mut x213, x211, x188, (0x0 as u32)); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_mulx_u32(&mut x214, &mut x215, x190, 0xffffffff); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_p384_mulx_u32(&mut x216, &mut x217, x190, 0xffffffff); let mut x218: u32 = 0; let mut x219: u32 = 0; fiat_p384_mulx_u32(&mut x218, &mut x219, x190, 0xffffffff); let mut x220: u32 = 0; let mut x221: u32 = 0; fiat_p384_mulx_u32(&mut x220, &mut x221, x190, 0xffffffff); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p384_mulx_u32(&mut x222, &mut x223, x190, 0xffffffff); let mut x224: u32 = 0; let mut x225: u32 = 0; fiat_p384_mulx_u32(&mut x224, &mut x225, x190, 0xffffffff); let mut x226: u32 = 0; let mut x227: u32 = 0; fiat_p384_mulx_u32(&mut x226, &mut x227, x190, 0xffffffff); let mut x228: u32 = 0; let mut x229: u32 = 0; fiat_p384_mulx_u32(&mut x228, &mut x229, x190, 0xfffffffe); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p384_mulx_u32(&mut x230, &mut x231, x190, 0xffffffff); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p384_mulx_u32(&mut x232, &mut x233, x190, 0xffffffff); let mut x234: u32 = 0; let mut x235: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x234, &mut x235, 0x0, x231, x228); let mut x236: u32 = 0; let mut x237: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x236, &mut x237, x235, x229, x226); let mut x238: u32 = 0; let mut x239: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x238, &mut x239, x237, x227, x224); let mut x240: u32 = 0; let mut x241: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x240, &mut x241, x239, x225, x222); let mut x242: u32 = 0; let mut x243: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x242, &mut x243, x241, x223, x220); let mut x244: u32 = 0; let mut x245: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x244, &mut x245, x243, x221, x218); let mut x246: u32 = 0; let mut x247: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x246, &mut x247, x245, x219, x216); let mut x248: u32 = 0; let mut x249: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x248, &mut x249, x247, x217, x214); let mut x250: u32 = 0; let mut x251: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x250, &mut x251, 0x0, x190, x232); let mut x252: u32 = 0; let mut x253: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x252, &mut x253, x251, x192, x233); let mut x254: u32 = 0; let mut x255: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x254, &mut x255, x253, x194, (0x0 as u32)); let mut x256: u32 = 0; let mut x257: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x256, &mut x257, x255, x196, x230); let mut x258: u32 = 0; let mut x259: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x258, &mut x259, x257, x198, x234); let mut x260: u32 = 0; let mut x261: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x260, &mut x261, x259, x200, x236); let mut x262: u32 = 0; let mut x263: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x262, &mut x263, x261, x202, x238); let mut x264: u32 = 0; let mut x265: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x264, &mut x265, x263, x204, x240); let mut x266: u32 = 0; let mut x267: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x266, &mut x267, x265, x206, x242); let mut x268: u32 = 0; let mut x269: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x268, &mut x269, x267, x208, x244); let mut x270: u32 = 0; let mut x271: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x270, &mut x271, x269, x210, x246); let mut x272: u32 = 0; let mut x273: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x272, &mut x273, x271, x212, x248); let mut x274: u32 = 0; let mut x275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x274, &mut x275, x273, ((x213 as u32) + (x189 as u32)), ((x249 as u32) + x215)); let mut x276: u32 = 0; let mut x277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x276, &mut x277, 0x0, x252, (arg1[4])); let mut x278: u32 = 0; let mut x279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x278, &mut x279, x277, x254, (0x0 as u32)); let mut x280: u32 = 0; let mut x281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x280, &mut x281, x279, x256, (0x0 as u32)); let mut x282: u32 = 0; let mut x283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x282, &mut x283, x281, x258, (0x0 as u32)); let mut x284: u32 = 0; let mut x285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x284, &mut x285, x283, x260, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x286, &mut x287, x285, x262, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x288, &mut x289, x287, x264, (0x0 as u32)); let mut x290: u32 = 0; let mut x291: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x290, &mut x291, x289, x266, (0x0 as u32)); let mut x292: u32 = 0; let mut x293: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x292, &mut x293, x291, x268, (0x0 as u32)); let mut x294: u32 = 0; let mut x295: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x294, &mut x295, x293, x270, (0x0 as u32)); let mut x296: u32 = 0; let mut x297: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x296, &mut x297, x295, x272, (0x0 as u32)); let mut x298: u32 = 0; let mut x299: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x298, &mut x299, x297, x274, (0x0 as u32)); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_p384_mulx_u32(&mut x300, &mut x301, x276, 0xffffffff); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_p384_mulx_u32(&mut x302, &mut x303, x276, 0xffffffff); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_p384_mulx_u32(&mut x304, &mut x305, x276, 0xffffffff); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_p384_mulx_u32(&mut x306, &mut x307, x276, 0xffffffff); let mut x308: u32 = 0; let mut x309: u32 = 0; fiat_p384_mulx_u32(&mut x308, &mut x309, x276, 0xffffffff); let mut x310: u32 = 0; let mut x311: u32 = 0; fiat_p384_mulx_u32(&mut x310, &mut x311, x276, 0xffffffff); let mut x312: u32 = 0; let mut x313: u32 = 0; fiat_p384_mulx_u32(&mut x312, &mut x313, x276, 0xffffffff); let mut x314: u32 = 0; let mut x315: u32 = 0; fiat_p384_mulx_u32(&mut x314, &mut x315, x276, 0xfffffffe); let mut x316: u32 = 0; let mut x317: u32 = 0; fiat_p384_mulx_u32(&mut x316, &mut x317, x276, 0xffffffff); let mut x318: u32 = 0; let mut x319: u32 = 0; fiat_p384_mulx_u32(&mut x318, &mut x319, x276, 0xffffffff); let mut x320: u32 = 0; let mut x321: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x320, &mut x321, 0x0, x317, x314); let mut x322: u32 = 0; let mut x323: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x322, &mut x323, x321, x315, x312); let mut x324: u32 = 0; let mut x325: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x324, &mut x325, x323, x313, x310); let mut x326: u32 = 0; let mut x327: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x326, &mut x327, x325, x311, x308); let mut x328: u32 = 0; let mut x329: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x328, &mut x329, x327, x309, x306); let mut x330: u32 = 0; let mut x331: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x330, &mut x331, x329, x307, x304); let mut x332: u32 = 0; let mut x333: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x332, &mut x333, x331, x305, x302); let mut x334: u32 = 0; let mut x335: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x334, &mut x335, x333, x303, x300); let mut x336: u32 = 0; let mut x337: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x336, &mut x337, 0x0, x276, x318); let mut x338: u32 = 0; let mut x339: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x338, &mut x339, x337, x278, x319); let mut x340: u32 = 0; let mut x341: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x340, &mut x341, x339, x280, (0x0 as u32)); let mut x342: u32 = 0; let mut x343: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x342, &mut x343, x341, x282, x316); let mut x344: u32 = 0; let mut x345: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x344, &mut x345, x343, x284, x320); let mut x346: u32 = 0; let mut x347: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x346, &mut x347, x345, x286, x322); let mut x348: u32 = 0; let mut x349: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x348, &mut x349, x347, x288, x324); let mut x350: u32 = 0; let mut x351: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x350, &mut x351, x349, x290, x326); let mut x352: u32 = 0; let mut x353: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x352, &mut x353, x351, x292, x328); let mut x354: u32 = 0; let mut x355: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x354, &mut x355, x353, x294, x330); let mut x356: u32 = 0; let mut x357: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x356, &mut x357, x355, x296, x332); let mut x358: u32 = 0; let mut x359: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x358, &mut x359, x357, x298, x334); let mut x360: u32 = 0; let mut x361: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x360, &mut x361, x359, ((x299 as u32) + (x275 as u32)), ((x335 as u32) + x301)); let mut x362: u32 = 0; let mut x363: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x362, &mut x363, 0x0, x338, (arg1[5])); let mut x364: u32 = 0; let mut x365: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x364, &mut x365, x363, x340, (0x0 as u32)); let mut x366: u32 = 0; let mut x367: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x366, &mut x367, x365, x342, (0x0 as u32)); let mut x368: u32 = 0; let mut x369: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x368, &mut x369, x367, x344, (0x0 as u32)); let mut x370: u32 = 0; let mut x371: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x370, &mut x371, x369, x346, (0x0 as u32)); let mut x372: u32 = 0; let mut x373: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x372, &mut x373, x371, x348, (0x0 as u32)); let mut x374: u32 = 0; let mut x375: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x374, &mut x375, x373, x350, (0x0 as u32)); let mut x376: u32 = 0; let mut x377: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x376, &mut x377, x375, x352, (0x0 as u32)); let mut x378: u32 = 0; let mut x379: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x378, &mut x379, x377, x354, (0x0 as u32)); let mut x380: u32 = 0; let mut x381: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x380, &mut x381, x379, x356, (0x0 as u32)); let mut x382: u32 = 0; let mut x383: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x382, &mut x383, x381, x358, (0x0 as u32)); let mut x384: u32 = 0; let mut x385: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x384, &mut x385, x383, x360, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: u32 = 0; fiat_p384_mulx_u32(&mut x386, &mut x387, x362, 0xffffffff); let mut x388: u32 = 0; let mut x389: u32 = 0; fiat_p384_mulx_u32(&mut x388, &mut x389, x362, 0xffffffff); let mut x390: u32 = 0; let mut x391: u32 = 0; fiat_p384_mulx_u32(&mut x390, &mut x391, x362, 0xffffffff); let mut x392: u32 = 0; let mut x393: u32 = 0; fiat_p384_mulx_u32(&mut x392, &mut x393, x362, 0xffffffff); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_p384_mulx_u32(&mut x394, &mut x395, x362, 0xffffffff); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_p384_mulx_u32(&mut x396, &mut x397, x362, 0xffffffff); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_p384_mulx_u32(&mut x398, &mut x399, x362, 0xffffffff); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_p384_mulx_u32(&mut x400, &mut x401, x362, 0xfffffffe); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_p384_mulx_u32(&mut x402, &mut x403, x362, 0xffffffff); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_p384_mulx_u32(&mut x404, &mut x405, x362, 0xffffffff); let mut x406: u32 = 0; let mut x407: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x406, &mut x407, 0x0, x403, x400); let mut x408: u32 = 0; let mut x409: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x408, &mut x409, x407, x401, x398); let mut x410: u32 = 0; let mut x411: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x410, &mut x411, x409, x399, x396); let mut x412: u32 = 0; let mut x413: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x412, &mut x413, x411, x397, x394); let mut x414: u32 = 0; let mut x415: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x414, &mut x415, x413, x395, x392); let mut x416: u32 = 0; let mut x417: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x416, &mut x417, x415, x393, x390); let mut x418: u32 = 0; let mut x419: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x418, &mut x419, x417, x391, x388); let mut x420: u32 = 0; let mut x421: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x420, &mut x421, x419, x389, x386); let mut x422: u32 = 0; let mut x423: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x422, &mut x423, 0x0, x362, x404); let mut x424: u32 = 0; let mut x425: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x424, &mut x425, x423, x364, x405); let mut x426: u32 = 0; let mut x427: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x426, &mut x427, x425, x366, (0x0 as u32)); let mut x428: u32 = 0; let mut x429: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x428, &mut x429, x427, x368, x402); let mut x430: u32 = 0; let mut x431: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x430, &mut x431, x429, x370, x406); let mut x432: u32 = 0; let mut x433: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x432, &mut x433, x431, x372, x408); let mut x434: u32 = 0; let mut x435: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x434, &mut x435, x433, x374, x410); let mut x436: u32 = 0; let mut x437: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x436, &mut x437, x435, x376, x412); let mut x438: u32 = 0; let mut x439: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x438, &mut x439, x437, x378, x414); let mut x440: u32 = 0; let mut x441: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x440, &mut x441, x439, x380, x416); let mut x442: u32 = 0; let mut x443: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x442, &mut x443, x441, x382, x418); let mut x444: u32 = 0; let mut x445: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x444, &mut x445, x443, x384, x420); let mut x446: u32 = 0; let mut x447: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x446, &mut x447, x445, ((x385 as u32) + (x361 as u32)), ((x421 as u32) + x387)); let mut x448: u32 = 0; let mut x449: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x448, &mut x449, 0x0, x424, (arg1[6])); let mut x450: u32 = 0; let mut x451: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x450, &mut x451, x449, x426, (0x0 as u32)); let mut x452: u32 = 0; let mut x453: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x452, &mut x453, x451, x428, (0x0 as u32)); let mut x454: u32 = 0; let mut x455: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x454, &mut x455, x453, x430, (0x0 as u32)); let mut x456: u32 = 0; let mut x457: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x456, &mut x457, x455, x432, (0x0 as u32)); let mut x458: u32 = 0; let mut x459: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x458, &mut x459, x457, x434, (0x0 as u32)); let mut x460: u32 = 0; let mut x461: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x460, &mut x461, x459, x436, (0x0 as u32)); let mut x462: u32 = 0; let mut x463: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x462, &mut x463, x461, x438, (0x0 as u32)); let mut x464: u32 = 0; let mut x465: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x464, &mut x465, x463, x440, (0x0 as u32)); let mut x466: u32 = 0; let mut x467: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x466, &mut x467, x465, x442, (0x0 as u32)); let mut x468: u32 = 0; let mut x469: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x468, &mut x469, x467, x444, (0x0 as u32)); let mut x470: u32 = 0; let mut x471: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x470, &mut x471, x469, x446, (0x0 as u32)); let mut x472: u32 = 0; let mut x473: u32 = 0; fiat_p384_mulx_u32(&mut x472, &mut x473, x448, 0xffffffff); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_p384_mulx_u32(&mut x474, &mut x475, x448, 0xffffffff); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_p384_mulx_u32(&mut x476, &mut x477, x448, 0xffffffff); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_p384_mulx_u32(&mut x478, &mut x479, x448, 0xffffffff); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_p384_mulx_u32(&mut x480, &mut x481, x448, 0xffffffff); let mut x482: u32 = 0; let mut x483: u32 = 0; fiat_p384_mulx_u32(&mut x482, &mut x483, x448, 0xffffffff); let mut x484: u32 = 0; let mut x485: u32 = 0; fiat_p384_mulx_u32(&mut x484, &mut x485, x448, 0xffffffff); let mut x486: u32 = 0; let mut x487: u32 = 0; fiat_p384_mulx_u32(&mut x486, &mut x487, x448, 0xfffffffe); let mut x488: u32 = 0; let mut x489: u32 = 0; fiat_p384_mulx_u32(&mut x488, &mut x489, x448, 0xffffffff); let mut x490: u32 = 0; let mut x491: u32 = 0; fiat_p384_mulx_u32(&mut x490, &mut x491, x448, 0xffffffff); let mut x492: u32 = 0; let mut x493: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x492, &mut x493, 0x0, x489, x486); let mut x494: u32 = 0; let mut x495: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x494, &mut x495, x493, x487, x484); let mut x496: u32 = 0; let mut x497: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x496, &mut x497, x495, x485, x482); let mut x498: u32 = 0; let mut x499: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x498, &mut x499, x497, x483, x480); let mut x500: u32 = 0; let mut x501: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x500, &mut x501, x499, x481, x478); let mut x502: u32 = 0; let mut x503: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x502, &mut x503, x501, x479, x476); let mut x504: u32 = 0; let mut x505: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x504, &mut x505, x503, x477, x474); let mut x506: u32 = 0; let mut x507: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x506, &mut x507, x505, x475, x472); let mut x508: u32 = 0; let mut x509: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x508, &mut x509, 0x0, x448, x490); let mut x510: u32 = 0; let mut x511: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x510, &mut x511, x509, x450, x491); let mut x512: u32 = 0; let mut x513: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x512, &mut x513, x511, x452, (0x0 as u32)); let mut x514: u32 = 0; let mut x515: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x514, &mut x515, x513, x454, x488); let mut x516: u32 = 0; let mut x517: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x516, &mut x517, x515, x456, x492); let mut x518: u32 = 0; let mut x519: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x518, &mut x519, x517, x458, x494); let mut x520: u32 = 0; let mut x521: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x520, &mut x521, x519, x460, x496); let mut x522: u32 = 0; let mut x523: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x522, &mut x523, x521, x462, x498); let mut x524: u32 = 0; let mut x525: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x524, &mut x525, x523, x464, x500); let mut x526: u32 = 0; let mut x527: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x526, &mut x527, x525, x466, x502); let mut x528: u32 = 0; let mut x529: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x528, &mut x529, x527, x468, x504); let mut x530: u32 = 0; let mut x531: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x530, &mut x531, x529, x470, x506); let mut x532: u32 = 0; let mut x533: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x532, &mut x533, x531, ((x471 as u32) + (x447 as u32)), ((x507 as u32) + x473)); let mut x534: u32 = 0; let mut x535: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x534, &mut x535, 0x0, x510, (arg1[7])); let mut x536: u32 = 0; let mut x537: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x536, &mut x537, x535, x512, (0x0 as u32)); let mut x538: u32 = 0; let mut x539: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x538, &mut x539, x537, x514, (0x0 as u32)); let mut x540: u32 = 0; let mut x541: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x540, &mut x541, x539, x516, (0x0 as u32)); let mut x542: u32 = 0; let mut x543: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x542, &mut x543, x541, x518, (0x0 as u32)); let mut x544: u32 = 0; let mut x545: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x544, &mut x545, x543, x520, (0x0 as u32)); let mut x546: u32 = 0; let mut x547: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x546, &mut x547, x545, x522, (0x0 as u32)); let mut x548: u32 = 0; let mut x549: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x548, &mut x549, x547, x524, (0x0 as u32)); let mut x550: u32 = 0; let mut x551: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x550, &mut x551, x549, x526, (0x0 as u32)); let mut x552: u32 = 0; let mut x553: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x552, &mut x553, x551, x528, (0x0 as u32)); let mut x554: u32 = 0; let mut x555: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x554, &mut x555, x553, x530, (0x0 as u32)); let mut x556: u32 = 0; let mut x557: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x556, &mut x557, x555, x532, (0x0 as u32)); let mut x558: u32 = 0; let mut x559: u32 = 0; fiat_p384_mulx_u32(&mut x558, &mut x559, x534, 0xffffffff); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_p384_mulx_u32(&mut x560, &mut x561, x534, 0xffffffff); let mut x562: u32 = 0; let mut x563: u32 = 0; fiat_p384_mulx_u32(&mut x562, &mut x563, x534, 0xffffffff); let mut x564: u32 = 0; let mut x565: u32 = 0; fiat_p384_mulx_u32(&mut x564, &mut x565, x534, 0xffffffff); let mut x566: u32 = 0; let mut x567: u32 = 0; fiat_p384_mulx_u32(&mut x566, &mut x567, x534, 0xffffffff); let mut x568: u32 = 0; let mut x569: u32 = 0; fiat_p384_mulx_u32(&mut x568, &mut x569, x534, 0xffffffff); let mut x570: u32 = 0; let mut x571: u32 = 0; fiat_p384_mulx_u32(&mut x570, &mut x571, x534, 0xffffffff); let mut x572: u32 = 0; let mut x573: u32 = 0; fiat_p384_mulx_u32(&mut x572, &mut x573, x534, 0xfffffffe); let mut x574: u32 = 0; let mut x575: u32 = 0; fiat_p384_mulx_u32(&mut x574, &mut x575, x534, 0xffffffff); let mut x576: u32 = 0; let mut x577: u32 = 0; fiat_p384_mulx_u32(&mut x576, &mut x577, x534, 0xffffffff); let mut x578: u32 = 0; let mut x579: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x578, &mut x579, 0x0, x575, x572); let mut x580: u32 = 0; let mut x581: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x580, &mut x581, x579, x573, x570); let mut x582: u32 = 0; let mut x583: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x582, &mut x583, x581, x571, x568); let mut x584: u32 = 0; let mut x585: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x584, &mut x585, x583, x569, x566); let mut x586: u32 = 0; let mut x587: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x586, &mut x587, x585, x567, x564); let mut x588: u32 = 0; let mut x589: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x588, &mut x589, x587, x565, x562); let mut x590: u32 = 0; let mut x591: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x590, &mut x591, x589, x563, x560); let mut x592: u32 = 0; let mut x593: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x592, &mut x593, x591, x561, x558); let mut x594: u32 = 0; let mut x595: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x594, &mut x595, 0x0, x534, x576); let mut x596: u32 = 0; let mut x597: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x596, &mut x597, x595, x536, x577); let mut x598: u32 = 0; let mut x599: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x598, &mut x599, x597, x538, (0x0 as u32)); let mut x600: u32 = 0; let mut x601: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x600, &mut x601, x599, x540, x574); let mut x602: u32 = 0; let mut x603: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x602, &mut x603, x601, x542, x578); let mut x604: u32 = 0; let mut x605: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x604, &mut x605, x603, x544, x580); let mut x606: u32 = 0; let mut x607: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x606, &mut x607, x605, x546, x582); let mut x608: u32 = 0; let mut x609: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x608, &mut x609, x607, x548, x584); let mut x610: u32 = 0; let mut x611: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x610, &mut x611, x609, x550, x586); let mut x612: u32 = 0; let mut x613: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x612, &mut x613, x611, x552, x588); let mut x614: u32 = 0; let mut x615: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x614, &mut x615, x613, x554, x590); let mut x616: u32 = 0; let mut x617: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x616, &mut x617, x615, x556, x592); let mut x618: u32 = 0; let mut x619: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x618, &mut x619, x617, ((x557 as u32) + (x533 as u32)), ((x593 as u32) + x559)); let mut x620: u32 = 0; let mut x621: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x620, &mut x621, 0x0, x596, (arg1[8])); let mut x622: u32 = 0; let mut x623: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x622, &mut x623, x621, x598, (0x0 as u32)); let mut x624: u32 = 0; let mut x625: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x624, &mut x625, x623, x600, (0x0 as u32)); let mut x626: u32 = 0; let mut x627: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x626, &mut x627, x625, x602, (0x0 as u32)); let mut x628: u32 = 0; let mut x629: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x628, &mut x629, x627, x604, (0x0 as u32)); let mut x630: u32 = 0; let mut x631: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x630, &mut x631, x629, x606, (0x0 as u32)); let mut x632: u32 = 0; let mut x633: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x632, &mut x633, x631, x608, (0x0 as u32)); let mut x634: u32 = 0; let mut x635: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x634, &mut x635, x633, x610, (0x0 as u32)); let mut x636: u32 = 0; let mut x637: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x636, &mut x637, x635, x612, (0x0 as u32)); let mut x638: u32 = 0; let mut x639: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x638, &mut x639, x637, x614, (0x0 as u32)); let mut x640: u32 = 0; let mut x641: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x640, &mut x641, x639, x616, (0x0 as u32)); let mut x642: u32 = 0; let mut x643: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x642, &mut x643, x641, x618, (0x0 as u32)); let mut x644: u32 = 0; let mut x645: u32 = 0; fiat_p384_mulx_u32(&mut x644, &mut x645, x620, 0xffffffff); let mut x646: u32 = 0; let mut x647: u32 = 0; fiat_p384_mulx_u32(&mut x646, &mut x647, x620, 0xffffffff); let mut x648: u32 = 0; let mut x649: u32 = 0; fiat_p384_mulx_u32(&mut x648, &mut x649, x620, 0xffffffff); let mut x650: u32 = 0; let mut x651: u32 = 0; fiat_p384_mulx_u32(&mut x650, &mut x651, x620, 0xffffffff); let mut x652: u32 = 0; let mut x653: u32 = 0; fiat_p384_mulx_u32(&mut x652, &mut x653, x620, 0xffffffff); let mut x654: u32 = 0; let mut x655: u32 = 0; fiat_p384_mulx_u32(&mut x654, &mut x655, x620, 0xffffffff); let mut x656: u32 = 0; let mut x657: u32 = 0; fiat_p384_mulx_u32(&mut x656, &mut x657, x620, 0xffffffff); let mut x658: u32 = 0; let mut x659: u32 = 0; fiat_p384_mulx_u32(&mut x658, &mut x659, x620, 0xfffffffe); let mut x660: u32 = 0; let mut x661: u32 = 0; fiat_p384_mulx_u32(&mut x660, &mut x661, x620, 0xffffffff); let mut x662: u32 = 0; let mut x663: u32 = 0; fiat_p384_mulx_u32(&mut x662, &mut x663, x620, 0xffffffff); let mut x664: u32 = 0; let mut x665: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x664, &mut x665, 0x0, x661, x658); let mut x666: u32 = 0; let mut x667: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x666, &mut x667, x665, x659, x656); let mut x668: u32 = 0; let mut x669: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x668, &mut x669, x667, x657, x654); let mut x670: u32 = 0; let mut x671: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x670, &mut x671, x669, x655, x652); let mut x672: u32 = 0; let mut x673: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x672, &mut x673, x671, x653, x650); let mut x674: u32 = 0; let mut x675: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x674, &mut x675, x673, x651, x648); let mut x676: u32 = 0; let mut x677: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x676, &mut x677, x675, x649, x646); let mut x678: u32 = 0; let mut x679: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x678, &mut x679, x677, x647, x644); let mut x680: u32 = 0; let mut x681: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x680, &mut x681, 0x0, x620, x662); let mut x682: u32 = 0; let mut x683: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x682, &mut x683, x681, x622, x663); let mut x684: u32 = 0; let mut x685: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x684, &mut x685, x683, x624, (0x0 as u32)); let mut x686: u32 = 0; let mut x687: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x686, &mut x687, x685, x626, x660); let mut x688: u32 = 0; let mut x689: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x688, &mut x689, x687, x628, x664); let mut x690: u32 = 0; let mut x691: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x690, &mut x691, x689, x630, x666); let mut x692: u32 = 0; let mut x693: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x692, &mut x693, x691, x632, x668); let mut x694: u32 = 0; let mut x695: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x694, &mut x695, x693, x634, x670); let mut x696: u32 = 0; let mut x697: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x696, &mut x697, x695, x636, x672); let mut x698: u32 = 0; let mut x699: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x698, &mut x699, x697, x638, x674); let mut x700: u32 = 0; let mut x701: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x700, &mut x701, x699, x640, x676); let mut x702: u32 = 0; let mut x703: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x702, &mut x703, x701, x642, x678); let mut x704: u32 = 0; let mut x705: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x704, &mut x705, x703, ((x643 as u32) + (x619 as u32)), ((x679 as u32) + x645)); let mut x706: u32 = 0; let mut x707: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x706, &mut x707, 0x0, x682, (arg1[9])); let mut x708: u32 = 0; let mut x709: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x708, &mut x709, x707, x684, (0x0 as u32)); let mut x710: u32 = 0; let mut x711: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x710, &mut x711, x709, x686, (0x0 as u32)); let mut x712: u32 = 0; let mut x713: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x712, &mut x713, x711, x688, (0x0 as u32)); let mut x714: u32 = 0; let mut x715: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x714, &mut x715, x713, x690, (0x0 as u32)); let mut x716: u32 = 0; let mut x717: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x716, &mut x717, x715, x692, (0x0 as u32)); let mut x718: u32 = 0; let mut x719: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x718, &mut x719, x717, x694, (0x0 as u32)); let mut x720: u32 = 0; let mut x721: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x720, &mut x721, x719, x696, (0x0 as u32)); let mut x722: u32 = 0; let mut x723: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x722, &mut x723, x721, x698, (0x0 as u32)); let mut x724: u32 = 0; let mut x725: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x724, &mut x725, x723, x700, (0x0 as u32)); let mut x726: u32 = 0; let mut x727: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x726, &mut x727, x725, x702, (0x0 as u32)); let mut x728: u32 = 0; let mut x729: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x728, &mut x729, x727, x704, (0x0 as u32)); let mut x730: u32 = 0; let mut x731: u32 = 0; fiat_p384_mulx_u32(&mut x730, &mut x731, x706, 0xffffffff); let mut x732: u32 = 0; let mut x733: u32 = 0; fiat_p384_mulx_u32(&mut x732, &mut x733, x706, 0xffffffff); let mut x734: u32 = 0; let mut x735: u32 = 0; fiat_p384_mulx_u32(&mut x734, &mut x735, x706, 0xffffffff); let mut x736: u32 = 0; let mut x737: u32 = 0; fiat_p384_mulx_u32(&mut x736, &mut x737, x706, 0xffffffff); let mut x738: u32 = 0; let mut x739: u32 = 0; fiat_p384_mulx_u32(&mut x738, &mut x739, x706, 0xffffffff); let mut x740: u32 = 0; let mut x741: u32 = 0; fiat_p384_mulx_u32(&mut x740, &mut x741, x706, 0xffffffff); let mut x742: u32 = 0; let mut x743: u32 = 0; fiat_p384_mulx_u32(&mut x742, &mut x743, x706, 0xffffffff); let mut x744: u32 = 0; let mut x745: u32 = 0; fiat_p384_mulx_u32(&mut x744, &mut x745, x706, 0xfffffffe); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_p384_mulx_u32(&mut x746, &mut x747, x706, 0xffffffff); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_p384_mulx_u32(&mut x748, &mut x749, x706, 0xffffffff); let mut x750: u32 = 0; let mut x751: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x750, &mut x751, 0x0, x747, x744); let mut x752: u32 = 0; let mut x753: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x752, &mut x753, x751, x745, x742); let mut x754: u32 = 0; let mut x755: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x754, &mut x755, x753, x743, x740); let mut x756: u32 = 0; let mut x757: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x756, &mut x757, x755, x741, x738); let mut x758: u32 = 0; let mut x759: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x758, &mut x759, x757, x739, x736); let mut x760: u32 = 0; let mut x761: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x760, &mut x761, x759, x737, x734); let mut x762: u32 = 0; let mut x763: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x762, &mut x763, x761, x735, x732); let mut x764: u32 = 0; let mut x765: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x764, &mut x765, x763, x733, x730); let mut x766: u32 = 0; let mut x767: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x766, &mut x767, 0x0, x706, x748); let mut x768: u32 = 0; let mut x769: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x768, &mut x769, x767, x708, x749); let mut x770: u32 = 0; let mut x771: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x770, &mut x771, x769, x710, (0x0 as u32)); let mut x772: u32 = 0; let mut x773: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x772, &mut x773, x771, x712, x746); let mut x774: u32 = 0; let mut x775: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x774, &mut x775, x773, x714, x750); let mut x776: u32 = 0; let mut x777: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x776, &mut x777, x775, x716, x752); let mut x778: u32 = 0; let mut x779: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x778, &mut x779, x777, x718, x754); let mut x780: u32 = 0; let mut x781: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x780, &mut x781, x779, x720, x756); let mut x782: u32 = 0; let mut x783: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x782, &mut x783, x781, x722, x758); let mut x784: u32 = 0; let mut x785: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x784, &mut x785, x783, x724, x760); let mut x786: u32 = 0; let mut x787: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x786, &mut x787, x785, x726, x762); let mut x788: u32 = 0; let mut x789: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x788, &mut x789, x787, x728, x764); let mut x790: u32 = 0; let mut x791: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x790, &mut x791, x789, ((x729 as u32) + (x705 as u32)), ((x765 as u32) + x731)); let mut x792: u32 = 0; let mut x793: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x792, &mut x793, 0x0, x768, (arg1[10])); let mut x794: u32 = 0; let mut x795: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x794, &mut x795, x793, x770, (0x0 as u32)); let mut x796: u32 = 0; let mut x797: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x796, &mut x797, x795, x772, (0x0 as u32)); let mut x798: u32 = 0; let mut x799: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x798, &mut x799, x797, x774, (0x0 as u32)); let mut x800: u32 = 0; let mut x801: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x800, &mut x801, x799, x776, (0x0 as u32)); let mut x802: u32 = 0; let mut x803: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x802, &mut x803, x801, x778, (0x0 as u32)); let mut x804: u32 = 0; let mut x805: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x804, &mut x805, x803, x780, (0x0 as u32)); let mut x806: u32 = 0; let mut x807: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x806, &mut x807, x805, x782, (0x0 as u32)); let mut x808: u32 = 0; let mut x809: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x808, &mut x809, x807, x784, (0x0 as u32)); let mut x810: u32 = 0; let mut x811: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x810, &mut x811, x809, x786, (0x0 as u32)); let mut x812: u32 = 0; let mut x813: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x812, &mut x813, x811, x788, (0x0 as u32)); let mut x814: u32 = 0; let mut x815: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x814, &mut x815, x813, x790, (0x0 as u32)); let mut x816: u32 = 0; let mut x817: u32 = 0; fiat_p384_mulx_u32(&mut x816, &mut x817, x792, 0xffffffff); let mut x818: u32 = 0; let mut x819: u32 = 0; fiat_p384_mulx_u32(&mut x818, &mut x819, x792, 0xffffffff); let mut x820: u32 = 0; let mut x821: u32 = 0; fiat_p384_mulx_u32(&mut x820, &mut x821, x792, 0xffffffff); let mut x822: u32 = 0; let mut x823: u32 = 0; fiat_p384_mulx_u32(&mut x822, &mut x823, x792, 0xffffffff); let mut x824: u32 = 0; let mut x825: u32 = 0; fiat_p384_mulx_u32(&mut x824, &mut x825, x792, 0xffffffff); let mut x826: u32 = 0; let mut x827: u32 = 0; fiat_p384_mulx_u32(&mut x826, &mut x827, x792, 0xffffffff); let mut x828: u32 = 0; let mut x829: u32 = 0; fiat_p384_mulx_u32(&mut x828, &mut x829, x792, 0xffffffff); let mut x830: u32 = 0; let mut x831: u32 = 0; fiat_p384_mulx_u32(&mut x830, &mut x831, x792, 0xfffffffe); let mut x832: u32 = 0; let mut x833: u32 = 0; fiat_p384_mulx_u32(&mut x832, &mut x833, x792, 0xffffffff); let mut x834: u32 = 0; let mut x835: u32 = 0; fiat_p384_mulx_u32(&mut x834, &mut x835, x792, 0xffffffff); let mut x836: u32 = 0; let mut x837: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x836, &mut x837, 0x0, x833, x830); let mut x838: u32 = 0; let mut x839: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x838, &mut x839, x837, x831, x828); let mut x840: u32 = 0; let mut x841: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x840, &mut x841, x839, x829, x826); let mut x842: u32 = 0; let mut x843: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x842, &mut x843, x841, x827, x824); let mut x844: u32 = 0; let mut x845: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x844, &mut x845, x843, x825, x822); let mut x846: u32 = 0; let mut x847: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x846, &mut x847, x845, x823, x820); let mut x848: u32 = 0; let mut x849: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x848, &mut x849, x847, x821, x818); let mut x850: u32 = 0; let mut x851: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x850, &mut x851, x849, x819, x816); let mut x852: u32 = 0; let mut x853: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x852, &mut x853, 0x0, x792, x834); let mut x854: u32 = 0; let mut x855: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x854, &mut x855, x853, x794, x835); let mut x856: u32 = 0; let mut x857: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x856, &mut x857, x855, x796, (0x0 as u32)); let mut x858: u32 = 0; let mut x859: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x858, &mut x859, x857, x798, x832); let mut x860: u32 = 0; let mut x861: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x860, &mut x861, x859, x800, x836); let mut x862: u32 = 0; let mut x863: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x862, &mut x863, x861, x802, x838); let mut x864: u32 = 0; let mut x865: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x864, &mut x865, x863, x804, x840); let mut x866: u32 = 0; let mut x867: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x866, &mut x867, x865, x806, x842); let mut x868: u32 = 0; let mut x869: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x868, &mut x869, x867, x808, x844); let mut x870: u32 = 0; let mut x871: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x870, &mut x871, x869, x810, x846); let mut x872: u32 = 0; let mut x873: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x872, &mut x873, x871, x812, x848); let mut x874: u32 = 0; let mut x875: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x874, &mut x875, x873, x814, x850); let mut x876: u32 = 0; let mut x877: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x876, &mut x877, x875, ((x815 as u32) + (x791 as u32)), ((x851 as u32) + x817)); let mut x878: u32 = 0; let mut x879: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x878, &mut x879, 0x0, x854, (arg1[11])); let mut x880: u32 = 0; let mut x881: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x880, &mut x881, x879, x856, (0x0 as u32)); let mut x882: u32 = 0; let mut x883: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x882, &mut x883, x881, x858, (0x0 as u32)); let mut x884: u32 = 0; let mut x885: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x884, &mut x885, x883, x860, (0x0 as u32)); let mut x886: u32 = 0; let mut x887: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x886, &mut x887, x885, x862, (0x0 as u32)); let mut x888: u32 = 0; let mut x889: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x888, &mut x889, x887, x864, (0x0 as u32)); let mut x890: u32 = 0; let mut x891: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x890, &mut x891, x889, x866, (0x0 as u32)); let mut x892: u32 = 0; let mut x893: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x892, &mut x893, x891, x868, (0x0 as u32)); let mut x894: u32 = 0; let mut x895: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x894, &mut x895, x893, x870, (0x0 as u32)); let mut x896: u32 = 0; let mut x897: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x896, &mut x897, x895, x872, (0x0 as u32)); let mut x898: u32 = 0; let mut x899: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x898, &mut x899, x897, x874, (0x0 as u32)); let mut x900: u32 = 0; let mut x901: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x900, &mut x901, x899, x876, (0x0 as u32)); let mut x902: u32 = 0; let mut x903: u32 = 0; fiat_p384_mulx_u32(&mut x902, &mut x903, x878, 0xffffffff); let mut x904: u32 = 0; let mut x905: u32 = 0; fiat_p384_mulx_u32(&mut x904, &mut x905, x878, 0xffffffff); let mut x906: u32 = 0; let mut x907: u32 = 0; fiat_p384_mulx_u32(&mut x906, &mut x907, x878, 0xffffffff); let mut x908: u32 = 0; let mut x909: u32 = 0; fiat_p384_mulx_u32(&mut x908, &mut x909, x878, 0xffffffff); let mut x910: u32 = 0; let mut x911: u32 = 0; fiat_p384_mulx_u32(&mut x910, &mut x911, x878, 0xffffffff); let mut x912: u32 = 0; let mut x913: u32 = 0; fiat_p384_mulx_u32(&mut x912, &mut x913, x878, 0xffffffff); let mut x914: u32 = 0; let mut x915: u32 = 0; fiat_p384_mulx_u32(&mut x914, &mut x915, x878, 0xffffffff); let mut x916: u32 = 0; let mut x917: u32 = 0; fiat_p384_mulx_u32(&mut x916, &mut x917, x878, 0xfffffffe); let mut x918: u32 = 0; let mut x919: u32 = 0; fiat_p384_mulx_u32(&mut x918, &mut x919, x878, 0xffffffff); let mut x920: u32 = 0; let mut x921: u32 = 0; fiat_p384_mulx_u32(&mut x920, &mut x921, x878, 0xffffffff); let mut x922: u32 = 0; let mut x923: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x922, &mut x923, 0x0, x919, x916); let mut x924: u32 = 0; let mut x925: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x924, &mut x925, x923, x917, x914); let mut x926: u32 = 0; let mut x927: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x926, &mut x927, x925, x915, x912); let mut x928: u32 = 0; let mut x929: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x928, &mut x929, x927, x913, x910); let mut x930: u32 = 0; let mut x931: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x930, &mut x931, x929, x911, x908); let mut x932: u32 = 0; let mut x933: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x932, &mut x933, x931, x909, x906); let mut x934: u32 = 0; let mut x935: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x934, &mut x935, x933, x907, x904); let mut x936: u32 = 0; let mut x937: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x936, &mut x937, x935, x905, x902); let mut x938: u32 = 0; let mut x939: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x938, &mut x939, 0x0, x878, x920); let mut x940: u32 = 0; let mut x941: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x940, &mut x941, x939, x880, x921); let mut x942: u32 = 0; let mut x943: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x942, &mut x943, x941, x882, (0x0 as u32)); let mut x944: u32 = 0; let mut x945: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x944, &mut x945, x943, x884, x918); let mut x946: u32 = 0; let mut x947: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x946, &mut x947, x945, x886, x922); let mut x948: u32 = 0; let mut x949: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x948, &mut x949, x947, x888, x924); let mut x950: u32 = 0; let mut x951: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x950, &mut x951, x949, x890, x926); let mut x952: u32 = 0; let mut x953: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x952, &mut x953, x951, x892, x928); let mut x954: u32 = 0; let mut x955: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x954, &mut x955, x953, x894, x930); let mut x956: u32 = 0; let mut x957: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x956, &mut x957, x955, x896, x932); let mut x958: u32 = 0; let mut x959: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x958, &mut x959, x957, x898, x934); let mut x960: u32 = 0; let mut x961: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x960, &mut x961, x959, x900, x936); let mut x962: u32 = 0; let mut x963: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x962, &mut x963, x961, ((x901 as u32) + (x877 as u32)), ((x937 as u32) + x903)); let mut x964: u32 = 0; let mut x965: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x964, &mut x965, 0x0, x940, 0xffffffff); let mut x966: u32 = 0; let mut x967: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x966, &mut x967, x965, x942, (0x0 as u32)); let mut x968: u32 = 0; let mut x969: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x968, &mut x969, x967, x944, (0x0 as u32)); let mut x970: u32 = 0; let mut x971: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x970, &mut x971, x969, x946, 0xffffffff); let mut x972: u32 = 0; let mut x973: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x972, &mut x973, x971, x948, 0xfffffffe); let mut x974: u32 = 0; let mut x975: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x974, &mut x975, x973, x950, 0xffffffff); let mut x976: u32 = 0; let mut x977: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x976, &mut x977, x975, x952, 0xffffffff); let mut x978: u32 = 0; let mut x979: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x978, &mut x979, x977, x954, 0xffffffff); let mut x980: u32 = 0; let mut x981: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x980, &mut x981, x979, x956, 0xffffffff); let mut x982: u32 = 0; let mut x983: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x982, &mut x983, x981, x958, 0xffffffff); let mut x984: u32 = 0; let mut x985: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x984, &mut x985, x983, x960, 0xffffffff); let mut x986: u32 = 0; let mut x987: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x986, &mut x987, x985, x962, 0xffffffff); let mut x988: u32 = 0; let mut x989: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x988, &mut x989, x987, (x963 as u32), (0x0 as u32)); let mut x990: u32 = 0; fiat_p384_cmovznz_u32(&mut x990, x989, x964, x940); let mut x991: u32 = 0; fiat_p384_cmovznz_u32(&mut x991, x989, x966, x942); let mut x992: u32 = 0; fiat_p384_cmovznz_u32(&mut x992, x989, x968, x944); let mut x993: u32 = 0; fiat_p384_cmovznz_u32(&mut x993, x989, x970, x946); let mut x994: u32 = 0; fiat_p384_cmovznz_u32(&mut x994, x989, x972, x948); let mut x995: u32 = 0; fiat_p384_cmovznz_u32(&mut x995, x989, x974, x950); let mut x996: u32 = 0; fiat_p384_cmovznz_u32(&mut x996, x989, x976, x952); let mut x997: u32 = 0; fiat_p384_cmovznz_u32(&mut x997, x989, x978, x954); let mut x998: u32 = 0; fiat_p384_cmovznz_u32(&mut x998, x989, x980, x956); let mut x999: u32 = 0; fiat_p384_cmovznz_u32(&mut x999, x989, x982, x958); let mut x1000: u32 = 0; fiat_p384_cmovznz_u32(&mut x1000, x989, x984, x960); let mut x1001: u32 = 0; fiat_p384_cmovznz_u32(&mut x1001, x989, x986, x962); out1[0] = x990; out1[1] = x991; out1[2] = x992; out1[3] = x993; out1[4] = x994; out1[5] = x995; out1[6] = x996; out1[7] = x997; out1[8] = x998; out1[9] = x999; out1[10] = x1000; out1[11] = x1001; } /// The function fiat_p384_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_to_montgomery(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_mulx_u32(&mut x13, &mut x14, x12, 0x2); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_mulx_u32(&mut x15, &mut x16, x12, 0xfffffffe); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_mulx_u32(&mut x17, &mut x18, x12, 0x2); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_mulx_u32(&mut x19, &mut x20, x12, 0xfffffffe); let mut x21: u32 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x21, &mut x22, 0x0, ((x14 as fiat_p384_u1) as u32), x12); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_mulx_u32(&mut x23, &mut x24, x12, 0xffffffff); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_mulx_u32(&mut x25, &mut x26, x12, 0xffffffff); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_mulx_u32(&mut x27, &mut x28, x12, 0xffffffff); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_mulx_u32(&mut x29, &mut x30, x12, 0xffffffff); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_mulx_u32(&mut x31, &mut x32, x12, 0xffffffff); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_mulx_u32(&mut x33, &mut x34, x12, 0xffffffff); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_mulx_u32(&mut x35, &mut x36, x12, 0xffffffff); let mut x37: u32 = 0; let mut x38: u32 = 0; fiat_p384_mulx_u32(&mut x37, &mut x38, x12, 0xfffffffe); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_p384_mulx_u32(&mut x39, &mut x40, x12, 0xffffffff); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_p384_mulx_u32(&mut x41, &mut x42, x12, 0xffffffff); let mut x43: u32 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x43, &mut x44, 0x0, x40, x37); let mut x45: u32 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x45, &mut x46, x44, x38, x35); let mut x47: u32 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x47, &mut x48, x46, x36, x33); let mut x49: u32 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x49, &mut x50, x48, x34, x31); let mut x51: u32 = 0; let mut x52: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x51, &mut x52, x50, x32, x29); let mut x53: u32 = 0; let mut x54: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x53, &mut x54, x52, x30, x27); let mut x55: u32 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x55, &mut x56, x54, x28, x25); let mut x57: u32 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x57, &mut x58, x56, x26, x23); let mut x59: u32 = 0; let mut x60: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x59, &mut x60, 0x0, x12, x41); let mut x61: u32 = 0; let mut x62: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x61, &mut x62, x60, x19, x42); let mut x63: u32 = 0; let mut x64: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x63, &mut x64, 0x0, x17, x39); let mut x65: u32 = 0; let mut x66: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x65, &mut x66, x64, ((x18 as fiat_p384_u1) as u32), x43); let mut x67: u32 = 0; let mut x68: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x67, &mut x68, x66, x15, x45); let mut x69: u32 = 0; let mut x70: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x69, &mut x70, x68, x16, x47); let mut x71: u32 = 0; let mut x72: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x71, &mut x72, x70, x13, x49); let mut x73: u32 = 0; let mut x74: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x73, &mut x74, x72, x21, x51); let mut x75: u32 = 0; let mut x76: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x75, &mut x76, x74, (x22 as u32), x53); let mut x77: u32 = 0; let mut x78: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x77, &mut x78, x76, (0x0 as u32), x55); let mut x79: u32 = 0; let mut x80: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x79, &mut x80, x78, (0x0 as u32), x57); let mut x81: u32 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x81, &mut x82, x80, (0x0 as u32), ((x58 as u32) + x24)); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_p384_mulx_u32(&mut x83, &mut x84, x1, 0x2); let mut x85: u32 = 0; let mut x86: u32 = 0; fiat_p384_mulx_u32(&mut x85, &mut x86, x1, 0xfffffffe); let mut x87: u32 = 0; let mut x88: u32 = 0; fiat_p384_mulx_u32(&mut x87, &mut x88, x1, 0x2); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_p384_mulx_u32(&mut x89, &mut x90, x1, 0xfffffffe); let mut x91: u32 = 0; let mut x92: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x91, &mut x92, 0x0, ((x84 as fiat_p384_u1) as u32), x1); let mut x93: u32 = 0; let mut x94: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x93, &mut x94, 0x0, x61, x1); let mut x95: u32 = 0; let mut x96: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x95, &mut x96, x94, ((x62 as u32) + x20), x89); let mut x97: u32 = 0; let mut x98: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x97, &mut x98, x96, x63, x90); let mut x99: u32 = 0; let mut x100: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x99, &mut x100, x98, x65, x87); let mut x101: u32 = 0; let mut x102: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x101, &mut x102, x100, x67, ((x88 as fiat_p384_u1) as u32)); let mut x103: u32 = 0; let mut x104: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x103, &mut x104, x102, x69, x85); let mut x105: u32 = 0; let mut x106: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x105, &mut x106, x104, x71, x86); let mut x107: u32 = 0; let mut x108: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x107, &mut x108, x106, x73, x83); let mut x109: u32 = 0; let mut x110: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x109, &mut x110, x108, x75, x91); let mut x111: u32 = 0; let mut x112: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x111, &mut x112, x110, x77, (x92 as u32)); let mut x113: u32 = 0; let mut x114: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x113, &mut x114, x112, x79, (0x0 as u32)); let mut x115: u32 = 0; let mut x116: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x115, &mut x116, x114, x81, (0x0 as u32)); let mut x117: u32 = 0; let mut x118: u32 = 0; fiat_p384_mulx_u32(&mut x117, &mut x118, x93, 0xffffffff); let mut x119: u32 = 0; let mut x120: u32 = 0; fiat_p384_mulx_u32(&mut x119, &mut x120, x93, 0xffffffff); let mut x121: u32 = 0; let mut x122: u32 = 0; fiat_p384_mulx_u32(&mut x121, &mut x122, x93, 0xffffffff); let mut x123: u32 = 0; let mut x124: u32 = 0; fiat_p384_mulx_u32(&mut x123, &mut x124, x93, 0xffffffff); let mut x125: u32 = 0; let mut x126: u32 = 0; fiat_p384_mulx_u32(&mut x125, &mut x126, x93, 0xffffffff); let mut x127: u32 = 0; let mut x128: u32 = 0; fiat_p384_mulx_u32(&mut x127, &mut x128, x93, 0xffffffff); let mut x129: u32 = 0; let mut x130: u32 = 0; fiat_p384_mulx_u32(&mut x129, &mut x130, x93, 0xffffffff); let mut x131: u32 = 0; let mut x132: u32 = 0; fiat_p384_mulx_u32(&mut x131, &mut x132, x93, 0xfffffffe); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p384_mulx_u32(&mut x133, &mut x134, x93, 0xffffffff); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_mulx_u32(&mut x135, &mut x136, x93, 0xffffffff); let mut x137: u32 = 0; let mut x138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x137, &mut x138, 0x0, x134, x131); let mut x139: u32 = 0; let mut x140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x139, &mut x140, x138, x132, x129); let mut x141: u32 = 0; let mut x142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x141, &mut x142, x140, x130, x127); let mut x143: u32 = 0; let mut x144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x143, &mut x144, x142, x128, x125); let mut x145: u32 = 0; let mut x146: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x145, &mut x146, x144, x126, x123); let mut x147: u32 = 0; let mut x148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x147, &mut x148, x146, x124, x121); let mut x149: u32 = 0; let mut x150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x149, &mut x150, x148, x122, x119); let mut x151: u32 = 0; let mut x152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x151, &mut x152, x150, x120, x117); let mut x153: u32 = 0; let mut x154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x153, &mut x154, 0x0, x93, x135); let mut x155: u32 = 0; let mut x156: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x155, &mut x156, x154, x95, x136); let mut x157: u32 = 0; let mut x158: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x157, &mut x158, x156, x97, (0x0 as u32)); let mut x159: u32 = 0; let mut x160: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x159, &mut x160, x158, x99, x133); let mut x161: u32 = 0; let mut x162: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x161, &mut x162, x160, x101, x137); let mut x163: u32 = 0; let mut x164: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x163, &mut x164, x162, x103, x139); let mut x165: u32 = 0; let mut x166: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x165, &mut x166, x164, x105, x141); let mut x167: u32 = 0; let mut x168: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x167, &mut x168, x166, x107, x143); let mut x169: u32 = 0; let mut x170: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x169, &mut x170, x168, x109, x145); let mut x171: u32 = 0; let mut x172: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x171, &mut x172, x170, x111, x147); let mut x173: u32 = 0; let mut x174: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x173, &mut x174, x172, x113, x149); let mut x175: u32 = 0; let mut x176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x175, &mut x176, x174, x115, x151); let mut x177: u32 = 0; let mut x178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x177, &mut x178, x176, ((x116 as u32) + (x82 as u32)), ((x152 as u32) + x118)); let mut x179: u32 = 0; let mut x180: u32 = 0; fiat_p384_mulx_u32(&mut x179, &mut x180, x2, 0x2); let mut x181: u32 = 0; let mut x182: u32 = 0; fiat_p384_mulx_u32(&mut x181, &mut x182, x2, 0xfffffffe); let mut x183: u32 = 0; let mut x184: u32 = 0; fiat_p384_mulx_u32(&mut x183, &mut x184, x2, 0x2); let mut x185: u32 = 0; let mut x186: u32 = 0; fiat_p384_mulx_u32(&mut x185, &mut x186, x2, 0xfffffffe); let mut x187: u32 = 0; let mut x188: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x187, &mut x188, 0x0, ((x180 as fiat_p384_u1) as u32), x2); let mut x189: u32 = 0; let mut x190: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x189, &mut x190, 0x0, x155, x2); let mut x191: u32 = 0; let mut x192: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x191, &mut x192, x190, x157, x185); let mut x193: u32 = 0; let mut x194: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x193, &mut x194, x192, x159, x186); let mut x195: u32 = 0; let mut x196: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x195, &mut x196, x194, x161, x183); let mut x197: u32 = 0; let mut x198: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x197, &mut x198, x196, x163, ((x184 as fiat_p384_u1) as u32)); let mut x199: u32 = 0; let mut x200: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x199, &mut x200, x198, x165, x181); let mut x201: u32 = 0; let mut x202: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x201, &mut x202, x200, x167, x182); let mut x203: u32 = 0; let mut x204: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x203, &mut x204, x202, x169, x179); let mut x205: u32 = 0; let mut x206: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x205, &mut x206, x204, x171, x187); let mut x207: u32 = 0; let mut x208: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x207, &mut x208, x206, x173, (x188 as u32)); let mut x209: u32 = 0; let mut x210: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x209, &mut x210, x208, x175, (0x0 as u32)); let mut x211: u32 = 0; let mut x212: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x211, &mut x212, x210, x177, (0x0 as u32)); let mut x213: u32 = 0; let mut x214: u32 = 0; fiat_p384_mulx_u32(&mut x213, &mut x214, x189, 0xffffffff); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_p384_mulx_u32(&mut x215, &mut x216, x189, 0xffffffff); let mut x217: u32 = 0; let mut x218: u32 = 0; fiat_p384_mulx_u32(&mut x217, &mut x218, x189, 0xffffffff); let mut x219: u32 = 0; let mut x220: u32 = 0; fiat_p384_mulx_u32(&mut x219, &mut x220, x189, 0xffffffff); let mut x221: u32 = 0; let mut x222: u32 = 0; fiat_p384_mulx_u32(&mut x221, &mut x222, x189, 0xffffffff); let mut x223: u32 = 0; let mut x224: u32 = 0; fiat_p384_mulx_u32(&mut x223, &mut x224, x189, 0xffffffff); let mut x225: u32 = 0; let mut x226: u32 = 0; fiat_p384_mulx_u32(&mut x225, &mut x226, x189, 0xffffffff); let mut x227: u32 = 0; let mut x228: u32 = 0; fiat_p384_mulx_u32(&mut x227, &mut x228, x189, 0xfffffffe); let mut x229: u32 = 0; let mut x230: u32 = 0; fiat_p384_mulx_u32(&mut x229, &mut x230, x189, 0xffffffff); let mut x231: u32 = 0; let mut x232: u32 = 0; fiat_p384_mulx_u32(&mut x231, &mut x232, x189, 0xffffffff); let mut x233: u32 = 0; let mut x234: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x233, &mut x234, 0x0, x230, x227); let mut x235: u32 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x235, &mut x236, x234, x228, x225); let mut x237: u32 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x237, &mut x238, x236, x226, x223); let mut x239: u32 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x239, &mut x240, x238, x224, x221); let mut x241: u32 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x241, &mut x242, x240, x222, x219); let mut x243: u32 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x243, &mut x244, x242, x220, x217); let mut x245: u32 = 0; let mut x246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x245, &mut x246, x244, x218, x215); let mut x247: u32 = 0; let mut x248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x247, &mut x248, x246, x216, x213); let mut x249: u32 = 0; let mut x250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x249, &mut x250, 0x0, x189, x231); let mut x251: u32 = 0; let mut x252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x251, &mut x252, x250, x191, x232); let mut x253: u32 = 0; let mut x254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x253, &mut x254, x252, x193, (0x0 as u32)); let mut x255: u32 = 0; let mut x256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x255, &mut x256, x254, x195, x229); let mut x257: u32 = 0; let mut x258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x257, &mut x258, x256, x197, x233); let mut x259: u32 = 0; let mut x260: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x259, &mut x260, x258, x199, x235); let mut x261: u32 = 0; let mut x262: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x261, &mut x262, x260, x201, x237); let mut x263: u32 = 0; let mut x264: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x263, &mut x264, x262, x203, x239); let mut x265: u32 = 0; let mut x266: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x265, &mut x266, x264, x205, x241); let mut x267: u32 = 0; let mut x268: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x267, &mut x268, x266, x207, x243); let mut x269: u32 = 0; let mut x270: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x269, &mut x270, x268, x209, x245); let mut x271: u32 = 0; let mut x272: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x271, &mut x272, x270, x211, x247); let mut x273: u32 = 0; let mut x274: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x273, &mut x274, x272, ((x212 as u32) + (x178 as u32)), ((x248 as u32) + x214)); let mut x275: u32 = 0; let mut x276: u32 = 0; fiat_p384_mulx_u32(&mut x275, &mut x276, x3, 0x2); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p384_mulx_u32(&mut x277, &mut x278, x3, 0xfffffffe); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_p384_mulx_u32(&mut x279, &mut x280, x3, 0x2); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_p384_mulx_u32(&mut x281, &mut x282, x3, 0xfffffffe); let mut x283: u32 = 0; let mut x284: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x283, &mut x284, 0x0, ((x276 as fiat_p384_u1) as u32), x3); let mut x285: u32 = 0; let mut x286: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x285, &mut x286, 0x0, x251, x3); let mut x287: u32 = 0; let mut x288: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x287, &mut x288, x286, x253, x281); let mut x289: u32 = 0; let mut x290: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x289, &mut x290, x288, x255, x282); let mut x291: u32 = 0; let mut x292: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x291, &mut x292, x290, x257, x279); let mut x293: u32 = 0; let mut x294: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x293, &mut x294, x292, x259, ((x280 as fiat_p384_u1) as u32)); let mut x295: u32 = 0; let mut x296: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x295, &mut x296, x294, x261, x277); let mut x297: u32 = 0; let mut x298: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x297, &mut x298, x296, x263, x278); let mut x299: u32 = 0; let mut x300: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x299, &mut x300, x298, x265, x275); let mut x301: u32 = 0; let mut x302: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x301, &mut x302, x300, x267, x283); let mut x303: u32 = 0; let mut x304: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x303, &mut x304, x302, x269, (x284 as u32)); let mut x305: u32 = 0; let mut x306: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x305, &mut x306, x304, x271, (0x0 as u32)); let mut x307: u32 = 0; let mut x308: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x307, &mut x308, x306, x273, (0x0 as u32)); let mut x309: u32 = 0; let mut x310: u32 = 0; fiat_p384_mulx_u32(&mut x309, &mut x310, x285, 0xffffffff); let mut x311: u32 = 0; let mut x312: u32 = 0; fiat_p384_mulx_u32(&mut x311, &mut x312, x285, 0xffffffff); let mut x313: u32 = 0; let mut x314: u32 = 0; fiat_p384_mulx_u32(&mut x313, &mut x314, x285, 0xffffffff); let mut x315: u32 = 0; let mut x316: u32 = 0; fiat_p384_mulx_u32(&mut x315, &mut x316, x285, 0xffffffff); let mut x317: u32 = 0; let mut x318: u32 = 0; fiat_p384_mulx_u32(&mut x317, &mut x318, x285, 0xffffffff); let mut x319: u32 = 0; let mut x320: u32 = 0; fiat_p384_mulx_u32(&mut x319, &mut x320, x285, 0xffffffff); let mut x321: u32 = 0; let mut x322: u32 = 0; fiat_p384_mulx_u32(&mut x321, &mut x322, x285, 0xffffffff); let mut x323: u32 = 0; let mut x324: u32 = 0; fiat_p384_mulx_u32(&mut x323, &mut x324, x285, 0xfffffffe); let mut x325: u32 = 0; let mut x326: u32 = 0; fiat_p384_mulx_u32(&mut x325, &mut x326, x285, 0xffffffff); let mut x327: u32 = 0; let mut x328: u32 = 0; fiat_p384_mulx_u32(&mut x327, &mut x328, x285, 0xffffffff); let mut x329: u32 = 0; let mut x330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x329, &mut x330, 0x0, x326, x323); let mut x331: u32 = 0; let mut x332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x331, &mut x332, x330, x324, x321); let mut x333: u32 = 0; let mut x334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x333, &mut x334, x332, x322, x319); let mut x335: u32 = 0; let mut x336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x335, &mut x336, x334, x320, x317); let mut x337: u32 = 0; let mut x338: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x337, &mut x338, x336, x318, x315); let mut x339: u32 = 0; let mut x340: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x339, &mut x340, x338, x316, x313); let mut x341: u32 = 0; let mut x342: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x341, &mut x342, x340, x314, x311); let mut x343: u32 = 0; let mut x344: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x343, &mut x344, x342, x312, x309); let mut x345: u32 = 0; let mut x346: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x345, &mut x346, 0x0, x285, x327); let mut x347: u32 = 0; let mut x348: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x347, &mut x348, x346, x287, x328); let mut x349: u32 = 0; let mut x350: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x349, &mut x350, x348, x289, (0x0 as u32)); let mut x351: u32 = 0; let mut x352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x351, &mut x352, x350, x291, x325); let mut x353: u32 = 0; let mut x354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x353, &mut x354, x352, x293, x329); let mut x355: u32 = 0; let mut x356: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x355, &mut x356, x354, x295, x331); let mut x357: u32 = 0; let mut x358: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x357, &mut x358, x356, x297, x333); let mut x359: u32 = 0; let mut x360: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x359, &mut x360, x358, x299, x335); let mut x361: u32 = 0; let mut x362: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x361, &mut x362, x360, x301, x337); let mut x363: u32 = 0; let mut x364: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x363, &mut x364, x362, x303, x339); let mut x365: u32 = 0; let mut x366: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x365, &mut x366, x364, x305, x341); let mut x367: u32 = 0; let mut x368: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x367, &mut x368, x366, x307, x343); let mut x369: u32 = 0; let mut x370: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x369, &mut x370, x368, ((x308 as u32) + (x274 as u32)), ((x344 as u32) + x310)); let mut x371: u32 = 0; let mut x372: u32 = 0; fiat_p384_mulx_u32(&mut x371, &mut x372, x4, 0x2); let mut x373: u32 = 0; let mut x374: u32 = 0; fiat_p384_mulx_u32(&mut x373, &mut x374, x4, 0xfffffffe); let mut x375: u32 = 0; let mut x376: u32 = 0; fiat_p384_mulx_u32(&mut x375, &mut x376, x4, 0x2); let mut x377: u32 = 0; let mut x378: u32 = 0; fiat_p384_mulx_u32(&mut x377, &mut x378, x4, 0xfffffffe); let mut x379: u32 = 0; let mut x380: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x379, &mut x380, 0x0, ((x372 as fiat_p384_u1) as u32), x4); let mut x381: u32 = 0; let mut x382: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x381, &mut x382, 0x0, x347, x4); let mut x383: u32 = 0; let mut x384: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x383, &mut x384, x382, x349, x377); let mut x385: u32 = 0; let mut x386: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x385, &mut x386, x384, x351, x378); let mut x387: u32 = 0; let mut x388: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x387, &mut x388, x386, x353, x375); let mut x389: u32 = 0; let mut x390: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x389, &mut x390, x388, x355, ((x376 as fiat_p384_u1) as u32)); let mut x391: u32 = 0; let mut x392: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x391, &mut x392, x390, x357, x373); let mut x393: u32 = 0; let mut x394: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x393, &mut x394, x392, x359, x374); let mut x395: u32 = 0; let mut x396: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x395, &mut x396, x394, x361, x371); let mut x397: u32 = 0; let mut x398: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x397, &mut x398, x396, x363, x379); let mut x399: u32 = 0; let mut x400: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x399, &mut x400, x398, x365, (x380 as u32)); let mut x401: u32 = 0; let mut x402: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x401, &mut x402, x400, x367, (0x0 as u32)); let mut x403: u32 = 0; let mut x404: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x403, &mut x404, x402, x369, (0x0 as u32)); let mut x405: u32 = 0; let mut x406: u32 = 0; fiat_p384_mulx_u32(&mut x405, &mut x406, x381, 0xffffffff); let mut x407: u32 = 0; let mut x408: u32 = 0; fiat_p384_mulx_u32(&mut x407, &mut x408, x381, 0xffffffff); let mut x409: u32 = 0; let mut x410: u32 = 0; fiat_p384_mulx_u32(&mut x409, &mut x410, x381, 0xffffffff); let mut x411: u32 = 0; let mut x412: u32 = 0; fiat_p384_mulx_u32(&mut x411, &mut x412, x381, 0xffffffff); let mut x413: u32 = 0; let mut x414: u32 = 0; fiat_p384_mulx_u32(&mut x413, &mut x414, x381, 0xffffffff); let mut x415: u32 = 0; let mut x416: u32 = 0; fiat_p384_mulx_u32(&mut x415, &mut x416, x381, 0xffffffff); let mut x417: u32 = 0; let mut x418: u32 = 0; fiat_p384_mulx_u32(&mut x417, &mut x418, x381, 0xffffffff); let mut x419: u32 = 0; let mut x420: u32 = 0; fiat_p384_mulx_u32(&mut x419, &mut x420, x381, 0xfffffffe); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p384_mulx_u32(&mut x421, &mut x422, x381, 0xffffffff); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p384_mulx_u32(&mut x423, &mut x424, x381, 0xffffffff); let mut x425: u32 = 0; let mut x426: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x425, &mut x426, 0x0, x422, x419); let mut x427: u32 = 0; let mut x428: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x427, &mut x428, x426, x420, x417); let mut x429: u32 = 0; let mut x430: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x429, &mut x430, x428, x418, x415); let mut x431: u32 = 0; let mut x432: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x431, &mut x432, x430, x416, x413); let mut x433: u32 = 0; let mut x434: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x433, &mut x434, x432, x414, x411); let mut x435: u32 = 0; let mut x436: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x435, &mut x436, x434, x412, x409); let mut x437: u32 = 0; let mut x438: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x437, &mut x438, x436, x410, x407); let mut x439: u32 = 0; let mut x440: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x439, &mut x440, x438, x408, x405); let mut x441: u32 = 0; let mut x442: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x441, &mut x442, 0x0, x381, x423); let mut x443: u32 = 0; let mut x444: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x443, &mut x444, x442, x383, x424); let mut x445: u32 = 0; let mut x446: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x445, &mut x446, x444, x385, (0x0 as u32)); let mut x447: u32 = 0; let mut x448: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x447, &mut x448, x446, x387, x421); let mut x449: u32 = 0; let mut x450: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x449, &mut x450, x448, x389, x425); let mut x451: u32 = 0; let mut x452: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x451, &mut x452, x450, x391, x427); let mut x453: u32 = 0; let mut x454: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x453, &mut x454, x452, x393, x429); let mut x455: u32 = 0; let mut x456: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x455, &mut x456, x454, x395, x431); let mut x457: u32 = 0; let mut x458: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x457, &mut x458, x456, x397, x433); let mut x459: u32 = 0; let mut x460: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x459, &mut x460, x458, x399, x435); let mut x461: u32 = 0; let mut x462: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x461, &mut x462, x460, x401, x437); let mut x463: u32 = 0; let mut x464: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x463, &mut x464, x462, x403, x439); let mut x465: u32 = 0; let mut x466: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x465, &mut x466, x464, ((x404 as u32) + (x370 as u32)), ((x440 as u32) + x406)); let mut x467: u32 = 0; let mut x468: u32 = 0; fiat_p384_mulx_u32(&mut x467, &mut x468, x5, 0x2); let mut x469: u32 = 0; let mut x470: u32 = 0; fiat_p384_mulx_u32(&mut x469, &mut x470, x5, 0xfffffffe); let mut x471: u32 = 0; let mut x472: u32 = 0; fiat_p384_mulx_u32(&mut x471, &mut x472, x5, 0x2); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_p384_mulx_u32(&mut x473, &mut x474, x5, 0xfffffffe); let mut x475: u32 = 0; let mut x476: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x475, &mut x476, 0x0, ((x468 as fiat_p384_u1) as u32), x5); let mut x477: u32 = 0; let mut x478: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x477, &mut x478, 0x0, x443, x5); let mut x479: u32 = 0; let mut x480: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x479, &mut x480, x478, x445, x473); let mut x481: u32 = 0; let mut x482: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x481, &mut x482, x480, x447, x474); let mut x483: u32 = 0; let mut x484: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x483, &mut x484, x482, x449, x471); let mut x485: u32 = 0; let mut x486: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x485, &mut x486, x484, x451, ((x472 as fiat_p384_u1) as u32)); let mut x487: u32 = 0; let mut x488: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x487, &mut x488, x486, x453, x469); let mut x489: u32 = 0; let mut x490: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x489, &mut x490, x488, x455, x470); let mut x491: u32 = 0; let mut x492: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x491, &mut x492, x490, x457, x467); let mut x493: u32 = 0; let mut x494: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x493, &mut x494, x492, x459, x475); let mut x495: u32 = 0; let mut x496: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x495, &mut x496, x494, x461, (x476 as u32)); let mut x497: u32 = 0; let mut x498: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x497, &mut x498, x496, x463, (0x0 as u32)); let mut x499: u32 = 0; let mut x500: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x499, &mut x500, x498, x465, (0x0 as u32)); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_p384_mulx_u32(&mut x501, &mut x502, x477, 0xffffffff); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_p384_mulx_u32(&mut x503, &mut x504, x477, 0xffffffff); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_p384_mulx_u32(&mut x505, &mut x506, x477, 0xffffffff); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_p384_mulx_u32(&mut x507, &mut x508, x477, 0xffffffff); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_p384_mulx_u32(&mut x509, &mut x510, x477, 0xffffffff); let mut x511: u32 = 0; let mut x512: u32 = 0; fiat_p384_mulx_u32(&mut x511, &mut x512, x477, 0xffffffff); let mut x513: u32 = 0; let mut x514: u32 = 0; fiat_p384_mulx_u32(&mut x513, &mut x514, x477, 0xffffffff); let mut x515: u32 = 0; let mut x516: u32 = 0; fiat_p384_mulx_u32(&mut x515, &mut x516, x477, 0xfffffffe); let mut x517: u32 = 0; let mut x518: u32 = 0; fiat_p384_mulx_u32(&mut x517, &mut x518, x477, 0xffffffff); let mut x519: u32 = 0; let mut x520: u32 = 0; fiat_p384_mulx_u32(&mut x519, &mut x520, x477, 0xffffffff); let mut x521: u32 = 0; let mut x522: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x521, &mut x522, 0x0, x518, x515); let mut x523: u32 = 0; let mut x524: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x523, &mut x524, x522, x516, x513); let mut x525: u32 = 0; let mut x526: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x525, &mut x526, x524, x514, x511); let mut x527: u32 = 0; let mut x528: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x527, &mut x528, x526, x512, x509); let mut x529: u32 = 0; let mut x530: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x529, &mut x530, x528, x510, x507); let mut x531: u32 = 0; let mut x532: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x531, &mut x532, x530, x508, x505); let mut x533: u32 = 0; let mut x534: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x533, &mut x534, x532, x506, x503); let mut x535: u32 = 0; let mut x536: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x535, &mut x536, x534, x504, x501); let mut x537: u32 = 0; let mut x538: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x537, &mut x538, 0x0, x477, x519); let mut x539: u32 = 0; let mut x540: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x539, &mut x540, x538, x479, x520); let mut x541: u32 = 0; let mut x542: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x541, &mut x542, x540, x481, (0x0 as u32)); let mut x543: u32 = 0; let mut x544: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x543, &mut x544, x542, x483, x517); let mut x545: u32 = 0; let mut x546: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x545, &mut x546, x544, x485, x521); let mut x547: u32 = 0; let mut x548: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x547, &mut x548, x546, x487, x523); let mut x549: u32 = 0; let mut x550: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x549, &mut x550, x548, x489, x525); let mut x551: u32 = 0; let mut x552: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x551, &mut x552, x550, x491, x527); let mut x553: u32 = 0; let mut x554: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x553, &mut x554, x552, x493, x529); let mut x555: u32 = 0; let mut x556: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x555, &mut x556, x554, x495, x531); let mut x557: u32 = 0; let mut x558: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x557, &mut x558, x556, x497, x533); let mut x559: u32 = 0; let mut x560: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x559, &mut x560, x558, x499, x535); let mut x561: u32 = 0; let mut x562: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x561, &mut x562, x560, ((x500 as u32) + (x466 as u32)), ((x536 as u32) + x502)); let mut x563: u32 = 0; let mut x564: u32 = 0; fiat_p384_mulx_u32(&mut x563, &mut x564, x6, 0x2); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_p384_mulx_u32(&mut x565, &mut x566, x6, 0xfffffffe); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_p384_mulx_u32(&mut x567, &mut x568, x6, 0x2); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_p384_mulx_u32(&mut x569, &mut x570, x6, 0xfffffffe); let mut x571: u32 = 0; let mut x572: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x571, &mut x572, 0x0, ((x564 as fiat_p384_u1) as u32), x6); let mut x573: u32 = 0; let mut x574: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x573, &mut x574, 0x0, x539, x6); let mut x575: u32 = 0; let mut x576: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x575, &mut x576, x574, x541, x569); let mut x577: u32 = 0; let mut x578: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x577, &mut x578, x576, x543, x570); let mut x579: u32 = 0; let mut x580: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x579, &mut x580, x578, x545, x567); let mut x581: u32 = 0; let mut x582: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x581, &mut x582, x580, x547, ((x568 as fiat_p384_u1) as u32)); let mut x583: u32 = 0; let mut x584: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x583, &mut x584, x582, x549, x565); let mut x585: u32 = 0; let mut x586: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x585, &mut x586, x584, x551, x566); let mut x587: u32 = 0; let mut x588: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x587, &mut x588, x586, x553, x563); let mut x589: u32 = 0; let mut x590: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x589, &mut x590, x588, x555, x571); let mut x591: u32 = 0; let mut x592: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x591, &mut x592, x590, x557, (x572 as u32)); let mut x593: u32 = 0; let mut x594: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x593, &mut x594, x592, x559, (0x0 as u32)); let mut x595: u32 = 0; let mut x596: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x595, &mut x596, x594, x561, (0x0 as u32)); let mut x597: u32 = 0; let mut x598: u32 = 0; fiat_p384_mulx_u32(&mut x597, &mut x598, x573, 0xffffffff); let mut x599: u32 = 0; let mut x600: u32 = 0; fiat_p384_mulx_u32(&mut x599, &mut x600, x573, 0xffffffff); let mut x601: u32 = 0; let mut x602: u32 = 0; fiat_p384_mulx_u32(&mut x601, &mut x602, x573, 0xffffffff); let mut x603: u32 = 0; let mut x604: u32 = 0; fiat_p384_mulx_u32(&mut x603, &mut x604, x573, 0xffffffff); let mut x605: u32 = 0; let mut x606: u32 = 0; fiat_p384_mulx_u32(&mut x605, &mut x606, x573, 0xffffffff); let mut x607: u32 = 0; let mut x608: u32 = 0; fiat_p384_mulx_u32(&mut x607, &mut x608, x573, 0xffffffff); let mut x609: u32 = 0; let mut x610: u32 = 0; fiat_p384_mulx_u32(&mut x609, &mut x610, x573, 0xffffffff); let mut x611: u32 = 0; let mut x612: u32 = 0; fiat_p384_mulx_u32(&mut x611, &mut x612, x573, 0xfffffffe); let mut x613: u32 = 0; let mut x614: u32 = 0; fiat_p384_mulx_u32(&mut x613, &mut x614, x573, 0xffffffff); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_p384_mulx_u32(&mut x615, &mut x616, x573, 0xffffffff); let mut x617: u32 = 0; let mut x618: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x617, &mut x618, 0x0, x614, x611); let mut x619: u32 = 0; let mut x620: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x619, &mut x620, x618, x612, x609); let mut x621: u32 = 0; let mut x622: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x621, &mut x622, x620, x610, x607); let mut x623: u32 = 0; let mut x624: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x623, &mut x624, x622, x608, x605); let mut x625: u32 = 0; let mut x626: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x625, &mut x626, x624, x606, x603); let mut x627: u32 = 0; let mut x628: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x627, &mut x628, x626, x604, x601); let mut x629: u32 = 0; let mut x630: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x629, &mut x630, x628, x602, x599); let mut x631: u32 = 0; let mut x632: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x631, &mut x632, x630, x600, x597); let mut x633: u32 = 0; let mut x634: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x633, &mut x634, 0x0, x573, x615); let mut x635: u32 = 0; let mut x636: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x635, &mut x636, x634, x575, x616); let mut x637: u32 = 0; let mut x638: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x637, &mut x638, x636, x577, (0x0 as u32)); let mut x639: u32 = 0; let mut x640: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x639, &mut x640, x638, x579, x613); let mut x641: u32 = 0; let mut x642: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x641, &mut x642, x640, x581, x617); let mut x643: u32 = 0; let mut x644: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x643, &mut x644, x642, x583, x619); let mut x645: u32 = 0; let mut x646: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x645, &mut x646, x644, x585, x621); let mut x647: u32 = 0; let mut x648: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x647, &mut x648, x646, x587, x623); let mut x649: u32 = 0; let mut x650: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x649, &mut x650, x648, x589, x625); let mut x651: u32 = 0; let mut x652: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x651, &mut x652, x650, x591, x627); let mut x653: u32 = 0; let mut x654: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x653, &mut x654, x652, x593, x629); let mut x655: u32 = 0; let mut x656: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x655, &mut x656, x654, x595, x631); let mut x657: u32 = 0; let mut x658: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x657, &mut x658, x656, ((x596 as u32) + (x562 as u32)), ((x632 as u32) + x598)); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p384_mulx_u32(&mut x659, &mut x660, x7, 0x2); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_p384_mulx_u32(&mut x661, &mut x662, x7, 0xfffffffe); let mut x663: u32 = 0; let mut x664: u32 = 0; fiat_p384_mulx_u32(&mut x663, &mut x664, x7, 0x2); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_p384_mulx_u32(&mut x665, &mut x666, x7, 0xfffffffe); let mut x667: u32 = 0; let mut x668: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x667, &mut x668, 0x0, ((x660 as fiat_p384_u1) as u32), x7); let mut x669: u32 = 0; let mut x670: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x669, &mut x670, 0x0, x635, x7); let mut x671: u32 = 0; let mut x672: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x671, &mut x672, x670, x637, x665); let mut x673: u32 = 0; let mut x674: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x673, &mut x674, x672, x639, x666); let mut x675: u32 = 0; let mut x676: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x675, &mut x676, x674, x641, x663); let mut x677: u32 = 0; let mut x678: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x677, &mut x678, x676, x643, ((x664 as fiat_p384_u1) as u32)); let mut x679: u32 = 0; let mut x680: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x679, &mut x680, x678, x645, x661); let mut x681: u32 = 0; let mut x682: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x681, &mut x682, x680, x647, x662); let mut x683: u32 = 0; let mut x684: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x683, &mut x684, x682, x649, x659); let mut x685: u32 = 0; let mut x686: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x685, &mut x686, x684, x651, x667); let mut x687: u32 = 0; let mut x688: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x687, &mut x688, x686, x653, (x668 as u32)); let mut x689: u32 = 0; let mut x690: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x689, &mut x690, x688, x655, (0x0 as u32)); let mut x691: u32 = 0; let mut x692: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x691, &mut x692, x690, x657, (0x0 as u32)); let mut x693: u32 = 0; let mut x694: u32 = 0; fiat_p384_mulx_u32(&mut x693, &mut x694, x669, 0xffffffff); let mut x695: u32 = 0; let mut x696: u32 = 0; fiat_p384_mulx_u32(&mut x695, &mut x696, x669, 0xffffffff); let mut x697: u32 = 0; let mut x698: u32 = 0; fiat_p384_mulx_u32(&mut x697, &mut x698, x669, 0xffffffff); let mut x699: u32 = 0; let mut x700: u32 = 0; fiat_p384_mulx_u32(&mut x699, &mut x700, x669, 0xffffffff); let mut x701: u32 = 0; let mut x702: u32 = 0; fiat_p384_mulx_u32(&mut x701, &mut x702, x669, 0xffffffff); let mut x703: u32 = 0; let mut x704: u32 = 0; fiat_p384_mulx_u32(&mut x703, &mut x704, x669, 0xffffffff); let mut x705: u32 = 0; let mut x706: u32 = 0; fiat_p384_mulx_u32(&mut x705, &mut x706, x669, 0xffffffff); let mut x707: u32 = 0; let mut x708: u32 = 0; fiat_p384_mulx_u32(&mut x707, &mut x708, x669, 0xfffffffe); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_p384_mulx_u32(&mut x709, &mut x710, x669, 0xffffffff); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_p384_mulx_u32(&mut x711, &mut x712, x669, 0xffffffff); let mut x713: u32 = 0; let mut x714: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x713, &mut x714, 0x0, x710, x707); let mut x715: u32 = 0; let mut x716: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x715, &mut x716, x714, x708, x705); let mut x717: u32 = 0; let mut x718: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x717, &mut x718, x716, x706, x703); let mut x719: u32 = 0; let mut x720: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x719, &mut x720, x718, x704, x701); let mut x721: u32 = 0; let mut x722: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x721, &mut x722, x720, x702, x699); let mut x723: u32 = 0; let mut x724: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x723, &mut x724, x722, x700, x697); let mut x725: u32 = 0; let mut x726: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x725, &mut x726, x724, x698, x695); let mut x727: u32 = 0; let mut x728: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x727, &mut x728, x726, x696, x693); let mut x729: u32 = 0; let mut x730: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x729, &mut x730, 0x0, x669, x711); let mut x731: u32 = 0; let mut x732: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x731, &mut x732, x730, x671, x712); let mut x733: u32 = 0; let mut x734: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x733, &mut x734, x732, x673, (0x0 as u32)); let mut x735: u32 = 0; let mut x736: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x735, &mut x736, x734, x675, x709); let mut x737: u32 = 0; let mut x738: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x737, &mut x738, x736, x677, x713); let mut x739: u32 = 0; let mut x740: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x739, &mut x740, x738, x679, x715); let mut x741: u32 = 0; let mut x742: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x741, &mut x742, x740, x681, x717); let mut x743: u32 = 0; let mut x744: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x743, &mut x744, x742, x683, x719); let mut x745: u32 = 0; let mut x746: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x745, &mut x746, x744, x685, x721); let mut x747: u32 = 0; let mut x748: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x747, &mut x748, x746, x687, x723); let mut x749: u32 = 0; let mut x750: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x749, &mut x750, x748, x689, x725); let mut x751: u32 = 0; let mut x752: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x751, &mut x752, x750, x691, x727); let mut x753: u32 = 0; let mut x754: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x753, &mut x754, x752, ((x692 as u32) + (x658 as u32)), ((x728 as u32) + x694)); let mut x755: u32 = 0; let mut x756: u32 = 0; fiat_p384_mulx_u32(&mut x755, &mut x756, x8, 0x2); let mut x757: u32 = 0; let mut x758: u32 = 0; fiat_p384_mulx_u32(&mut x757, &mut x758, x8, 0xfffffffe); let mut x759: u32 = 0; let mut x760: u32 = 0; fiat_p384_mulx_u32(&mut x759, &mut x760, x8, 0x2); let mut x761: u32 = 0; let mut x762: u32 = 0; fiat_p384_mulx_u32(&mut x761, &mut x762, x8, 0xfffffffe); let mut x763: u32 = 0; let mut x764: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x763, &mut x764, 0x0, ((x756 as fiat_p384_u1) as u32), x8); let mut x765: u32 = 0; let mut x766: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x765, &mut x766, 0x0, x731, x8); let mut x767: u32 = 0; let mut x768: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x767, &mut x768, x766, x733, x761); let mut x769: u32 = 0; let mut x770: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x769, &mut x770, x768, x735, x762); let mut x771: u32 = 0; let mut x772: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x771, &mut x772, x770, x737, x759); let mut x773: u32 = 0; let mut x774: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x773, &mut x774, x772, x739, ((x760 as fiat_p384_u1) as u32)); let mut x775: u32 = 0; let mut x776: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x775, &mut x776, x774, x741, x757); let mut x777: u32 = 0; let mut x778: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x777, &mut x778, x776, x743, x758); let mut x779: u32 = 0; let mut x780: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x779, &mut x780, x778, x745, x755); let mut x781: u32 = 0; let mut x782: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x781, &mut x782, x780, x747, x763); let mut x783: u32 = 0; let mut x784: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x783, &mut x784, x782, x749, (x764 as u32)); let mut x785: u32 = 0; let mut x786: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x785, &mut x786, x784, x751, (0x0 as u32)); let mut x787: u32 = 0; let mut x788: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x787, &mut x788, x786, x753, (0x0 as u32)); let mut x789: u32 = 0; let mut x790: u32 = 0; fiat_p384_mulx_u32(&mut x789, &mut x790, x765, 0xffffffff); let mut x791: u32 = 0; let mut x792: u32 = 0; fiat_p384_mulx_u32(&mut x791, &mut x792, x765, 0xffffffff); let mut x793: u32 = 0; let mut x794: u32 = 0; fiat_p384_mulx_u32(&mut x793, &mut x794, x765, 0xffffffff); let mut x795: u32 = 0; let mut x796: u32 = 0; fiat_p384_mulx_u32(&mut x795, &mut x796, x765, 0xffffffff); let mut x797: u32 = 0; let mut x798: u32 = 0; fiat_p384_mulx_u32(&mut x797, &mut x798, x765, 0xffffffff); let mut x799: u32 = 0; let mut x800: u32 = 0; fiat_p384_mulx_u32(&mut x799, &mut x800, x765, 0xffffffff); let mut x801: u32 = 0; let mut x802: u32 = 0; fiat_p384_mulx_u32(&mut x801, &mut x802, x765, 0xffffffff); let mut x803: u32 = 0; let mut x804: u32 = 0; fiat_p384_mulx_u32(&mut x803, &mut x804, x765, 0xfffffffe); let mut x805: u32 = 0; let mut x806: u32 = 0; fiat_p384_mulx_u32(&mut x805, &mut x806, x765, 0xffffffff); let mut x807: u32 = 0; let mut x808: u32 = 0; fiat_p384_mulx_u32(&mut x807, &mut x808, x765, 0xffffffff); let mut x809: u32 = 0; let mut x810: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x809, &mut x810, 0x0, x806, x803); let mut x811: u32 = 0; let mut x812: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x811, &mut x812, x810, x804, x801); let mut x813: u32 = 0; let mut x814: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x813, &mut x814, x812, x802, x799); let mut x815: u32 = 0; let mut x816: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x815, &mut x816, x814, x800, x797); let mut x817: u32 = 0; let mut x818: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x817, &mut x818, x816, x798, x795); let mut x819: u32 = 0; let mut x820: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x819, &mut x820, x818, x796, x793); let mut x821: u32 = 0; let mut x822: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x821, &mut x822, x820, x794, x791); let mut x823: u32 = 0; let mut x824: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x823, &mut x824, x822, x792, x789); let mut x825: u32 = 0; let mut x826: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x825, &mut x826, 0x0, x765, x807); let mut x827: u32 = 0; let mut x828: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x827, &mut x828, x826, x767, x808); let mut x829: u32 = 0; let mut x830: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x829, &mut x830, x828, x769, (0x0 as u32)); let mut x831: u32 = 0; let mut x832: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x831, &mut x832, x830, x771, x805); let mut x833: u32 = 0; let mut x834: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x833, &mut x834, x832, x773, x809); let mut x835: u32 = 0; let mut x836: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x835, &mut x836, x834, x775, x811); let mut x837: u32 = 0; let mut x838: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x837, &mut x838, x836, x777, x813); let mut x839: u32 = 0; let mut x840: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x839, &mut x840, x838, x779, x815); let mut x841: u32 = 0; let mut x842: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x841, &mut x842, x840, x781, x817); let mut x843: u32 = 0; let mut x844: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x843, &mut x844, x842, x783, x819); let mut x845: u32 = 0; let mut x846: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x845, &mut x846, x844, x785, x821); let mut x847: u32 = 0; let mut x848: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x847, &mut x848, x846, x787, x823); let mut x849: u32 = 0; let mut x850: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x849, &mut x850, x848, ((x788 as u32) + (x754 as u32)), ((x824 as u32) + x790)); let mut x851: u32 = 0; let mut x852: u32 = 0; fiat_p384_mulx_u32(&mut x851, &mut x852, x9, 0x2); let mut x853: u32 = 0; let mut x854: u32 = 0; fiat_p384_mulx_u32(&mut x853, &mut x854, x9, 0xfffffffe); let mut x855: u32 = 0; let mut x856: u32 = 0; fiat_p384_mulx_u32(&mut x855, &mut x856, x9, 0x2); let mut x857: u32 = 0; let mut x858: u32 = 0; fiat_p384_mulx_u32(&mut x857, &mut x858, x9, 0xfffffffe); let mut x859: u32 = 0; let mut x860: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x859, &mut x860, 0x0, ((x852 as fiat_p384_u1) as u32), x9); let mut x861: u32 = 0; let mut x862: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x861, &mut x862, 0x0, x827, x9); let mut x863: u32 = 0; let mut x864: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x863, &mut x864, x862, x829, x857); let mut x865: u32 = 0; let mut x866: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x865, &mut x866, x864, x831, x858); let mut x867: u32 = 0; let mut x868: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x867, &mut x868, x866, x833, x855); let mut x869: u32 = 0; let mut x870: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x869, &mut x870, x868, x835, ((x856 as fiat_p384_u1) as u32)); let mut x871: u32 = 0; let mut x872: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x871, &mut x872, x870, x837, x853); let mut x873: u32 = 0; let mut x874: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x873, &mut x874, x872, x839, x854); let mut x875: u32 = 0; let mut x876: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x875, &mut x876, x874, x841, x851); let mut x877: u32 = 0; let mut x878: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x877, &mut x878, x876, x843, x859); let mut x879: u32 = 0; let mut x880: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x879, &mut x880, x878, x845, (x860 as u32)); let mut x881: u32 = 0; let mut x882: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x881, &mut x882, x880, x847, (0x0 as u32)); let mut x883: u32 = 0; let mut x884: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x883, &mut x884, x882, x849, (0x0 as u32)); let mut x885: u32 = 0; let mut x886: u32 = 0; fiat_p384_mulx_u32(&mut x885, &mut x886, x861, 0xffffffff); let mut x887: u32 = 0; let mut x888: u32 = 0; fiat_p384_mulx_u32(&mut x887, &mut x888, x861, 0xffffffff); let mut x889: u32 = 0; let mut x890: u32 = 0; fiat_p384_mulx_u32(&mut x889, &mut x890, x861, 0xffffffff); let mut x891: u32 = 0; let mut x892: u32 = 0; fiat_p384_mulx_u32(&mut x891, &mut x892, x861, 0xffffffff); let mut x893: u32 = 0; let mut x894: u32 = 0; fiat_p384_mulx_u32(&mut x893, &mut x894, x861, 0xffffffff); let mut x895: u32 = 0; let mut x896: u32 = 0; fiat_p384_mulx_u32(&mut x895, &mut x896, x861, 0xffffffff); let mut x897: u32 = 0; let mut x898: u32 = 0; fiat_p384_mulx_u32(&mut x897, &mut x898, x861, 0xffffffff); let mut x899: u32 = 0; let mut x900: u32 = 0; fiat_p384_mulx_u32(&mut x899, &mut x900, x861, 0xfffffffe); let mut x901: u32 = 0; let mut x902: u32 = 0; fiat_p384_mulx_u32(&mut x901, &mut x902, x861, 0xffffffff); let mut x903: u32 = 0; let mut x904: u32 = 0; fiat_p384_mulx_u32(&mut x903, &mut x904, x861, 0xffffffff); let mut x905: u32 = 0; let mut x906: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x905, &mut x906, 0x0, x902, x899); let mut x907: u32 = 0; let mut x908: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x907, &mut x908, x906, x900, x897); let mut x909: u32 = 0; let mut x910: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x909, &mut x910, x908, x898, x895); let mut x911: u32 = 0; let mut x912: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x911, &mut x912, x910, x896, x893); let mut x913: u32 = 0; let mut x914: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x913, &mut x914, x912, x894, x891); let mut x915: u32 = 0; let mut x916: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x915, &mut x916, x914, x892, x889); let mut x917: u32 = 0; let mut x918: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x917, &mut x918, x916, x890, x887); let mut x919: u32 = 0; let mut x920: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x919, &mut x920, x918, x888, x885); let mut x921: u32 = 0; let mut x922: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x921, &mut x922, 0x0, x861, x903); let mut x923: u32 = 0; let mut x924: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x923, &mut x924, x922, x863, x904); let mut x925: u32 = 0; let mut x926: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x925, &mut x926, x924, x865, (0x0 as u32)); let mut x927: u32 = 0; let mut x928: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x927, &mut x928, x926, x867, x901); let mut x929: u32 = 0; let mut x930: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x929, &mut x930, x928, x869, x905); let mut x931: u32 = 0; let mut x932: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x931, &mut x932, x930, x871, x907); let mut x933: u32 = 0; let mut x934: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x933, &mut x934, x932, x873, x909); let mut x935: u32 = 0; let mut x936: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x935, &mut x936, x934, x875, x911); let mut x937: u32 = 0; let mut x938: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x937, &mut x938, x936, x877, x913); let mut x939: u32 = 0; let mut x940: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x939, &mut x940, x938, x879, x915); let mut x941: u32 = 0; let mut x942: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x941, &mut x942, x940, x881, x917); let mut x943: u32 = 0; let mut x944: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x943, &mut x944, x942, x883, x919); let mut x945: u32 = 0; let mut x946: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x945, &mut x946, x944, ((x884 as u32) + (x850 as u32)), ((x920 as u32) + x886)); let mut x947: u32 = 0; let mut x948: u32 = 0; fiat_p384_mulx_u32(&mut x947, &mut x948, x10, 0x2); let mut x949: u32 = 0; let mut x950: u32 = 0; fiat_p384_mulx_u32(&mut x949, &mut x950, x10, 0xfffffffe); let mut x951: u32 = 0; let mut x952: u32 = 0; fiat_p384_mulx_u32(&mut x951, &mut x952, x10, 0x2); let mut x953: u32 = 0; let mut x954: u32 = 0; fiat_p384_mulx_u32(&mut x953, &mut x954, x10, 0xfffffffe); let mut x955: u32 = 0; let mut x956: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x955, &mut x956, 0x0, ((x948 as fiat_p384_u1) as u32), x10); let mut x957: u32 = 0; let mut x958: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x957, &mut x958, 0x0, x923, x10); let mut x959: u32 = 0; let mut x960: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x959, &mut x960, x958, x925, x953); let mut x961: u32 = 0; let mut x962: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x961, &mut x962, x960, x927, x954); let mut x963: u32 = 0; let mut x964: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x963, &mut x964, x962, x929, x951); let mut x965: u32 = 0; let mut x966: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x965, &mut x966, x964, x931, ((x952 as fiat_p384_u1) as u32)); let mut x967: u32 = 0; let mut x968: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x967, &mut x968, x966, x933, x949); let mut x969: u32 = 0; let mut x970: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x969, &mut x970, x968, x935, x950); let mut x971: u32 = 0; let mut x972: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x971, &mut x972, x970, x937, x947); let mut x973: u32 = 0; let mut x974: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x973, &mut x974, x972, x939, x955); let mut x975: u32 = 0; let mut x976: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x975, &mut x976, x974, x941, (x956 as u32)); let mut x977: u32 = 0; let mut x978: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x977, &mut x978, x976, x943, (0x0 as u32)); let mut x979: u32 = 0; let mut x980: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x979, &mut x980, x978, x945, (0x0 as u32)); let mut x981: u32 = 0; let mut x982: u32 = 0; fiat_p384_mulx_u32(&mut x981, &mut x982, x957, 0xffffffff); let mut x983: u32 = 0; let mut x984: u32 = 0; fiat_p384_mulx_u32(&mut x983, &mut x984, x957, 0xffffffff); let mut x985: u32 = 0; let mut x986: u32 = 0; fiat_p384_mulx_u32(&mut x985, &mut x986, x957, 0xffffffff); let mut x987: u32 = 0; let mut x988: u32 = 0; fiat_p384_mulx_u32(&mut x987, &mut x988, x957, 0xffffffff); let mut x989: u32 = 0; let mut x990: u32 = 0; fiat_p384_mulx_u32(&mut x989, &mut x990, x957, 0xffffffff); let mut x991: u32 = 0; let mut x992: u32 = 0; fiat_p384_mulx_u32(&mut x991, &mut x992, x957, 0xffffffff); let mut x993: u32 = 0; let mut x994: u32 = 0; fiat_p384_mulx_u32(&mut x993, &mut x994, x957, 0xffffffff); let mut x995: u32 = 0; let mut x996: u32 = 0; fiat_p384_mulx_u32(&mut x995, &mut x996, x957, 0xfffffffe); let mut x997: u32 = 0; let mut x998: u32 = 0; fiat_p384_mulx_u32(&mut x997, &mut x998, x957, 0xffffffff); let mut x999: u32 = 0; let mut x1000: u32 = 0; fiat_p384_mulx_u32(&mut x999, &mut x1000, x957, 0xffffffff); let mut x1001: u32 = 0; let mut x1002: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1001, &mut x1002, 0x0, x998, x995); let mut x1003: u32 = 0; let mut x1004: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1003, &mut x1004, x1002, x996, x993); let mut x1005: u32 = 0; let mut x1006: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1005, &mut x1006, x1004, x994, x991); let mut x1007: u32 = 0; let mut x1008: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1007, &mut x1008, x1006, x992, x989); let mut x1009: u32 = 0; let mut x1010: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1009, &mut x1010, x1008, x990, x987); let mut x1011: u32 = 0; let mut x1012: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1011, &mut x1012, x1010, x988, x985); let mut x1013: u32 = 0; let mut x1014: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1013, &mut x1014, x1012, x986, x983); let mut x1015: u32 = 0; let mut x1016: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1015, &mut x1016, x1014, x984, x981); let mut x1017: u32 = 0; let mut x1018: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1017, &mut x1018, 0x0, x957, x999); let mut x1019: u32 = 0; let mut x1020: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1019, &mut x1020, x1018, x959, x1000); let mut x1021: u32 = 0; let mut x1022: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1021, &mut x1022, x1020, x961, (0x0 as u32)); let mut x1023: u32 = 0; let mut x1024: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1023, &mut x1024, x1022, x963, x997); let mut x1025: u32 = 0; let mut x1026: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1025, &mut x1026, x1024, x965, x1001); let mut x1027: u32 = 0; let mut x1028: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1027, &mut x1028, x1026, x967, x1003); let mut x1029: u32 = 0; let mut x1030: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1029, &mut x1030, x1028, x969, x1005); let mut x1031: u32 = 0; let mut x1032: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1031, &mut x1032, x1030, x971, x1007); let mut x1033: u32 = 0; let mut x1034: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1033, &mut x1034, x1032, x973, x1009); let mut x1035: u32 = 0; let mut x1036: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1035, &mut x1036, x1034, x975, x1011); let mut x1037: u32 = 0; let mut x1038: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1037, &mut x1038, x1036, x977, x1013); let mut x1039: u32 = 0; let mut x1040: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1039, &mut x1040, x1038, x979, x1015); let mut x1041: u32 = 0; let mut x1042: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1041, &mut x1042, x1040, ((x980 as u32) + (x946 as u32)), ((x1016 as u32) + x982)); let mut x1043: u32 = 0; let mut x1044: u32 = 0; fiat_p384_mulx_u32(&mut x1043, &mut x1044, x11, 0x2); let mut x1045: u32 = 0; let mut x1046: u32 = 0; fiat_p384_mulx_u32(&mut x1045, &mut x1046, x11, 0xfffffffe); let mut x1047: u32 = 0; let mut x1048: u32 = 0; fiat_p384_mulx_u32(&mut x1047, &mut x1048, x11, 0x2); let mut x1049: u32 = 0; let mut x1050: u32 = 0; fiat_p384_mulx_u32(&mut x1049, &mut x1050, x11, 0xfffffffe); let mut x1051: u32 = 0; let mut x1052: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1051, &mut x1052, 0x0, ((x1044 as fiat_p384_u1) as u32), x11); let mut x1053: u32 = 0; let mut x1054: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1053, &mut x1054, 0x0, x1019, x11); let mut x1055: u32 = 0; let mut x1056: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1055, &mut x1056, x1054, x1021, x1049); let mut x1057: u32 = 0; let mut x1058: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1057, &mut x1058, x1056, x1023, x1050); let mut x1059: u32 = 0; let mut x1060: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1059, &mut x1060, x1058, x1025, x1047); let mut x1061: u32 = 0; let mut x1062: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1061, &mut x1062, x1060, x1027, ((x1048 as fiat_p384_u1) as u32)); let mut x1063: u32 = 0; let mut x1064: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1063, &mut x1064, x1062, x1029, x1045); let mut x1065: u32 = 0; let mut x1066: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1065, &mut x1066, x1064, x1031, x1046); let mut x1067: u32 = 0; let mut x1068: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1067, &mut x1068, x1066, x1033, x1043); let mut x1069: u32 = 0; let mut x1070: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1069, &mut x1070, x1068, x1035, x1051); let mut x1071: u32 = 0; let mut x1072: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1071, &mut x1072, x1070, x1037, (x1052 as u32)); let mut x1073: u32 = 0; let mut x1074: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1073, &mut x1074, x1072, x1039, (0x0 as u32)); let mut x1075: u32 = 0; let mut x1076: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1075, &mut x1076, x1074, x1041, (0x0 as u32)); let mut x1077: u32 = 0; let mut x1078: u32 = 0; fiat_p384_mulx_u32(&mut x1077, &mut x1078, x1053, 0xffffffff); let mut x1079: u32 = 0; let mut x1080: u32 = 0; fiat_p384_mulx_u32(&mut x1079, &mut x1080, x1053, 0xffffffff); let mut x1081: u32 = 0; let mut x1082: u32 = 0; fiat_p384_mulx_u32(&mut x1081, &mut x1082, x1053, 0xffffffff); let mut x1083: u32 = 0; let mut x1084: u32 = 0; fiat_p384_mulx_u32(&mut x1083, &mut x1084, x1053, 0xffffffff); let mut x1085: u32 = 0; let mut x1086: u32 = 0; fiat_p384_mulx_u32(&mut x1085, &mut x1086, x1053, 0xffffffff); let mut x1087: u32 = 0; let mut x1088: u32 = 0; fiat_p384_mulx_u32(&mut x1087, &mut x1088, x1053, 0xffffffff); let mut x1089: u32 = 0; let mut x1090: u32 = 0; fiat_p384_mulx_u32(&mut x1089, &mut x1090, x1053, 0xffffffff); let mut x1091: u32 = 0; let mut x1092: u32 = 0; fiat_p384_mulx_u32(&mut x1091, &mut x1092, x1053, 0xfffffffe); let mut x1093: u32 = 0; let mut x1094: u32 = 0; fiat_p384_mulx_u32(&mut x1093, &mut x1094, x1053, 0xffffffff); let mut x1095: u32 = 0; let mut x1096: u32 = 0; fiat_p384_mulx_u32(&mut x1095, &mut x1096, x1053, 0xffffffff); let mut x1097: u32 = 0; let mut x1098: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1097, &mut x1098, 0x0, x1094, x1091); let mut x1099: u32 = 0; let mut x1100: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1099, &mut x1100, x1098, x1092, x1089); let mut x1101: u32 = 0; let mut x1102: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1101, &mut x1102, x1100, x1090, x1087); let mut x1103: u32 = 0; let mut x1104: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1103, &mut x1104, x1102, x1088, x1085); let mut x1105: u32 = 0; let mut x1106: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1105, &mut x1106, x1104, x1086, x1083); let mut x1107: u32 = 0; let mut x1108: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1107, &mut x1108, x1106, x1084, x1081); let mut x1109: u32 = 0; let mut x1110: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1109, &mut x1110, x1108, x1082, x1079); let mut x1111: u32 = 0; let mut x1112: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1111, &mut x1112, x1110, x1080, x1077); let mut x1113: u32 = 0; let mut x1114: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1113, &mut x1114, 0x0, x1053, x1095); let mut x1115: u32 = 0; let mut x1116: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1115, &mut x1116, x1114, x1055, x1096); let mut x1117: u32 = 0; let mut x1118: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1117, &mut x1118, x1116, x1057, (0x0 as u32)); let mut x1119: u32 = 0; let mut x1120: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1119, &mut x1120, x1118, x1059, x1093); let mut x1121: u32 = 0; let mut x1122: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1121, &mut x1122, x1120, x1061, x1097); let mut x1123: u32 = 0; let mut x1124: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1123, &mut x1124, x1122, x1063, x1099); let mut x1125: u32 = 0; let mut x1126: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1125, &mut x1126, x1124, x1065, x1101); let mut x1127: u32 = 0; let mut x1128: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1127, &mut x1128, x1126, x1067, x1103); let mut x1129: u32 = 0; let mut x1130: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1129, &mut x1130, x1128, x1069, x1105); let mut x1131: u32 = 0; let mut x1132: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1131, &mut x1132, x1130, x1071, x1107); let mut x1133: u32 = 0; let mut x1134: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1133, &mut x1134, x1132, x1073, x1109); let mut x1135: u32 = 0; let mut x1136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1135, &mut x1136, x1134, x1075, x1111); let mut x1137: u32 = 0; let mut x1138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1137, &mut x1138, x1136, ((x1076 as u32) + (x1042 as u32)), ((x1112 as u32) + x1078)); let mut x1139: u32 = 0; let mut x1140: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1139, &mut x1140, 0x0, x1115, 0xffffffff); let mut x1141: u32 = 0; let mut x1142: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1141, &mut x1142, x1140, x1117, (0x0 as u32)); let mut x1143: u32 = 0; let mut x1144: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1143, &mut x1144, x1142, x1119, (0x0 as u32)); let mut x1145: u32 = 0; let mut x1146: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1145, &mut x1146, x1144, x1121, 0xffffffff); let mut x1147: u32 = 0; let mut x1148: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1147, &mut x1148, x1146, x1123, 0xfffffffe); let mut x1149: u32 = 0; let mut x1150: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1149, &mut x1150, x1148, x1125, 0xffffffff); let mut x1151: u32 = 0; let mut x1152: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1151, &mut x1152, x1150, x1127, 0xffffffff); let mut x1153: u32 = 0; let mut x1154: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1153, &mut x1154, x1152, x1129, 0xffffffff); let mut x1155: u32 = 0; let mut x1156: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1155, &mut x1156, x1154, x1131, 0xffffffff); let mut x1157: u32 = 0; let mut x1158: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1157, &mut x1158, x1156, x1133, 0xffffffff); let mut x1159: u32 = 0; let mut x1160: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1159, &mut x1160, x1158, x1135, 0xffffffff); let mut x1161: u32 = 0; let mut x1162: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1161, &mut x1162, x1160, x1137, 0xffffffff); let mut x1163: u32 = 0; let mut x1164: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x1163, &mut x1164, x1162, (x1138 as u32), (0x0 as u32)); let mut x1165: u32 = 0; fiat_p384_cmovznz_u32(&mut x1165, x1164, x1139, x1115); let mut x1166: u32 = 0; fiat_p384_cmovznz_u32(&mut x1166, x1164, x1141, x1117); let mut x1167: u32 = 0; fiat_p384_cmovznz_u32(&mut x1167, x1164, x1143, x1119); let mut x1168: u32 = 0; fiat_p384_cmovznz_u32(&mut x1168, x1164, x1145, x1121); let mut x1169: u32 = 0; fiat_p384_cmovznz_u32(&mut x1169, x1164, x1147, x1123); let mut x1170: u32 = 0; fiat_p384_cmovznz_u32(&mut x1170, x1164, x1149, x1125); let mut x1171: u32 = 0; fiat_p384_cmovznz_u32(&mut x1171, x1164, x1151, x1127); let mut x1172: u32 = 0; fiat_p384_cmovznz_u32(&mut x1172, x1164, x1153, x1129); let mut x1173: u32 = 0; fiat_p384_cmovznz_u32(&mut x1173, x1164, x1155, x1131); let mut x1174: u32 = 0; fiat_p384_cmovznz_u32(&mut x1174, x1164, x1157, x1133); let mut x1175: u32 = 0; fiat_p384_cmovznz_u32(&mut x1175, x1164, x1159, x1135); let mut x1176: u32 = 0; fiat_p384_cmovznz_u32(&mut x1176, x1164, x1161, x1137); out1[0] = x1165; out1[1] = x1166; out1[2] = x1167; out1[3] = x1168; out1[4] = x1169; out1[5] = x1170; out1[6] = x1171; out1[7] = x1172; out1[8] = x1173; out1[9] = x1174; out1[10] = x1175; out1[11] = x1176; } /// The function fiat_p384_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_nonzero(out1: &mut u32, arg1: &[u32; 12]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | ((arg1[8]) | ((arg1[9]) | ((arg1[10]) | (arg1[11])))))))))))); *out1 = x1; } /// The function fiat_p384_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_selectznz(out1: &mut [u32; 12], arg1: fiat_p384_u1, arg2: &[u32; 12], arg3: &[u32; 12]) { let mut x1: u32 = 0; fiat_p384_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p384_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p384_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p384_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p384_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p384_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p384_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p384_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u32 = 0; fiat_p384_cmovznz_u32(&mut x9, arg1, (arg2[8]), (arg3[8])); let mut x10: u32 = 0; fiat_p384_cmovznz_u32(&mut x10, arg1, (arg2[9]), (arg3[9])); let mut x11: u32 = 0; fiat_p384_cmovznz_u32(&mut x11, arg1, (arg2[10]), (arg3[10])); let mut x12: u32 = 0; fiat_p384_cmovznz_u32(&mut x12, arg1, (arg2[11]), (arg3[11])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; } /// The function fiat_p384_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p384_to_bytes(out1: &mut [u8; 48], arg1: &[u32; 12]) { let x1: u32 = (arg1[11]); let x2: u32 = (arg1[10]); let x3: u32 = (arg1[9]); let x4: u32 = (arg1[8]); let x5: u32 = (arg1[7]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[5]); let x8: u32 = (arg1[4]); let x9: u32 = (arg1[3]); let x10: u32 = (arg1[2]); let x11: u32 = (arg1[1]); let x12: u32 = (arg1[0]); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u32 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u32)) as u8); let x16: u32 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x11 & (0xff as u32)) as u8); let x20: u32 = (x11 >> 8); let x21: u8 = ((x20 & (0xff as u32)) as u8); let x22: u32 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u8 = ((x22 >> 8) as u8); let x25: u8 = ((x10 & (0xff as u32)) as u8); let x26: u32 = (x10 >> 8); let x27: u8 = ((x26 & (0xff as u32)) as u8); let x28: u32 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u8 = ((x28 >> 8) as u8); let x31: u8 = ((x9 & (0xff as u32)) as u8); let x32: u32 = (x9 >> 8); let x33: u8 = ((x32 & (0xff as u32)) as u8); let x34: u32 = (x32 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u8 = ((x34 >> 8) as u8); let x37: u8 = ((x8 & (0xff as u32)) as u8); let x38: u32 = (x8 >> 8); let x39: u8 = ((x38 & (0xff as u32)) as u8); let x40: u32 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u8 = ((x40 >> 8) as u8); let x43: u8 = ((x7 & (0xff as u32)) as u8); let x44: u32 = (x7 >> 8); let x45: u8 = ((x44 & (0xff as u32)) as u8); let x46: u32 = (x44 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u8 = ((x46 >> 8) as u8); let x49: u8 = ((x6 & (0xff as u32)) as u8); let x50: u32 = (x6 >> 8); let x51: u8 = ((x50 & (0xff as u32)) as u8); let x52: u32 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u8 = ((x52 >> 8) as u8); let x55: u8 = ((x5 & (0xff as u32)) as u8); let x56: u32 = (x5 >> 8); let x57: u8 = ((x56 & (0xff as u32)) as u8); let x58: u32 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u32)) as u8); let x60: u8 = ((x58 >> 8) as u8); let x61: u8 = ((x4 & (0xff as u32)) as u8); let x62: u32 = (x4 >> 8); let x63: u8 = ((x62 & (0xff as u32)) as u8); let x64: u32 = (x62 >> 8); let x65: u8 = ((x64 & (0xff as u32)) as u8); let x66: u8 = ((x64 >> 8) as u8); let x67: u8 = ((x3 & (0xff as u32)) as u8); let x68: u32 = (x3 >> 8); let x69: u8 = ((x68 & (0xff as u32)) as u8); let x70: u32 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u32)) as u8); let x72: u8 = ((x70 >> 8) as u8); let x73: u8 = ((x2 & (0xff as u32)) as u8); let x74: u32 = (x2 >> 8); let x75: u8 = ((x74 & (0xff as u32)) as u8); let x76: u32 = (x74 >> 8); let x77: u8 = ((x76 & (0xff as u32)) as u8); let x78: u8 = ((x76 >> 8) as u8); let x79: u8 = ((x1 & (0xff as u32)) as u8); let x80: u32 = (x1 >> 8); let x81: u8 = ((x80 & (0xff as u32)) as u8); let x82: u32 = (x80 >> 8); let x83: u8 = ((x82 & (0xff as u32)) as u8); let x84: u8 = ((x82 >> 8) as u8); out1[0] = x13; out1[1] = x15; out1[2] = x17; out1[3] = x18; out1[4] = x19; out1[5] = x21; out1[6] = x23; out1[7] = x24; out1[8] = x25; out1[9] = x27; out1[10] = x29; out1[11] = x30; out1[12] = x31; out1[13] = x33; out1[14] = x35; out1[15] = x36; out1[16] = x37; out1[17] = x39; out1[18] = x41; out1[19] = x42; out1[20] = x43; out1[21] = x45; out1[22] = x47; out1[23] = x48; out1[24] = x49; out1[25] = x51; out1[26] = x53; out1[27] = x54; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; out1[32] = x61; out1[33] = x63; out1[34] = x65; out1[35] = x66; out1[36] = x67; out1[37] = x69; out1[38] = x71; out1[39] = x72; out1[40] = x73; out1[41] = x75; out1[42] = x77; out1[43] = x78; out1[44] = x79; out1[45] = x81; out1[46] = x83; out1[47] = x84; } /// The function fiat_p384_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_from_bytes(out1: &mut [u32; 12], arg1: &[u8; 48]) { let x1: u32 = (((arg1[47]) as u32) << 24); let x2: u32 = (((arg1[46]) as u32) << 16); let x3: u32 = (((arg1[45]) as u32) << 8); let x4: u8 = (arg1[44]); let x5: u32 = (((arg1[43]) as u32) << 24); let x6: u32 = (((arg1[42]) as u32) << 16); let x7: u32 = (((arg1[41]) as u32) << 8); let x8: u8 = (arg1[40]); let x9: u32 = (((arg1[39]) as u32) << 24); let x10: u32 = (((arg1[38]) as u32) << 16); let x11: u32 = (((arg1[37]) as u32) << 8); let x12: u8 = (arg1[36]); let x13: u32 = (((arg1[35]) as u32) << 24); let x14: u32 = (((arg1[34]) as u32) << 16); let x15: u32 = (((arg1[33]) as u32) << 8); let x16: u8 = (arg1[32]); let x17: u32 = (((arg1[31]) as u32) << 24); let x18: u32 = (((arg1[30]) as u32) << 16); let x19: u32 = (((arg1[29]) as u32) << 8); let x20: u8 = (arg1[28]); let x21: u32 = (((arg1[27]) as u32) << 24); let x22: u32 = (((arg1[26]) as u32) << 16); let x23: u32 = (((arg1[25]) as u32) << 8); let x24: u8 = (arg1[24]); let x25: u32 = (((arg1[23]) as u32) << 24); let x26: u32 = (((arg1[22]) as u32) << 16); let x27: u32 = (((arg1[21]) as u32) << 8); let x28: u8 = (arg1[20]); let x29: u32 = (((arg1[19]) as u32) << 24); let x30: u32 = (((arg1[18]) as u32) << 16); let x31: u32 = (((arg1[17]) as u32) << 8); let x32: u8 = (arg1[16]); let x33: u32 = (((arg1[15]) as u32) << 24); let x34: u32 = (((arg1[14]) as u32) << 16); let x35: u32 = (((arg1[13]) as u32) << 8); let x36: u8 = (arg1[12]); let x37: u32 = (((arg1[11]) as u32) << 24); let x38: u32 = (((arg1[10]) as u32) << 16); let x39: u32 = (((arg1[9]) as u32) << 8); let x40: u8 = (arg1[8]); let x41: u32 = (((arg1[7]) as u32) << 24); let x42: u32 = (((arg1[6]) as u32) << 16); let x43: u32 = (((arg1[5]) as u32) << 8); let x44: u8 = (arg1[4]); let x45: u32 = (((arg1[3]) as u32) << 24); let x46: u32 = (((arg1[2]) as u32) << 16); let x47: u32 = (((arg1[1]) as u32) << 8); let x48: u8 = (arg1[0]); let x49: u32 = (x47 + (x48 as u32)); let x50: u32 = (x46 + x49); let x51: u32 = (x45 + x50); let x52: u32 = (x43 + (x44 as u32)); let x53: u32 = (x42 + x52); let x54: u32 = (x41 + x53); let x55: u32 = (x39 + (x40 as u32)); let x56: u32 = (x38 + x55); let x57: u32 = (x37 + x56); let x58: u32 = (x35 + (x36 as u32)); let x59: u32 = (x34 + x58); let x60: u32 = (x33 + x59); let x61: u32 = (x31 + (x32 as u32)); let x62: u32 = (x30 + x61); let x63: u32 = (x29 + x62); let x64: u32 = (x27 + (x28 as u32)); let x65: u32 = (x26 + x64); let x66: u32 = (x25 + x65); let x67: u32 = (x23 + (x24 as u32)); let x68: u32 = (x22 + x67); let x69: u32 = (x21 + x68); let x70: u32 = (x19 + (x20 as u32)); let x71: u32 = (x18 + x70); let x72: u32 = (x17 + x71); let x73: u32 = (x15 + (x16 as u32)); let x74: u32 = (x14 + x73); let x75: u32 = (x13 + x74); let x76: u32 = (x11 + (x12 as u32)); let x77: u32 = (x10 + x76); let x78: u32 = (x9 + x77); let x79: u32 = (x7 + (x8 as u32)); let x80: u32 = (x6 + x79); let x81: u32 = (x5 + x80); let x82: u32 = (x3 + (x4 as u32)); let x83: u32 = (x2 + x82); let x84: u32 = (x1 + x83); out1[0] = x51; out1[1] = x54; out1[2] = x57; out1[3] = x60; out1[4] = x63; out1[5] = x66; out1[6] = x69; out1[7] = x72; out1[8] = x75; out1[9] = x78; out1[10] = x81; out1[11] = x84; } /// The function fiat_p384_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_set_one(out1: &mut fiat_p384_montgomery_domain_field_element) { out1[0] = (0x1 as u32); out1[1] = 0xffffffff; out1[2] = 0xffffffff; out1[3] = (0x0 as u32); out1[4] = (0x1 as u32); out1[5] = (0x0 as u32); out1[6] = (0x0 as u32); out1[7] = (0x0 as u32); out1[8] = (0x0 as u32); out1[9] = (0x0 as u32); out1[10] = (0x0 as u32); out1[11] = (0x0 as u32); } /// The function fiat_p384_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_msat(out1: &mut [u32; 13]) { out1[0] = 0xffffffff; out1[1] = (0x0 as u32); out1[2] = (0x0 as u32); out1[3] = 0xffffffff; out1[4] = 0xfffffffe; out1[5] = 0xffffffff; out1[6] = 0xffffffff; out1[7] = 0xffffffff; out1[8] = 0xffffffff; out1[9] = 0xffffffff; out1[10] = 0xffffffff; out1[11] = 0xffffffff; out1[12] = (0x0 as u32); } /// The function fiat_p384_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_divstep(out1: &mut u32, out2: &mut [u32; 13], out3: &mut [u32; 13], out4: &mut [u32; 12], out5: &mut [u32; 12], arg1: u32, arg2: &[u32; 13], arg3: &[u32; 13], arg4: &[u32; 12], arg5: &[u32; 12]) { let mut x1: u32 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_p384_u1 = (((x1 >> 31) as fiat_p384_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_p384_u1)); let mut x4: u32 = 0; let mut x5: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_p384_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_p384_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_p384_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_p384_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_p384_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_p384_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_p384_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_p384_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_p384_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_p384_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; fiat_p384_cmovznz_u32(&mut x16, x3, (arg2[9]), (arg3[9])); let mut x17: u32 = 0; fiat_p384_cmovznz_u32(&mut x17, x3, (arg2[10]), (arg3[10])); let mut x18: u32 = 0; fiat_p384_cmovznz_u32(&mut x18, x3, (arg2[11]), (arg3[11])); let mut x19: u32 = 0; fiat_p384_cmovznz_u32(&mut x19, x3, (arg2[12]), (arg3[12])); let mut x20: u32 = 0; let mut x21: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x20, &mut x21, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x22: u32 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[1]))); let mut x24: u32 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[2]))); let mut x26: u32 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[3]))); let mut x28: u32 = 0; let mut x29: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[4]))); let mut x30: u32 = 0; let mut x31: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[5]))); let mut x32: u32 = 0; let mut x33: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[6]))); let mut x34: u32 = 0; let mut x35: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x34, &mut x35, x33, (0x0 as u32), (!(arg2[7]))); let mut x36: u32 = 0; let mut x37: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x36, &mut x37, x35, (0x0 as u32), (!(arg2[8]))); let mut x38: u32 = 0; let mut x39: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x38, &mut x39, x37, (0x0 as u32), (!(arg2[9]))); let mut x40: u32 = 0; let mut x41: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x40, &mut x41, x39, (0x0 as u32), (!(arg2[10]))); let mut x42: u32 = 0; let mut x43: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), (!(arg2[11]))); let mut x44: u32 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x44, &mut x45, x43, (0x0 as u32), (!(arg2[12]))); let mut x46: u32 = 0; fiat_p384_cmovznz_u32(&mut x46, x3, (arg3[0]), x20); let mut x47: u32 = 0; fiat_p384_cmovznz_u32(&mut x47, x3, (arg3[1]), x22); let mut x48: u32 = 0; fiat_p384_cmovznz_u32(&mut x48, x3, (arg3[2]), x24); let mut x49: u32 = 0; fiat_p384_cmovznz_u32(&mut x49, x3, (arg3[3]), x26); let mut x50: u32 = 0; fiat_p384_cmovznz_u32(&mut x50, x3, (arg3[4]), x28); let mut x51: u32 = 0; fiat_p384_cmovznz_u32(&mut x51, x3, (arg3[5]), x30); let mut x52: u32 = 0; fiat_p384_cmovznz_u32(&mut x52, x3, (arg3[6]), x32); let mut x53: u32 = 0; fiat_p384_cmovznz_u32(&mut x53, x3, (arg3[7]), x34); let mut x54: u32 = 0; fiat_p384_cmovznz_u32(&mut x54, x3, (arg3[8]), x36); let mut x55: u32 = 0; fiat_p384_cmovznz_u32(&mut x55, x3, (arg3[9]), x38); let mut x56: u32 = 0; fiat_p384_cmovznz_u32(&mut x56, x3, (arg3[10]), x40); let mut x57: u32 = 0; fiat_p384_cmovznz_u32(&mut x57, x3, (arg3[11]), x42); let mut x58: u32 = 0; fiat_p384_cmovznz_u32(&mut x58, x3, (arg3[12]), x44); let mut x59: u32 = 0; fiat_p384_cmovznz_u32(&mut x59, x3, (arg4[0]), (arg5[0])); let mut x60: u32 = 0; fiat_p384_cmovznz_u32(&mut x60, x3, (arg4[1]), (arg5[1])); let mut x61: u32 = 0; fiat_p384_cmovznz_u32(&mut x61, x3, (arg4[2]), (arg5[2])); let mut x62: u32 = 0; fiat_p384_cmovznz_u32(&mut x62, x3, (arg4[3]), (arg5[3])); let mut x63: u32 = 0; fiat_p384_cmovznz_u32(&mut x63, x3, (arg4[4]), (arg5[4])); let mut x64: u32 = 0; fiat_p384_cmovznz_u32(&mut x64, x3, (arg4[5]), (arg5[5])); let mut x65: u32 = 0; fiat_p384_cmovznz_u32(&mut x65, x3, (arg4[6]), (arg5[6])); let mut x66: u32 = 0; fiat_p384_cmovznz_u32(&mut x66, x3, (arg4[7]), (arg5[7])); let mut x67: u32 = 0; fiat_p384_cmovznz_u32(&mut x67, x3, (arg4[8]), (arg5[8])); let mut x68: u32 = 0; fiat_p384_cmovznz_u32(&mut x68, x3, (arg4[9]), (arg5[9])); let mut x69: u32 = 0; fiat_p384_cmovznz_u32(&mut x69, x3, (arg4[10]), (arg5[10])); let mut x70: u32 = 0; fiat_p384_cmovznz_u32(&mut x70, x3, (arg4[11]), (arg5[11])); let mut x71: u32 = 0; let mut x72: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x71, &mut x72, 0x0, x59, x59); let mut x73: u32 = 0; let mut x74: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x73, &mut x74, x72, x60, x60); let mut x75: u32 = 0; let mut x76: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x75, &mut x76, x74, x61, x61); let mut x77: u32 = 0; let mut x78: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x77, &mut x78, x76, x62, x62); let mut x79: u32 = 0; let mut x80: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x79, &mut x80, x78, x63, x63); let mut x81: u32 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x81, &mut x82, x80, x64, x64); let mut x83: u32 = 0; let mut x84: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x83, &mut x84, x82, x65, x65); let mut x85: u32 = 0; let mut x86: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x85, &mut x86, x84, x66, x66); let mut x87: u32 = 0; let mut x88: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x87, &mut x88, x86, x67, x67); let mut x89: u32 = 0; let mut x90: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x89, &mut x90, x88, x68, x68); let mut x91: u32 = 0; let mut x92: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x91, &mut x92, x90, x69, x69); let mut x93: u32 = 0; let mut x94: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x93, &mut x94, x92, x70, x70); let mut x95: u32 = 0; let mut x96: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x95, &mut x96, 0x0, x71, 0xffffffff); let mut x97: u32 = 0; let mut x98: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x97, &mut x98, x96, x73, (0x0 as u32)); let mut x99: u32 = 0; let mut x100: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x99, &mut x100, x98, x75, (0x0 as u32)); let mut x101: u32 = 0; let mut x102: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x101, &mut x102, x100, x77, 0xffffffff); let mut x103: u32 = 0; let mut x104: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x103, &mut x104, x102, x79, 0xfffffffe); let mut x105: u32 = 0; let mut x106: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x105, &mut x106, x104, x81, 0xffffffff); let mut x107: u32 = 0; let mut x108: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x107, &mut x108, x106, x83, 0xffffffff); let mut x109: u32 = 0; let mut x110: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x109, &mut x110, x108, x85, 0xffffffff); let mut x111: u32 = 0; let mut x112: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x111, &mut x112, x110, x87, 0xffffffff); let mut x113: u32 = 0; let mut x114: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x113, &mut x114, x112, x89, 0xffffffff); let mut x115: u32 = 0; let mut x116: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x115, &mut x116, x114, x91, 0xffffffff); let mut x117: u32 = 0; let mut x118: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x117, &mut x118, x116, x93, 0xffffffff); let mut x119: u32 = 0; let mut x120: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x119, &mut x120, x118, (x94 as u32), (0x0 as u32)); let x121: u32 = (arg4[11]); let x122: u32 = (arg4[10]); let x123: u32 = (arg4[9]); let x124: u32 = (arg4[8]); let x125: u32 = (arg4[7]); let x126: u32 = (arg4[6]); let x127: u32 = (arg4[5]); let x128: u32 = (arg4[4]); let x129: u32 = (arg4[3]); let x130: u32 = (arg4[2]); let x131: u32 = (arg4[1]); let x132: u32 = (arg4[0]); let mut x133: u32 = 0; let mut x134: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x133, &mut x134, 0x0, (0x0 as u32), x132); let mut x135: u32 = 0; let mut x136: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x135, &mut x136, x134, (0x0 as u32), x131); let mut x137: u32 = 0; let mut x138: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x137, &mut x138, x136, (0x0 as u32), x130); let mut x139: u32 = 0; let mut x140: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x139, &mut x140, x138, (0x0 as u32), x129); let mut x141: u32 = 0; let mut x142: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x141, &mut x142, x140, (0x0 as u32), x128); let mut x143: u32 = 0; let mut x144: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x143, &mut x144, x142, (0x0 as u32), x127); let mut x145: u32 = 0; let mut x146: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x145, &mut x146, x144, (0x0 as u32), x126); let mut x147: u32 = 0; let mut x148: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x147, &mut x148, x146, (0x0 as u32), x125); let mut x149: u32 = 0; let mut x150: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x149, &mut x150, x148, (0x0 as u32), x124); let mut x151: u32 = 0; let mut x152: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x151, &mut x152, x150, (0x0 as u32), x123); let mut x153: u32 = 0; let mut x154: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x153, &mut x154, x152, (0x0 as u32), x122); let mut x155: u32 = 0; let mut x156: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x155, &mut x156, x154, (0x0 as u32), x121); let mut x157: u32 = 0; fiat_p384_cmovznz_u32(&mut x157, x156, (0x0 as u32), 0xffffffff); let mut x158: u32 = 0; let mut x159: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x158, &mut x159, 0x0, x133, x157); let mut x160: u32 = 0; let mut x161: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x160, &mut x161, x159, x135, (0x0 as u32)); let mut x162: u32 = 0; let mut x163: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x162, &mut x163, x161, x137, (0x0 as u32)); let mut x164: u32 = 0; let mut x165: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x164, &mut x165, x163, x139, x157); let mut x166: u32 = 0; let mut x167: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x166, &mut x167, x165, x141, (x157 & 0xfffffffe)); let mut x168: u32 = 0; let mut x169: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x168, &mut x169, x167, x143, x157); let mut x170: u32 = 0; let mut x171: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x170, &mut x171, x169, x145, x157); let mut x172: u32 = 0; let mut x173: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x172, &mut x173, x171, x147, x157); let mut x174: u32 = 0; let mut x175: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x174, &mut x175, x173, x149, x157); let mut x176: u32 = 0; let mut x177: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x176, &mut x177, x175, x151, x157); let mut x178: u32 = 0; let mut x179: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x178, &mut x179, x177, x153, x157); let mut x180: u32 = 0; let mut x181: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x180, &mut x181, x179, x155, x157); let mut x182: u32 = 0; fiat_p384_cmovznz_u32(&mut x182, x3, (arg5[0]), x158); let mut x183: u32 = 0; fiat_p384_cmovznz_u32(&mut x183, x3, (arg5[1]), x160); let mut x184: u32 = 0; fiat_p384_cmovznz_u32(&mut x184, x3, (arg5[2]), x162); let mut x185: u32 = 0; fiat_p384_cmovznz_u32(&mut x185, x3, (arg5[3]), x164); let mut x186: u32 = 0; fiat_p384_cmovznz_u32(&mut x186, x3, (arg5[4]), x166); let mut x187: u32 = 0; fiat_p384_cmovznz_u32(&mut x187, x3, (arg5[5]), x168); let mut x188: u32 = 0; fiat_p384_cmovznz_u32(&mut x188, x3, (arg5[6]), x170); let mut x189: u32 = 0; fiat_p384_cmovznz_u32(&mut x189, x3, (arg5[7]), x172); let mut x190: u32 = 0; fiat_p384_cmovznz_u32(&mut x190, x3, (arg5[8]), x174); let mut x191: u32 = 0; fiat_p384_cmovznz_u32(&mut x191, x3, (arg5[9]), x176); let mut x192: u32 = 0; fiat_p384_cmovznz_u32(&mut x192, x3, (arg5[10]), x178); let mut x193: u32 = 0; fiat_p384_cmovznz_u32(&mut x193, x3, (arg5[11]), x180); let x194: fiat_p384_u1 = ((x46 & (0x1 as u32)) as fiat_p384_u1); let mut x195: u32 = 0; fiat_p384_cmovznz_u32(&mut x195, x194, (0x0 as u32), x7); let mut x196: u32 = 0; fiat_p384_cmovznz_u32(&mut x196, x194, (0x0 as u32), x8); let mut x197: u32 = 0; fiat_p384_cmovznz_u32(&mut x197, x194, (0x0 as u32), x9); let mut x198: u32 = 0; fiat_p384_cmovznz_u32(&mut x198, x194, (0x0 as u32), x10); let mut x199: u32 = 0; fiat_p384_cmovznz_u32(&mut x199, x194, (0x0 as u32), x11); let mut x200: u32 = 0; fiat_p384_cmovznz_u32(&mut x200, x194, (0x0 as u32), x12); let mut x201: u32 = 0; fiat_p384_cmovznz_u32(&mut x201, x194, (0x0 as u32), x13); let mut x202: u32 = 0; fiat_p384_cmovznz_u32(&mut x202, x194, (0x0 as u32), x14); let mut x203: u32 = 0; fiat_p384_cmovznz_u32(&mut x203, x194, (0x0 as u32), x15); let mut x204: u32 = 0; fiat_p384_cmovznz_u32(&mut x204, x194, (0x0 as u32), x16); let mut x205: u32 = 0; fiat_p384_cmovznz_u32(&mut x205, x194, (0x0 as u32), x17); let mut x206: u32 = 0; fiat_p384_cmovznz_u32(&mut x206, x194, (0x0 as u32), x18); let mut x207: u32 = 0; fiat_p384_cmovznz_u32(&mut x207, x194, (0x0 as u32), x19); let mut x208: u32 = 0; let mut x209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x208, &mut x209, 0x0, x46, x195); let mut x210: u32 = 0; let mut x211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x210, &mut x211, x209, x47, x196); let mut x212: u32 = 0; let mut x213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x212, &mut x213, x211, x48, x197); let mut x214: u32 = 0; let mut x215: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x214, &mut x215, x213, x49, x198); let mut x216: u32 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x216, &mut x217, x215, x50, x199); let mut x218: u32 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x218, &mut x219, x217, x51, x200); let mut x220: u32 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x220, &mut x221, x219, x52, x201); let mut x222: u32 = 0; let mut x223: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x222, &mut x223, x221, x53, x202); let mut x224: u32 = 0; let mut x225: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x224, &mut x225, x223, x54, x203); let mut x226: u32 = 0; let mut x227: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x226, &mut x227, x225, x55, x204); let mut x228: u32 = 0; let mut x229: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x228, &mut x229, x227, x56, x205); let mut x230: u32 = 0; let mut x231: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x230, &mut x231, x229, x57, x206); let mut x232: u32 = 0; let mut x233: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x232, &mut x233, x231, x58, x207); let mut x234: u32 = 0; fiat_p384_cmovznz_u32(&mut x234, x194, (0x0 as u32), x59); let mut x235: u32 = 0; fiat_p384_cmovznz_u32(&mut x235, x194, (0x0 as u32), x60); let mut x236: u32 = 0; fiat_p384_cmovznz_u32(&mut x236, x194, (0x0 as u32), x61); let mut x237: u32 = 0; fiat_p384_cmovznz_u32(&mut x237, x194, (0x0 as u32), x62); let mut x238: u32 = 0; fiat_p384_cmovznz_u32(&mut x238, x194, (0x0 as u32), x63); let mut x239: u32 = 0; fiat_p384_cmovznz_u32(&mut x239, x194, (0x0 as u32), x64); let mut x240: u32 = 0; fiat_p384_cmovznz_u32(&mut x240, x194, (0x0 as u32), x65); let mut x241: u32 = 0; fiat_p384_cmovznz_u32(&mut x241, x194, (0x0 as u32), x66); let mut x242: u32 = 0; fiat_p384_cmovznz_u32(&mut x242, x194, (0x0 as u32), x67); let mut x243: u32 = 0; fiat_p384_cmovznz_u32(&mut x243, x194, (0x0 as u32), x68); let mut x244: u32 = 0; fiat_p384_cmovznz_u32(&mut x244, x194, (0x0 as u32), x69); let mut x245: u32 = 0; fiat_p384_cmovznz_u32(&mut x245, x194, (0x0 as u32), x70); let mut x246: u32 = 0; let mut x247: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x246, &mut x247, 0x0, x182, x234); let mut x248: u32 = 0; let mut x249: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x248, &mut x249, x247, x183, x235); let mut x250: u32 = 0; let mut x251: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x250, &mut x251, x249, x184, x236); let mut x252: u32 = 0; let mut x253: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x252, &mut x253, x251, x185, x237); let mut x254: u32 = 0; let mut x255: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x254, &mut x255, x253, x186, x238); let mut x256: u32 = 0; let mut x257: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x256, &mut x257, x255, x187, x239); let mut x258: u32 = 0; let mut x259: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x258, &mut x259, x257, x188, x240); let mut x260: u32 = 0; let mut x261: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x260, &mut x261, x259, x189, x241); let mut x262: u32 = 0; let mut x263: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x262, &mut x263, x261, x190, x242); let mut x264: u32 = 0; let mut x265: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x264, &mut x265, x263, x191, x243); let mut x266: u32 = 0; let mut x267: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x266, &mut x267, x265, x192, x244); let mut x268: u32 = 0; let mut x269: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x268, &mut x269, x267, x193, x245); let mut x270: u32 = 0; let mut x271: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x270, &mut x271, 0x0, x246, 0xffffffff); let mut x272: u32 = 0; let mut x273: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x272, &mut x273, x271, x248, (0x0 as u32)); let mut x274: u32 = 0; let mut x275: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x274, &mut x275, x273, x250, (0x0 as u32)); let mut x276: u32 = 0; let mut x277: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x276, &mut x277, x275, x252, 0xffffffff); let mut x278: u32 = 0; let mut x279: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x278, &mut x279, x277, x254, 0xfffffffe); let mut x280: u32 = 0; let mut x281: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x280, &mut x281, x279, x256, 0xffffffff); let mut x282: u32 = 0; let mut x283: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x282, &mut x283, x281, x258, 0xffffffff); let mut x284: u32 = 0; let mut x285: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x284, &mut x285, x283, x260, 0xffffffff); let mut x286: u32 = 0; let mut x287: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x286, &mut x287, x285, x262, 0xffffffff); let mut x288: u32 = 0; let mut x289: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x288, &mut x289, x287, x264, 0xffffffff); let mut x290: u32 = 0; let mut x291: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x290, &mut x291, x289, x266, 0xffffffff); let mut x292: u32 = 0; let mut x293: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x292, &mut x293, x291, x268, 0xffffffff); let mut x294: u32 = 0; let mut x295: fiat_p384_u1 = 0; fiat_p384_subborrowx_u32(&mut x294, &mut x295, x293, (x269 as u32), (0x0 as u32)); let mut x296: u32 = 0; let mut x297: fiat_p384_u1 = 0; fiat_p384_addcarryx_u32(&mut x296, &mut x297, 0x0, x6, (0x1 as u32)); let x298: u32 = ((x208 >> 1) | ((x210 << 31) & 0xffffffff)); let x299: u32 = ((x210 >> 1) | ((x212 << 31) & 0xffffffff)); let x300: u32 = ((x212 >> 1) | ((x214 << 31) & 0xffffffff)); let x301: u32 = ((x214 >> 1) | ((x216 << 31) & 0xffffffff)); let x302: u32 = ((x216 >> 1) | ((x218 << 31) & 0xffffffff)); let x303: u32 = ((x218 >> 1) | ((x220 << 31) & 0xffffffff)); let x304: u32 = ((x220 >> 1) | ((x222 << 31) & 0xffffffff)); let x305: u32 = ((x222 >> 1) | ((x224 << 31) & 0xffffffff)); let x306: u32 = ((x224 >> 1) | ((x226 << 31) & 0xffffffff)); let x307: u32 = ((x226 >> 1) | ((x228 << 31) & 0xffffffff)); let x308: u32 = ((x228 >> 1) | ((x230 << 31) & 0xffffffff)); let x309: u32 = ((x230 >> 1) | ((x232 << 31) & 0xffffffff)); let x310: u32 = ((x232 & 0x80000000) | (x232 >> 1)); let mut x311: u32 = 0; fiat_p384_cmovznz_u32(&mut x311, x120, x95, x71); let mut x312: u32 = 0; fiat_p384_cmovznz_u32(&mut x312, x120, x97, x73); let mut x313: u32 = 0; fiat_p384_cmovznz_u32(&mut x313, x120, x99, x75); let mut x314: u32 = 0; fiat_p384_cmovznz_u32(&mut x314, x120, x101, x77); let mut x315: u32 = 0; fiat_p384_cmovznz_u32(&mut x315, x120, x103, x79); let mut x316: u32 = 0; fiat_p384_cmovznz_u32(&mut x316, x120, x105, x81); let mut x317: u32 = 0; fiat_p384_cmovznz_u32(&mut x317, x120, x107, x83); let mut x318: u32 = 0; fiat_p384_cmovznz_u32(&mut x318, x120, x109, x85); let mut x319: u32 = 0; fiat_p384_cmovznz_u32(&mut x319, x120, x111, x87); let mut x320: u32 = 0; fiat_p384_cmovznz_u32(&mut x320, x120, x113, x89); let mut x321: u32 = 0; fiat_p384_cmovznz_u32(&mut x321, x120, x115, x91); let mut x322: u32 = 0; fiat_p384_cmovznz_u32(&mut x322, x120, x117, x93); let mut x323: u32 = 0; fiat_p384_cmovznz_u32(&mut x323, x295, x270, x246); let mut x324: u32 = 0; fiat_p384_cmovznz_u32(&mut x324, x295, x272, x248); let mut x325: u32 = 0; fiat_p384_cmovznz_u32(&mut x325, x295, x274, x250); let mut x326: u32 = 0; fiat_p384_cmovznz_u32(&mut x326, x295, x276, x252); let mut x327: u32 = 0; fiat_p384_cmovznz_u32(&mut x327, x295, x278, x254); let mut x328: u32 = 0; fiat_p384_cmovznz_u32(&mut x328, x295, x280, x256); let mut x329: u32 = 0; fiat_p384_cmovznz_u32(&mut x329, x295, x282, x258); let mut x330: u32 = 0; fiat_p384_cmovznz_u32(&mut x330, x295, x284, x260); let mut x331: u32 = 0; fiat_p384_cmovznz_u32(&mut x331, x295, x286, x262); let mut x332: u32 = 0; fiat_p384_cmovznz_u32(&mut x332, x295, x288, x264); let mut x333: u32 = 0; fiat_p384_cmovznz_u32(&mut x333, x295, x290, x266); let mut x334: u32 = 0; fiat_p384_cmovznz_u32(&mut x334, x295, x292, x268); *out1 = x296; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out2[9] = x16; out2[10] = x17; out2[11] = x18; out2[12] = x19; out3[0] = x298; out3[1] = x299; out3[2] = x300; out3[3] = x301; out3[4] = x302; out3[5] = x303; out3[6] = x304; out3[7] = x305; out3[8] = x306; out3[9] = x307; out3[10] = x308; out3[11] = x309; out3[12] = x310; out4[0] = x311; out4[1] = x312; out4[2] = x313; out4[3] = x314; out4[4] = x315; out4[5] = x316; out4[6] = x317; out4[7] = x318; out4[8] = x319; out4[9] = x320; out4[10] = x321; out4[11] = x322; out5[0] = x323; out5[1] = x324; out5[2] = x325; out5[3] = x326; out5[4] = x327; out5[5] = x328; out5[6] = x329; out5[7] = x330; out5[8] = x331; out5[9] = x332; out5[10] = x333; out5[11] = x334; } /// The function fiat_p384_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_divstep_precomp(out1: &mut [u32; 12]) { out1[0] = 0xfff18fff; out1[1] = 0xfff69400; out1[2] = 0xffffd3ff; out1[3] = 0x2b7fe; out1[4] = 0xfffe97ff; out1[5] = 0xfffedbff; out1[6] = 0x2fff; out1[7] = 0x28400; out1[8] = 0x50400; out1[9] = 0x60400; out1[10] = 0x38000; out1[11] = 0xfffc4800; } fiat-crypto-0.2.2/src/p384_64.rs000064400000000000000000004403171046102023000142430ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p384 64 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p384 //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in //! if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p384_u1 = u8; pub type fiat_p384_i1 = i8; pub type fiat_p384_u2 = u8; pub type fiat_p384_i2 = i8; /** The type fiat_p384_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_montgomery_domain_field_element(pub [u64; 6]); impl core::ops::Index for fiat_p384_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p384_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_non_montgomery_domain_field_element(pub [u64; 6]); impl core::ops::Index for fiat_p384_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p384_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p384_u1, arg1: fiat_p384_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p384_u1 = ((x1 >> 64) as fiat_p384_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p384_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p384_u1, arg1: fiat_p384_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p384_i1 = ((x1 >> 64) as fiat_p384_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p384_i2) - (x2 as fiat_p384_i2)) as fiat_p384_u1); } /// The function fiat_p384_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p384_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_cmovznz_u64(out1: &mut u64, arg1: fiat_p384_u1, arg2: u64, arg3: u64) { let x1: fiat_p384_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p384_i2) - (x1 as fiat_p384_i2)) as fiat_p384_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p384_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_mul(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_mulx_u64(&mut x7, &mut x8, x6, (arg2[5])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_mulx_u64(&mut x9, &mut x10, x6, (arg2[4])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_mulx_u64(&mut x11, &mut x12, x6, (arg2[3])); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_mulx_u64(&mut x13, &mut x14, x6, (arg2[2])); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_p384_mulx_u64(&mut x15, &mut x16, x6, (arg2[1])); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_p384_mulx_u64(&mut x17, &mut x18, x6, (arg2[0])); let mut x19: u64 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x25, &mut x26, x24, x12, x9); let mut x27: u64 = 0; let mut x28: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x27, &mut x28, x26, x10, x7); let x29: u64 = ((x28 as u64) + x8); let mut x30: u64 = 0; let mut x31: u64 = 0; fiat_p384_mulx_u64(&mut x30, &mut x31, x17, 0x100000001); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p384_mulx_u64(&mut x32, &mut x33, x30, 0xffffffffffffffff); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p384_mulx_u64(&mut x34, &mut x35, x30, 0xffffffffffffffff); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p384_mulx_u64(&mut x36, &mut x37, x30, 0xffffffffffffffff); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p384_mulx_u64(&mut x38, &mut x39, x30, 0xfffffffffffffffe); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p384_mulx_u64(&mut x40, &mut x41, x30, 0xffffffff00000000); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p384_mulx_u64(&mut x42, &mut x43, x30, 0xffffffff); let mut x44: u64 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x44, &mut x45, 0x0, x43, x40); let mut x46: u64 = 0; let mut x47: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x46, &mut x47, x45, x41, x38); let mut x48: u64 = 0; let mut x49: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x48, &mut x49, x47, x39, x36); let mut x50: u64 = 0; let mut x51: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x50, &mut x51, x49, x37, x34); let mut x52: u64 = 0; let mut x53: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x52, &mut x53, x51, x35, x32); let x54: u64 = ((x53 as u64) + x33); let mut x55: u64 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x55, &mut x56, 0x0, x17, x42); let mut x57: u64 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x57, &mut x58, x56, x19, x44); let mut x59: u64 = 0; let mut x60: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x59, &mut x60, x58, x21, x46); let mut x61: u64 = 0; let mut x62: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x61, &mut x62, x60, x23, x48); let mut x63: u64 = 0; let mut x64: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x63, &mut x64, x62, x25, x50); let mut x65: u64 = 0; let mut x66: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x65, &mut x66, x64, x27, x52); let mut x67: u64 = 0; let mut x68: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x67, &mut x68, x66, x29, x54); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p384_mulx_u64(&mut x69, &mut x70, x1, (arg2[5])); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p384_mulx_u64(&mut x71, &mut x72, x1, (arg2[4])); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p384_mulx_u64(&mut x73, &mut x74, x1, (arg2[3])); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p384_mulx_u64(&mut x75, &mut x76, x1, (arg2[2])); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p384_mulx_u64(&mut x77, &mut x78, x1, (arg2[1])); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_p384_mulx_u64(&mut x79, &mut x80, x1, (arg2[0])); let mut x81: u64 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x81, &mut x82, 0x0, x80, x77); let mut x83: u64 = 0; let mut x84: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x83, &mut x84, x82, x78, x75); let mut x85: u64 = 0; let mut x86: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x85, &mut x86, x84, x76, x73); let mut x87: u64 = 0; let mut x88: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x87, &mut x88, x86, x74, x71); let mut x89: u64 = 0; let mut x90: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x89, &mut x90, x88, x72, x69); let x91: u64 = ((x90 as u64) + x70); let mut x92: u64 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x92, &mut x93, 0x0, x57, x79); let mut x94: u64 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x94, &mut x95, x93, x59, x81); let mut x96: u64 = 0; let mut x97: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x96, &mut x97, x95, x61, x83); let mut x98: u64 = 0; let mut x99: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x98, &mut x99, x97, x63, x85); let mut x100: u64 = 0; let mut x101: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x100, &mut x101, x99, x65, x87); let mut x102: u64 = 0; let mut x103: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x102, &mut x103, x101, x67, x89); let mut x104: u64 = 0; let mut x105: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x104, &mut x105, x103, (x68 as u64), x91); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_mulx_u64(&mut x106, &mut x107, x92, 0x100000001); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_mulx_u64(&mut x108, &mut x109, x106, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_mulx_u64(&mut x110, &mut x111, x106, 0xffffffffffffffff); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_mulx_u64(&mut x112, &mut x113, x106, 0xffffffffffffffff); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_mulx_u64(&mut x114, &mut x115, x106, 0xfffffffffffffffe); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p384_mulx_u64(&mut x116, &mut x117, x106, 0xffffffff00000000); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p384_mulx_u64(&mut x118, &mut x119, x106, 0xffffffff); let mut x120: u64 = 0; let mut x121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u64 = 0; let mut x123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x122, &mut x123, x121, x117, x114); let mut x124: u64 = 0; let mut x125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x124, &mut x125, x123, x115, x112); let mut x126: u64 = 0; let mut x127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x126, &mut x127, x125, x113, x110); let mut x128: u64 = 0; let mut x129: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x128, &mut x129, x127, x111, x108); let x130: u64 = ((x129 as u64) + x109); let mut x131: u64 = 0; let mut x132: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x131, &mut x132, 0x0, x92, x118); let mut x133: u64 = 0; let mut x134: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x133, &mut x134, x132, x94, x120); let mut x135: u64 = 0; let mut x136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x135, &mut x136, x134, x96, x122); let mut x137: u64 = 0; let mut x138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x137, &mut x138, x136, x98, x124); let mut x139: u64 = 0; let mut x140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x139, &mut x140, x138, x100, x126); let mut x141: u64 = 0; let mut x142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x141, &mut x142, x140, x102, x128); let mut x143: u64 = 0; let mut x144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x143, &mut x144, x142, x104, x130); let x145: u64 = ((x144 as u64) + (x105 as u64)); let mut x146: u64 = 0; let mut x147: u64 = 0; fiat_p384_mulx_u64(&mut x146, &mut x147, x2, (arg2[5])); let mut x148: u64 = 0; let mut x149: u64 = 0; fiat_p384_mulx_u64(&mut x148, &mut x149, x2, (arg2[4])); let mut x150: u64 = 0; let mut x151: u64 = 0; fiat_p384_mulx_u64(&mut x150, &mut x151, x2, (arg2[3])); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_mulx_u64(&mut x152, &mut x153, x2, (arg2[2])); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_mulx_u64(&mut x154, &mut x155, x2, (arg2[1])); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_mulx_u64(&mut x156, &mut x157, x2, (arg2[0])); let mut x158: u64 = 0; let mut x159: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u64 = 0; let mut x161: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x160, &mut x161, x159, x155, x152); let mut x162: u64 = 0; let mut x163: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x162, &mut x163, x161, x153, x150); let mut x164: u64 = 0; let mut x165: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x164, &mut x165, x163, x151, x148); let mut x166: u64 = 0; let mut x167: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x166, &mut x167, x165, x149, x146); let x168: u64 = ((x167 as u64) + x147); let mut x169: u64 = 0; let mut x170: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x169, &mut x170, 0x0, x133, x156); let mut x171: u64 = 0; let mut x172: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x171, &mut x172, x170, x135, x158); let mut x173: u64 = 0; let mut x174: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x173, &mut x174, x172, x137, x160); let mut x175: u64 = 0; let mut x176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x175, &mut x176, x174, x139, x162); let mut x177: u64 = 0; let mut x178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x177, &mut x178, x176, x141, x164); let mut x179: u64 = 0; let mut x180: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x179, &mut x180, x178, x143, x166); let mut x181: u64 = 0; let mut x182: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x181, &mut x182, x180, x145, x168); let mut x183: u64 = 0; let mut x184: u64 = 0; fiat_p384_mulx_u64(&mut x183, &mut x184, x169, 0x100000001); let mut x185: u64 = 0; let mut x186: u64 = 0; fiat_p384_mulx_u64(&mut x185, &mut x186, x183, 0xffffffffffffffff); let mut x187: u64 = 0; let mut x188: u64 = 0; fiat_p384_mulx_u64(&mut x187, &mut x188, x183, 0xffffffffffffffff); let mut x189: u64 = 0; let mut x190: u64 = 0; fiat_p384_mulx_u64(&mut x189, &mut x190, x183, 0xffffffffffffffff); let mut x191: u64 = 0; let mut x192: u64 = 0; fiat_p384_mulx_u64(&mut x191, &mut x192, x183, 0xfffffffffffffffe); let mut x193: u64 = 0; let mut x194: u64 = 0; fiat_p384_mulx_u64(&mut x193, &mut x194, x183, 0xffffffff00000000); let mut x195: u64 = 0; let mut x196: u64 = 0; fiat_p384_mulx_u64(&mut x195, &mut x196, x183, 0xffffffff); let mut x197: u64 = 0; let mut x198: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x197, &mut x198, 0x0, x196, x193); let mut x199: u64 = 0; let mut x200: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x199, &mut x200, x198, x194, x191); let mut x201: u64 = 0; let mut x202: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x201, &mut x202, x200, x192, x189); let mut x203: u64 = 0; let mut x204: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x203, &mut x204, x202, x190, x187); let mut x205: u64 = 0; let mut x206: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x205, &mut x206, x204, x188, x185); let x207: u64 = ((x206 as u64) + x186); let mut x208: u64 = 0; let mut x209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x208, &mut x209, 0x0, x169, x195); let mut x210: u64 = 0; let mut x211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x210, &mut x211, x209, x171, x197); let mut x212: u64 = 0; let mut x213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x212, &mut x213, x211, x173, x199); let mut x214: u64 = 0; let mut x215: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x214, &mut x215, x213, x175, x201); let mut x216: u64 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x216, &mut x217, x215, x177, x203); let mut x218: u64 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x218, &mut x219, x217, x179, x205); let mut x220: u64 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x220, &mut x221, x219, x181, x207); let x222: u64 = ((x221 as u64) + (x182 as u64)); let mut x223: u64 = 0; let mut x224: u64 = 0; fiat_p384_mulx_u64(&mut x223, &mut x224, x3, (arg2[5])); let mut x225: u64 = 0; let mut x226: u64 = 0; fiat_p384_mulx_u64(&mut x225, &mut x226, x3, (arg2[4])); let mut x227: u64 = 0; let mut x228: u64 = 0; fiat_p384_mulx_u64(&mut x227, &mut x228, x3, (arg2[3])); let mut x229: u64 = 0; let mut x230: u64 = 0; fiat_p384_mulx_u64(&mut x229, &mut x230, x3, (arg2[2])); let mut x231: u64 = 0; let mut x232: u64 = 0; fiat_p384_mulx_u64(&mut x231, &mut x232, x3, (arg2[1])); let mut x233: u64 = 0; let mut x234: u64 = 0; fiat_p384_mulx_u64(&mut x233, &mut x234, x3, (arg2[0])); let mut x235: u64 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u64 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x237, &mut x238, x236, x232, x229); let mut x239: u64 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x239, &mut x240, x238, x230, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x241, &mut x242, x240, x228, x225); let mut x243: u64 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x243, &mut x244, x242, x226, x223); let x245: u64 = ((x244 as u64) + x224); let mut x246: u64 = 0; let mut x247: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x246, &mut x247, 0x0, x210, x233); let mut x248: u64 = 0; let mut x249: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x248, &mut x249, x247, x212, x235); let mut x250: u64 = 0; let mut x251: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x250, &mut x251, x249, x214, x237); let mut x252: u64 = 0; let mut x253: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x252, &mut x253, x251, x216, x239); let mut x254: u64 = 0; let mut x255: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x254, &mut x255, x253, x218, x241); let mut x256: u64 = 0; let mut x257: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x256, &mut x257, x255, x220, x243); let mut x258: u64 = 0; let mut x259: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x258, &mut x259, x257, x222, x245); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_mulx_u64(&mut x260, &mut x261, x246, 0x100000001); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_mulx_u64(&mut x262, &mut x263, x260, 0xffffffffffffffff); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_mulx_u64(&mut x264, &mut x265, x260, 0xffffffffffffffff); let mut x266: u64 = 0; let mut x267: u64 = 0; fiat_p384_mulx_u64(&mut x266, &mut x267, x260, 0xffffffffffffffff); let mut x268: u64 = 0; let mut x269: u64 = 0; fiat_p384_mulx_u64(&mut x268, &mut x269, x260, 0xfffffffffffffffe); let mut x270: u64 = 0; let mut x271: u64 = 0; fiat_p384_mulx_u64(&mut x270, &mut x271, x260, 0xffffffff00000000); let mut x272: u64 = 0; let mut x273: u64 = 0; fiat_p384_mulx_u64(&mut x272, &mut x273, x260, 0xffffffff); let mut x274: u64 = 0; let mut x275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x274, &mut x275, 0x0, x273, x270); let mut x276: u64 = 0; let mut x277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x276, &mut x277, x275, x271, x268); let mut x278: u64 = 0; let mut x279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x278, &mut x279, x277, x269, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x280, &mut x281, x279, x267, x264); let mut x282: u64 = 0; let mut x283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x282, &mut x283, x281, x265, x262); let x284: u64 = ((x283 as u64) + x263); let mut x285: u64 = 0; let mut x286: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x285, &mut x286, 0x0, x246, x272); let mut x287: u64 = 0; let mut x288: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x287, &mut x288, x286, x248, x274); let mut x289: u64 = 0; let mut x290: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x289, &mut x290, x288, x250, x276); let mut x291: u64 = 0; let mut x292: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x291, &mut x292, x290, x252, x278); let mut x293: u64 = 0; let mut x294: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x293, &mut x294, x292, x254, x280); let mut x295: u64 = 0; let mut x296: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x295, &mut x296, x294, x256, x282); let mut x297: u64 = 0; let mut x298: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x297, &mut x298, x296, x258, x284); let x299: u64 = ((x298 as u64) + (x259 as u64)); let mut x300: u64 = 0; let mut x301: u64 = 0; fiat_p384_mulx_u64(&mut x300, &mut x301, x4, (arg2[5])); let mut x302: u64 = 0; let mut x303: u64 = 0; fiat_p384_mulx_u64(&mut x302, &mut x303, x4, (arg2[4])); let mut x304: u64 = 0; let mut x305: u64 = 0; fiat_p384_mulx_u64(&mut x304, &mut x305, x4, (arg2[3])); let mut x306: u64 = 0; let mut x307: u64 = 0; fiat_p384_mulx_u64(&mut x306, &mut x307, x4, (arg2[2])); let mut x308: u64 = 0; let mut x309: u64 = 0; fiat_p384_mulx_u64(&mut x308, &mut x309, x4, (arg2[1])); let mut x310: u64 = 0; let mut x311: u64 = 0; fiat_p384_mulx_u64(&mut x310, &mut x311, x4, (arg2[0])); let mut x312: u64 = 0; let mut x313: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u64 = 0; let mut x315: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x314, &mut x315, x313, x309, x306); let mut x316: u64 = 0; let mut x317: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x316, &mut x317, x315, x307, x304); let mut x318: u64 = 0; let mut x319: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x318, &mut x319, x317, x305, x302); let mut x320: u64 = 0; let mut x321: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x320, &mut x321, x319, x303, x300); let x322: u64 = ((x321 as u64) + x301); let mut x323: u64 = 0; let mut x324: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x323, &mut x324, 0x0, x287, x310); let mut x325: u64 = 0; let mut x326: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x325, &mut x326, x324, x289, x312); let mut x327: u64 = 0; let mut x328: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x327, &mut x328, x326, x291, x314); let mut x329: u64 = 0; let mut x330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x329, &mut x330, x328, x293, x316); let mut x331: u64 = 0; let mut x332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x331, &mut x332, x330, x295, x318); let mut x333: u64 = 0; let mut x334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x333, &mut x334, x332, x297, x320); let mut x335: u64 = 0; let mut x336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x335, &mut x336, x334, x299, x322); let mut x337: u64 = 0; let mut x338: u64 = 0; fiat_p384_mulx_u64(&mut x337, &mut x338, x323, 0x100000001); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p384_mulx_u64(&mut x339, &mut x340, x337, 0xffffffffffffffff); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p384_mulx_u64(&mut x341, &mut x342, x337, 0xffffffffffffffff); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p384_mulx_u64(&mut x343, &mut x344, x337, 0xffffffffffffffff); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p384_mulx_u64(&mut x345, &mut x346, x337, 0xfffffffffffffffe); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p384_mulx_u64(&mut x347, &mut x348, x337, 0xffffffff00000000); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p384_mulx_u64(&mut x349, &mut x350, x337, 0xffffffff); let mut x351: u64 = 0; let mut x352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x351, &mut x352, 0x0, x350, x347); let mut x353: u64 = 0; let mut x354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x353, &mut x354, x352, x348, x345); let mut x355: u64 = 0; let mut x356: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x355, &mut x356, x354, x346, x343); let mut x357: u64 = 0; let mut x358: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x357, &mut x358, x356, x344, x341); let mut x359: u64 = 0; let mut x360: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x359, &mut x360, x358, x342, x339); let x361: u64 = ((x360 as u64) + x340); let mut x362: u64 = 0; let mut x363: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x362, &mut x363, 0x0, x323, x349); let mut x364: u64 = 0; let mut x365: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x364, &mut x365, x363, x325, x351); let mut x366: u64 = 0; let mut x367: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x366, &mut x367, x365, x327, x353); let mut x368: u64 = 0; let mut x369: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x368, &mut x369, x367, x329, x355); let mut x370: u64 = 0; let mut x371: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x370, &mut x371, x369, x331, x357); let mut x372: u64 = 0; let mut x373: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x372, &mut x373, x371, x333, x359); let mut x374: u64 = 0; let mut x375: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x374, &mut x375, x373, x335, x361); let x376: u64 = ((x375 as u64) + (x336 as u64)); let mut x377: u64 = 0; let mut x378: u64 = 0; fiat_p384_mulx_u64(&mut x377, &mut x378, x5, (arg2[5])); let mut x379: u64 = 0; let mut x380: u64 = 0; fiat_p384_mulx_u64(&mut x379, &mut x380, x5, (arg2[4])); let mut x381: u64 = 0; let mut x382: u64 = 0; fiat_p384_mulx_u64(&mut x381, &mut x382, x5, (arg2[3])); let mut x383: u64 = 0; let mut x384: u64 = 0; fiat_p384_mulx_u64(&mut x383, &mut x384, x5, (arg2[2])); let mut x385: u64 = 0; let mut x386: u64 = 0; fiat_p384_mulx_u64(&mut x385, &mut x386, x5, (arg2[1])); let mut x387: u64 = 0; let mut x388: u64 = 0; fiat_p384_mulx_u64(&mut x387, &mut x388, x5, (arg2[0])); let mut x389: u64 = 0; let mut x390: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x389, &mut x390, 0x0, x388, x385); let mut x391: u64 = 0; let mut x392: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x391, &mut x392, x390, x386, x383); let mut x393: u64 = 0; let mut x394: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x393, &mut x394, x392, x384, x381); let mut x395: u64 = 0; let mut x396: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x395, &mut x396, x394, x382, x379); let mut x397: u64 = 0; let mut x398: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x397, &mut x398, x396, x380, x377); let x399: u64 = ((x398 as u64) + x378); let mut x400: u64 = 0; let mut x401: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x400, &mut x401, 0x0, x364, x387); let mut x402: u64 = 0; let mut x403: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x402, &mut x403, x401, x366, x389); let mut x404: u64 = 0; let mut x405: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x404, &mut x405, x403, x368, x391); let mut x406: u64 = 0; let mut x407: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x406, &mut x407, x405, x370, x393); let mut x408: u64 = 0; let mut x409: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x408, &mut x409, x407, x372, x395); let mut x410: u64 = 0; let mut x411: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x410, &mut x411, x409, x374, x397); let mut x412: u64 = 0; let mut x413: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x412, &mut x413, x411, x376, x399); let mut x414: u64 = 0; let mut x415: u64 = 0; fiat_p384_mulx_u64(&mut x414, &mut x415, x400, 0x100000001); let mut x416: u64 = 0; let mut x417: u64 = 0; fiat_p384_mulx_u64(&mut x416, &mut x417, x414, 0xffffffffffffffff); let mut x418: u64 = 0; let mut x419: u64 = 0; fiat_p384_mulx_u64(&mut x418, &mut x419, x414, 0xffffffffffffffff); let mut x420: u64 = 0; let mut x421: u64 = 0; fiat_p384_mulx_u64(&mut x420, &mut x421, x414, 0xffffffffffffffff); let mut x422: u64 = 0; let mut x423: u64 = 0; fiat_p384_mulx_u64(&mut x422, &mut x423, x414, 0xfffffffffffffffe); let mut x424: u64 = 0; let mut x425: u64 = 0; fiat_p384_mulx_u64(&mut x424, &mut x425, x414, 0xffffffff00000000); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p384_mulx_u64(&mut x426, &mut x427, x414, 0xffffffff); let mut x428: u64 = 0; let mut x429: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x428, &mut x429, 0x0, x427, x424); let mut x430: u64 = 0; let mut x431: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x430, &mut x431, x429, x425, x422); let mut x432: u64 = 0; let mut x433: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x432, &mut x433, x431, x423, x420); let mut x434: u64 = 0; let mut x435: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x434, &mut x435, x433, x421, x418); let mut x436: u64 = 0; let mut x437: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x436, &mut x437, x435, x419, x416); let x438: u64 = ((x437 as u64) + x417); let mut x439: u64 = 0; let mut x440: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x439, &mut x440, 0x0, x400, x426); let mut x441: u64 = 0; let mut x442: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x441, &mut x442, x440, x402, x428); let mut x443: u64 = 0; let mut x444: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x443, &mut x444, x442, x404, x430); let mut x445: u64 = 0; let mut x446: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x445, &mut x446, x444, x406, x432); let mut x447: u64 = 0; let mut x448: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x447, &mut x448, x446, x408, x434); let mut x449: u64 = 0; let mut x450: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x449, &mut x450, x448, x410, x436); let mut x451: u64 = 0; let mut x452: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x451, &mut x452, x450, x412, x438); let x453: u64 = ((x452 as u64) + (x413 as u64)); let mut x454: u64 = 0; let mut x455: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x454, &mut x455, 0x0, x441, 0xffffffff); let mut x456: u64 = 0; let mut x457: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x456, &mut x457, x455, x443, 0xffffffff00000000); let mut x458: u64 = 0; let mut x459: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x458, &mut x459, x457, x445, 0xfffffffffffffffe); let mut x460: u64 = 0; let mut x461: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x460, &mut x461, x459, x447, 0xffffffffffffffff); let mut x462: u64 = 0; let mut x463: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x462, &mut x463, x461, x449, 0xffffffffffffffff); let mut x464: u64 = 0; let mut x465: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x464, &mut x465, x463, x451, 0xffffffffffffffff); let mut x466: u64 = 0; let mut x467: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x466, &mut x467, x465, x453, (0x0 as u64)); let mut x468: u64 = 0; fiat_p384_cmovznz_u64(&mut x468, x467, x454, x441); let mut x469: u64 = 0; fiat_p384_cmovznz_u64(&mut x469, x467, x456, x443); let mut x470: u64 = 0; fiat_p384_cmovznz_u64(&mut x470, x467, x458, x445); let mut x471: u64 = 0; fiat_p384_cmovznz_u64(&mut x471, x467, x460, x447); let mut x472: u64 = 0; fiat_p384_cmovznz_u64(&mut x472, x467, x462, x449); let mut x473: u64 = 0; fiat_p384_cmovznz_u64(&mut x473, x467, x464, x451); out1[0] = x468; out1[1] = x469; out1[2] = x470; out1[3] = x471; out1[4] = x472; out1[5] = x473; } /// The function fiat_p384_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_square(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_mulx_u64(&mut x7, &mut x8, x6, (arg1[5])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_mulx_u64(&mut x9, &mut x10, x6, (arg1[4])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_mulx_u64(&mut x11, &mut x12, x6, (arg1[3])); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_mulx_u64(&mut x13, &mut x14, x6, (arg1[2])); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_p384_mulx_u64(&mut x15, &mut x16, x6, (arg1[1])); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_p384_mulx_u64(&mut x17, &mut x18, x6, (arg1[0])); let mut x19: u64 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x25, &mut x26, x24, x12, x9); let mut x27: u64 = 0; let mut x28: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x27, &mut x28, x26, x10, x7); let x29: u64 = ((x28 as u64) + x8); let mut x30: u64 = 0; let mut x31: u64 = 0; fiat_p384_mulx_u64(&mut x30, &mut x31, x17, 0x100000001); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p384_mulx_u64(&mut x32, &mut x33, x30, 0xffffffffffffffff); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p384_mulx_u64(&mut x34, &mut x35, x30, 0xffffffffffffffff); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p384_mulx_u64(&mut x36, &mut x37, x30, 0xffffffffffffffff); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p384_mulx_u64(&mut x38, &mut x39, x30, 0xfffffffffffffffe); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p384_mulx_u64(&mut x40, &mut x41, x30, 0xffffffff00000000); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p384_mulx_u64(&mut x42, &mut x43, x30, 0xffffffff); let mut x44: u64 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x44, &mut x45, 0x0, x43, x40); let mut x46: u64 = 0; let mut x47: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x46, &mut x47, x45, x41, x38); let mut x48: u64 = 0; let mut x49: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x48, &mut x49, x47, x39, x36); let mut x50: u64 = 0; let mut x51: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x50, &mut x51, x49, x37, x34); let mut x52: u64 = 0; let mut x53: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x52, &mut x53, x51, x35, x32); let x54: u64 = ((x53 as u64) + x33); let mut x55: u64 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x55, &mut x56, 0x0, x17, x42); let mut x57: u64 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x57, &mut x58, x56, x19, x44); let mut x59: u64 = 0; let mut x60: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x59, &mut x60, x58, x21, x46); let mut x61: u64 = 0; let mut x62: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x61, &mut x62, x60, x23, x48); let mut x63: u64 = 0; let mut x64: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x63, &mut x64, x62, x25, x50); let mut x65: u64 = 0; let mut x66: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x65, &mut x66, x64, x27, x52); let mut x67: u64 = 0; let mut x68: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x67, &mut x68, x66, x29, x54); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p384_mulx_u64(&mut x69, &mut x70, x1, (arg1[5])); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p384_mulx_u64(&mut x71, &mut x72, x1, (arg1[4])); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p384_mulx_u64(&mut x73, &mut x74, x1, (arg1[3])); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p384_mulx_u64(&mut x75, &mut x76, x1, (arg1[2])); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p384_mulx_u64(&mut x77, &mut x78, x1, (arg1[1])); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_p384_mulx_u64(&mut x79, &mut x80, x1, (arg1[0])); let mut x81: u64 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x81, &mut x82, 0x0, x80, x77); let mut x83: u64 = 0; let mut x84: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x83, &mut x84, x82, x78, x75); let mut x85: u64 = 0; let mut x86: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x85, &mut x86, x84, x76, x73); let mut x87: u64 = 0; let mut x88: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x87, &mut x88, x86, x74, x71); let mut x89: u64 = 0; let mut x90: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x89, &mut x90, x88, x72, x69); let x91: u64 = ((x90 as u64) + x70); let mut x92: u64 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x92, &mut x93, 0x0, x57, x79); let mut x94: u64 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x94, &mut x95, x93, x59, x81); let mut x96: u64 = 0; let mut x97: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x96, &mut x97, x95, x61, x83); let mut x98: u64 = 0; let mut x99: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x98, &mut x99, x97, x63, x85); let mut x100: u64 = 0; let mut x101: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x100, &mut x101, x99, x65, x87); let mut x102: u64 = 0; let mut x103: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x102, &mut x103, x101, x67, x89); let mut x104: u64 = 0; let mut x105: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x104, &mut x105, x103, (x68 as u64), x91); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_mulx_u64(&mut x106, &mut x107, x92, 0x100000001); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_mulx_u64(&mut x108, &mut x109, x106, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_mulx_u64(&mut x110, &mut x111, x106, 0xffffffffffffffff); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_mulx_u64(&mut x112, &mut x113, x106, 0xffffffffffffffff); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_mulx_u64(&mut x114, &mut x115, x106, 0xfffffffffffffffe); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p384_mulx_u64(&mut x116, &mut x117, x106, 0xffffffff00000000); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p384_mulx_u64(&mut x118, &mut x119, x106, 0xffffffff); let mut x120: u64 = 0; let mut x121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u64 = 0; let mut x123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x122, &mut x123, x121, x117, x114); let mut x124: u64 = 0; let mut x125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x124, &mut x125, x123, x115, x112); let mut x126: u64 = 0; let mut x127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x126, &mut x127, x125, x113, x110); let mut x128: u64 = 0; let mut x129: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x128, &mut x129, x127, x111, x108); let x130: u64 = ((x129 as u64) + x109); let mut x131: u64 = 0; let mut x132: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x131, &mut x132, 0x0, x92, x118); let mut x133: u64 = 0; let mut x134: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x133, &mut x134, x132, x94, x120); let mut x135: u64 = 0; let mut x136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x135, &mut x136, x134, x96, x122); let mut x137: u64 = 0; let mut x138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x137, &mut x138, x136, x98, x124); let mut x139: u64 = 0; let mut x140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x139, &mut x140, x138, x100, x126); let mut x141: u64 = 0; let mut x142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x141, &mut x142, x140, x102, x128); let mut x143: u64 = 0; let mut x144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x143, &mut x144, x142, x104, x130); let x145: u64 = ((x144 as u64) + (x105 as u64)); let mut x146: u64 = 0; let mut x147: u64 = 0; fiat_p384_mulx_u64(&mut x146, &mut x147, x2, (arg1[5])); let mut x148: u64 = 0; let mut x149: u64 = 0; fiat_p384_mulx_u64(&mut x148, &mut x149, x2, (arg1[4])); let mut x150: u64 = 0; let mut x151: u64 = 0; fiat_p384_mulx_u64(&mut x150, &mut x151, x2, (arg1[3])); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_mulx_u64(&mut x152, &mut x153, x2, (arg1[2])); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_mulx_u64(&mut x154, &mut x155, x2, (arg1[1])); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_mulx_u64(&mut x156, &mut x157, x2, (arg1[0])); let mut x158: u64 = 0; let mut x159: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u64 = 0; let mut x161: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x160, &mut x161, x159, x155, x152); let mut x162: u64 = 0; let mut x163: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x162, &mut x163, x161, x153, x150); let mut x164: u64 = 0; let mut x165: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x164, &mut x165, x163, x151, x148); let mut x166: u64 = 0; let mut x167: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x166, &mut x167, x165, x149, x146); let x168: u64 = ((x167 as u64) + x147); let mut x169: u64 = 0; let mut x170: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x169, &mut x170, 0x0, x133, x156); let mut x171: u64 = 0; let mut x172: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x171, &mut x172, x170, x135, x158); let mut x173: u64 = 0; let mut x174: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x173, &mut x174, x172, x137, x160); let mut x175: u64 = 0; let mut x176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x175, &mut x176, x174, x139, x162); let mut x177: u64 = 0; let mut x178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x177, &mut x178, x176, x141, x164); let mut x179: u64 = 0; let mut x180: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x179, &mut x180, x178, x143, x166); let mut x181: u64 = 0; let mut x182: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x181, &mut x182, x180, x145, x168); let mut x183: u64 = 0; let mut x184: u64 = 0; fiat_p384_mulx_u64(&mut x183, &mut x184, x169, 0x100000001); let mut x185: u64 = 0; let mut x186: u64 = 0; fiat_p384_mulx_u64(&mut x185, &mut x186, x183, 0xffffffffffffffff); let mut x187: u64 = 0; let mut x188: u64 = 0; fiat_p384_mulx_u64(&mut x187, &mut x188, x183, 0xffffffffffffffff); let mut x189: u64 = 0; let mut x190: u64 = 0; fiat_p384_mulx_u64(&mut x189, &mut x190, x183, 0xffffffffffffffff); let mut x191: u64 = 0; let mut x192: u64 = 0; fiat_p384_mulx_u64(&mut x191, &mut x192, x183, 0xfffffffffffffffe); let mut x193: u64 = 0; let mut x194: u64 = 0; fiat_p384_mulx_u64(&mut x193, &mut x194, x183, 0xffffffff00000000); let mut x195: u64 = 0; let mut x196: u64 = 0; fiat_p384_mulx_u64(&mut x195, &mut x196, x183, 0xffffffff); let mut x197: u64 = 0; let mut x198: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x197, &mut x198, 0x0, x196, x193); let mut x199: u64 = 0; let mut x200: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x199, &mut x200, x198, x194, x191); let mut x201: u64 = 0; let mut x202: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x201, &mut x202, x200, x192, x189); let mut x203: u64 = 0; let mut x204: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x203, &mut x204, x202, x190, x187); let mut x205: u64 = 0; let mut x206: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x205, &mut x206, x204, x188, x185); let x207: u64 = ((x206 as u64) + x186); let mut x208: u64 = 0; let mut x209: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x208, &mut x209, 0x0, x169, x195); let mut x210: u64 = 0; let mut x211: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x210, &mut x211, x209, x171, x197); let mut x212: u64 = 0; let mut x213: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x212, &mut x213, x211, x173, x199); let mut x214: u64 = 0; let mut x215: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x214, &mut x215, x213, x175, x201); let mut x216: u64 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x216, &mut x217, x215, x177, x203); let mut x218: u64 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x218, &mut x219, x217, x179, x205); let mut x220: u64 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x220, &mut x221, x219, x181, x207); let x222: u64 = ((x221 as u64) + (x182 as u64)); let mut x223: u64 = 0; let mut x224: u64 = 0; fiat_p384_mulx_u64(&mut x223, &mut x224, x3, (arg1[5])); let mut x225: u64 = 0; let mut x226: u64 = 0; fiat_p384_mulx_u64(&mut x225, &mut x226, x3, (arg1[4])); let mut x227: u64 = 0; let mut x228: u64 = 0; fiat_p384_mulx_u64(&mut x227, &mut x228, x3, (arg1[3])); let mut x229: u64 = 0; let mut x230: u64 = 0; fiat_p384_mulx_u64(&mut x229, &mut x230, x3, (arg1[2])); let mut x231: u64 = 0; let mut x232: u64 = 0; fiat_p384_mulx_u64(&mut x231, &mut x232, x3, (arg1[1])); let mut x233: u64 = 0; let mut x234: u64 = 0; fiat_p384_mulx_u64(&mut x233, &mut x234, x3, (arg1[0])); let mut x235: u64 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u64 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x237, &mut x238, x236, x232, x229); let mut x239: u64 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x239, &mut x240, x238, x230, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x241, &mut x242, x240, x228, x225); let mut x243: u64 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x243, &mut x244, x242, x226, x223); let x245: u64 = ((x244 as u64) + x224); let mut x246: u64 = 0; let mut x247: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x246, &mut x247, 0x0, x210, x233); let mut x248: u64 = 0; let mut x249: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x248, &mut x249, x247, x212, x235); let mut x250: u64 = 0; let mut x251: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x250, &mut x251, x249, x214, x237); let mut x252: u64 = 0; let mut x253: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x252, &mut x253, x251, x216, x239); let mut x254: u64 = 0; let mut x255: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x254, &mut x255, x253, x218, x241); let mut x256: u64 = 0; let mut x257: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x256, &mut x257, x255, x220, x243); let mut x258: u64 = 0; let mut x259: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x258, &mut x259, x257, x222, x245); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_mulx_u64(&mut x260, &mut x261, x246, 0x100000001); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_mulx_u64(&mut x262, &mut x263, x260, 0xffffffffffffffff); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_mulx_u64(&mut x264, &mut x265, x260, 0xffffffffffffffff); let mut x266: u64 = 0; let mut x267: u64 = 0; fiat_p384_mulx_u64(&mut x266, &mut x267, x260, 0xffffffffffffffff); let mut x268: u64 = 0; let mut x269: u64 = 0; fiat_p384_mulx_u64(&mut x268, &mut x269, x260, 0xfffffffffffffffe); let mut x270: u64 = 0; let mut x271: u64 = 0; fiat_p384_mulx_u64(&mut x270, &mut x271, x260, 0xffffffff00000000); let mut x272: u64 = 0; let mut x273: u64 = 0; fiat_p384_mulx_u64(&mut x272, &mut x273, x260, 0xffffffff); let mut x274: u64 = 0; let mut x275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x274, &mut x275, 0x0, x273, x270); let mut x276: u64 = 0; let mut x277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x276, &mut x277, x275, x271, x268); let mut x278: u64 = 0; let mut x279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x278, &mut x279, x277, x269, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x280, &mut x281, x279, x267, x264); let mut x282: u64 = 0; let mut x283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x282, &mut x283, x281, x265, x262); let x284: u64 = ((x283 as u64) + x263); let mut x285: u64 = 0; let mut x286: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x285, &mut x286, 0x0, x246, x272); let mut x287: u64 = 0; let mut x288: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x287, &mut x288, x286, x248, x274); let mut x289: u64 = 0; let mut x290: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x289, &mut x290, x288, x250, x276); let mut x291: u64 = 0; let mut x292: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x291, &mut x292, x290, x252, x278); let mut x293: u64 = 0; let mut x294: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x293, &mut x294, x292, x254, x280); let mut x295: u64 = 0; let mut x296: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x295, &mut x296, x294, x256, x282); let mut x297: u64 = 0; let mut x298: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x297, &mut x298, x296, x258, x284); let x299: u64 = ((x298 as u64) + (x259 as u64)); let mut x300: u64 = 0; let mut x301: u64 = 0; fiat_p384_mulx_u64(&mut x300, &mut x301, x4, (arg1[5])); let mut x302: u64 = 0; let mut x303: u64 = 0; fiat_p384_mulx_u64(&mut x302, &mut x303, x4, (arg1[4])); let mut x304: u64 = 0; let mut x305: u64 = 0; fiat_p384_mulx_u64(&mut x304, &mut x305, x4, (arg1[3])); let mut x306: u64 = 0; let mut x307: u64 = 0; fiat_p384_mulx_u64(&mut x306, &mut x307, x4, (arg1[2])); let mut x308: u64 = 0; let mut x309: u64 = 0; fiat_p384_mulx_u64(&mut x308, &mut x309, x4, (arg1[1])); let mut x310: u64 = 0; let mut x311: u64 = 0; fiat_p384_mulx_u64(&mut x310, &mut x311, x4, (arg1[0])); let mut x312: u64 = 0; let mut x313: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u64 = 0; let mut x315: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x314, &mut x315, x313, x309, x306); let mut x316: u64 = 0; let mut x317: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x316, &mut x317, x315, x307, x304); let mut x318: u64 = 0; let mut x319: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x318, &mut x319, x317, x305, x302); let mut x320: u64 = 0; let mut x321: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x320, &mut x321, x319, x303, x300); let x322: u64 = ((x321 as u64) + x301); let mut x323: u64 = 0; let mut x324: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x323, &mut x324, 0x0, x287, x310); let mut x325: u64 = 0; let mut x326: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x325, &mut x326, x324, x289, x312); let mut x327: u64 = 0; let mut x328: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x327, &mut x328, x326, x291, x314); let mut x329: u64 = 0; let mut x330: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x329, &mut x330, x328, x293, x316); let mut x331: u64 = 0; let mut x332: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x331, &mut x332, x330, x295, x318); let mut x333: u64 = 0; let mut x334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x333, &mut x334, x332, x297, x320); let mut x335: u64 = 0; let mut x336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x335, &mut x336, x334, x299, x322); let mut x337: u64 = 0; let mut x338: u64 = 0; fiat_p384_mulx_u64(&mut x337, &mut x338, x323, 0x100000001); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p384_mulx_u64(&mut x339, &mut x340, x337, 0xffffffffffffffff); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p384_mulx_u64(&mut x341, &mut x342, x337, 0xffffffffffffffff); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p384_mulx_u64(&mut x343, &mut x344, x337, 0xffffffffffffffff); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p384_mulx_u64(&mut x345, &mut x346, x337, 0xfffffffffffffffe); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p384_mulx_u64(&mut x347, &mut x348, x337, 0xffffffff00000000); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p384_mulx_u64(&mut x349, &mut x350, x337, 0xffffffff); let mut x351: u64 = 0; let mut x352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x351, &mut x352, 0x0, x350, x347); let mut x353: u64 = 0; let mut x354: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x353, &mut x354, x352, x348, x345); let mut x355: u64 = 0; let mut x356: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x355, &mut x356, x354, x346, x343); let mut x357: u64 = 0; let mut x358: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x357, &mut x358, x356, x344, x341); let mut x359: u64 = 0; let mut x360: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x359, &mut x360, x358, x342, x339); let x361: u64 = ((x360 as u64) + x340); let mut x362: u64 = 0; let mut x363: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x362, &mut x363, 0x0, x323, x349); let mut x364: u64 = 0; let mut x365: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x364, &mut x365, x363, x325, x351); let mut x366: u64 = 0; let mut x367: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x366, &mut x367, x365, x327, x353); let mut x368: u64 = 0; let mut x369: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x368, &mut x369, x367, x329, x355); let mut x370: u64 = 0; let mut x371: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x370, &mut x371, x369, x331, x357); let mut x372: u64 = 0; let mut x373: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x372, &mut x373, x371, x333, x359); let mut x374: u64 = 0; let mut x375: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x374, &mut x375, x373, x335, x361); let x376: u64 = ((x375 as u64) + (x336 as u64)); let mut x377: u64 = 0; let mut x378: u64 = 0; fiat_p384_mulx_u64(&mut x377, &mut x378, x5, (arg1[5])); let mut x379: u64 = 0; let mut x380: u64 = 0; fiat_p384_mulx_u64(&mut x379, &mut x380, x5, (arg1[4])); let mut x381: u64 = 0; let mut x382: u64 = 0; fiat_p384_mulx_u64(&mut x381, &mut x382, x5, (arg1[3])); let mut x383: u64 = 0; let mut x384: u64 = 0; fiat_p384_mulx_u64(&mut x383, &mut x384, x5, (arg1[2])); let mut x385: u64 = 0; let mut x386: u64 = 0; fiat_p384_mulx_u64(&mut x385, &mut x386, x5, (arg1[1])); let mut x387: u64 = 0; let mut x388: u64 = 0; fiat_p384_mulx_u64(&mut x387, &mut x388, x5, (arg1[0])); let mut x389: u64 = 0; let mut x390: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x389, &mut x390, 0x0, x388, x385); let mut x391: u64 = 0; let mut x392: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x391, &mut x392, x390, x386, x383); let mut x393: u64 = 0; let mut x394: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x393, &mut x394, x392, x384, x381); let mut x395: u64 = 0; let mut x396: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x395, &mut x396, x394, x382, x379); let mut x397: u64 = 0; let mut x398: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x397, &mut x398, x396, x380, x377); let x399: u64 = ((x398 as u64) + x378); let mut x400: u64 = 0; let mut x401: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x400, &mut x401, 0x0, x364, x387); let mut x402: u64 = 0; let mut x403: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x402, &mut x403, x401, x366, x389); let mut x404: u64 = 0; let mut x405: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x404, &mut x405, x403, x368, x391); let mut x406: u64 = 0; let mut x407: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x406, &mut x407, x405, x370, x393); let mut x408: u64 = 0; let mut x409: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x408, &mut x409, x407, x372, x395); let mut x410: u64 = 0; let mut x411: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x410, &mut x411, x409, x374, x397); let mut x412: u64 = 0; let mut x413: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x412, &mut x413, x411, x376, x399); let mut x414: u64 = 0; let mut x415: u64 = 0; fiat_p384_mulx_u64(&mut x414, &mut x415, x400, 0x100000001); let mut x416: u64 = 0; let mut x417: u64 = 0; fiat_p384_mulx_u64(&mut x416, &mut x417, x414, 0xffffffffffffffff); let mut x418: u64 = 0; let mut x419: u64 = 0; fiat_p384_mulx_u64(&mut x418, &mut x419, x414, 0xffffffffffffffff); let mut x420: u64 = 0; let mut x421: u64 = 0; fiat_p384_mulx_u64(&mut x420, &mut x421, x414, 0xffffffffffffffff); let mut x422: u64 = 0; let mut x423: u64 = 0; fiat_p384_mulx_u64(&mut x422, &mut x423, x414, 0xfffffffffffffffe); let mut x424: u64 = 0; let mut x425: u64 = 0; fiat_p384_mulx_u64(&mut x424, &mut x425, x414, 0xffffffff00000000); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p384_mulx_u64(&mut x426, &mut x427, x414, 0xffffffff); let mut x428: u64 = 0; let mut x429: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x428, &mut x429, 0x0, x427, x424); let mut x430: u64 = 0; let mut x431: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x430, &mut x431, x429, x425, x422); let mut x432: u64 = 0; let mut x433: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x432, &mut x433, x431, x423, x420); let mut x434: u64 = 0; let mut x435: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x434, &mut x435, x433, x421, x418); let mut x436: u64 = 0; let mut x437: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x436, &mut x437, x435, x419, x416); let x438: u64 = ((x437 as u64) + x417); let mut x439: u64 = 0; let mut x440: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x439, &mut x440, 0x0, x400, x426); let mut x441: u64 = 0; let mut x442: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x441, &mut x442, x440, x402, x428); let mut x443: u64 = 0; let mut x444: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x443, &mut x444, x442, x404, x430); let mut x445: u64 = 0; let mut x446: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x445, &mut x446, x444, x406, x432); let mut x447: u64 = 0; let mut x448: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x447, &mut x448, x446, x408, x434); let mut x449: u64 = 0; let mut x450: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x449, &mut x450, x448, x410, x436); let mut x451: u64 = 0; let mut x452: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x451, &mut x452, x450, x412, x438); let x453: u64 = ((x452 as u64) + (x413 as u64)); let mut x454: u64 = 0; let mut x455: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x454, &mut x455, 0x0, x441, 0xffffffff); let mut x456: u64 = 0; let mut x457: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x456, &mut x457, x455, x443, 0xffffffff00000000); let mut x458: u64 = 0; let mut x459: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x458, &mut x459, x457, x445, 0xfffffffffffffffe); let mut x460: u64 = 0; let mut x461: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x460, &mut x461, x459, x447, 0xffffffffffffffff); let mut x462: u64 = 0; let mut x463: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x462, &mut x463, x461, x449, 0xffffffffffffffff); let mut x464: u64 = 0; let mut x465: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x464, &mut x465, x463, x451, 0xffffffffffffffff); let mut x466: u64 = 0; let mut x467: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x466, &mut x467, x465, x453, (0x0 as u64)); let mut x468: u64 = 0; fiat_p384_cmovznz_u64(&mut x468, x467, x454, x441); let mut x469: u64 = 0; fiat_p384_cmovznz_u64(&mut x469, x467, x456, x443); let mut x470: u64 = 0; fiat_p384_cmovznz_u64(&mut x470, x467, x458, x445); let mut x471: u64 = 0; fiat_p384_cmovznz_u64(&mut x471, x467, x460, x447); let mut x472: u64 = 0; fiat_p384_cmovznz_u64(&mut x472, x467, x462, x449); let mut x473: u64 = 0; fiat_p384_cmovznz_u64(&mut x473, x467, x464, x451); out1[0] = x468; out1[1] = x469; out1[2] = x470; out1[3] = x471; out1[4] = x472; out1[5] = x473; } /// The function fiat_p384_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_add(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; let mut x14: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x13, &mut x14, 0x0, x1, 0xffffffff); let mut x15: u64 = 0; let mut x16: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x15, &mut x16, x14, x3, 0xffffffff00000000); let mut x17: u64 = 0; let mut x18: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x17, &mut x18, x16, x5, 0xfffffffffffffffe); let mut x19: u64 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x19, &mut x20, x18, x7, 0xffffffffffffffff); let mut x21: u64 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x21, &mut x22, x20, x9, 0xffffffffffffffff); let mut x23: u64 = 0; let mut x24: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x23, &mut x24, x22, x11, 0xffffffffffffffff); let mut x25: u64 = 0; let mut x26: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x25, &mut x26, x24, (x12 as u64), (0x0 as u64)); let mut x27: u64 = 0; fiat_p384_cmovznz_u64(&mut x27, x26, x13, x1); let mut x28: u64 = 0; fiat_p384_cmovznz_u64(&mut x28, x26, x15, x3); let mut x29: u64 = 0; fiat_p384_cmovznz_u64(&mut x29, x26, x17, x5); let mut x30: u64 = 0; fiat_p384_cmovznz_u64(&mut x30, x26, x19, x7); let mut x31: u64 = 0; fiat_p384_cmovznz_u64(&mut x31, x26, x21, x9); let mut x32: u64 = 0; fiat_p384_cmovznz_u64(&mut x32, x26, x23, x11); out1[0] = x27; out1[1] = x28; out1[2] = x29; out1[3] = x30; out1[4] = x31; out1[5] = x32; } /// The function fiat_p384_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_sub(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element, arg2: &fiat_p384_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; fiat_p384_cmovznz_u64(&mut x13, x12, (0x0 as u64), 0xffffffffffffffff); let mut x14: u64 = 0; let mut x15: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x14, &mut x15, 0x0, x1, (x13 & 0xffffffff)); let mut x16: u64 = 0; let mut x17: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x16, &mut x17, x15, x3, (x13 & 0xffffffff00000000)); let mut x18: u64 = 0; let mut x19: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x18, &mut x19, x17, x5, (x13 & 0xfffffffffffffffe)); let mut x20: u64 = 0; let mut x21: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x20, &mut x21, x19, x7, x13); let mut x22: u64 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x22, &mut x23, x21, x9, x13); let mut x24: u64 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x24, &mut x25, x23, x11, x13); out1[0] = x14; out1[1] = x16; out1[2] = x18; out1[3] = x20; out1[4] = x22; out1[5] = x24; } /// The function fiat_p384_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_opp(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x9, &mut x10, x8, (0x0 as u64), (arg1[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x11, &mut x12, x10, (0x0 as u64), (arg1[5])); let mut x13: u64 = 0; fiat_p384_cmovznz_u64(&mut x13, x12, (0x0 as u64), 0xffffffffffffffff); let mut x14: u64 = 0; let mut x15: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x14, &mut x15, 0x0, x1, (x13 & 0xffffffff)); let mut x16: u64 = 0; let mut x17: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x16, &mut x17, x15, x3, (x13 & 0xffffffff00000000)); let mut x18: u64 = 0; let mut x19: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x18, &mut x19, x17, x5, (x13 & 0xfffffffffffffffe)); let mut x20: u64 = 0; let mut x21: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x20, &mut x21, x19, x7, x13); let mut x22: u64 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x22, &mut x23, x21, x9, x13); let mut x24: u64 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x24, &mut x25, x23, x11, x13); out1[0] = x14; out1[1] = x16; out1[2] = x18; out1[3] = x20; out1[4] = x22; out1[5] = x24; } /// The function fiat_p384_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_from_montgomery(out1: &mut fiat_p384_non_montgomery_domain_field_element, arg1: &fiat_p384_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p384_mulx_u64(&mut x2, &mut x3, x1, 0x100000001); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p384_mulx_u64(&mut x4, &mut x5, x2, 0xffffffffffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p384_mulx_u64(&mut x6, &mut x7, x2, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p384_mulx_u64(&mut x8, &mut x9, x2, 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p384_mulx_u64(&mut x10, &mut x11, x2, 0xfffffffffffffffe); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p384_mulx_u64(&mut x12, &mut x13, x2, 0xffffffff00000000); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p384_mulx_u64(&mut x14, &mut x15, x2, 0xffffffff); let mut x16: u64 = 0; let mut x17: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x16, &mut x17, 0x0, x15, x12); let mut x18: u64 = 0; let mut x19: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x18, &mut x19, x17, x13, x10); let mut x20: u64 = 0; let mut x21: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x20, &mut x21, x19, x11, x8); let mut x22: u64 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x22, &mut x23, x21, x9, x6); let mut x24: u64 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x24, &mut x25, x23, x7, x4); let mut x26: u64 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x26, &mut x27, 0x0, x1, x14); let mut x28: u64 = 0; let mut x29: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x28, &mut x29, x27, (0x0 as u64), x16); let mut x30: u64 = 0; let mut x31: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x30, &mut x31, x29, (0x0 as u64), x18); let mut x32: u64 = 0; let mut x33: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x32, &mut x33, x31, (0x0 as u64), x20); let mut x34: u64 = 0; let mut x35: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x34, &mut x35, x33, (0x0 as u64), x22); let mut x36: u64 = 0; let mut x37: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x36, &mut x37, x35, (0x0 as u64), x24); let mut x38: u64 = 0; let mut x39: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x38, &mut x39, x37, (0x0 as u64), ((x25 as u64) + x5)); let mut x40: u64 = 0; let mut x41: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x40, &mut x41, 0x0, x28, (arg1[1])); let mut x42: u64 = 0; let mut x43: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x42, &mut x43, x41, x30, (0x0 as u64)); let mut x44: u64 = 0; let mut x45: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x44, &mut x45, x43, x32, (0x0 as u64)); let mut x46: u64 = 0; let mut x47: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x46, &mut x47, x45, x34, (0x0 as u64)); let mut x48: u64 = 0; let mut x49: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x48, &mut x49, x47, x36, (0x0 as u64)); let mut x50: u64 = 0; let mut x51: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x50, &mut x51, x49, x38, (0x0 as u64)); let mut x52: u64 = 0; let mut x53: u64 = 0; fiat_p384_mulx_u64(&mut x52, &mut x53, x40, 0x100000001); let mut x54: u64 = 0; let mut x55: u64 = 0; fiat_p384_mulx_u64(&mut x54, &mut x55, x52, 0xffffffffffffffff); let mut x56: u64 = 0; let mut x57: u64 = 0; fiat_p384_mulx_u64(&mut x56, &mut x57, x52, 0xffffffffffffffff); let mut x58: u64 = 0; let mut x59: u64 = 0; fiat_p384_mulx_u64(&mut x58, &mut x59, x52, 0xffffffffffffffff); let mut x60: u64 = 0; let mut x61: u64 = 0; fiat_p384_mulx_u64(&mut x60, &mut x61, x52, 0xfffffffffffffffe); let mut x62: u64 = 0; let mut x63: u64 = 0; fiat_p384_mulx_u64(&mut x62, &mut x63, x52, 0xffffffff00000000); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p384_mulx_u64(&mut x64, &mut x65, x52, 0xffffffff); let mut x66: u64 = 0; let mut x67: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x66, &mut x67, 0x0, x65, x62); let mut x68: u64 = 0; let mut x69: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x68, &mut x69, x67, x63, x60); let mut x70: u64 = 0; let mut x71: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x70, &mut x71, x69, x61, x58); let mut x72: u64 = 0; let mut x73: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x72, &mut x73, x71, x59, x56); let mut x74: u64 = 0; let mut x75: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x74, &mut x75, x73, x57, x54); let mut x76: u64 = 0; let mut x77: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x76, &mut x77, 0x0, x40, x64); let mut x78: u64 = 0; let mut x79: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x78, &mut x79, x77, x42, x66); let mut x80: u64 = 0; let mut x81: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x80, &mut x81, x79, x44, x68); let mut x82: u64 = 0; let mut x83: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x82, &mut x83, x81, x46, x70); let mut x84: u64 = 0; let mut x85: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x84, &mut x85, x83, x48, x72); let mut x86: u64 = 0; let mut x87: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x86, &mut x87, x85, x50, x74); let mut x88: u64 = 0; let mut x89: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x88, &mut x89, x87, ((x51 as u64) + (x39 as u64)), ((x75 as u64) + x55)); let mut x90: u64 = 0; let mut x91: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x90, &mut x91, 0x0, x78, (arg1[2])); let mut x92: u64 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x92, &mut x93, x91, x80, (0x0 as u64)); let mut x94: u64 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x94, &mut x95, x93, x82, (0x0 as u64)); let mut x96: u64 = 0; let mut x97: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x96, &mut x97, x95, x84, (0x0 as u64)); let mut x98: u64 = 0; let mut x99: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x98, &mut x99, x97, x86, (0x0 as u64)); let mut x100: u64 = 0; let mut x101: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x100, &mut x101, x99, x88, (0x0 as u64)); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_p384_mulx_u64(&mut x102, &mut x103, x90, 0x100000001); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_p384_mulx_u64(&mut x104, &mut x105, x102, 0xffffffffffffffff); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_mulx_u64(&mut x106, &mut x107, x102, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_mulx_u64(&mut x108, &mut x109, x102, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_mulx_u64(&mut x110, &mut x111, x102, 0xfffffffffffffffe); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_mulx_u64(&mut x112, &mut x113, x102, 0xffffffff00000000); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_mulx_u64(&mut x114, &mut x115, x102, 0xffffffff); let mut x116: u64 = 0; let mut x117: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x116, &mut x117, 0x0, x115, x112); let mut x118: u64 = 0; let mut x119: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x118, &mut x119, x117, x113, x110); let mut x120: u64 = 0; let mut x121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x120, &mut x121, x119, x111, x108); let mut x122: u64 = 0; let mut x123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x122, &mut x123, x121, x109, x106); let mut x124: u64 = 0; let mut x125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x124, &mut x125, x123, x107, x104); let mut x126: u64 = 0; let mut x127: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x126, &mut x127, 0x0, x90, x114); let mut x128: u64 = 0; let mut x129: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x128, &mut x129, x127, x92, x116); let mut x130: u64 = 0; let mut x131: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x130, &mut x131, x129, x94, x118); let mut x132: u64 = 0; let mut x133: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x132, &mut x133, x131, x96, x120); let mut x134: u64 = 0; let mut x135: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x134, &mut x135, x133, x98, x122); let mut x136: u64 = 0; let mut x137: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x136, &mut x137, x135, x100, x124); let mut x138: u64 = 0; let mut x139: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x138, &mut x139, x137, ((x101 as u64) + (x89 as u64)), ((x125 as u64) + x105)); let mut x140: u64 = 0; let mut x141: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x140, &mut x141, 0x0, x128, (arg1[3])); let mut x142: u64 = 0; let mut x143: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x142, &mut x143, x141, x130, (0x0 as u64)); let mut x144: u64 = 0; let mut x145: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x144, &mut x145, x143, x132, (0x0 as u64)); let mut x146: u64 = 0; let mut x147: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x146, &mut x147, x145, x134, (0x0 as u64)); let mut x148: u64 = 0; let mut x149: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x148, &mut x149, x147, x136, (0x0 as u64)); let mut x150: u64 = 0; let mut x151: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x150, &mut x151, x149, x138, (0x0 as u64)); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_mulx_u64(&mut x152, &mut x153, x140, 0x100000001); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_mulx_u64(&mut x154, &mut x155, x152, 0xffffffffffffffff); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_mulx_u64(&mut x156, &mut x157, x152, 0xffffffffffffffff); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p384_mulx_u64(&mut x158, &mut x159, x152, 0xffffffffffffffff); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_p384_mulx_u64(&mut x160, &mut x161, x152, 0xfffffffffffffffe); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_p384_mulx_u64(&mut x162, &mut x163, x152, 0xffffffff00000000); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_p384_mulx_u64(&mut x164, &mut x165, x152, 0xffffffff); let mut x166: u64 = 0; let mut x167: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x166, &mut x167, 0x0, x165, x162); let mut x168: u64 = 0; let mut x169: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x168, &mut x169, x167, x163, x160); let mut x170: u64 = 0; let mut x171: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x170, &mut x171, x169, x161, x158); let mut x172: u64 = 0; let mut x173: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x172, &mut x173, x171, x159, x156); let mut x174: u64 = 0; let mut x175: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x174, &mut x175, x173, x157, x154); let mut x176: u64 = 0; let mut x177: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x176, &mut x177, 0x0, x140, x164); let mut x178: u64 = 0; let mut x179: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x178, &mut x179, x177, x142, x166); let mut x180: u64 = 0; let mut x181: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x180, &mut x181, x179, x144, x168); let mut x182: u64 = 0; let mut x183: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x182, &mut x183, x181, x146, x170); let mut x184: u64 = 0; let mut x185: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x184, &mut x185, x183, x148, x172); let mut x186: u64 = 0; let mut x187: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x186, &mut x187, x185, x150, x174); let mut x188: u64 = 0; let mut x189: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x188, &mut x189, x187, ((x151 as u64) + (x139 as u64)), ((x175 as u64) + x155)); let mut x190: u64 = 0; let mut x191: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x190, &mut x191, 0x0, x178, (arg1[4])); let mut x192: u64 = 0; let mut x193: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x192, &mut x193, x191, x180, (0x0 as u64)); let mut x194: u64 = 0; let mut x195: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x194, &mut x195, x193, x182, (0x0 as u64)); let mut x196: u64 = 0; let mut x197: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x196, &mut x197, x195, x184, (0x0 as u64)); let mut x198: u64 = 0; let mut x199: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x198, &mut x199, x197, x186, (0x0 as u64)); let mut x200: u64 = 0; let mut x201: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x200, &mut x201, x199, x188, (0x0 as u64)); let mut x202: u64 = 0; let mut x203: u64 = 0; fiat_p384_mulx_u64(&mut x202, &mut x203, x190, 0x100000001); let mut x204: u64 = 0; let mut x205: u64 = 0; fiat_p384_mulx_u64(&mut x204, &mut x205, x202, 0xffffffffffffffff); let mut x206: u64 = 0; let mut x207: u64 = 0; fiat_p384_mulx_u64(&mut x206, &mut x207, x202, 0xffffffffffffffff); let mut x208: u64 = 0; let mut x209: u64 = 0; fiat_p384_mulx_u64(&mut x208, &mut x209, x202, 0xffffffffffffffff); let mut x210: u64 = 0; let mut x211: u64 = 0; fiat_p384_mulx_u64(&mut x210, &mut x211, x202, 0xfffffffffffffffe); let mut x212: u64 = 0; let mut x213: u64 = 0; fiat_p384_mulx_u64(&mut x212, &mut x213, x202, 0xffffffff00000000); let mut x214: u64 = 0; let mut x215: u64 = 0; fiat_p384_mulx_u64(&mut x214, &mut x215, x202, 0xffffffff); let mut x216: u64 = 0; let mut x217: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x216, &mut x217, 0x0, x215, x212); let mut x218: u64 = 0; let mut x219: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x218, &mut x219, x217, x213, x210); let mut x220: u64 = 0; let mut x221: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x220, &mut x221, x219, x211, x208); let mut x222: u64 = 0; let mut x223: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x222, &mut x223, x221, x209, x206); let mut x224: u64 = 0; let mut x225: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x224, &mut x225, x223, x207, x204); let mut x226: u64 = 0; let mut x227: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x226, &mut x227, 0x0, x190, x214); let mut x228: u64 = 0; let mut x229: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x228, &mut x229, x227, x192, x216); let mut x230: u64 = 0; let mut x231: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x230, &mut x231, x229, x194, x218); let mut x232: u64 = 0; let mut x233: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x232, &mut x233, x231, x196, x220); let mut x234: u64 = 0; let mut x235: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x234, &mut x235, x233, x198, x222); let mut x236: u64 = 0; let mut x237: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x236, &mut x237, x235, x200, x224); let mut x238: u64 = 0; let mut x239: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x238, &mut x239, x237, ((x201 as u64) + (x189 as u64)), ((x225 as u64) + x205)); let mut x240: u64 = 0; let mut x241: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x240, &mut x241, 0x0, x228, (arg1[5])); let mut x242: u64 = 0; let mut x243: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x242, &mut x243, x241, x230, (0x0 as u64)); let mut x244: u64 = 0; let mut x245: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x244, &mut x245, x243, x232, (0x0 as u64)); let mut x246: u64 = 0; let mut x247: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x246, &mut x247, x245, x234, (0x0 as u64)); let mut x248: u64 = 0; let mut x249: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x248, &mut x249, x247, x236, (0x0 as u64)); let mut x250: u64 = 0; let mut x251: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x250, &mut x251, x249, x238, (0x0 as u64)); let mut x252: u64 = 0; let mut x253: u64 = 0; fiat_p384_mulx_u64(&mut x252, &mut x253, x240, 0x100000001); let mut x254: u64 = 0; let mut x255: u64 = 0; fiat_p384_mulx_u64(&mut x254, &mut x255, x252, 0xffffffffffffffff); let mut x256: u64 = 0; let mut x257: u64 = 0; fiat_p384_mulx_u64(&mut x256, &mut x257, x252, 0xffffffffffffffff); let mut x258: u64 = 0; let mut x259: u64 = 0; fiat_p384_mulx_u64(&mut x258, &mut x259, x252, 0xffffffffffffffff); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_mulx_u64(&mut x260, &mut x261, x252, 0xfffffffffffffffe); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_mulx_u64(&mut x262, &mut x263, x252, 0xffffffff00000000); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_mulx_u64(&mut x264, &mut x265, x252, 0xffffffff); let mut x266: u64 = 0; let mut x267: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x266, &mut x267, 0x0, x265, x262); let mut x268: u64 = 0; let mut x269: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x268, &mut x269, x267, x263, x260); let mut x270: u64 = 0; let mut x271: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x270, &mut x271, x269, x261, x258); let mut x272: u64 = 0; let mut x273: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x272, &mut x273, x271, x259, x256); let mut x274: u64 = 0; let mut x275: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x274, &mut x275, x273, x257, x254); let mut x276: u64 = 0; let mut x277: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x276, &mut x277, 0x0, x240, x264); let mut x278: u64 = 0; let mut x279: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x278, &mut x279, x277, x242, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x280, &mut x281, x279, x244, x268); let mut x282: u64 = 0; let mut x283: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x282, &mut x283, x281, x246, x270); let mut x284: u64 = 0; let mut x285: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x284, &mut x285, x283, x248, x272); let mut x286: u64 = 0; let mut x287: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x286, &mut x287, x285, x250, x274); let mut x288: u64 = 0; let mut x289: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x288, &mut x289, x287, ((x251 as u64) + (x239 as u64)), ((x275 as u64) + x255)); let mut x290: u64 = 0; let mut x291: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x290, &mut x291, 0x0, x278, 0xffffffff); let mut x292: u64 = 0; let mut x293: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x292, &mut x293, x291, x280, 0xffffffff00000000); let mut x294: u64 = 0; let mut x295: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x294, &mut x295, x293, x282, 0xfffffffffffffffe); let mut x296: u64 = 0; let mut x297: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x296, &mut x297, x295, x284, 0xffffffffffffffff); let mut x298: u64 = 0; let mut x299: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x298, &mut x299, x297, x286, 0xffffffffffffffff); let mut x300: u64 = 0; let mut x301: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x300, &mut x301, x299, x288, 0xffffffffffffffff); let mut x302: u64 = 0; let mut x303: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x302, &mut x303, x301, (x289 as u64), (0x0 as u64)); let mut x304: u64 = 0; fiat_p384_cmovznz_u64(&mut x304, x303, x290, x278); let mut x305: u64 = 0; fiat_p384_cmovznz_u64(&mut x305, x303, x292, x280); let mut x306: u64 = 0; fiat_p384_cmovznz_u64(&mut x306, x303, x294, x282); let mut x307: u64 = 0; fiat_p384_cmovznz_u64(&mut x307, x303, x296, x284); let mut x308: u64 = 0; fiat_p384_cmovznz_u64(&mut x308, x303, x298, x286); let mut x309: u64 = 0; fiat_p384_cmovznz_u64(&mut x309, x303, x300, x288); out1[0] = x304; out1[1] = x305; out1[2] = x306; out1[3] = x307; out1[4] = x308; out1[5] = x309; } /// The function fiat_p384_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_to_montgomery(out1: &mut fiat_p384_montgomery_domain_field_element, arg1: &fiat_p384_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_mulx_u64(&mut x7, &mut x8, x6, 0x200000000); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_mulx_u64(&mut x9, &mut x10, x6, 0xfffffffe00000000); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_mulx_u64(&mut x11, &mut x12, x6, 0x200000000); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_mulx_u64(&mut x13, &mut x14, x6, 0xfffffffe00000001); let mut x15: u64 = 0; let mut x16: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x15, &mut x16, 0x0, x14, x11); let mut x17: u64 = 0; let mut x18: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x17, &mut x18, x16, x12, x9); let mut x19: u64 = 0; let mut x20: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x19, &mut x20, x18, x10, x7); let mut x21: u64 = 0; let mut x22: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x21, &mut x22, x20, x8, x6); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_p384_mulx_u64(&mut x23, &mut x24, x13, 0x100000001); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_p384_mulx_u64(&mut x25, &mut x26, x23, 0xffffffffffffffff); let mut x27: u64 = 0; let mut x28: u64 = 0; fiat_p384_mulx_u64(&mut x27, &mut x28, x23, 0xffffffffffffffff); let mut x29: u64 = 0; let mut x30: u64 = 0; fiat_p384_mulx_u64(&mut x29, &mut x30, x23, 0xffffffffffffffff); let mut x31: u64 = 0; let mut x32: u64 = 0; fiat_p384_mulx_u64(&mut x31, &mut x32, x23, 0xfffffffffffffffe); let mut x33: u64 = 0; let mut x34: u64 = 0; fiat_p384_mulx_u64(&mut x33, &mut x34, x23, 0xffffffff00000000); let mut x35: u64 = 0; let mut x36: u64 = 0; fiat_p384_mulx_u64(&mut x35, &mut x36, x23, 0xffffffff); let mut x37: u64 = 0; let mut x38: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u64 = 0; let mut x40: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x39, &mut x40, x38, x34, x31); let mut x41: u64 = 0; let mut x42: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x41, &mut x42, x40, x32, x29); let mut x43: u64 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x43, &mut x44, x42, x30, x27); let mut x45: u64 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x45, &mut x46, x44, x28, x25); let mut x47: u64 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x47, &mut x48, 0x0, x13, x35); let mut x49: u64 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x49, &mut x50, x48, x15, x37); let mut x51: u64 = 0; let mut x52: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x51, &mut x52, x50, x17, x39); let mut x53: u64 = 0; let mut x54: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x53, &mut x54, x52, x19, x41); let mut x55: u64 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x55, &mut x56, x54, x21, x43); let mut x57: u64 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x57, &mut x58, x56, (x22 as u64), x45); let mut x59: u64 = 0; let mut x60: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x59, &mut x60, x58, (0x0 as u64), ((x46 as u64) + x26)); let mut x61: u64 = 0; let mut x62: u64 = 0; fiat_p384_mulx_u64(&mut x61, &mut x62, x1, 0x200000000); let mut x63: u64 = 0; let mut x64: u64 = 0; fiat_p384_mulx_u64(&mut x63, &mut x64, x1, 0xfffffffe00000000); let mut x65: u64 = 0; let mut x66: u64 = 0; fiat_p384_mulx_u64(&mut x65, &mut x66, x1, 0x200000000); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_p384_mulx_u64(&mut x67, &mut x68, x1, 0xfffffffe00000001); let mut x69: u64 = 0; let mut x70: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x69, &mut x70, 0x0, x68, x65); let mut x71: u64 = 0; let mut x72: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x71, &mut x72, x70, x66, x63); let mut x73: u64 = 0; let mut x74: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x73, &mut x74, x72, x64, x61); let mut x75: u64 = 0; let mut x76: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x75, &mut x76, x74, x62, x1); let mut x77: u64 = 0; let mut x78: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x77, &mut x78, 0x0, x49, x67); let mut x79: u64 = 0; let mut x80: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x79, &mut x80, x78, x51, x69); let mut x81: u64 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x81, &mut x82, x80, x53, x71); let mut x83: u64 = 0; let mut x84: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x83, &mut x84, x82, x55, x73); let mut x85: u64 = 0; let mut x86: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x85, &mut x86, x84, x57, x75); let mut x87: u64 = 0; let mut x88: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x87, &mut x88, x86, x59, (x76 as u64)); let mut x89: u64 = 0; let mut x90: u64 = 0; fiat_p384_mulx_u64(&mut x89, &mut x90, x77, 0x100000001); let mut x91: u64 = 0; let mut x92: u64 = 0; fiat_p384_mulx_u64(&mut x91, &mut x92, x89, 0xffffffffffffffff); let mut x93: u64 = 0; let mut x94: u64 = 0; fiat_p384_mulx_u64(&mut x93, &mut x94, x89, 0xffffffffffffffff); let mut x95: u64 = 0; let mut x96: u64 = 0; fiat_p384_mulx_u64(&mut x95, &mut x96, x89, 0xffffffffffffffff); let mut x97: u64 = 0; let mut x98: u64 = 0; fiat_p384_mulx_u64(&mut x97, &mut x98, x89, 0xfffffffffffffffe); let mut x99: u64 = 0; let mut x100: u64 = 0; fiat_p384_mulx_u64(&mut x99, &mut x100, x89, 0xffffffff00000000); let mut x101: u64 = 0; let mut x102: u64 = 0; fiat_p384_mulx_u64(&mut x101, &mut x102, x89, 0xffffffff); let mut x103: u64 = 0; let mut x104: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x103, &mut x104, 0x0, x102, x99); let mut x105: u64 = 0; let mut x106: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x105, &mut x106, x104, x100, x97); let mut x107: u64 = 0; let mut x108: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x107, &mut x108, x106, x98, x95); let mut x109: u64 = 0; let mut x110: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x109, &mut x110, x108, x96, x93); let mut x111: u64 = 0; let mut x112: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x111, &mut x112, x110, x94, x91); let mut x113: u64 = 0; let mut x114: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x113, &mut x114, 0x0, x77, x101); let mut x115: u64 = 0; let mut x116: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x115, &mut x116, x114, x79, x103); let mut x117: u64 = 0; let mut x118: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x117, &mut x118, x116, x81, x105); let mut x119: u64 = 0; let mut x120: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x119, &mut x120, x118, x83, x107); let mut x121: u64 = 0; let mut x122: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x121, &mut x122, x120, x85, x109); let mut x123: u64 = 0; let mut x124: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x123, &mut x124, x122, x87, x111); let mut x125: u64 = 0; let mut x126: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x125, &mut x126, x124, ((x88 as u64) + (x60 as u64)), ((x112 as u64) + x92)); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p384_mulx_u64(&mut x127, &mut x128, x2, 0x200000000); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p384_mulx_u64(&mut x129, &mut x130, x2, 0xfffffffe00000000); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p384_mulx_u64(&mut x131, &mut x132, x2, 0x200000000); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p384_mulx_u64(&mut x133, &mut x134, x2, 0xfffffffe00000001); let mut x135: u64 = 0; let mut x136: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let mut x141: u64 = 0; let mut x142: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x141, &mut x142, x140, x128, x2); let mut x143: u64 = 0; let mut x144: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x143, &mut x144, 0x0, x115, x133); let mut x145: u64 = 0; let mut x146: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x145, &mut x146, x144, x117, x135); let mut x147: u64 = 0; let mut x148: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x147, &mut x148, x146, x119, x137); let mut x149: u64 = 0; let mut x150: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x149, &mut x150, x148, x121, x139); let mut x151: u64 = 0; let mut x152: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x151, &mut x152, x150, x123, x141); let mut x153: u64 = 0; let mut x154: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x153, &mut x154, x152, x125, (x142 as u64)); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_p384_mulx_u64(&mut x155, &mut x156, x143, 0x100000001); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_p384_mulx_u64(&mut x157, &mut x158, x155, 0xffffffffffffffff); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_p384_mulx_u64(&mut x159, &mut x160, x155, 0xffffffffffffffff); let mut x161: u64 = 0; let mut x162: u64 = 0; fiat_p384_mulx_u64(&mut x161, &mut x162, x155, 0xffffffffffffffff); let mut x163: u64 = 0; let mut x164: u64 = 0; fiat_p384_mulx_u64(&mut x163, &mut x164, x155, 0xfffffffffffffffe); let mut x165: u64 = 0; let mut x166: u64 = 0; fiat_p384_mulx_u64(&mut x165, &mut x166, x155, 0xffffffff00000000); let mut x167: u64 = 0; let mut x168: u64 = 0; fiat_p384_mulx_u64(&mut x167, &mut x168, x155, 0xffffffff); let mut x169: u64 = 0; let mut x170: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x169, &mut x170, 0x0, x168, x165); let mut x171: u64 = 0; let mut x172: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x171, &mut x172, x170, x166, x163); let mut x173: u64 = 0; let mut x174: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x173, &mut x174, x172, x164, x161); let mut x175: u64 = 0; let mut x176: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x175, &mut x176, x174, x162, x159); let mut x177: u64 = 0; let mut x178: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x177, &mut x178, x176, x160, x157); let mut x179: u64 = 0; let mut x180: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x179, &mut x180, 0x0, x143, x167); let mut x181: u64 = 0; let mut x182: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x181, &mut x182, x180, x145, x169); let mut x183: u64 = 0; let mut x184: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x183, &mut x184, x182, x147, x171); let mut x185: u64 = 0; let mut x186: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x185, &mut x186, x184, x149, x173); let mut x187: u64 = 0; let mut x188: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x187, &mut x188, x186, x151, x175); let mut x189: u64 = 0; let mut x190: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x189, &mut x190, x188, x153, x177); let mut x191: u64 = 0; let mut x192: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x191, &mut x192, x190, ((x154 as u64) + (x126 as u64)), ((x178 as u64) + x158)); let mut x193: u64 = 0; let mut x194: u64 = 0; fiat_p384_mulx_u64(&mut x193, &mut x194, x3, 0x200000000); let mut x195: u64 = 0; let mut x196: u64 = 0; fiat_p384_mulx_u64(&mut x195, &mut x196, x3, 0xfffffffe00000000); let mut x197: u64 = 0; let mut x198: u64 = 0; fiat_p384_mulx_u64(&mut x197, &mut x198, x3, 0x200000000); let mut x199: u64 = 0; let mut x200: u64 = 0; fiat_p384_mulx_u64(&mut x199, &mut x200, x3, 0xfffffffe00000001); let mut x201: u64 = 0; let mut x202: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x201, &mut x202, 0x0, x200, x197); let mut x203: u64 = 0; let mut x204: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x203, &mut x204, x202, x198, x195); let mut x205: u64 = 0; let mut x206: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x205, &mut x206, x204, x196, x193); let mut x207: u64 = 0; let mut x208: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x207, &mut x208, x206, x194, x3); let mut x209: u64 = 0; let mut x210: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x209, &mut x210, 0x0, x181, x199); let mut x211: u64 = 0; let mut x212: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x211, &mut x212, x210, x183, x201); let mut x213: u64 = 0; let mut x214: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x213, &mut x214, x212, x185, x203); let mut x215: u64 = 0; let mut x216: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x215, &mut x216, x214, x187, x205); let mut x217: u64 = 0; let mut x218: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x217, &mut x218, x216, x189, x207); let mut x219: u64 = 0; let mut x220: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x219, &mut x220, x218, x191, (x208 as u64)); let mut x221: u64 = 0; let mut x222: u64 = 0; fiat_p384_mulx_u64(&mut x221, &mut x222, x209, 0x100000001); let mut x223: u64 = 0; let mut x224: u64 = 0; fiat_p384_mulx_u64(&mut x223, &mut x224, x221, 0xffffffffffffffff); let mut x225: u64 = 0; let mut x226: u64 = 0; fiat_p384_mulx_u64(&mut x225, &mut x226, x221, 0xffffffffffffffff); let mut x227: u64 = 0; let mut x228: u64 = 0; fiat_p384_mulx_u64(&mut x227, &mut x228, x221, 0xffffffffffffffff); let mut x229: u64 = 0; let mut x230: u64 = 0; fiat_p384_mulx_u64(&mut x229, &mut x230, x221, 0xfffffffffffffffe); let mut x231: u64 = 0; let mut x232: u64 = 0; fiat_p384_mulx_u64(&mut x231, &mut x232, x221, 0xffffffff00000000); let mut x233: u64 = 0; let mut x234: u64 = 0; fiat_p384_mulx_u64(&mut x233, &mut x234, x221, 0xffffffff); let mut x235: u64 = 0; let mut x236: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u64 = 0; let mut x238: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x237, &mut x238, x236, x232, x229); let mut x239: u64 = 0; let mut x240: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x239, &mut x240, x238, x230, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x241, &mut x242, x240, x228, x225); let mut x243: u64 = 0; let mut x244: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x243, &mut x244, x242, x226, x223); let mut x245: u64 = 0; let mut x246: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x245, &mut x246, 0x0, x209, x233); let mut x247: u64 = 0; let mut x248: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x247, &mut x248, x246, x211, x235); let mut x249: u64 = 0; let mut x250: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x249, &mut x250, x248, x213, x237); let mut x251: u64 = 0; let mut x252: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x251, &mut x252, x250, x215, x239); let mut x253: u64 = 0; let mut x254: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x253, &mut x254, x252, x217, x241); let mut x255: u64 = 0; let mut x256: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x255, &mut x256, x254, x219, x243); let mut x257: u64 = 0; let mut x258: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x257, &mut x258, x256, ((x220 as u64) + (x192 as u64)), ((x244 as u64) + x224)); let mut x259: u64 = 0; let mut x260: u64 = 0; fiat_p384_mulx_u64(&mut x259, &mut x260, x4, 0x200000000); let mut x261: u64 = 0; let mut x262: u64 = 0; fiat_p384_mulx_u64(&mut x261, &mut x262, x4, 0xfffffffe00000000); let mut x263: u64 = 0; let mut x264: u64 = 0; fiat_p384_mulx_u64(&mut x263, &mut x264, x4, 0x200000000); let mut x265: u64 = 0; let mut x266: u64 = 0; fiat_p384_mulx_u64(&mut x265, &mut x266, x4, 0xfffffffe00000001); let mut x267: u64 = 0; let mut x268: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x267, &mut x268, 0x0, x266, x263); let mut x269: u64 = 0; let mut x270: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x269, &mut x270, x268, x264, x261); let mut x271: u64 = 0; let mut x272: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x271, &mut x272, x270, x262, x259); let mut x273: u64 = 0; let mut x274: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x273, &mut x274, x272, x260, x4); let mut x275: u64 = 0; let mut x276: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x275, &mut x276, 0x0, x247, x265); let mut x277: u64 = 0; let mut x278: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x277, &mut x278, x276, x249, x267); let mut x279: u64 = 0; let mut x280: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x279, &mut x280, x278, x251, x269); let mut x281: u64 = 0; let mut x282: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x281, &mut x282, x280, x253, x271); let mut x283: u64 = 0; let mut x284: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x283, &mut x284, x282, x255, x273); let mut x285: u64 = 0; let mut x286: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x285, &mut x286, x284, x257, (x274 as u64)); let mut x287: u64 = 0; let mut x288: u64 = 0; fiat_p384_mulx_u64(&mut x287, &mut x288, x275, 0x100000001); let mut x289: u64 = 0; let mut x290: u64 = 0; fiat_p384_mulx_u64(&mut x289, &mut x290, x287, 0xffffffffffffffff); let mut x291: u64 = 0; let mut x292: u64 = 0; fiat_p384_mulx_u64(&mut x291, &mut x292, x287, 0xffffffffffffffff); let mut x293: u64 = 0; let mut x294: u64 = 0; fiat_p384_mulx_u64(&mut x293, &mut x294, x287, 0xffffffffffffffff); let mut x295: u64 = 0; let mut x296: u64 = 0; fiat_p384_mulx_u64(&mut x295, &mut x296, x287, 0xfffffffffffffffe); let mut x297: u64 = 0; let mut x298: u64 = 0; fiat_p384_mulx_u64(&mut x297, &mut x298, x287, 0xffffffff00000000); let mut x299: u64 = 0; let mut x300: u64 = 0; fiat_p384_mulx_u64(&mut x299, &mut x300, x287, 0xffffffff); let mut x301: u64 = 0; let mut x302: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x301, &mut x302, 0x0, x300, x297); let mut x303: u64 = 0; let mut x304: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x303, &mut x304, x302, x298, x295); let mut x305: u64 = 0; let mut x306: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x305, &mut x306, x304, x296, x293); let mut x307: u64 = 0; let mut x308: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x307, &mut x308, x306, x294, x291); let mut x309: u64 = 0; let mut x310: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x309, &mut x310, x308, x292, x289); let mut x311: u64 = 0; let mut x312: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x311, &mut x312, 0x0, x275, x299); let mut x313: u64 = 0; let mut x314: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x313, &mut x314, x312, x277, x301); let mut x315: u64 = 0; let mut x316: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x315, &mut x316, x314, x279, x303); let mut x317: u64 = 0; let mut x318: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x317, &mut x318, x316, x281, x305); let mut x319: u64 = 0; let mut x320: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x319, &mut x320, x318, x283, x307); let mut x321: u64 = 0; let mut x322: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x321, &mut x322, x320, x285, x309); let mut x323: u64 = 0; let mut x324: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x323, &mut x324, x322, ((x286 as u64) + (x258 as u64)), ((x310 as u64) + x290)); let mut x325: u64 = 0; let mut x326: u64 = 0; fiat_p384_mulx_u64(&mut x325, &mut x326, x5, 0x200000000); let mut x327: u64 = 0; let mut x328: u64 = 0; fiat_p384_mulx_u64(&mut x327, &mut x328, x5, 0xfffffffe00000000); let mut x329: u64 = 0; let mut x330: u64 = 0; fiat_p384_mulx_u64(&mut x329, &mut x330, x5, 0x200000000); let mut x331: u64 = 0; let mut x332: u64 = 0; fiat_p384_mulx_u64(&mut x331, &mut x332, x5, 0xfffffffe00000001); let mut x333: u64 = 0; let mut x334: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x333, &mut x334, 0x0, x332, x329); let mut x335: u64 = 0; let mut x336: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x335, &mut x336, x334, x330, x327); let mut x337: u64 = 0; let mut x338: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x337, &mut x338, x336, x328, x325); let mut x339: u64 = 0; let mut x340: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x339, &mut x340, x338, x326, x5); let mut x341: u64 = 0; let mut x342: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x341, &mut x342, 0x0, x313, x331); let mut x343: u64 = 0; let mut x344: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x343, &mut x344, x342, x315, x333); let mut x345: u64 = 0; let mut x346: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x345, &mut x346, x344, x317, x335); let mut x347: u64 = 0; let mut x348: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x347, &mut x348, x346, x319, x337); let mut x349: u64 = 0; let mut x350: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x349, &mut x350, x348, x321, x339); let mut x351: u64 = 0; let mut x352: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x351, &mut x352, x350, x323, (x340 as u64)); let mut x353: u64 = 0; let mut x354: u64 = 0; fiat_p384_mulx_u64(&mut x353, &mut x354, x341, 0x100000001); let mut x355: u64 = 0; let mut x356: u64 = 0; fiat_p384_mulx_u64(&mut x355, &mut x356, x353, 0xffffffffffffffff); let mut x357: u64 = 0; let mut x358: u64 = 0; fiat_p384_mulx_u64(&mut x357, &mut x358, x353, 0xffffffffffffffff); let mut x359: u64 = 0; let mut x360: u64 = 0; fiat_p384_mulx_u64(&mut x359, &mut x360, x353, 0xffffffffffffffff); let mut x361: u64 = 0; let mut x362: u64 = 0; fiat_p384_mulx_u64(&mut x361, &mut x362, x353, 0xfffffffffffffffe); let mut x363: u64 = 0; let mut x364: u64 = 0; fiat_p384_mulx_u64(&mut x363, &mut x364, x353, 0xffffffff00000000); let mut x365: u64 = 0; let mut x366: u64 = 0; fiat_p384_mulx_u64(&mut x365, &mut x366, x353, 0xffffffff); let mut x367: u64 = 0; let mut x368: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x367, &mut x368, 0x0, x366, x363); let mut x369: u64 = 0; let mut x370: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x369, &mut x370, x368, x364, x361); let mut x371: u64 = 0; let mut x372: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x371, &mut x372, x370, x362, x359); let mut x373: u64 = 0; let mut x374: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x373, &mut x374, x372, x360, x357); let mut x375: u64 = 0; let mut x376: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x375, &mut x376, x374, x358, x355); let mut x377: u64 = 0; let mut x378: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x377, &mut x378, 0x0, x341, x365); let mut x379: u64 = 0; let mut x380: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x379, &mut x380, x378, x343, x367); let mut x381: u64 = 0; let mut x382: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x381, &mut x382, x380, x345, x369); let mut x383: u64 = 0; let mut x384: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x383, &mut x384, x382, x347, x371); let mut x385: u64 = 0; let mut x386: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x385, &mut x386, x384, x349, x373); let mut x387: u64 = 0; let mut x388: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x387, &mut x388, x386, x351, x375); let mut x389: u64 = 0; let mut x390: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x389, &mut x390, x388, ((x352 as u64) + (x324 as u64)), ((x376 as u64) + x356)); let mut x391: u64 = 0; let mut x392: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x391, &mut x392, 0x0, x379, 0xffffffff); let mut x393: u64 = 0; let mut x394: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x393, &mut x394, x392, x381, 0xffffffff00000000); let mut x395: u64 = 0; let mut x396: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x395, &mut x396, x394, x383, 0xfffffffffffffffe); let mut x397: u64 = 0; let mut x398: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x397, &mut x398, x396, x385, 0xffffffffffffffff); let mut x399: u64 = 0; let mut x400: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x399, &mut x400, x398, x387, 0xffffffffffffffff); let mut x401: u64 = 0; let mut x402: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x401, &mut x402, x400, x389, 0xffffffffffffffff); let mut x403: u64 = 0; let mut x404: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x403, &mut x404, x402, (x390 as u64), (0x0 as u64)); let mut x405: u64 = 0; fiat_p384_cmovznz_u64(&mut x405, x404, x391, x379); let mut x406: u64 = 0; fiat_p384_cmovznz_u64(&mut x406, x404, x393, x381); let mut x407: u64 = 0; fiat_p384_cmovznz_u64(&mut x407, x404, x395, x383); let mut x408: u64 = 0; fiat_p384_cmovznz_u64(&mut x408, x404, x397, x385); let mut x409: u64 = 0; fiat_p384_cmovznz_u64(&mut x409, x404, x399, x387); let mut x410: u64 = 0; fiat_p384_cmovznz_u64(&mut x410, x404, x401, x389); out1[0] = x405; out1[1] = x406; out1[2] = x407; out1[3] = x408; out1[4] = x409; out1[5] = x410; } /// The function fiat_p384_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_nonzero(out1: &mut u64, arg1: &[u64; 6]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5])))))); *out1 = x1; } /// The function fiat_p384_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_selectznz(out1: &mut [u64; 6], arg1: fiat_p384_u1, arg2: &[u64; 6], arg3: &[u64; 6]) { let mut x1: u64 = 0; fiat_p384_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p384_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p384_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p384_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_p384_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u64 = 0; fiat_p384_cmovznz_u64(&mut x6, arg1, (arg2[5]), (arg3[5])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; } /// The function fiat_p384_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p384_to_bytes(out1: &mut [u8; 48], arg1: &[u64; 6]) { let x1: u64 = (arg1[5]); let x2: u64 = (arg1[4]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[2]); let x5: u64 = (arg1[1]); let x6: u64 = (arg1[0]); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u64 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u64)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x5 & (0xff as u64)) as u8); let x22: u64 = (x5 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u64 = (x30 >> 8); let x33: u8 = ((x32 & (0xff as u64)) as u8); let x34: u8 = ((x32 >> 8) as u8); let x35: u8 = ((x4 & (0xff as u64)) as u8); let x36: u64 = (x4 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u64 = (x44 >> 8); let x47: u8 = ((x46 & (0xff as u64)) as u8); let x48: u8 = ((x46 >> 8) as u8); let x49: u8 = ((x3 & (0xff as u64)) as u8); let x50: u64 = (x3 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u64 = (x58 >> 8); let x61: u8 = ((x60 & (0xff as u64)) as u8); let x62: u8 = ((x60 >> 8) as u8); let x63: u8 = ((x2 & (0xff as u64)) as u8); let x64: u64 = (x2 >> 8); let x65: u8 = ((x64 & (0xff as u64)) as u8); let x66: u64 = (x64 >> 8); let x67: u8 = ((x66 & (0xff as u64)) as u8); let x68: u64 = (x66 >> 8); let x69: u8 = ((x68 & (0xff as u64)) as u8); let x70: u64 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u64)) as u8); let x72: u64 = (x70 >> 8); let x73: u8 = ((x72 & (0xff as u64)) as u8); let x74: u64 = (x72 >> 8); let x75: u8 = ((x74 & (0xff as u64)) as u8); let x76: u8 = ((x74 >> 8) as u8); let x77: u8 = ((x1 & (0xff as u64)) as u8); let x78: u64 = (x1 >> 8); let x79: u8 = ((x78 & (0xff as u64)) as u8); let x80: u64 = (x78 >> 8); let x81: u8 = ((x80 & (0xff as u64)) as u8); let x82: u64 = (x80 >> 8); let x83: u8 = ((x82 & (0xff as u64)) as u8); let x84: u64 = (x82 >> 8); let x85: u8 = ((x84 & (0xff as u64)) as u8); let x86: u64 = (x84 >> 8); let x87: u8 = ((x86 & (0xff as u64)) as u8); let x88: u64 = (x86 >> 8); let x89: u8 = ((x88 & (0xff as u64)) as u8); let x90: u8 = ((x88 >> 8) as u8); out1[0] = x7; out1[1] = x9; out1[2] = x11; out1[3] = x13; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x27; out1[12] = x29; out1[13] = x31; out1[14] = x33; out1[15] = x34; out1[16] = x35; out1[17] = x37; out1[18] = x39; out1[19] = x41; out1[20] = x43; out1[21] = x45; out1[22] = x47; out1[23] = x48; out1[24] = x49; out1[25] = x51; out1[26] = x53; out1[27] = x55; out1[28] = x57; out1[29] = x59; out1[30] = x61; out1[31] = x62; out1[32] = x63; out1[33] = x65; out1[34] = x67; out1[35] = x69; out1[36] = x71; out1[37] = x73; out1[38] = x75; out1[39] = x76; out1[40] = x77; out1[41] = x79; out1[42] = x81; out1[43] = x83; out1[44] = x85; out1[45] = x87; out1[46] = x89; out1[47] = x90; } /// The function fiat_p384_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_from_bytes(out1: &mut [u64; 6], arg1: &[u8; 48]) { let x1: u64 = (((arg1[47]) as u64) << 56); let x2: u64 = (((arg1[46]) as u64) << 48); let x3: u64 = (((arg1[45]) as u64) << 40); let x4: u64 = (((arg1[44]) as u64) << 32); let x5: u64 = (((arg1[43]) as u64) << 24); let x6: u64 = (((arg1[42]) as u64) << 16); let x7: u64 = (((arg1[41]) as u64) << 8); let x8: u8 = (arg1[40]); let x9: u64 = (((arg1[39]) as u64) << 56); let x10: u64 = (((arg1[38]) as u64) << 48); let x11: u64 = (((arg1[37]) as u64) << 40); let x12: u64 = (((arg1[36]) as u64) << 32); let x13: u64 = (((arg1[35]) as u64) << 24); let x14: u64 = (((arg1[34]) as u64) << 16); let x15: u64 = (((arg1[33]) as u64) << 8); let x16: u8 = (arg1[32]); let x17: u64 = (((arg1[31]) as u64) << 56); let x18: u64 = (((arg1[30]) as u64) << 48); let x19: u64 = (((arg1[29]) as u64) << 40); let x20: u64 = (((arg1[28]) as u64) << 32); let x21: u64 = (((arg1[27]) as u64) << 24); let x22: u64 = (((arg1[26]) as u64) << 16); let x23: u64 = (((arg1[25]) as u64) << 8); let x24: u8 = (arg1[24]); let x25: u64 = (((arg1[23]) as u64) << 56); let x26: u64 = (((arg1[22]) as u64) << 48); let x27: u64 = (((arg1[21]) as u64) << 40); let x28: u64 = (((arg1[20]) as u64) << 32); let x29: u64 = (((arg1[19]) as u64) << 24); let x30: u64 = (((arg1[18]) as u64) << 16); let x31: u64 = (((arg1[17]) as u64) << 8); let x32: u8 = (arg1[16]); let x33: u64 = (((arg1[15]) as u64) << 56); let x34: u64 = (((arg1[14]) as u64) << 48); let x35: u64 = (((arg1[13]) as u64) << 40); let x36: u64 = (((arg1[12]) as u64) << 32); let x37: u64 = (((arg1[11]) as u64) << 24); let x38: u64 = (((arg1[10]) as u64) << 16); let x39: u64 = (((arg1[9]) as u64) << 8); let x40: u8 = (arg1[8]); let x41: u64 = (((arg1[7]) as u64) << 56); let x42: u64 = (((arg1[6]) as u64) << 48); let x43: u64 = (((arg1[5]) as u64) << 40); let x44: u64 = (((arg1[4]) as u64) << 32); let x45: u64 = (((arg1[3]) as u64) << 24); let x46: u64 = (((arg1[2]) as u64) << 16); let x47: u64 = (((arg1[1]) as u64) << 8); let x48: u8 = (arg1[0]); let x49: u64 = (x47 + (x48 as u64)); let x50: u64 = (x46 + x49); let x51: u64 = (x45 + x50); let x52: u64 = (x44 + x51); let x53: u64 = (x43 + x52); let x54: u64 = (x42 + x53); let x55: u64 = (x41 + x54); let x56: u64 = (x39 + (x40 as u64)); let x57: u64 = (x38 + x56); let x58: u64 = (x37 + x57); let x59: u64 = (x36 + x58); let x60: u64 = (x35 + x59); let x61: u64 = (x34 + x60); let x62: u64 = (x33 + x61); let x63: u64 = (x31 + (x32 as u64)); let x64: u64 = (x30 + x63); let x65: u64 = (x29 + x64); let x66: u64 = (x28 + x65); let x67: u64 = (x27 + x66); let x68: u64 = (x26 + x67); let x69: u64 = (x25 + x68); let x70: u64 = (x23 + (x24 as u64)); let x71: u64 = (x22 + x70); let x72: u64 = (x21 + x71); let x73: u64 = (x20 + x72); let x74: u64 = (x19 + x73); let x75: u64 = (x18 + x74); let x76: u64 = (x17 + x75); let x77: u64 = (x15 + (x16 as u64)); let x78: u64 = (x14 + x77); let x79: u64 = (x13 + x78); let x80: u64 = (x12 + x79); let x81: u64 = (x11 + x80); let x82: u64 = (x10 + x81); let x83: u64 = (x9 + x82); let x84: u64 = (x7 + (x8 as u64)); let x85: u64 = (x6 + x84); let x86: u64 = (x5 + x85); let x87: u64 = (x4 + x86); let x88: u64 = (x3 + x87); let x89: u64 = (x2 + x88); let x90: u64 = (x1 + x89); out1[0] = x55; out1[1] = x62; out1[2] = x69; out1[3] = x76; out1[4] = x83; out1[5] = x90; } /// The function fiat_p384_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_set_one(out1: &mut fiat_p384_montgomery_domain_field_element) { out1[0] = 0xffffffff00000001; out1[1] = 0xffffffff; out1[2] = (0x1 as u64); out1[3] = (0x0 as u64); out1[4] = (0x0 as u64); out1[5] = (0x0 as u64); } /// The function fiat_p384_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_msat(out1: &mut [u64; 7]) { out1[0] = 0xffffffff; out1[1] = 0xffffffff00000000; out1[2] = 0xfffffffffffffffe; out1[3] = 0xffffffffffffffff; out1[4] = 0xffffffffffffffff; out1[5] = 0xffffffffffffffff; out1[6] = (0x0 as u64); } /// The function fiat_p384_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_divstep(out1: &mut u64, out2: &mut [u64; 7], out3: &mut [u64; 7], out4: &mut [u64; 6], out5: &mut [u64; 6], arg1: u64, arg2: &[u64; 7], arg3: &[u64; 7], arg4: &[u64; 6], arg5: &[u64; 6]) { let mut x1: u64 = 0; let mut x2: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p384_u1 = (((x1 >> 63) as fiat_p384_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p384_u1)); let mut x4: u64 = 0; let mut x5: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p384_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p384_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p384_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p384_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p384_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p384_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; fiat_p384_cmovznz_u64(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u64 = 0; fiat_p384_cmovznz_u64(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u64 = 0; let mut x15: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x14, &mut x15, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x16: u64 = 0; let mut x17: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[1]))); let mut x18: u64 = 0; let mut x19: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[2]))); let mut x20: u64 = 0; let mut x21: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[3]))); let mut x22: u64 = 0; let mut x23: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x22, &mut x23, x21, (0x0 as u64), (!(arg2[4]))); let mut x24: u64 = 0; let mut x25: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x24, &mut x25, x23, (0x0 as u64), (!(arg2[5]))); let mut x26: u64 = 0; let mut x27: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x26, &mut x27, x25, (0x0 as u64), (!(arg2[6]))); let mut x28: u64 = 0; fiat_p384_cmovznz_u64(&mut x28, x3, (arg3[0]), x14); let mut x29: u64 = 0; fiat_p384_cmovznz_u64(&mut x29, x3, (arg3[1]), x16); let mut x30: u64 = 0; fiat_p384_cmovznz_u64(&mut x30, x3, (arg3[2]), x18); let mut x31: u64 = 0; fiat_p384_cmovznz_u64(&mut x31, x3, (arg3[3]), x20); let mut x32: u64 = 0; fiat_p384_cmovznz_u64(&mut x32, x3, (arg3[4]), x22); let mut x33: u64 = 0; fiat_p384_cmovznz_u64(&mut x33, x3, (arg3[5]), x24); let mut x34: u64 = 0; fiat_p384_cmovznz_u64(&mut x34, x3, (arg3[6]), x26); let mut x35: u64 = 0; fiat_p384_cmovznz_u64(&mut x35, x3, (arg4[0]), (arg5[0])); let mut x36: u64 = 0; fiat_p384_cmovznz_u64(&mut x36, x3, (arg4[1]), (arg5[1])); let mut x37: u64 = 0; fiat_p384_cmovznz_u64(&mut x37, x3, (arg4[2]), (arg5[2])); let mut x38: u64 = 0; fiat_p384_cmovznz_u64(&mut x38, x3, (arg4[3]), (arg5[3])); let mut x39: u64 = 0; fiat_p384_cmovznz_u64(&mut x39, x3, (arg4[4]), (arg5[4])); let mut x40: u64 = 0; fiat_p384_cmovznz_u64(&mut x40, x3, (arg4[5]), (arg5[5])); let mut x41: u64 = 0; let mut x42: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x41, &mut x42, 0x0, x35, x35); let mut x43: u64 = 0; let mut x44: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x43, &mut x44, x42, x36, x36); let mut x45: u64 = 0; let mut x46: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x45, &mut x46, x44, x37, x37); let mut x47: u64 = 0; let mut x48: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x47, &mut x48, x46, x38, x38); let mut x49: u64 = 0; let mut x50: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x49, &mut x50, x48, x39, x39); let mut x51: u64 = 0; let mut x52: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x51, &mut x52, x50, x40, x40); let mut x53: u64 = 0; let mut x54: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x53, &mut x54, 0x0, x41, 0xffffffff); let mut x55: u64 = 0; let mut x56: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x55, &mut x56, x54, x43, 0xffffffff00000000); let mut x57: u64 = 0; let mut x58: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x57, &mut x58, x56, x45, 0xfffffffffffffffe); let mut x59: u64 = 0; let mut x60: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x59, &mut x60, x58, x47, 0xffffffffffffffff); let mut x61: u64 = 0; let mut x62: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x61, &mut x62, x60, x49, 0xffffffffffffffff); let mut x63: u64 = 0; let mut x64: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x63, &mut x64, x62, x51, 0xffffffffffffffff); let mut x65: u64 = 0; let mut x66: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x65, &mut x66, x64, (x52 as u64), (0x0 as u64)); let x67: u64 = (arg4[5]); let x68: u64 = (arg4[4]); let x69: u64 = (arg4[3]); let x70: u64 = (arg4[2]); let x71: u64 = (arg4[1]); let x72: u64 = (arg4[0]); let mut x73: u64 = 0; let mut x74: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x73, &mut x74, 0x0, (0x0 as u64), x72); let mut x75: u64 = 0; let mut x76: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x75, &mut x76, x74, (0x0 as u64), x71); let mut x77: u64 = 0; let mut x78: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x77, &mut x78, x76, (0x0 as u64), x70); let mut x79: u64 = 0; let mut x80: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x79, &mut x80, x78, (0x0 as u64), x69); let mut x81: u64 = 0; let mut x82: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x81, &mut x82, x80, (0x0 as u64), x68); let mut x83: u64 = 0; let mut x84: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x83, &mut x84, x82, (0x0 as u64), x67); let mut x85: u64 = 0; fiat_p384_cmovznz_u64(&mut x85, x84, (0x0 as u64), 0xffffffffffffffff); let mut x86: u64 = 0; let mut x87: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x86, &mut x87, 0x0, x73, (x85 & 0xffffffff)); let mut x88: u64 = 0; let mut x89: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x88, &mut x89, x87, x75, (x85 & 0xffffffff00000000)); let mut x90: u64 = 0; let mut x91: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x90, &mut x91, x89, x77, (x85 & 0xfffffffffffffffe)); let mut x92: u64 = 0; let mut x93: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x92, &mut x93, x91, x79, x85); let mut x94: u64 = 0; let mut x95: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x94, &mut x95, x93, x81, x85); let mut x96: u64 = 0; let mut x97: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x96, &mut x97, x95, x83, x85); let mut x98: u64 = 0; fiat_p384_cmovznz_u64(&mut x98, x3, (arg5[0]), x86); let mut x99: u64 = 0; fiat_p384_cmovznz_u64(&mut x99, x3, (arg5[1]), x88); let mut x100: u64 = 0; fiat_p384_cmovznz_u64(&mut x100, x3, (arg5[2]), x90); let mut x101: u64 = 0; fiat_p384_cmovznz_u64(&mut x101, x3, (arg5[3]), x92); let mut x102: u64 = 0; fiat_p384_cmovznz_u64(&mut x102, x3, (arg5[4]), x94); let mut x103: u64 = 0; fiat_p384_cmovznz_u64(&mut x103, x3, (arg5[5]), x96); let x104: fiat_p384_u1 = ((x28 & (0x1 as u64)) as fiat_p384_u1); let mut x105: u64 = 0; fiat_p384_cmovznz_u64(&mut x105, x104, (0x0 as u64), x7); let mut x106: u64 = 0; fiat_p384_cmovznz_u64(&mut x106, x104, (0x0 as u64), x8); let mut x107: u64 = 0; fiat_p384_cmovznz_u64(&mut x107, x104, (0x0 as u64), x9); let mut x108: u64 = 0; fiat_p384_cmovznz_u64(&mut x108, x104, (0x0 as u64), x10); let mut x109: u64 = 0; fiat_p384_cmovznz_u64(&mut x109, x104, (0x0 as u64), x11); let mut x110: u64 = 0; fiat_p384_cmovznz_u64(&mut x110, x104, (0x0 as u64), x12); let mut x111: u64 = 0; fiat_p384_cmovznz_u64(&mut x111, x104, (0x0 as u64), x13); let mut x112: u64 = 0; let mut x113: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x112, &mut x113, 0x0, x28, x105); let mut x114: u64 = 0; let mut x115: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x114, &mut x115, x113, x29, x106); let mut x116: u64 = 0; let mut x117: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x116, &mut x117, x115, x30, x107); let mut x118: u64 = 0; let mut x119: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x118, &mut x119, x117, x31, x108); let mut x120: u64 = 0; let mut x121: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x120, &mut x121, x119, x32, x109); let mut x122: u64 = 0; let mut x123: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x122, &mut x123, x121, x33, x110); let mut x124: u64 = 0; let mut x125: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x124, &mut x125, x123, x34, x111); let mut x126: u64 = 0; fiat_p384_cmovznz_u64(&mut x126, x104, (0x0 as u64), x35); let mut x127: u64 = 0; fiat_p384_cmovznz_u64(&mut x127, x104, (0x0 as u64), x36); let mut x128: u64 = 0; fiat_p384_cmovznz_u64(&mut x128, x104, (0x0 as u64), x37); let mut x129: u64 = 0; fiat_p384_cmovznz_u64(&mut x129, x104, (0x0 as u64), x38); let mut x130: u64 = 0; fiat_p384_cmovznz_u64(&mut x130, x104, (0x0 as u64), x39); let mut x131: u64 = 0; fiat_p384_cmovznz_u64(&mut x131, x104, (0x0 as u64), x40); let mut x132: u64 = 0; let mut x133: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x132, &mut x133, 0x0, x98, x126); let mut x134: u64 = 0; let mut x135: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x134, &mut x135, x133, x99, x127); let mut x136: u64 = 0; let mut x137: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x136, &mut x137, x135, x100, x128); let mut x138: u64 = 0; let mut x139: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x138, &mut x139, x137, x101, x129); let mut x140: u64 = 0; let mut x141: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x140, &mut x141, x139, x102, x130); let mut x142: u64 = 0; let mut x143: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x142, &mut x143, x141, x103, x131); let mut x144: u64 = 0; let mut x145: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x144, &mut x145, 0x0, x132, 0xffffffff); let mut x146: u64 = 0; let mut x147: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x146, &mut x147, x145, x134, 0xffffffff00000000); let mut x148: u64 = 0; let mut x149: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x148, &mut x149, x147, x136, 0xfffffffffffffffe); let mut x150: u64 = 0; let mut x151: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x150, &mut x151, x149, x138, 0xffffffffffffffff); let mut x152: u64 = 0; let mut x153: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x152, &mut x153, x151, x140, 0xffffffffffffffff); let mut x154: u64 = 0; let mut x155: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x154, &mut x155, x153, x142, 0xffffffffffffffff); let mut x156: u64 = 0; let mut x157: fiat_p384_u1 = 0; fiat_p384_subborrowx_u64(&mut x156, &mut x157, x155, (x143 as u64), (0x0 as u64)); let mut x158: u64 = 0; let mut x159: fiat_p384_u1 = 0; fiat_p384_addcarryx_u64(&mut x158, &mut x159, 0x0, x6, (0x1 as u64)); let x160: u64 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff)); let x161: u64 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff)); let x162: u64 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff)); let x163: u64 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff)); let x164: u64 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff)); let x165: u64 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff)); let x166: u64 = ((x124 & 0x8000000000000000) | (x124 >> 1)); let mut x167: u64 = 0; fiat_p384_cmovznz_u64(&mut x167, x66, x53, x41); let mut x168: u64 = 0; fiat_p384_cmovznz_u64(&mut x168, x66, x55, x43); let mut x169: u64 = 0; fiat_p384_cmovznz_u64(&mut x169, x66, x57, x45); let mut x170: u64 = 0; fiat_p384_cmovznz_u64(&mut x170, x66, x59, x47); let mut x171: u64 = 0; fiat_p384_cmovznz_u64(&mut x171, x66, x61, x49); let mut x172: u64 = 0; fiat_p384_cmovznz_u64(&mut x172, x66, x63, x51); let mut x173: u64 = 0; fiat_p384_cmovznz_u64(&mut x173, x157, x144, x132); let mut x174: u64 = 0; fiat_p384_cmovznz_u64(&mut x174, x157, x146, x134); let mut x175: u64 = 0; fiat_p384_cmovznz_u64(&mut x175, x157, x148, x136); let mut x176: u64 = 0; fiat_p384_cmovznz_u64(&mut x176, x157, x150, x138); let mut x177: u64 = 0; fiat_p384_cmovznz_u64(&mut x177, x157, x152, x140); let mut x178: u64 = 0; fiat_p384_cmovznz_u64(&mut x178, x157, x154, x142); *out1 = x158; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out3[0] = x160; out3[1] = x161; out3[2] = x162; out3[3] = x163; out3[4] = x164; out3[5] = x165; out3[6] = x166; out4[0] = x167; out4[1] = x168; out4[2] = x169; out4[3] = x170; out4[4] = x171; out4[5] = x172; out5[0] = x173; out5[1] = x174; out5[2] = x175; out5[3] = x176; out5[4] = x177; out5[5] = x178; } /// The function fiat_p384_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_divstep_precomp(out1: &mut [u64; 6]) { out1[0] = 0xfff69400fff18fff; out1[1] = 0x2b7feffffd3ff; out1[2] = 0xfffedbfffffe97ff; out1[3] = 0x2840000002fff; out1[4] = 0x6040000050400; out1[5] = 0xfffc480000038000; } fiat-crypto-0.2.2/src/p384_scalar_32.rs000064400000000000000000017522151046102023000155670ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p384_scalar 32 '2^384 - 1388124618062372383947042015309946732620727252194336364173' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p384_scalar //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 (from "2^384 - 1388124618062372383947042015309946732620727252194336364173") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) in //! if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p384_scalar_u1 = u8; pub type fiat_p384_scalar_i1 = i8; pub type fiat_p384_scalar_u2 = u8; pub type fiat_p384_scalar_i2 = i8; /** The type fiat_p384_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_scalar_montgomery_domain_field_element(pub [u32; 12]); impl core::ops::Index for fiat_p384_scalar_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p384_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_scalar_non_montgomery_domain_field_element(pub [u32; 12]); impl core::ops::Index for fiat_p384_scalar_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p384_scalar_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_scalar_addcarryx_u32(out1: &mut u32, out2: &mut fiat_p384_scalar_u1, arg1: fiat_p384_scalar_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_p384_scalar_u1 = ((x1 >> 32) as fiat_p384_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p384_scalar_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_scalar_subborrowx_u32(out1: &mut u32, out2: &mut fiat_p384_scalar_u1, arg1: fiat_p384_scalar_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_p384_scalar_i1 = ((x1 >> 32) as fiat_p384_scalar_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p384_scalar_i2) - (x2 as fiat_p384_scalar_i2)) as fiat_p384_scalar_u1); } /// The function fiat_p384_scalar_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_scalar_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_p384_scalar_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_scalar_cmovznz_u32(out1: &mut u32, arg1: fiat_p384_scalar_u1, arg2: u32, arg3: u32) { let x1: fiat_p384_scalar_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p384_scalar_i2) - (x1 as fiat_p384_scalar_i2)) as fiat_p384_scalar_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p384_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_mul(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x13, &mut x14, x12, (arg2[11])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x15, &mut x16, x12, (arg2[10])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x17, &mut x18, x12, (arg2[9])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x19, &mut x20, x12, (arg2[8])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x21, &mut x22, x12, (arg2[7])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x23, &mut x24, x12, (arg2[6])); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x25, &mut x26, x12, (arg2[5])); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x27, &mut x28, x12, (arg2[4])); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x29, &mut x30, x12, (arg2[3])); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x31, &mut x32, x12, (arg2[2])); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x33, &mut x34, x12, (arg2[1])); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x35, &mut x36, x12, (arg2[0])); let mut x37: u32 = 0; let mut x38: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u32 = 0; let mut x40: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x39, &mut x40, x38, x34, x31); let mut x41: u32 = 0; let mut x42: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x41, &mut x42, x40, x32, x29); let mut x43: u32 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x43, &mut x44, x42, x30, x27); let mut x45: u32 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x45, &mut x46, x44, x28, x25); let mut x47: u32 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x47, &mut x48, x46, x26, x23); let mut x49: u32 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x49, &mut x50, x48, x24, x21); let mut x51: u32 = 0; let mut x52: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x51, &mut x52, x50, x22, x19); let mut x53: u32 = 0; let mut x54: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x20, x17); let mut x55: u32 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x18, x15); let mut x57: u32 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x16, x13); let x59: u32 = ((x58 as u32) + x14); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x60, &mut x61, x35, 0xe88fdc45); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x62, &mut x63, x60, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x64, &mut x65, x60, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x66, &mut x67, x60, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x68, &mut x69, x60, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x70, &mut x71, x60, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x72, &mut x73, x60, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x74, &mut x75, x60, 0xc7634d81); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x76, &mut x77, x60, 0xf4372ddf); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x78, &mut x79, x60, 0x581a0db2); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x80, &mut x81, x60, 0x48b0a77a); let mut x82: u32 = 0; let mut x83: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x82, &mut x83, x60, 0xecec196a); let mut x84: u32 = 0; let mut x85: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x84, &mut x85, x60, 0xccc52973); let mut x86: u32 = 0; let mut x87: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x86, &mut x87, 0x0, x85, x82); let mut x88: u32 = 0; let mut x89: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x83, x80); let mut x90: u32 = 0; let mut x91: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x81, x78); let mut x92: u32 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x92, &mut x93, x91, x79, x76); let mut x94: u32 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x94, &mut x95, x93, x77, x74); let mut x96: u32 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x96, &mut x97, x95, x75, x72); let mut x98: u32 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x73, x70); let mut x100: u32 = 0; let mut x101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x100, &mut x101, x99, x71, x68); let mut x102: u32 = 0; let mut x103: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x102, &mut x103, x101, x69, x66); let mut x104: u32 = 0; let mut x105: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x104, &mut x105, x103, x67, x64); let mut x106: u32 = 0; let mut x107: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x106, &mut x107, x105, x65, x62); let x108: u32 = ((x107 as u32) + x63); let mut x109: u32 = 0; let mut x110: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x109, &mut x110, 0x0, x35, x84); let mut x111: u32 = 0; let mut x112: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x37, x86); let mut x113: u32 = 0; let mut x114: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x39, x88); let mut x115: u32 = 0; let mut x116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x41, x90); let mut x117: u32 = 0; let mut x118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x43, x92); let mut x119: u32 = 0; let mut x120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x45, x94); let mut x121: u32 = 0; let mut x122: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x121, &mut x122, x120, x47, x96); let mut x123: u32 = 0; let mut x124: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x123, &mut x124, x122, x49, x98); let mut x125: u32 = 0; let mut x126: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x125, &mut x126, x124, x51, x100); let mut x127: u32 = 0; let mut x128: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x127, &mut x128, x126, x53, x102); let mut x129: u32 = 0; let mut x130: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x129, &mut x130, x128, x55, x104); let mut x131: u32 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x131, &mut x132, x130, x57, x106); let mut x133: u32 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x133, &mut x134, x132, x59, x108); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x135, &mut x136, x1, (arg2[11])); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x137, &mut x138, x1, (arg2[10])); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x139, &mut x140, x1, (arg2[9])); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x141, &mut x142, x1, (arg2[8])); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x143, &mut x144, x1, (arg2[7])); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x145, &mut x146, x1, (arg2[6])); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x147, &mut x148, x1, (arg2[5])); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x149, &mut x150, x1, (arg2[4])); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x151, &mut x152, x1, (arg2[3])); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x153, &mut x154, x1, (arg2[2])); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x155, &mut x156, x1, (arg2[1])); let mut x157: u32 = 0; let mut x158: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x157, &mut x158, x1, (arg2[0])); let mut x159: u32 = 0; let mut x160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x159, &mut x160, 0x0, x158, x155); let mut x161: u32 = 0; let mut x162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x156, x153); let mut x163: u32 = 0; let mut x164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x154, x151); let mut x165: u32 = 0; let mut x166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x152, x149); let mut x167: u32 = 0; let mut x168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x150, x147); let mut x169: u32 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x148, x145); let mut x171: u32 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x146, x143); let mut x173: u32 = 0; let mut x174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x144, x141); let mut x175: u32 = 0; let mut x176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x142, x139); let mut x177: u32 = 0; let mut x178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x140, x137); let mut x179: u32 = 0; let mut x180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x138, x135); let x181: u32 = ((x180 as u32) + x136); let mut x182: u32 = 0; let mut x183: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x182, &mut x183, 0x0, x111, x157); let mut x184: u32 = 0; let mut x185: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x113, x159); let mut x186: u32 = 0; let mut x187: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x115, x161); let mut x188: u32 = 0; let mut x189: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x117, x163); let mut x190: u32 = 0; let mut x191: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x119, x165); let mut x192: u32 = 0; let mut x193: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x121, x167); let mut x194: u32 = 0; let mut x195: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x194, &mut x195, x193, x123, x169); let mut x196: u32 = 0; let mut x197: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x196, &mut x197, x195, x125, x171); let mut x198: u32 = 0; let mut x199: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x127, x173); let mut x200: u32 = 0; let mut x201: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x200, &mut x201, x199, x129, x175); let mut x202: u32 = 0; let mut x203: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x202, &mut x203, x201, x131, x177); let mut x204: u32 = 0; let mut x205: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x204, &mut x205, x203, x133, x179); let mut x206: u32 = 0; let mut x207: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x206, &mut x207, x205, (x134 as u32), x181); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x208, &mut x209, x182, 0xe88fdc45); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x210, &mut x211, x208, 0xffffffff); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x212, &mut x213, x208, 0xffffffff); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x214, &mut x215, x208, 0xffffffff); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x216, &mut x217, x208, 0xffffffff); let mut x218: u32 = 0; let mut x219: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x218, &mut x219, x208, 0xffffffff); let mut x220: u32 = 0; let mut x221: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x220, &mut x221, x208, 0xffffffff); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x222, &mut x223, x208, 0xc7634d81); let mut x224: u32 = 0; let mut x225: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x224, &mut x225, x208, 0xf4372ddf); let mut x226: u32 = 0; let mut x227: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x226, &mut x227, x208, 0x581a0db2); let mut x228: u32 = 0; let mut x229: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x228, &mut x229, x208, 0x48b0a77a); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x230, &mut x231, x208, 0xecec196a); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x232, &mut x233, x208, 0xccc52973); let mut x234: u32 = 0; let mut x235: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x234, &mut x235, 0x0, x233, x230); let mut x236: u32 = 0; let mut x237: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x231, x228); let mut x238: u32 = 0; let mut x239: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x229, x226); let mut x240: u32 = 0; let mut x241: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x227, x224); let mut x242: u32 = 0; let mut x243: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x225, x222); let mut x244: u32 = 0; let mut x245: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x223, x220); let mut x246: u32 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x246, &mut x247, x245, x221, x218); let mut x248: u32 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x219, x216); let mut x250: u32 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x250, &mut x251, x249, x217, x214); let mut x252: u32 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x252, &mut x253, x251, x215, x212); let mut x254: u32 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x254, &mut x255, x253, x213, x210); let x256: u32 = ((x255 as u32) + x211); let mut x257: u32 = 0; let mut x258: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x257, &mut x258, 0x0, x182, x232); let mut x259: u32 = 0; let mut x260: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x184, x234); let mut x261: u32 = 0; let mut x262: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x186, x236); let mut x263: u32 = 0; let mut x264: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x263, &mut x264, x262, x188, x238); let mut x265: u32 = 0; let mut x266: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x190, x240); let mut x267: u32 = 0; let mut x268: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x192, x242); let mut x269: u32 = 0; let mut x270: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x194, x244); let mut x271: u32 = 0; let mut x272: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x196, x246); let mut x273: u32 = 0; let mut x274: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x198, x248); let mut x275: u32 = 0; let mut x276: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x200, x250); let mut x277: u32 = 0; let mut x278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x277, &mut x278, x276, x202, x252); let mut x279: u32 = 0; let mut x280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x279, &mut x280, x278, x204, x254); let mut x281: u32 = 0; let mut x282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x281, &mut x282, x280, x206, x256); let x283: u32 = ((x282 as u32) + (x207 as u32)); let mut x284: u32 = 0; let mut x285: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x284, &mut x285, x2, (arg2[11])); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x286, &mut x287, x2, (arg2[10])); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x288, &mut x289, x2, (arg2[9])); let mut x290: u32 = 0; let mut x291: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x290, &mut x291, x2, (arg2[8])); let mut x292: u32 = 0; let mut x293: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x292, &mut x293, x2, (arg2[7])); let mut x294: u32 = 0; let mut x295: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x294, &mut x295, x2, (arg2[6])); let mut x296: u32 = 0; let mut x297: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x296, &mut x297, x2, (arg2[5])); let mut x298: u32 = 0; let mut x299: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x298, &mut x299, x2, (arg2[4])); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x300, &mut x301, x2, (arg2[3])); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x302, &mut x303, x2, (arg2[2])); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x304, &mut x305, x2, (arg2[1])); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x306, &mut x307, x2, (arg2[0])); let mut x308: u32 = 0; let mut x309: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x308, &mut x309, 0x0, x307, x304); let mut x310: u32 = 0; let mut x311: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x305, x302); let mut x312: u32 = 0; let mut x313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x312, &mut x313, x311, x303, x300); let mut x314: u32 = 0; let mut x315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x301, x298); let mut x316: u32 = 0; let mut x317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x299, x296); let mut x318: u32 = 0; let mut x319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x297, x294); let mut x320: u32 = 0; let mut x321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x295, x292); let mut x322: u32 = 0; let mut x323: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x293, x290); let mut x324: u32 = 0; let mut x325: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x291, x288); let mut x326: u32 = 0; let mut x327: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x289, x286); let mut x328: u32 = 0; let mut x329: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x287, x284); let x330: u32 = ((x329 as u32) + x285); let mut x331: u32 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x331, &mut x332, 0x0, x259, x306); let mut x333: u32 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x261, x308); let mut x335: u32 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x263, x310); let mut x337: u32 = 0; let mut x338: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x337, &mut x338, x336, x265, x312); let mut x339: u32 = 0; let mut x340: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x339, &mut x340, x338, x267, x314); let mut x341: u32 = 0; let mut x342: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x341, &mut x342, x340, x269, x316); let mut x343: u32 = 0; let mut x344: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x343, &mut x344, x342, x271, x318); let mut x345: u32 = 0; let mut x346: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x345, &mut x346, x344, x273, x320); let mut x347: u32 = 0; let mut x348: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x347, &mut x348, x346, x275, x322); let mut x349: u32 = 0; let mut x350: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x349, &mut x350, x348, x277, x324); let mut x351: u32 = 0; let mut x352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x351, &mut x352, x350, x279, x326); let mut x353: u32 = 0; let mut x354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x281, x328); let mut x355: u32 = 0; let mut x356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x283, x330); let mut x357: u32 = 0; let mut x358: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x357, &mut x358, x331, 0xe88fdc45); let mut x359: u32 = 0; let mut x360: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x359, &mut x360, x357, 0xffffffff); let mut x361: u32 = 0; let mut x362: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x361, &mut x362, x357, 0xffffffff); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x363, &mut x364, x357, 0xffffffff); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x365, &mut x366, x357, 0xffffffff); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x367, &mut x368, x357, 0xffffffff); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x369, &mut x370, x357, 0xffffffff); let mut x371: u32 = 0; let mut x372: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x371, &mut x372, x357, 0xc7634d81); let mut x373: u32 = 0; let mut x374: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x373, &mut x374, x357, 0xf4372ddf); let mut x375: u32 = 0; let mut x376: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x375, &mut x376, x357, 0x581a0db2); let mut x377: u32 = 0; let mut x378: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x377, &mut x378, x357, 0x48b0a77a); let mut x379: u32 = 0; let mut x380: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x379, &mut x380, x357, 0xecec196a); let mut x381: u32 = 0; let mut x382: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x381, &mut x382, x357, 0xccc52973); let mut x383: u32 = 0; let mut x384: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x383, &mut x384, 0x0, x382, x379); let mut x385: u32 = 0; let mut x386: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x380, x377); let mut x387: u32 = 0; let mut x388: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x378, x375); let mut x389: u32 = 0; let mut x390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x376, x373); let mut x391: u32 = 0; let mut x392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x374, x371); let mut x393: u32 = 0; let mut x394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x393, &mut x394, x392, x372, x369); let mut x395: u32 = 0; let mut x396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x395, &mut x396, x394, x370, x367); let mut x397: u32 = 0; let mut x398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x397, &mut x398, x396, x368, x365); let mut x399: u32 = 0; let mut x400: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x399, &mut x400, x398, x366, x363); let mut x401: u32 = 0; let mut x402: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x364, x361); let mut x403: u32 = 0; let mut x404: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x362, x359); let x405: u32 = ((x404 as u32) + x360); let mut x406: u32 = 0; let mut x407: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x406, &mut x407, 0x0, x331, x381); let mut x408: u32 = 0; let mut x409: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x408, &mut x409, x407, x333, x383); let mut x410: u32 = 0; let mut x411: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x410, &mut x411, x409, x335, x385); let mut x412: u32 = 0; let mut x413: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x337, x387); let mut x414: u32 = 0; let mut x415: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x339, x389); let mut x416: u32 = 0; let mut x417: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x341, x391); let mut x418: u32 = 0; let mut x419: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x343, x393); let mut x420: u32 = 0; let mut x421: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x345, x395); let mut x422: u32 = 0; let mut x423: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x347, x397); let mut x424: u32 = 0; let mut x425: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x424, &mut x425, x423, x349, x399); let mut x426: u32 = 0; let mut x427: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x426, &mut x427, x425, x351, x401); let mut x428: u32 = 0; let mut x429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x428, &mut x429, x427, x353, x403); let mut x430: u32 = 0; let mut x431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x430, &mut x431, x429, x355, x405); let x432: u32 = ((x431 as u32) + (x356 as u32)); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x433, &mut x434, x3, (arg2[11])); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x435, &mut x436, x3, (arg2[10])); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x437, &mut x438, x3, (arg2[9])); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x439, &mut x440, x3, (arg2[8])); let mut x441: u32 = 0; let mut x442: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x441, &mut x442, x3, (arg2[7])); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x443, &mut x444, x3, (arg2[6])); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x445, &mut x446, x3, (arg2[5])); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x447, &mut x448, x3, (arg2[4])); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x449, &mut x450, x3, (arg2[3])); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x451, &mut x452, x3, (arg2[2])); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x453, &mut x454, x3, (arg2[1])); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x455, &mut x456, x3, (arg2[0])); let mut x457: u32 = 0; let mut x458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x457, &mut x458, 0x0, x456, x453); let mut x459: u32 = 0; let mut x460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x459, &mut x460, x458, x454, x451); let mut x461: u32 = 0; let mut x462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x452, x449); let mut x463: u32 = 0; let mut x464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x450, x447); let mut x465: u32 = 0; let mut x466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x448, x445); let mut x467: u32 = 0; let mut x468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x446, x443); let mut x469: u32 = 0; let mut x470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x444, x441); let mut x471: u32 = 0; let mut x472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x442, x439); let mut x473: u32 = 0; let mut x474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x473, &mut x474, x472, x440, x437); let mut x475: u32 = 0; let mut x476: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x475, &mut x476, x474, x438, x435); let mut x477: u32 = 0; let mut x478: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x477, &mut x478, x476, x436, x433); let x479: u32 = ((x478 as u32) + x434); let mut x480: u32 = 0; let mut x481: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x480, &mut x481, 0x0, x408, x455); let mut x482: u32 = 0; let mut x483: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x482, &mut x483, x481, x410, x457); let mut x484: u32 = 0; let mut x485: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x412, x459); let mut x486: u32 = 0; let mut x487: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x414, x461); let mut x488: u32 = 0; let mut x489: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x416, x463); let mut x490: u32 = 0; let mut x491: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x418, x465); let mut x492: u32 = 0; let mut x493: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x492, &mut x493, x491, x420, x467); let mut x494: u32 = 0; let mut x495: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x494, &mut x495, x493, x422, x469); let mut x496: u32 = 0; let mut x497: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x496, &mut x497, x495, x424, x471); let mut x498: u32 = 0; let mut x499: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x498, &mut x499, x497, x426, x473); let mut x500: u32 = 0; let mut x501: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x500, &mut x501, x499, x428, x475); let mut x502: u32 = 0; let mut x503: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x502, &mut x503, x501, x430, x477); let mut x504: u32 = 0; let mut x505: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x504, &mut x505, x503, x432, x479); let mut x506: u32 = 0; let mut x507: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x506, &mut x507, x480, 0xe88fdc45); let mut x508: u32 = 0; let mut x509: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x508, &mut x509, x506, 0xffffffff); let mut x510: u32 = 0; let mut x511: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x510, &mut x511, x506, 0xffffffff); let mut x512: u32 = 0; let mut x513: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x512, &mut x513, x506, 0xffffffff); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x514, &mut x515, x506, 0xffffffff); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x516, &mut x517, x506, 0xffffffff); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x518, &mut x519, x506, 0xffffffff); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x520, &mut x521, x506, 0xc7634d81); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x522, &mut x523, x506, 0xf4372ddf); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x524, &mut x525, x506, 0x581a0db2); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x526, &mut x527, x506, 0x48b0a77a); let mut x528: u32 = 0; let mut x529: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x528, &mut x529, x506, 0xecec196a); let mut x530: u32 = 0; let mut x531: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x530, &mut x531, x506, 0xccc52973); let mut x532: u32 = 0; let mut x533: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x532, &mut x533, 0x0, x531, x528); let mut x534: u32 = 0; let mut x535: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x529, x526); let mut x536: u32 = 0; let mut x537: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x527, x524); let mut x538: u32 = 0; let mut x539: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x525, x522); let mut x540: u32 = 0; let mut x541: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x523, x520); let mut x542: u32 = 0; let mut x543: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x542, &mut x543, x541, x521, x518); let mut x544: u32 = 0; let mut x545: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x544, &mut x545, x543, x519, x516); let mut x546: u32 = 0; let mut x547: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x546, &mut x547, x545, x517, x514); let mut x548: u32 = 0; let mut x549: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x548, &mut x549, x547, x515, x512); let mut x550: u32 = 0; let mut x551: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x550, &mut x551, x549, x513, x510); let mut x552: u32 = 0; let mut x553: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x552, &mut x553, x551, x511, x508); let x554: u32 = ((x553 as u32) + x509); let mut x555: u32 = 0; let mut x556: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x555, &mut x556, 0x0, x480, x530); let mut x557: u32 = 0; let mut x558: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x482, x532); let mut x559: u32 = 0; let mut x560: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x484, x534); let mut x561: u32 = 0; let mut x562: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x561, &mut x562, x560, x486, x536); let mut x563: u32 = 0; let mut x564: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x563, &mut x564, x562, x488, x538); let mut x565: u32 = 0; let mut x566: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x565, &mut x566, x564, x490, x540); let mut x567: u32 = 0; let mut x568: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x567, &mut x568, x566, x492, x542); let mut x569: u32 = 0; let mut x570: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x569, &mut x570, x568, x494, x544); let mut x571: u32 = 0; let mut x572: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x571, &mut x572, x570, x496, x546); let mut x573: u32 = 0; let mut x574: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x573, &mut x574, x572, x498, x548); let mut x575: u32 = 0; let mut x576: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x500, x550); let mut x577: u32 = 0; let mut x578: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x502, x552); let mut x579: u32 = 0; let mut x580: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x579, &mut x580, x578, x504, x554); let x581: u32 = ((x580 as u32) + (x505 as u32)); let mut x582: u32 = 0; let mut x583: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x582, &mut x583, x4, (arg2[11])); let mut x584: u32 = 0; let mut x585: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x584, &mut x585, x4, (arg2[10])); let mut x586: u32 = 0; let mut x587: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x586, &mut x587, x4, (arg2[9])); let mut x588: u32 = 0; let mut x589: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x588, &mut x589, x4, (arg2[8])); let mut x590: u32 = 0; let mut x591: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x590, &mut x591, x4, (arg2[7])); let mut x592: u32 = 0; let mut x593: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x592, &mut x593, x4, (arg2[6])); let mut x594: u32 = 0; let mut x595: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x594, &mut x595, x4, (arg2[5])); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x596, &mut x597, x4, (arg2[4])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x598, &mut x599, x4, (arg2[3])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x600, &mut x601, x4, (arg2[2])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x602, &mut x603, x4, (arg2[1])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x604, &mut x605, x4, (arg2[0])); let mut x606: u32 = 0; let mut x607: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x606, &mut x607, 0x0, x605, x602); let mut x608: u32 = 0; let mut x609: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x608, &mut x609, x607, x603, x600); let mut x610: u32 = 0; let mut x611: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x610, &mut x611, x609, x601, x598); let mut x612: u32 = 0; let mut x613: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x612, &mut x613, x611, x599, x596); let mut x614: u32 = 0; let mut x615: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x614, &mut x615, x613, x597, x594); let mut x616: u32 = 0; let mut x617: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x616, &mut x617, x615, x595, x592); let mut x618: u32 = 0; let mut x619: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x618, &mut x619, x617, x593, x590); let mut x620: u32 = 0; let mut x621: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x620, &mut x621, x619, x591, x588); let mut x622: u32 = 0; let mut x623: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x622, &mut x623, x621, x589, x586); let mut x624: u32 = 0; let mut x625: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x624, &mut x625, x623, x587, x584); let mut x626: u32 = 0; let mut x627: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x626, &mut x627, x625, x585, x582); let x628: u32 = ((x627 as u32) + x583); let mut x629: u32 = 0; let mut x630: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x629, &mut x630, 0x0, x557, x604); let mut x631: u32 = 0; let mut x632: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x559, x606); let mut x633: u32 = 0; let mut x634: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x561, x608); let mut x635: u32 = 0; let mut x636: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x635, &mut x636, x634, x563, x610); let mut x637: u32 = 0; let mut x638: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x637, &mut x638, x636, x565, x612); let mut x639: u32 = 0; let mut x640: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x639, &mut x640, x638, x567, x614); let mut x641: u32 = 0; let mut x642: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x569, x616); let mut x643: u32 = 0; let mut x644: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x571, x618); let mut x645: u32 = 0; let mut x646: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x645, &mut x646, x644, x573, x620); let mut x647: u32 = 0; let mut x648: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x647, &mut x648, x646, x575, x622); let mut x649: u32 = 0; let mut x650: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x649, &mut x650, x648, x577, x624); let mut x651: u32 = 0; let mut x652: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x651, &mut x652, x650, x579, x626); let mut x653: u32 = 0; let mut x654: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x653, &mut x654, x652, x581, x628); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x655, &mut x656, x629, 0xe88fdc45); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x657, &mut x658, x655, 0xffffffff); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x659, &mut x660, x655, 0xffffffff); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x661, &mut x662, x655, 0xffffffff); let mut x663: u32 = 0; let mut x664: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x663, &mut x664, x655, 0xffffffff); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x665, &mut x666, x655, 0xffffffff); let mut x667: u32 = 0; let mut x668: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x667, &mut x668, x655, 0xffffffff); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x669, &mut x670, x655, 0xc7634d81); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x671, &mut x672, x655, 0xf4372ddf); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x673, &mut x674, x655, 0x581a0db2); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x675, &mut x676, x655, 0x48b0a77a); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x677, &mut x678, x655, 0xecec196a); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x679, &mut x680, x655, 0xccc52973); let mut x681: u32 = 0; let mut x682: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x681, &mut x682, 0x0, x680, x677); let mut x683: u32 = 0; let mut x684: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x678, x675); let mut x685: u32 = 0; let mut x686: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x685, &mut x686, x684, x676, x673); let mut x687: u32 = 0; let mut x688: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x687, &mut x688, x686, x674, x671); let mut x689: u32 = 0; let mut x690: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x689, &mut x690, x688, x672, x669); let mut x691: u32 = 0; let mut x692: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x691, &mut x692, x690, x670, x667); let mut x693: u32 = 0; let mut x694: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x693, &mut x694, x692, x668, x665); let mut x695: u32 = 0; let mut x696: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x695, &mut x696, x694, x666, x663); let mut x697: u32 = 0; let mut x698: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x697, &mut x698, x696, x664, x661); let mut x699: u32 = 0; let mut x700: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x699, &mut x700, x698, x662, x659); let mut x701: u32 = 0; let mut x702: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x701, &mut x702, x700, x660, x657); let x703: u32 = ((x702 as u32) + x658); let mut x704: u32 = 0; let mut x705: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x704, &mut x705, 0x0, x629, x679); let mut x706: u32 = 0; let mut x707: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x706, &mut x707, x705, x631, x681); let mut x708: u32 = 0; let mut x709: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x708, &mut x709, x707, x633, x683); let mut x710: u32 = 0; let mut x711: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x710, &mut x711, x709, x635, x685); let mut x712: u32 = 0; let mut x713: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x712, &mut x713, x711, x637, x687); let mut x714: u32 = 0; let mut x715: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x714, &mut x715, x713, x639, x689); let mut x716: u32 = 0; let mut x717: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x716, &mut x717, x715, x641, x691); let mut x718: u32 = 0; let mut x719: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x718, &mut x719, x717, x643, x693); let mut x720: u32 = 0; let mut x721: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x720, &mut x721, x719, x645, x695); let mut x722: u32 = 0; let mut x723: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x722, &mut x723, x721, x647, x697); let mut x724: u32 = 0; let mut x725: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x724, &mut x725, x723, x649, x699); let mut x726: u32 = 0; let mut x727: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x726, &mut x727, x725, x651, x701); let mut x728: u32 = 0; let mut x729: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x728, &mut x729, x727, x653, x703); let x730: u32 = ((x729 as u32) + (x654 as u32)); let mut x731: u32 = 0; let mut x732: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x731, &mut x732, x5, (arg2[11])); let mut x733: u32 = 0; let mut x734: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x733, &mut x734, x5, (arg2[10])); let mut x735: u32 = 0; let mut x736: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x735, &mut x736, x5, (arg2[9])); let mut x737: u32 = 0; let mut x738: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x737, &mut x738, x5, (arg2[8])); let mut x739: u32 = 0; let mut x740: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x739, &mut x740, x5, (arg2[7])); let mut x741: u32 = 0; let mut x742: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x741, &mut x742, x5, (arg2[6])); let mut x743: u32 = 0; let mut x744: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x743, &mut x744, x5, (arg2[5])); let mut x745: u32 = 0; let mut x746: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x745, &mut x746, x5, (arg2[4])); let mut x747: u32 = 0; let mut x748: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x747, &mut x748, x5, (arg2[3])); let mut x749: u32 = 0; let mut x750: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x749, &mut x750, x5, (arg2[2])); let mut x751: u32 = 0; let mut x752: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x751, &mut x752, x5, (arg2[1])); let mut x753: u32 = 0; let mut x754: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x753, &mut x754, x5, (arg2[0])); let mut x755: u32 = 0; let mut x756: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x755, &mut x756, 0x0, x754, x751); let mut x757: u32 = 0; let mut x758: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x757, &mut x758, x756, x752, x749); let mut x759: u32 = 0; let mut x760: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x759, &mut x760, x758, x750, x747); let mut x761: u32 = 0; let mut x762: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x761, &mut x762, x760, x748, x745); let mut x763: u32 = 0; let mut x764: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x763, &mut x764, x762, x746, x743); let mut x765: u32 = 0; let mut x766: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x765, &mut x766, x764, x744, x741); let mut x767: u32 = 0; let mut x768: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x767, &mut x768, x766, x742, x739); let mut x769: u32 = 0; let mut x770: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x769, &mut x770, x768, x740, x737); let mut x771: u32 = 0; let mut x772: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x771, &mut x772, x770, x738, x735); let mut x773: u32 = 0; let mut x774: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x773, &mut x774, x772, x736, x733); let mut x775: u32 = 0; let mut x776: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x775, &mut x776, x774, x734, x731); let x777: u32 = ((x776 as u32) + x732); let mut x778: u32 = 0; let mut x779: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x778, &mut x779, 0x0, x706, x753); let mut x780: u32 = 0; let mut x781: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x780, &mut x781, x779, x708, x755); let mut x782: u32 = 0; let mut x783: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x782, &mut x783, x781, x710, x757); let mut x784: u32 = 0; let mut x785: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x784, &mut x785, x783, x712, x759); let mut x786: u32 = 0; let mut x787: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x786, &mut x787, x785, x714, x761); let mut x788: u32 = 0; let mut x789: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x788, &mut x789, x787, x716, x763); let mut x790: u32 = 0; let mut x791: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x790, &mut x791, x789, x718, x765); let mut x792: u32 = 0; let mut x793: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x792, &mut x793, x791, x720, x767); let mut x794: u32 = 0; let mut x795: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x794, &mut x795, x793, x722, x769); let mut x796: u32 = 0; let mut x797: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x796, &mut x797, x795, x724, x771); let mut x798: u32 = 0; let mut x799: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x798, &mut x799, x797, x726, x773); let mut x800: u32 = 0; let mut x801: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x800, &mut x801, x799, x728, x775); let mut x802: u32 = 0; let mut x803: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x802, &mut x803, x801, x730, x777); let mut x804: u32 = 0; let mut x805: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x804, &mut x805, x778, 0xe88fdc45); let mut x806: u32 = 0; let mut x807: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x806, &mut x807, x804, 0xffffffff); let mut x808: u32 = 0; let mut x809: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x808, &mut x809, x804, 0xffffffff); let mut x810: u32 = 0; let mut x811: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x810, &mut x811, x804, 0xffffffff); let mut x812: u32 = 0; let mut x813: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x812, &mut x813, x804, 0xffffffff); let mut x814: u32 = 0; let mut x815: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x814, &mut x815, x804, 0xffffffff); let mut x816: u32 = 0; let mut x817: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x816, &mut x817, x804, 0xffffffff); let mut x818: u32 = 0; let mut x819: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x818, &mut x819, x804, 0xc7634d81); let mut x820: u32 = 0; let mut x821: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x820, &mut x821, x804, 0xf4372ddf); let mut x822: u32 = 0; let mut x823: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x822, &mut x823, x804, 0x581a0db2); let mut x824: u32 = 0; let mut x825: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x824, &mut x825, x804, 0x48b0a77a); let mut x826: u32 = 0; let mut x827: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x826, &mut x827, x804, 0xecec196a); let mut x828: u32 = 0; let mut x829: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x828, &mut x829, x804, 0xccc52973); let mut x830: u32 = 0; let mut x831: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x830, &mut x831, 0x0, x829, x826); let mut x832: u32 = 0; let mut x833: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x832, &mut x833, x831, x827, x824); let mut x834: u32 = 0; let mut x835: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x834, &mut x835, x833, x825, x822); let mut x836: u32 = 0; let mut x837: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x836, &mut x837, x835, x823, x820); let mut x838: u32 = 0; let mut x839: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x838, &mut x839, x837, x821, x818); let mut x840: u32 = 0; let mut x841: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x840, &mut x841, x839, x819, x816); let mut x842: u32 = 0; let mut x843: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x842, &mut x843, x841, x817, x814); let mut x844: u32 = 0; let mut x845: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x844, &mut x845, x843, x815, x812); let mut x846: u32 = 0; let mut x847: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x846, &mut x847, x845, x813, x810); let mut x848: u32 = 0; let mut x849: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x848, &mut x849, x847, x811, x808); let mut x850: u32 = 0; let mut x851: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x850, &mut x851, x849, x809, x806); let x852: u32 = ((x851 as u32) + x807); let mut x853: u32 = 0; let mut x854: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x853, &mut x854, 0x0, x778, x828); let mut x855: u32 = 0; let mut x856: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x855, &mut x856, x854, x780, x830); let mut x857: u32 = 0; let mut x858: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x857, &mut x858, x856, x782, x832); let mut x859: u32 = 0; let mut x860: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x859, &mut x860, x858, x784, x834); let mut x861: u32 = 0; let mut x862: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x861, &mut x862, x860, x786, x836); let mut x863: u32 = 0; let mut x864: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x863, &mut x864, x862, x788, x838); let mut x865: u32 = 0; let mut x866: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x865, &mut x866, x864, x790, x840); let mut x867: u32 = 0; let mut x868: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x867, &mut x868, x866, x792, x842); let mut x869: u32 = 0; let mut x870: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x869, &mut x870, x868, x794, x844); let mut x871: u32 = 0; let mut x872: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x871, &mut x872, x870, x796, x846); let mut x873: u32 = 0; let mut x874: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x873, &mut x874, x872, x798, x848); let mut x875: u32 = 0; let mut x876: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x875, &mut x876, x874, x800, x850); let mut x877: u32 = 0; let mut x878: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x877, &mut x878, x876, x802, x852); let x879: u32 = ((x878 as u32) + (x803 as u32)); let mut x880: u32 = 0; let mut x881: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x880, &mut x881, x6, (arg2[11])); let mut x882: u32 = 0; let mut x883: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x882, &mut x883, x6, (arg2[10])); let mut x884: u32 = 0; let mut x885: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x884, &mut x885, x6, (arg2[9])); let mut x886: u32 = 0; let mut x887: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x886, &mut x887, x6, (arg2[8])); let mut x888: u32 = 0; let mut x889: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x888, &mut x889, x6, (arg2[7])); let mut x890: u32 = 0; let mut x891: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x890, &mut x891, x6, (arg2[6])); let mut x892: u32 = 0; let mut x893: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x892, &mut x893, x6, (arg2[5])); let mut x894: u32 = 0; let mut x895: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x894, &mut x895, x6, (arg2[4])); let mut x896: u32 = 0; let mut x897: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x896, &mut x897, x6, (arg2[3])); let mut x898: u32 = 0; let mut x899: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x898, &mut x899, x6, (arg2[2])); let mut x900: u32 = 0; let mut x901: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x900, &mut x901, x6, (arg2[1])); let mut x902: u32 = 0; let mut x903: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x902, &mut x903, x6, (arg2[0])); let mut x904: u32 = 0; let mut x905: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x904, &mut x905, 0x0, x903, x900); let mut x906: u32 = 0; let mut x907: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x906, &mut x907, x905, x901, x898); let mut x908: u32 = 0; let mut x909: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x908, &mut x909, x907, x899, x896); let mut x910: u32 = 0; let mut x911: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x910, &mut x911, x909, x897, x894); let mut x912: u32 = 0; let mut x913: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x912, &mut x913, x911, x895, x892); let mut x914: u32 = 0; let mut x915: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x914, &mut x915, x913, x893, x890); let mut x916: u32 = 0; let mut x917: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x916, &mut x917, x915, x891, x888); let mut x918: u32 = 0; let mut x919: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x918, &mut x919, x917, x889, x886); let mut x920: u32 = 0; let mut x921: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x920, &mut x921, x919, x887, x884); let mut x922: u32 = 0; let mut x923: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x922, &mut x923, x921, x885, x882); let mut x924: u32 = 0; let mut x925: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x924, &mut x925, x923, x883, x880); let x926: u32 = ((x925 as u32) + x881); let mut x927: u32 = 0; let mut x928: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x927, &mut x928, 0x0, x855, x902); let mut x929: u32 = 0; let mut x930: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x929, &mut x930, x928, x857, x904); let mut x931: u32 = 0; let mut x932: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x931, &mut x932, x930, x859, x906); let mut x933: u32 = 0; let mut x934: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x933, &mut x934, x932, x861, x908); let mut x935: u32 = 0; let mut x936: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x935, &mut x936, x934, x863, x910); let mut x937: u32 = 0; let mut x938: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x937, &mut x938, x936, x865, x912); let mut x939: u32 = 0; let mut x940: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x939, &mut x940, x938, x867, x914); let mut x941: u32 = 0; let mut x942: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x941, &mut x942, x940, x869, x916); let mut x943: u32 = 0; let mut x944: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x943, &mut x944, x942, x871, x918); let mut x945: u32 = 0; let mut x946: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x945, &mut x946, x944, x873, x920); let mut x947: u32 = 0; let mut x948: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x947, &mut x948, x946, x875, x922); let mut x949: u32 = 0; let mut x950: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x949, &mut x950, x948, x877, x924); let mut x951: u32 = 0; let mut x952: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x951, &mut x952, x950, x879, x926); let mut x953: u32 = 0; let mut x954: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x953, &mut x954, x927, 0xe88fdc45); let mut x955: u32 = 0; let mut x956: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x955, &mut x956, x953, 0xffffffff); let mut x957: u32 = 0; let mut x958: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x957, &mut x958, x953, 0xffffffff); let mut x959: u32 = 0; let mut x960: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x959, &mut x960, x953, 0xffffffff); let mut x961: u32 = 0; let mut x962: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x961, &mut x962, x953, 0xffffffff); let mut x963: u32 = 0; let mut x964: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x963, &mut x964, x953, 0xffffffff); let mut x965: u32 = 0; let mut x966: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x965, &mut x966, x953, 0xffffffff); let mut x967: u32 = 0; let mut x968: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x967, &mut x968, x953, 0xc7634d81); let mut x969: u32 = 0; let mut x970: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x969, &mut x970, x953, 0xf4372ddf); let mut x971: u32 = 0; let mut x972: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x971, &mut x972, x953, 0x581a0db2); let mut x973: u32 = 0; let mut x974: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x973, &mut x974, x953, 0x48b0a77a); let mut x975: u32 = 0; let mut x976: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x975, &mut x976, x953, 0xecec196a); let mut x977: u32 = 0; let mut x978: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x977, &mut x978, x953, 0xccc52973); let mut x979: u32 = 0; let mut x980: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x979, &mut x980, 0x0, x978, x975); let mut x981: u32 = 0; let mut x982: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x981, &mut x982, x980, x976, x973); let mut x983: u32 = 0; let mut x984: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x983, &mut x984, x982, x974, x971); let mut x985: u32 = 0; let mut x986: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x985, &mut x986, x984, x972, x969); let mut x987: u32 = 0; let mut x988: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x987, &mut x988, x986, x970, x967); let mut x989: u32 = 0; let mut x990: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x989, &mut x990, x988, x968, x965); let mut x991: u32 = 0; let mut x992: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x991, &mut x992, x990, x966, x963); let mut x993: u32 = 0; let mut x994: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x993, &mut x994, x992, x964, x961); let mut x995: u32 = 0; let mut x996: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x995, &mut x996, x994, x962, x959); let mut x997: u32 = 0; let mut x998: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x997, &mut x998, x996, x960, x957); let mut x999: u32 = 0; let mut x1000: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x999, &mut x1000, x998, x958, x955); let x1001: u32 = ((x1000 as u32) + x956); let mut x1002: u32 = 0; let mut x1003: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1002, &mut x1003, 0x0, x927, x977); let mut x1004: u32 = 0; let mut x1005: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1004, &mut x1005, x1003, x929, x979); let mut x1006: u32 = 0; let mut x1007: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1006, &mut x1007, x1005, x931, x981); let mut x1008: u32 = 0; let mut x1009: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1008, &mut x1009, x1007, x933, x983); let mut x1010: u32 = 0; let mut x1011: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1010, &mut x1011, x1009, x935, x985); let mut x1012: u32 = 0; let mut x1013: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1012, &mut x1013, x1011, x937, x987); let mut x1014: u32 = 0; let mut x1015: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1014, &mut x1015, x1013, x939, x989); let mut x1016: u32 = 0; let mut x1017: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1016, &mut x1017, x1015, x941, x991); let mut x1018: u32 = 0; let mut x1019: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1018, &mut x1019, x1017, x943, x993); let mut x1020: u32 = 0; let mut x1021: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1020, &mut x1021, x1019, x945, x995); let mut x1022: u32 = 0; let mut x1023: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1022, &mut x1023, x1021, x947, x997); let mut x1024: u32 = 0; let mut x1025: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1024, &mut x1025, x1023, x949, x999); let mut x1026: u32 = 0; let mut x1027: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1026, &mut x1027, x1025, x951, x1001); let x1028: u32 = ((x1027 as u32) + (x952 as u32)); let mut x1029: u32 = 0; let mut x1030: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1029, &mut x1030, x7, (arg2[11])); let mut x1031: u32 = 0; let mut x1032: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1031, &mut x1032, x7, (arg2[10])); let mut x1033: u32 = 0; let mut x1034: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1033, &mut x1034, x7, (arg2[9])); let mut x1035: u32 = 0; let mut x1036: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1035, &mut x1036, x7, (arg2[8])); let mut x1037: u32 = 0; let mut x1038: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1037, &mut x1038, x7, (arg2[7])); let mut x1039: u32 = 0; let mut x1040: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1039, &mut x1040, x7, (arg2[6])); let mut x1041: u32 = 0; let mut x1042: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1041, &mut x1042, x7, (arg2[5])); let mut x1043: u32 = 0; let mut x1044: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1043, &mut x1044, x7, (arg2[4])); let mut x1045: u32 = 0; let mut x1046: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1045, &mut x1046, x7, (arg2[3])); let mut x1047: u32 = 0; let mut x1048: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1047, &mut x1048, x7, (arg2[2])); let mut x1049: u32 = 0; let mut x1050: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1049, &mut x1050, x7, (arg2[1])); let mut x1051: u32 = 0; let mut x1052: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1051, &mut x1052, x7, (arg2[0])); let mut x1053: u32 = 0; let mut x1054: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1053, &mut x1054, 0x0, x1052, x1049); let mut x1055: u32 = 0; let mut x1056: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1055, &mut x1056, x1054, x1050, x1047); let mut x1057: u32 = 0; let mut x1058: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1057, &mut x1058, x1056, x1048, x1045); let mut x1059: u32 = 0; let mut x1060: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1059, &mut x1060, x1058, x1046, x1043); let mut x1061: u32 = 0; let mut x1062: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1061, &mut x1062, x1060, x1044, x1041); let mut x1063: u32 = 0; let mut x1064: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1063, &mut x1064, x1062, x1042, x1039); let mut x1065: u32 = 0; let mut x1066: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1065, &mut x1066, x1064, x1040, x1037); let mut x1067: u32 = 0; let mut x1068: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1067, &mut x1068, x1066, x1038, x1035); let mut x1069: u32 = 0; let mut x1070: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1069, &mut x1070, x1068, x1036, x1033); let mut x1071: u32 = 0; let mut x1072: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1071, &mut x1072, x1070, x1034, x1031); let mut x1073: u32 = 0; let mut x1074: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1073, &mut x1074, x1072, x1032, x1029); let x1075: u32 = ((x1074 as u32) + x1030); let mut x1076: u32 = 0; let mut x1077: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1076, &mut x1077, 0x0, x1004, x1051); let mut x1078: u32 = 0; let mut x1079: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1078, &mut x1079, x1077, x1006, x1053); let mut x1080: u32 = 0; let mut x1081: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1080, &mut x1081, x1079, x1008, x1055); let mut x1082: u32 = 0; let mut x1083: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1082, &mut x1083, x1081, x1010, x1057); let mut x1084: u32 = 0; let mut x1085: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1084, &mut x1085, x1083, x1012, x1059); let mut x1086: u32 = 0; let mut x1087: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1086, &mut x1087, x1085, x1014, x1061); let mut x1088: u32 = 0; let mut x1089: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1088, &mut x1089, x1087, x1016, x1063); let mut x1090: u32 = 0; let mut x1091: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1090, &mut x1091, x1089, x1018, x1065); let mut x1092: u32 = 0; let mut x1093: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1092, &mut x1093, x1091, x1020, x1067); let mut x1094: u32 = 0; let mut x1095: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1094, &mut x1095, x1093, x1022, x1069); let mut x1096: u32 = 0; let mut x1097: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1096, &mut x1097, x1095, x1024, x1071); let mut x1098: u32 = 0; let mut x1099: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1098, &mut x1099, x1097, x1026, x1073); let mut x1100: u32 = 0; let mut x1101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1100, &mut x1101, x1099, x1028, x1075); let mut x1102: u32 = 0; let mut x1103: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1102, &mut x1103, x1076, 0xe88fdc45); let mut x1104: u32 = 0; let mut x1105: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1104, &mut x1105, x1102, 0xffffffff); let mut x1106: u32 = 0; let mut x1107: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1106, &mut x1107, x1102, 0xffffffff); let mut x1108: u32 = 0; let mut x1109: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1108, &mut x1109, x1102, 0xffffffff); let mut x1110: u32 = 0; let mut x1111: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1110, &mut x1111, x1102, 0xffffffff); let mut x1112: u32 = 0; let mut x1113: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1112, &mut x1113, x1102, 0xffffffff); let mut x1114: u32 = 0; let mut x1115: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1114, &mut x1115, x1102, 0xffffffff); let mut x1116: u32 = 0; let mut x1117: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1116, &mut x1117, x1102, 0xc7634d81); let mut x1118: u32 = 0; let mut x1119: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1118, &mut x1119, x1102, 0xf4372ddf); let mut x1120: u32 = 0; let mut x1121: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1120, &mut x1121, x1102, 0x581a0db2); let mut x1122: u32 = 0; let mut x1123: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1122, &mut x1123, x1102, 0x48b0a77a); let mut x1124: u32 = 0; let mut x1125: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1124, &mut x1125, x1102, 0xecec196a); let mut x1126: u32 = 0; let mut x1127: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1126, &mut x1127, x1102, 0xccc52973); let mut x1128: u32 = 0; let mut x1129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1128, &mut x1129, 0x0, x1127, x1124); let mut x1130: u32 = 0; let mut x1131: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1130, &mut x1131, x1129, x1125, x1122); let mut x1132: u32 = 0; let mut x1133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1132, &mut x1133, x1131, x1123, x1120); let mut x1134: u32 = 0; let mut x1135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1134, &mut x1135, x1133, x1121, x1118); let mut x1136: u32 = 0; let mut x1137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1136, &mut x1137, x1135, x1119, x1116); let mut x1138: u32 = 0; let mut x1139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1138, &mut x1139, x1137, x1117, x1114); let mut x1140: u32 = 0; let mut x1141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1140, &mut x1141, x1139, x1115, x1112); let mut x1142: u32 = 0; let mut x1143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1142, &mut x1143, x1141, x1113, x1110); let mut x1144: u32 = 0; let mut x1145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1144, &mut x1145, x1143, x1111, x1108); let mut x1146: u32 = 0; let mut x1147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1146, &mut x1147, x1145, x1109, x1106); let mut x1148: u32 = 0; let mut x1149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1148, &mut x1149, x1147, x1107, x1104); let x1150: u32 = ((x1149 as u32) + x1105); let mut x1151: u32 = 0; let mut x1152: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1151, &mut x1152, 0x0, x1076, x1126); let mut x1153: u32 = 0; let mut x1154: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1153, &mut x1154, x1152, x1078, x1128); let mut x1155: u32 = 0; let mut x1156: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1155, &mut x1156, x1154, x1080, x1130); let mut x1157: u32 = 0; let mut x1158: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1157, &mut x1158, x1156, x1082, x1132); let mut x1159: u32 = 0; let mut x1160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1159, &mut x1160, x1158, x1084, x1134); let mut x1161: u32 = 0; let mut x1162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1161, &mut x1162, x1160, x1086, x1136); let mut x1163: u32 = 0; let mut x1164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1163, &mut x1164, x1162, x1088, x1138); let mut x1165: u32 = 0; let mut x1166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1165, &mut x1166, x1164, x1090, x1140); let mut x1167: u32 = 0; let mut x1168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1167, &mut x1168, x1166, x1092, x1142); let mut x1169: u32 = 0; let mut x1170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1169, &mut x1170, x1168, x1094, x1144); let mut x1171: u32 = 0; let mut x1172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1171, &mut x1172, x1170, x1096, x1146); let mut x1173: u32 = 0; let mut x1174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1173, &mut x1174, x1172, x1098, x1148); let mut x1175: u32 = 0; let mut x1176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1175, &mut x1176, x1174, x1100, x1150); let x1177: u32 = ((x1176 as u32) + (x1101 as u32)); let mut x1178: u32 = 0; let mut x1179: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1178, &mut x1179, x8, (arg2[11])); let mut x1180: u32 = 0; let mut x1181: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1180, &mut x1181, x8, (arg2[10])); let mut x1182: u32 = 0; let mut x1183: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1182, &mut x1183, x8, (arg2[9])); let mut x1184: u32 = 0; let mut x1185: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1184, &mut x1185, x8, (arg2[8])); let mut x1186: u32 = 0; let mut x1187: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1186, &mut x1187, x8, (arg2[7])); let mut x1188: u32 = 0; let mut x1189: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1188, &mut x1189, x8, (arg2[6])); let mut x1190: u32 = 0; let mut x1191: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1190, &mut x1191, x8, (arg2[5])); let mut x1192: u32 = 0; let mut x1193: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1192, &mut x1193, x8, (arg2[4])); let mut x1194: u32 = 0; let mut x1195: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1194, &mut x1195, x8, (arg2[3])); let mut x1196: u32 = 0; let mut x1197: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1196, &mut x1197, x8, (arg2[2])); let mut x1198: u32 = 0; let mut x1199: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1198, &mut x1199, x8, (arg2[1])); let mut x1200: u32 = 0; let mut x1201: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1200, &mut x1201, x8, (arg2[0])); let mut x1202: u32 = 0; let mut x1203: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1202, &mut x1203, 0x0, x1201, x1198); let mut x1204: u32 = 0; let mut x1205: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1204, &mut x1205, x1203, x1199, x1196); let mut x1206: u32 = 0; let mut x1207: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1206, &mut x1207, x1205, x1197, x1194); let mut x1208: u32 = 0; let mut x1209: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1208, &mut x1209, x1207, x1195, x1192); let mut x1210: u32 = 0; let mut x1211: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1210, &mut x1211, x1209, x1193, x1190); let mut x1212: u32 = 0; let mut x1213: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1212, &mut x1213, x1211, x1191, x1188); let mut x1214: u32 = 0; let mut x1215: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1214, &mut x1215, x1213, x1189, x1186); let mut x1216: u32 = 0; let mut x1217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1216, &mut x1217, x1215, x1187, x1184); let mut x1218: u32 = 0; let mut x1219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1218, &mut x1219, x1217, x1185, x1182); let mut x1220: u32 = 0; let mut x1221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1220, &mut x1221, x1219, x1183, x1180); let mut x1222: u32 = 0; let mut x1223: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1222, &mut x1223, x1221, x1181, x1178); let x1224: u32 = ((x1223 as u32) + x1179); let mut x1225: u32 = 0; let mut x1226: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1225, &mut x1226, 0x0, x1153, x1200); let mut x1227: u32 = 0; let mut x1228: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1227, &mut x1228, x1226, x1155, x1202); let mut x1229: u32 = 0; let mut x1230: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1229, &mut x1230, x1228, x1157, x1204); let mut x1231: u32 = 0; let mut x1232: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1231, &mut x1232, x1230, x1159, x1206); let mut x1233: u32 = 0; let mut x1234: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1233, &mut x1234, x1232, x1161, x1208); let mut x1235: u32 = 0; let mut x1236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1235, &mut x1236, x1234, x1163, x1210); let mut x1237: u32 = 0; let mut x1238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1237, &mut x1238, x1236, x1165, x1212); let mut x1239: u32 = 0; let mut x1240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1239, &mut x1240, x1238, x1167, x1214); let mut x1241: u32 = 0; let mut x1242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1241, &mut x1242, x1240, x1169, x1216); let mut x1243: u32 = 0; let mut x1244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1243, &mut x1244, x1242, x1171, x1218); let mut x1245: u32 = 0; let mut x1246: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1245, &mut x1246, x1244, x1173, x1220); let mut x1247: u32 = 0; let mut x1248: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1247, &mut x1248, x1246, x1175, x1222); let mut x1249: u32 = 0; let mut x1250: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1249, &mut x1250, x1248, x1177, x1224); let mut x1251: u32 = 0; let mut x1252: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1251, &mut x1252, x1225, 0xe88fdc45); let mut x1253: u32 = 0; let mut x1254: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1253, &mut x1254, x1251, 0xffffffff); let mut x1255: u32 = 0; let mut x1256: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1255, &mut x1256, x1251, 0xffffffff); let mut x1257: u32 = 0; let mut x1258: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1257, &mut x1258, x1251, 0xffffffff); let mut x1259: u32 = 0; let mut x1260: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1259, &mut x1260, x1251, 0xffffffff); let mut x1261: u32 = 0; let mut x1262: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1261, &mut x1262, x1251, 0xffffffff); let mut x1263: u32 = 0; let mut x1264: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1263, &mut x1264, x1251, 0xffffffff); let mut x1265: u32 = 0; let mut x1266: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1265, &mut x1266, x1251, 0xc7634d81); let mut x1267: u32 = 0; let mut x1268: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1267, &mut x1268, x1251, 0xf4372ddf); let mut x1269: u32 = 0; let mut x1270: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1269, &mut x1270, x1251, 0x581a0db2); let mut x1271: u32 = 0; let mut x1272: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1271, &mut x1272, x1251, 0x48b0a77a); let mut x1273: u32 = 0; let mut x1274: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1273, &mut x1274, x1251, 0xecec196a); let mut x1275: u32 = 0; let mut x1276: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1275, &mut x1276, x1251, 0xccc52973); let mut x1277: u32 = 0; let mut x1278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1277, &mut x1278, 0x0, x1276, x1273); let mut x1279: u32 = 0; let mut x1280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1279, &mut x1280, x1278, x1274, x1271); let mut x1281: u32 = 0; let mut x1282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1281, &mut x1282, x1280, x1272, x1269); let mut x1283: u32 = 0; let mut x1284: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1283, &mut x1284, x1282, x1270, x1267); let mut x1285: u32 = 0; let mut x1286: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1285, &mut x1286, x1284, x1268, x1265); let mut x1287: u32 = 0; let mut x1288: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1287, &mut x1288, x1286, x1266, x1263); let mut x1289: u32 = 0; let mut x1290: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1289, &mut x1290, x1288, x1264, x1261); let mut x1291: u32 = 0; let mut x1292: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1291, &mut x1292, x1290, x1262, x1259); let mut x1293: u32 = 0; let mut x1294: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1293, &mut x1294, x1292, x1260, x1257); let mut x1295: u32 = 0; let mut x1296: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1295, &mut x1296, x1294, x1258, x1255); let mut x1297: u32 = 0; let mut x1298: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1297, &mut x1298, x1296, x1256, x1253); let x1299: u32 = ((x1298 as u32) + x1254); let mut x1300: u32 = 0; let mut x1301: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1300, &mut x1301, 0x0, x1225, x1275); let mut x1302: u32 = 0; let mut x1303: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1302, &mut x1303, x1301, x1227, x1277); let mut x1304: u32 = 0; let mut x1305: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1304, &mut x1305, x1303, x1229, x1279); let mut x1306: u32 = 0; let mut x1307: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1306, &mut x1307, x1305, x1231, x1281); let mut x1308: u32 = 0; let mut x1309: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1308, &mut x1309, x1307, x1233, x1283); let mut x1310: u32 = 0; let mut x1311: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1310, &mut x1311, x1309, x1235, x1285); let mut x1312: u32 = 0; let mut x1313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1312, &mut x1313, x1311, x1237, x1287); let mut x1314: u32 = 0; let mut x1315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1314, &mut x1315, x1313, x1239, x1289); let mut x1316: u32 = 0; let mut x1317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1316, &mut x1317, x1315, x1241, x1291); let mut x1318: u32 = 0; let mut x1319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1318, &mut x1319, x1317, x1243, x1293); let mut x1320: u32 = 0; let mut x1321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1320, &mut x1321, x1319, x1245, x1295); let mut x1322: u32 = 0; let mut x1323: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1322, &mut x1323, x1321, x1247, x1297); let mut x1324: u32 = 0; let mut x1325: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1324, &mut x1325, x1323, x1249, x1299); let x1326: u32 = ((x1325 as u32) + (x1250 as u32)); let mut x1327: u32 = 0; let mut x1328: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1327, &mut x1328, x9, (arg2[11])); let mut x1329: u32 = 0; let mut x1330: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1329, &mut x1330, x9, (arg2[10])); let mut x1331: u32 = 0; let mut x1332: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1331, &mut x1332, x9, (arg2[9])); let mut x1333: u32 = 0; let mut x1334: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1333, &mut x1334, x9, (arg2[8])); let mut x1335: u32 = 0; let mut x1336: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1335, &mut x1336, x9, (arg2[7])); let mut x1337: u32 = 0; let mut x1338: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1337, &mut x1338, x9, (arg2[6])); let mut x1339: u32 = 0; let mut x1340: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1339, &mut x1340, x9, (arg2[5])); let mut x1341: u32 = 0; let mut x1342: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1341, &mut x1342, x9, (arg2[4])); let mut x1343: u32 = 0; let mut x1344: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1343, &mut x1344, x9, (arg2[3])); let mut x1345: u32 = 0; let mut x1346: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1345, &mut x1346, x9, (arg2[2])); let mut x1347: u32 = 0; let mut x1348: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1347, &mut x1348, x9, (arg2[1])); let mut x1349: u32 = 0; let mut x1350: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1349, &mut x1350, x9, (arg2[0])); let mut x1351: u32 = 0; let mut x1352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1351, &mut x1352, 0x0, x1350, x1347); let mut x1353: u32 = 0; let mut x1354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1353, &mut x1354, x1352, x1348, x1345); let mut x1355: u32 = 0; let mut x1356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1355, &mut x1356, x1354, x1346, x1343); let mut x1357: u32 = 0; let mut x1358: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1357, &mut x1358, x1356, x1344, x1341); let mut x1359: u32 = 0; let mut x1360: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1359, &mut x1360, x1358, x1342, x1339); let mut x1361: u32 = 0; let mut x1362: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1361, &mut x1362, x1360, x1340, x1337); let mut x1363: u32 = 0; let mut x1364: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1363, &mut x1364, x1362, x1338, x1335); let mut x1365: u32 = 0; let mut x1366: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1365, &mut x1366, x1364, x1336, x1333); let mut x1367: u32 = 0; let mut x1368: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1367, &mut x1368, x1366, x1334, x1331); let mut x1369: u32 = 0; let mut x1370: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1369, &mut x1370, x1368, x1332, x1329); let mut x1371: u32 = 0; let mut x1372: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1371, &mut x1372, x1370, x1330, x1327); let x1373: u32 = ((x1372 as u32) + x1328); let mut x1374: u32 = 0; let mut x1375: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1374, &mut x1375, 0x0, x1302, x1349); let mut x1376: u32 = 0; let mut x1377: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1376, &mut x1377, x1375, x1304, x1351); let mut x1378: u32 = 0; let mut x1379: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1378, &mut x1379, x1377, x1306, x1353); let mut x1380: u32 = 0; let mut x1381: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1380, &mut x1381, x1379, x1308, x1355); let mut x1382: u32 = 0; let mut x1383: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1382, &mut x1383, x1381, x1310, x1357); let mut x1384: u32 = 0; let mut x1385: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1384, &mut x1385, x1383, x1312, x1359); let mut x1386: u32 = 0; let mut x1387: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1386, &mut x1387, x1385, x1314, x1361); let mut x1388: u32 = 0; let mut x1389: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1388, &mut x1389, x1387, x1316, x1363); let mut x1390: u32 = 0; let mut x1391: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1390, &mut x1391, x1389, x1318, x1365); let mut x1392: u32 = 0; let mut x1393: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1392, &mut x1393, x1391, x1320, x1367); let mut x1394: u32 = 0; let mut x1395: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1394, &mut x1395, x1393, x1322, x1369); let mut x1396: u32 = 0; let mut x1397: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1396, &mut x1397, x1395, x1324, x1371); let mut x1398: u32 = 0; let mut x1399: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1398, &mut x1399, x1397, x1326, x1373); let mut x1400: u32 = 0; let mut x1401: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1400, &mut x1401, x1374, 0xe88fdc45); let mut x1402: u32 = 0; let mut x1403: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1402, &mut x1403, x1400, 0xffffffff); let mut x1404: u32 = 0; let mut x1405: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1404, &mut x1405, x1400, 0xffffffff); let mut x1406: u32 = 0; let mut x1407: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1406, &mut x1407, x1400, 0xffffffff); let mut x1408: u32 = 0; let mut x1409: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1408, &mut x1409, x1400, 0xffffffff); let mut x1410: u32 = 0; let mut x1411: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1410, &mut x1411, x1400, 0xffffffff); let mut x1412: u32 = 0; let mut x1413: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1412, &mut x1413, x1400, 0xffffffff); let mut x1414: u32 = 0; let mut x1415: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1414, &mut x1415, x1400, 0xc7634d81); let mut x1416: u32 = 0; let mut x1417: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1416, &mut x1417, x1400, 0xf4372ddf); let mut x1418: u32 = 0; let mut x1419: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1418, &mut x1419, x1400, 0x581a0db2); let mut x1420: u32 = 0; let mut x1421: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1420, &mut x1421, x1400, 0x48b0a77a); let mut x1422: u32 = 0; let mut x1423: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1422, &mut x1423, x1400, 0xecec196a); let mut x1424: u32 = 0; let mut x1425: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1424, &mut x1425, x1400, 0xccc52973); let mut x1426: u32 = 0; let mut x1427: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1426, &mut x1427, 0x0, x1425, x1422); let mut x1428: u32 = 0; let mut x1429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1428, &mut x1429, x1427, x1423, x1420); let mut x1430: u32 = 0; let mut x1431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1430, &mut x1431, x1429, x1421, x1418); let mut x1432: u32 = 0; let mut x1433: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1432, &mut x1433, x1431, x1419, x1416); let mut x1434: u32 = 0; let mut x1435: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1434, &mut x1435, x1433, x1417, x1414); let mut x1436: u32 = 0; let mut x1437: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1436, &mut x1437, x1435, x1415, x1412); let mut x1438: u32 = 0; let mut x1439: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1438, &mut x1439, x1437, x1413, x1410); let mut x1440: u32 = 0; let mut x1441: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1440, &mut x1441, x1439, x1411, x1408); let mut x1442: u32 = 0; let mut x1443: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1442, &mut x1443, x1441, x1409, x1406); let mut x1444: u32 = 0; let mut x1445: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1444, &mut x1445, x1443, x1407, x1404); let mut x1446: u32 = 0; let mut x1447: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1446, &mut x1447, x1445, x1405, x1402); let x1448: u32 = ((x1447 as u32) + x1403); let mut x1449: u32 = 0; let mut x1450: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1449, &mut x1450, 0x0, x1374, x1424); let mut x1451: u32 = 0; let mut x1452: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1451, &mut x1452, x1450, x1376, x1426); let mut x1453: u32 = 0; let mut x1454: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1453, &mut x1454, x1452, x1378, x1428); let mut x1455: u32 = 0; let mut x1456: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1455, &mut x1456, x1454, x1380, x1430); let mut x1457: u32 = 0; let mut x1458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1457, &mut x1458, x1456, x1382, x1432); let mut x1459: u32 = 0; let mut x1460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1459, &mut x1460, x1458, x1384, x1434); let mut x1461: u32 = 0; let mut x1462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1461, &mut x1462, x1460, x1386, x1436); let mut x1463: u32 = 0; let mut x1464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1463, &mut x1464, x1462, x1388, x1438); let mut x1465: u32 = 0; let mut x1466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1465, &mut x1466, x1464, x1390, x1440); let mut x1467: u32 = 0; let mut x1468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1467, &mut x1468, x1466, x1392, x1442); let mut x1469: u32 = 0; let mut x1470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1469, &mut x1470, x1468, x1394, x1444); let mut x1471: u32 = 0; let mut x1472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1471, &mut x1472, x1470, x1396, x1446); let mut x1473: u32 = 0; let mut x1474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1473, &mut x1474, x1472, x1398, x1448); let x1475: u32 = ((x1474 as u32) + (x1399 as u32)); let mut x1476: u32 = 0; let mut x1477: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1476, &mut x1477, x10, (arg2[11])); let mut x1478: u32 = 0; let mut x1479: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1478, &mut x1479, x10, (arg2[10])); let mut x1480: u32 = 0; let mut x1481: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1480, &mut x1481, x10, (arg2[9])); let mut x1482: u32 = 0; let mut x1483: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1482, &mut x1483, x10, (arg2[8])); let mut x1484: u32 = 0; let mut x1485: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1484, &mut x1485, x10, (arg2[7])); let mut x1486: u32 = 0; let mut x1487: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1486, &mut x1487, x10, (arg2[6])); let mut x1488: u32 = 0; let mut x1489: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1488, &mut x1489, x10, (arg2[5])); let mut x1490: u32 = 0; let mut x1491: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1490, &mut x1491, x10, (arg2[4])); let mut x1492: u32 = 0; let mut x1493: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1492, &mut x1493, x10, (arg2[3])); let mut x1494: u32 = 0; let mut x1495: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1494, &mut x1495, x10, (arg2[2])); let mut x1496: u32 = 0; let mut x1497: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1496, &mut x1497, x10, (arg2[1])); let mut x1498: u32 = 0; let mut x1499: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1498, &mut x1499, x10, (arg2[0])); let mut x1500: u32 = 0; let mut x1501: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1500, &mut x1501, 0x0, x1499, x1496); let mut x1502: u32 = 0; let mut x1503: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1502, &mut x1503, x1501, x1497, x1494); let mut x1504: u32 = 0; let mut x1505: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1504, &mut x1505, x1503, x1495, x1492); let mut x1506: u32 = 0; let mut x1507: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1506, &mut x1507, x1505, x1493, x1490); let mut x1508: u32 = 0; let mut x1509: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1508, &mut x1509, x1507, x1491, x1488); let mut x1510: u32 = 0; let mut x1511: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1510, &mut x1511, x1509, x1489, x1486); let mut x1512: u32 = 0; let mut x1513: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1512, &mut x1513, x1511, x1487, x1484); let mut x1514: u32 = 0; let mut x1515: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1514, &mut x1515, x1513, x1485, x1482); let mut x1516: u32 = 0; let mut x1517: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1516, &mut x1517, x1515, x1483, x1480); let mut x1518: u32 = 0; let mut x1519: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1518, &mut x1519, x1517, x1481, x1478); let mut x1520: u32 = 0; let mut x1521: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1520, &mut x1521, x1519, x1479, x1476); let x1522: u32 = ((x1521 as u32) + x1477); let mut x1523: u32 = 0; let mut x1524: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1523, &mut x1524, 0x0, x1451, x1498); let mut x1525: u32 = 0; let mut x1526: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1525, &mut x1526, x1524, x1453, x1500); let mut x1527: u32 = 0; let mut x1528: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1527, &mut x1528, x1526, x1455, x1502); let mut x1529: u32 = 0; let mut x1530: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1529, &mut x1530, x1528, x1457, x1504); let mut x1531: u32 = 0; let mut x1532: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1531, &mut x1532, x1530, x1459, x1506); let mut x1533: u32 = 0; let mut x1534: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1533, &mut x1534, x1532, x1461, x1508); let mut x1535: u32 = 0; let mut x1536: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1535, &mut x1536, x1534, x1463, x1510); let mut x1537: u32 = 0; let mut x1538: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1537, &mut x1538, x1536, x1465, x1512); let mut x1539: u32 = 0; let mut x1540: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1539, &mut x1540, x1538, x1467, x1514); let mut x1541: u32 = 0; let mut x1542: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1541, &mut x1542, x1540, x1469, x1516); let mut x1543: u32 = 0; let mut x1544: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1543, &mut x1544, x1542, x1471, x1518); let mut x1545: u32 = 0; let mut x1546: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1545, &mut x1546, x1544, x1473, x1520); let mut x1547: u32 = 0; let mut x1548: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1547, &mut x1548, x1546, x1475, x1522); let mut x1549: u32 = 0; let mut x1550: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1549, &mut x1550, x1523, 0xe88fdc45); let mut x1551: u32 = 0; let mut x1552: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1551, &mut x1552, x1549, 0xffffffff); let mut x1553: u32 = 0; let mut x1554: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1553, &mut x1554, x1549, 0xffffffff); let mut x1555: u32 = 0; let mut x1556: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1555, &mut x1556, x1549, 0xffffffff); let mut x1557: u32 = 0; let mut x1558: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1557, &mut x1558, x1549, 0xffffffff); let mut x1559: u32 = 0; let mut x1560: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1559, &mut x1560, x1549, 0xffffffff); let mut x1561: u32 = 0; let mut x1562: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1561, &mut x1562, x1549, 0xffffffff); let mut x1563: u32 = 0; let mut x1564: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1563, &mut x1564, x1549, 0xc7634d81); let mut x1565: u32 = 0; let mut x1566: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1565, &mut x1566, x1549, 0xf4372ddf); let mut x1567: u32 = 0; let mut x1568: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1567, &mut x1568, x1549, 0x581a0db2); let mut x1569: u32 = 0; let mut x1570: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1569, &mut x1570, x1549, 0x48b0a77a); let mut x1571: u32 = 0; let mut x1572: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1571, &mut x1572, x1549, 0xecec196a); let mut x1573: u32 = 0; let mut x1574: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1573, &mut x1574, x1549, 0xccc52973); let mut x1575: u32 = 0; let mut x1576: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1575, &mut x1576, 0x0, x1574, x1571); let mut x1577: u32 = 0; let mut x1578: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1577, &mut x1578, x1576, x1572, x1569); let mut x1579: u32 = 0; let mut x1580: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1579, &mut x1580, x1578, x1570, x1567); let mut x1581: u32 = 0; let mut x1582: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1581, &mut x1582, x1580, x1568, x1565); let mut x1583: u32 = 0; let mut x1584: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1583, &mut x1584, x1582, x1566, x1563); let mut x1585: u32 = 0; let mut x1586: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1585, &mut x1586, x1584, x1564, x1561); let mut x1587: u32 = 0; let mut x1588: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1587, &mut x1588, x1586, x1562, x1559); let mut x1589: u32 = 0; let mut x1590: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1589, &mut x1590, x1588, x1560, x1557); let mut x1591: u32 = 0; let mut x1592: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1591, &mut x1592, x1590, x1558, x1555); let mut x1593: u32 = 0; let mut x1594: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1593, &mut x1594, x1592, x1556, x1553); let mut x1595: u32 = 0; let mut x1596: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1595, &mut x1596, x1594, x1554, x1551); let x1597: u32 = ((x1596 as u32) + x1552); let mut x1598: u32 = 0; let mut x1599: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1598, &mut x1599, 0x0, x1523, x1573); let mut x1600: u32 = 0; let mut x1601: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1600, &mut x1601, x1599, x1525, x1575); let mut x1602: u32 = 0; let mut x1603: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1602, &mut x1603, x1601, x1527, x1577); let mut x1604: u32 = 0; let mut x1605: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1604, &mut x1605, x1603, x1529, x1579); let mut x1606: u32 = 0; let mut x1607: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1606, &mut x1607, x1605, x1531, x1581); let mut x1608: u32 = 0; let mut x1609: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1608, &mut x1609, x1607, x1533, x1583); let mut x1610: u32 = 0; let mut x1611: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1610, &mut x1611, x1609, x1535, x1585); let mut x1612: u32 = 0; let mut x1613: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1612, &mut x1613, x1611, x1537, x1587); let mut x1614: u32 = 0; let mut x1615: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1614, &mut x1615, x1613, x1539, x1589); let mut x1616: u32 = 0; let mut x1617: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1616, &mut x1617, x1615, x1541, x1591); let mut x1618: u32 = 0; let mut x1619: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1618, &mut x1619, x1617, x1543, x1593); let mut x1620: u32 = 0; let mut x1621: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1620, &mut x1621, x1619, x1545, x1595); let mut x1622: u32 = 0; let mut x1623: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1622, &mut x1623, x1621, x1547, x1597); let x1624: u32 = ((x1623 as u32) + (x1548 as u32)); let mut x1625: u32 = 0; let mut x1626: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1625, &mut x1626, x11, (arg2[11])); let mut x1627: u32 = 0; let mut x1628: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1627, &mut x1628, x11, (arg2[10])); let mut x1629: u32 = 0; let mut x1630: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1629, &mut x1630, x11, (arg2[9])); let mut x1631: u32 = 0; let mut x1632: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1631, &mut x1632, x11, (arg2[8])); let mut x1633: u32 = 0; let mut x1634: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1633, &mut x1634, x11, (arg2[7])); let mut x1635: u32 = 0; let mut x1636: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1635, &mut x1636, x11, (arg2[6])); let mut x1637: u32 = 0; let mut x1638: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1637, &mut x1638, x11, (arg2[5])); let mut x1639: u32 = 0; let mut x1640: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1639, &mut x1640, x11, (arg2[4])); let mut x1641: u32 = 0; let mut x1642: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1641, &mut x1642, x11, (arg2[3])); let mut x1643: u32 = 0; let mut x1644: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1643, &mut x1644, x11, (arg2[2])); let mut x1645: u32 = 0; let mut x1646: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1645, &mut x1646, x11, (arg2[1])); let mut x1647: u32 = 0; let mut x1648: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1647, &mut x1648, x11, (arg2[0])); let mut x1649: u32 = 0; let mut x1650: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1649, &mut x1650, 0x0, x1648, x1645); let mut x1651: u32 = 0; let mut x1652: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1651, &mut x1652, x1650, x1646, x1643); let mut x1653: u32 = 0; let mut x1654: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1653, &mut x1654, x1652, x1644, x1641); let mut x1655: u32 = 0; let mut x1656: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1655, &mut x1656, x1654, x1642, x1639); let mut x1657: u32 = 0; let mut x1658: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1657, &mut x1658, x1656, x1640, x1637); let mut x1659: u32 = 0; let mut x1660: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1659, &mut x1660, x1658, x1638, x1635); let mut x1661: u32 = 0; let mut x1662: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1661, &mut x1662, x1660, x1636, x1633); let mut x1663: u32 = 0; let mut x1664: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1663, &mut x1664, x1662, x1634, x1631); let mut x1665: u32 = 0; let mut x1666: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1665, &mut x1666, x1664, x1632, x1629); let mut x1667: u32 = 0; let mut x1668: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1667, &mut x1668, x1666, x1630, x1627); let mut x1669: u32 = 0; let mut x1670: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1669, &mut x1670, x1668, x1628, x1625); let x1671: u32 = ((x1670 as u32) + x1626); let mut x1672: u32 = 0; let mut x1673: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1672, &mut x1673, 0x0, x1600, x1647); let mut x1674: u32 = 0; let mut x1675: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1674, &mut x1675, x1673, x1602, x1649); let mut x1676: u32 = 0; let mut x1677: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1676, &mut x1677, x1675, x1604, x1651); let mut x1678: u32 = 0; let mut x1679: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1678, &mut x1679, x1677, x1606, x1653); let mut x1680: u32 = 0; let mut x1681: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1680, &mut x1681, x1679, x1608, x1655); let mut x1682: u32 = 0; let mut x1683: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1682, &mut x1683, x1681, x1610, x1657); let mut x1684: u32 = 0; let mut x1685: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1684, &mut x1685, x1683, x1612, x1659); let mut x1686: u32 = 0; let mut x1687: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1686, &mut x1687, x1685, x1614, x1661); let mut x1688: u32 = 0; let mut x1689: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1688, &mut x1689, x1687, x1616, x1663); let mut x1690: u32 = 0; let mut x1691: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1690, &mut x1691, x1689, x1618, x1665); let mut x1692: u32 = 0; let mut x1693: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1692, &mut x1693, x1691, x1620, x1667); let mut x1694: u32 = 0; let mut x1695: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1694, &mut x1695, x1693, x1622, x1669); let mut x1696: u32 = 0; let mut x1697: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1696, &mut x1697, x1695, x1624, x1671); let mut x1698: u32 = 0; let mut x1699: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1698, &mut x1699, x1672, 0xe88fdc45); let mut x1700: u32 = 0; let mut x1701: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1700, &mut x1701, x1698, 0xffffffff); let mut x1702: u32 = 0; let mut x1703: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1702, &mut x1703, x1698, 0xffffffff); let mut x1704: u32 = 0; let mut x1705: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1704, &mut x1705, x1698, 0xffffffff); let mut x1706: u32 = 0; let mut x1707: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1706, &mut x1707, x1698, 0xffffffff); let mut x1708: u32 = 0; let mut x1709: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1708, &mut x1709, x1698, 0xffffffff); let mut x1710: u32 = 0; let mut x1711: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1710, &mut x1711, x1698, 0xffffffff); let mut x1712: u32 = 0; let mut x1713: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1712, &mut x1713, x1698, 0xc7634d81); let mut x1714: u32 = 0; let mut x1715: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1714, &mut x1715, x1698, 0xf4372ddf); let mut x1716: u32 = 0; let mut x1717: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1716, &mut x1717, x1698, 0x581a0db2); let mut x1718: u32 = 0; let mut x1719: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1718, &mut x1719, x1698, 0x48b0a77a); let mut x1720: u32 = 0; let mut x1721: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1720, &mut x1721, x1698, 0xecec196a); let mut x1722: u32 = 0; let mut x1723: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1722, &mut x1723, x1698, 0xccc52973); let mut x1724: u32 = 0; let mut x1725: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1724, &mut x1725, 0x0, x1723, x1720); let mut x1726: u32 = 0; let mut x1727: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1726, &mut x1727, x1725, x1721, x1718); let mut x1728: u32 = 0; let mut x1729: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1728, &mut x1729, x1727, x1719, x1716); let mut x1730: u32 = 0; let mut x1731: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1730, &mut x1731, x1729, x1717, x1714); let mut x1732: u32 = 0; let mut x1733: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1732, &mut x1733, x1731, x1715, x1712); let mut x1734: u32 = 0; let mut x1735: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1734, &mut x1735, x1733, x1713, x1710); let mut x1736: u32 = 0; let mut x1737: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1736, &mut x1737, x1735, x1711, x1708); let mut x1738: u32 = 0; let mut x1739: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1738, &mut x1739, x1737, x1709, x1706); let mut x1740: u32 = 0; let mut x1741: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1740, &mut x1741, x1739, x1707, x1704); let mut x1742: u32 = 0; let mut x1743: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1742, &mut x1743, x1741, x1705, x1702); let mut x1744: u32 = 0; let mut x1745: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1744, &mut x1745, x1743, x1703, x1700); let x1746: u32 = ((x1745 as u32) + x1701); let mut x1747: u32 = 0; let mut x1748: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1747, &mut x1748, 0x0, x1672, x1722); let mut x1749: u32 = 0; let mut x1750: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1749, &mut x1750, x1748, x1674, x1724); let mut x1751: u32 = 0; let mut x1752: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1751, &mut x1752, x1750, x1676, x1726); let mut x1753: u32 = 0; let mut x1754: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1753, &mut x1754, x1752, x1678, x1728); let mut x1755: u32 = 0; let mut x1756: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1755, &mut x1756, x1754, x1680, x1730); let mut x1757: u32 = 0; let mut x1758: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1757, &mut x1758, x1756, x1682, x1732); let mut x1759: u32 = 0; let mut x1760: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1759, &mut x1760, x1758, x1684, x1734); let mut x1761: u32 = 0; let mut x1762: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1761, &mut x1762, x1760, x1686, x1736); let mut x1763: u32 = 0; let mut x1764: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1763, &mut x1764, x1762, x1688, x1738); let mut x1765: u32 = 0; let mut x1766: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1765, &mut x1766, x1764, x1690, x1740); let mut x1767: u32 = 0; let mut x1768: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1767, &mut x1768, x1766, x1692, x1742); let mut x1769: u32 = 0; let mut x1770: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1769, &mut x1770, x1768, x1694, x1744); let mut x1771: u32 = 0; let mut x1772: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1771, &mut x1772, x1770, x1696, x1746); let x1773: u32 = ((x1772 as u32) + (x1697 as u32)); let mut x1774: u32 = 0; let mut x1775: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1774, &mut x1775, 0x0, x1749, 0xccc52973); let mut x1776: u32 = 0; let mut x1777: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1776, &mut x1777, x1775, x1751, 0xecec196a); let mut x1778: u32 = 0; let mut x1779: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1778, &mut x1779, x1777, x1753, 0x48b0a77a); let mut x1780: u32 = 0; let mut x1781: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1780, &mut x1781, x1779, x1755, 0x581a0db2); let mut x1782: u32 = 0; let mut x1783: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1782, &mut x1783, x1781, x1757, 0xf4372ddf); let mut x1784: u32 = 0; let mut x1785: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1784, &mut x1785, x1783, x1759, 0xc7634d81); let mut x1786: u32 = 0; let mut x1787: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1786, &mut x1787, x1785, x1761, 0xffffffff); let mut x1788: u32 = 0; let mut x1789: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1788, &mut x1789, x1787, x1763, 0xffffffff); let mut x1790: u32 = 0; let mut x1791: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1790, &mut x1791, x1789, x1765, 0xffffffff); let mut x1792: u32 = 0; let mut x1793: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1792, &mut x1793, x1791, x1767, 0xffffffff); let mut x1794: u32 = 0; let mut x1795: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1794, &mut x1795, x1793, x1769, 0xffffffff); let mut x1796: u32 = 0; let mut x1797: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1796, &mut x1797, x1795, x1771, 0xffffffff); let mut x1798: u32 = 0; let mut x1799: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1798, &mut x1799, x1797, x1773, (0x0 as u32)); let mut x1800: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1800, x1799, x1774, x1749); let mut x1801: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1801, x1799, x1776, x1751); let mut x1802: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1802, x1799, x1778, x1753); let mut x1803: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1803, x1799, x1780, x1755); let mut x1804: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1804, x1799, x1782, x1757); let mut x1805: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1805, x1799, x1784, x1759); let mut x1806: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1806, x1799, x1786, x1761); let mut x1807: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1807, x1799, x1788, x1763); let mut x1808: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1808, x1799, x1790, x1765); let mut x1809: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1809, x1799, x1792, x1767); let mut x1810: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1810, x1799, x1794, x1769); let mut x1811: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1811, x1799, x1796, x1771); out1[0] = x1800; out1[1] = x1801; out1[2] = x1802; out1[3] = x1803; out1[4] = x1804; out1[5] = x1805; out1[6] = x1806; out1[7] = x1807; out1[8] = x1808; out1[9] = x1809; out1[10] = x1810; out1[11] = x1811; } /// The function fiat_p384_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_square(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x13, &mut x14, x12, (arg1[11])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x15, &mut x16, x12, (arg1[10])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x17, &mut x18, x12, (arg1[9])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x19, &mut x20, x12, (arg1[8])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x21, &mut x22, x12, (arg1[7])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x23, &mut x24, x12, (arg1[6])); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x25, &mut x26, x12, (arg1[5])); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x27, &mut x28, x12, (arg1[4])); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x29, &mut x30, x12, (arg1[3])); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x31, &mut x32, x12, (arg1[2])); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x33, &mut x34, x12, (arg1[1])); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x35, &mut x36, x12, (arg1[0])); let mut x37: u32 = 0; let mut x38: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u32 = 0; let mut x40: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x39, &mut x40, x38, x34, x31); let mut x41: u32 = 0; let mut x42: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x41, &mut x42, x40, x32, x29); let mut x43: u32 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x43, &mut x44, x42, x30, x27); let mut x45: u32 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x45, &mut x46, x44, x28, x25); let mut x47: u32 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x47, &mut x48, x46, x26, x23); let mut x49: u32 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x49, &mut x50, x48, x24, x21); let mut x51: u32 = 0; let mut x52: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x51, &mut x52, x50, x22, x19); let mut x53: u32 = 0; let mut x54: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x20, x17); let mut x55: u32 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x18, x15); let mut x57: u32 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x16, x13); let x59: u32 = ((x58 as u32) + x14); let mut x60: u32 = 0; let mut x61: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x60, &mut x61, x35, 0xe88fdc45); let mut x62: u32 = 0; let mut x63: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x62, &mut x63, x60, 0xffffffff); let mut x64: u32 = 0; let mut x65: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x64, &mut x65, x60, 0xffffffff); let mut x66: u32 = 0; let mut x67: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x66, &mut x67, x60, 0xffffffff); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x68, &mut x69, x60, 0xffffffff); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x70, &mut x71, x60, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x72, &mut x73, x60, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x74, &mut x75, x60, 0xc7634d81); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x76, &mut x77, x60, 0xf4372ddf); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x78, &mut x79, x60, 0x581a0db2); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x80, &mut x81, x60, 0x48b0a77a); let mut x82: u32 = 0; let mut x83: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x82, &mut x83, x60, 0xecec196a); let mut x84: u32 = 0; let mut x85: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x84, &mut x85, x60, 0xccc52973); let mut x86: u32 = 0; let mut x87: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x86, &mut x87, 0x0, x85, x82); let mut x88: u32 = 0; let mut x89: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x83, x80); let mut x90: u32 = 0; let mut x91: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x81, x78); let mut x92: u32 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x92, &mut x93, x91, x79, x76); let mut x94: u32 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x94, &mut x95, x93, x77, x74); let mut x96: u32 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x96, &mut x97, x95, x75, x72); let mut x98: u32 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x73, x70); let mut x100: u32 = 0; let mut x101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x100, &mut x101, x99, x71, x68); let mut x102: u32 = 0; let mut x103: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x102, &mut x103, x101, x69, x66); let mut x104: u32 = 0; let mut x105: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x104, &mut x105, x103, x67, x64); let mut x106: u32 = 0; let mut x107: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x106, &mut x107, x105, x65, x62); let x108: u32 = ((x107 as u32) + x63); let mut x109: u32 = 0; let mut x110: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x109, &mut x110, 0x0, x35, x84); let mut x111: u32 = 0; let mut x112: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x37, x86); let mut x113: u32 = 0; let mut x114: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x39, x88); let mut x115: u32 = 0; let mut x116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x41, x90); let mut x117: u32 = 0; let mut x118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x43, x92); let mut x119: u32 = 0; let mut x120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x45, x94); let mut x121: u32 = 0; let mut x122: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x121, &mut x122, x120, x47, x96); let mut x123: u32 = 0; let mut x124: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x123, &mut x124, x122, x49, x98); let mut x125: u32 = 0; let mut x126: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x125, &mut x126, x124, x51, x100); let mut x127: u32 = 0; let mut x128: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x127, &mut x128, x126, x53, x102); let mut x129: u32 = 0; let mut x130: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x129, &mut x130, x128, x55, x104); let mut x131: u32 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x131, &mut x132, x130, x57, x106); let mut x133: u32 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x133, &mut x134, x132, x59, x108); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x135, &mut x136, x1, (arg1[11])); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x137, &mut x138, x1, (arg1[10])); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x139, &mut x140, x1, (arg1[9])); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x141, &mut x142, x1, (arg1[8])); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x143, &mut x144, x1, (arg1[7])); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x145, &mut x146, x1, (arg1[6])); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x147, &mut x148, x1, (arg1[5])); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x149, &mut x150, x1, (arg1[4])); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x151, &mut x152, x1, (arg1[3])); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x153, &mut x154, x1, (arg1[2])); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x155, &mut x156, x1, (arg1[1])); let mut x157: u32 = 0; let mut x158: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x157, &mut x158, x1, (arg1[0])); let mut x159: u32 = 0; let mut x160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x159, &mut x160, 0x0, x158, x155); let mut x161: u32 = 0; let mut x162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x156, x153); let mut x163: u32 = 0; let mut x164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x154, x151); let mut x165: u32 = 0; let mut x166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x152, x149); let mut x167: u32 = 0; let mut x168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x150, x147); let mut x169: u32 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x148, x145); let mut x171: u32 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x146, x143); let mut x173: u32 = 0; let mut x174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x144, x141); let mut x175: u32 = 0; let mut x176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x142, x139); let mut x177: u32 = 0; let mut x178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x140, x137); let mut x179: u32 = 0; let mut x180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x138, x135); let x181: u32 = ((x180 as u32) + x136); let mut x182: u32 = 0; let mut x183: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x182, &mut x183, 0x0, x111, x157); let mut x184: u32 = 0; let mut x185: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x113, x159); let mut x186: u32 = 0; let mut x187: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x115, x161); let mut x188: u32 = 0; let mut x189: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x117, x163); let mut x190: u32 = 0; let mut x191: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x119, x165); let mut x192: u32 = 0; let mut x193: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x121, x167); let mut x194: u32 = 0; let mut x195: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x194, &mut x195, x193, x123, x169); let mut x196: u32 = 0; let mut x197: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x196, &mut x197, x195, x125, x171); let mut x198: u32 = 0; let mut x199: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x127, x173); let mut x200: u32 = 0; let mut x201: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x200, &mut x201, x199, x129, x175); let mut x202: u32 = 0; let mut x203: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x202, &mut x203, x201, x131, x177); let mut x204: u32 = 0; let mut x205: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x204, &mut x205, x203, x133, x179); let mut x206: u32 = 0; let mut x207: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x206, &mut x207, x205, (x134 as u32), x181); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x208, &mut x209, x182, 0xe88fdc45); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x210, &mut x211, x208, 0xffffffff); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x212, &mut x213, x208, 0xffffffff); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x214, &mut x215, x208, 0xffffffff); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x216, &mut x217, x208, 0xffffffff); let mut x218: u32 = 0; let mut x219: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x218, &mut x219, x208, 0xffffffff); let mut x220: u32 = 0; let mut x221: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x220, &mut x221, x208, 0xffffffff); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x222, &mut x223, x208, 0xc7634d81); let mut x224: u32 = 0; let mut x225: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x224, &mut x225, x208, 0xf4372ddf); let mut x226: u32 = 0; let mut x227: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x226, &mut x227, x208, 0x581a0db2); let mut x228: u32 = 0; let mut x229: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x228, &mut x229, x208, 0x48b0a77a); let mut x230: u32 = 0; let mut x231: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x230, &mut x231, x208, 0xecec196a); let mut x232: u32 = 0; let mut x233: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x232, &mut x233, x208, 0xccc52973); let mut x234: u32 = 0; let mut x235: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x234, &mut x235, 0x0, x233, x230); let mut x236: u32 = 0; let mut x237: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x231, x228); let mut x238: u32 = 0; let mut x239: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x229, x226); let mut x240: u32 = 0; let mut x241: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x227, x224); let mut x242: u32 = 0; let mut x243: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x225, x222); let mut x244: u32 = 0; let mut x245: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x223, x220); let mut x246: u32 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x246, &mut x247, x245, x221, x218); let mut x248: u32 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x219, x216); let mut x250: u32 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x250, &mut x251, x249, x217, x214); let mut x252: u32 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x252, &mut x253, x251, x215, x212); let mut x254: u32 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x254, &mut x255, x253, x213, x210); let x256: u32 = ((x255 as u32) + x211); let mut x257: u32 = 0; let mut x258: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x257, &mut x258, 0x0, x182, x232); let mut x259: u32 = 0; let mut x260: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x184, x234); let mut x261: u32 = 0; let mut x262: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x186, x236); let mut x263: u32 = 0; let mut x264: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x263, &mut x264, x262, x188, x238); let mut x265: u32 = 0; let mut x266: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x190, x240); let mut x267: u32 = 0; let mut x268: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x192, x242); let mut x269: u32 = 0; let mut x270: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x194, x244); let mut x271: u32 = 0; let mut x272: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x196, x246); let mut x273: u32 = 0; let mut x274: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x198, x248); let mut x275: u32 = 0; let mut x276: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x200, x250); let mut x277: u32 = 0; let mut x278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x277, &mut x278, x276, x202, x252); let mut x279: u32 = 0; let mut x280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x279, &mut x280, x278, x204, x254); let mut x281: u32 = 0; let mut x282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x281, &mut x282, x280, x206, x256); let x283: u32 = ((x282 as u32) + (x207 as u32)); let mut x284: u32 = 0; let mut x285: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x284, &mut x285, x2, (arg1[11])); let mut x286: u32 = 0; let mut x287: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x286, &mut x287, x2, (arg1[10])); let mut x288: u32 = 0; let mut x289: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x288, &mut x289, x2, (arg1[9])); let mut x290: u32 = 0; let mut x291: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x290, &mut x291, x2, (arg1[8])); let mut x292: u32 = 0; let mut x293: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x292, &mut x293, x2, (arg1[7])); let mut x294: u32 = 0; let mut x295: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x294, &mut x295, x2, (arg1[6])); let mut x296: u32 = 0; let mut x297: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x296, &mut x297, x2, (arg1[5])); let mut x298: u32 = 0; let mut x299: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x298, &mut x299, x2, (arg1[4])); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x300, &mut x301, x2, (arg1[3])); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x302, &mut x303, x2, (arg1[2])); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x304, &mut x305, x2, (arg1[1])); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x306, &mut x307, x2, (arg1[0])); let mut x308: u32 = 0; let mut x309: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x308, &mut x309, 0x0, x307, x304); let mut x310: u32 = 0; let mut x311: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x305, x302); let mut x312: u32 = 0; let mut x313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x312, &mut x313, x311, x303, x300); let mut x314: u32 = 0; let mut x315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x314, &mut x315, x313, x301, x298); let mut x316: u32 = 0; let mut x317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x316, &mut x317, x315, x299, x296); let mut x318: u32 = 0; let mut x319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x297, x294); let mut x320: u32 = 0; let mut x321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x295, x292); let mut x322: u32 = 0; let mut x323: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x293, x290); let mut x324: u32 = 0; let mut x325: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x291, x288); let mut x326: u32 = 0; let mut x327: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x289, x286); let mut x328: u32 = 0; let mut x329: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x287, x284); let x330: u32 = ((x329 as u32) + x285); let mut x331: u32 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x331, &mut x332, 0x0, x259, x306); let mut x333: u32 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x261, x308); let mut x335: u32 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x263, x310); let mut x337: u32 = 0; let mut x338: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x337, &mut x338, x336, x265, x312); let mut x339: u32 = 0; let mut x340: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x339, &mut x340, x338, x267, x314); let mut x341: u32 = 0; let mut x342: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x341, &mut x342, x340, x269, x316); let mut x343: u32 = 0; let mut x344: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x343, &mut x344, x342, x271, x318); let mut x345: u32 = 0; let mut x346: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x345, &mut x346, x344, x273, x320); let mut x347: u32 = 0; let mut x348: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x347, &mut x348, x346, x275, x322); let mut x349: u32 = 0; let mut x350: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x349, &mut x350, x348, x277, x324); let mut x351: u32 = 0; let mut x352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x351, &mut x352, x350, x279, x326); let mut x353: u32 = 0; let mut x354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x281, x328); let mut x355: u32 = 0; let mut x356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x283, x330); let mut x357: u32 = 0; let mut x358: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x357, &mut x358, x331, 0xe88fdc45); let mut x359: u32 = 0; let mut x360: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x359, &mut x360, x357, 0xffffffff); let mut x361: u32 = 0; let mut x362: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x361, &mut x362, x357, 0xffffffff); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x363, &mut x364, x357, 0xffffffff); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x365, &mut x366, x357, 0xffffffff); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x367, &mut x368, x357, 0xffffffff); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x369, &mut x370, x357, 0xffffffff); let mut x371: u32 = 0; let mut x372: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x371, &mut x372, x357, 0xc7634d81); let mut x373: u32 = 0; let mut x374: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x373, &mut x374, x357, 0xf4372ddf); let mut x375: u32 = 0; let mut x376: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x375, &mut x376, x357, 0x581a0db2); let mut x377: u32 = 0; let mut x378: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x377, &mut x378, x357, 0x48b0a77a); let mut x379: u32 = 0; let mut x380: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x379, &mut x380, x357, 0xecec196a); let mut x381: u32 = 0; let mut x382: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x381, &mut x382, x357, 0xccc52973); let mut x383: u32 = 0; let mut x384: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x383, &mut x384, 0x0, x382, x379); let mut x385: u32 = 0; let mut x386: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x380, x377); let mut x387: u32 = 0; let mut x388: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x378, x375); let mut x389: u32 = 0; let mut x390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x376, x373); let mut x391: u32 = 0; let mut x392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x374, x371); let mut x393: u32 = 0; let mut x394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x393, &mut x394, x392, x372, x369); let mut x395: u32 = 0; let mut x396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x395, &mut x396, x394, x370, x367); let mut x397: u32 = 0; let mut x398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x397, &mut x398, x396, x368, x365); let mut x399: u32 = 0; let mut x400: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x399, &mut x400, x398, x366, x363); let mut x401: u32 = 0; let mut x402: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x364, x361); let mut x403: u32 = 0; let mut x404: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x362, x359); let x405: u32 = ((x404 as u32) + x360); let mut x406: u32 = 0; let mut x407: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x406, &mut x407, 0x0, x331, x381); let mut x408: u32 = 0; let mut x409: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x408, &mut x409, x407, x333, x383); let mut x410: u32 = 0; let mut x411: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x410, &mut x411, x409, x335, x385); let mut x412: u32 = 0; let mut x413: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x337, x387); let mut x414: u32 = 0; let mut x415: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x339, x389); let mut x416: u32 = 0; let mut x417: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x341, x391); let mut x418: u32 = 0; let mut x419: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x343, x393); let mut x420: u32 = 0; let mut x421: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x345, x395); let mut x422: u32 = 0; let mut x423: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x347, x397); let mut x424: u32 = 0; let mut x425: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x424, &mut x425, x423, x349, x399); let mut x426: u32 = 0; let mut x427: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x426, &mut x427, x425, x351, x401); let mut x428: u32 = 0; let mut x429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x428, &mut x429, x427, x353, x403); let mut x430: u32 = 0; let mut x431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x430, &mut x431, x429, x355, x405); let x432: u32 = ((x431 as u32) + (x356 as u32)); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x433, &mut x434, x3, (arg1[11])); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x435, &mut x436, x3, (arg1[10])); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x437, &mut x438, x3, (arg1[9])); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x439, &mut x440, x3, (arg1[8])); let mut x441: u32 = 0; let mut x442: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x441, &mut x442, x3, (arg1[7])); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x443, &mut x444, x3, (arg1[6])); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x445, &mut x446, x3, (arg1[5])); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x447, &mut x448, x3, (arg1[4])); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x449, &mut x450, x3, (arg1[3])); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x451, &mut x452, x3, (arg1[2])); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x453, &mut x454, x3, (arg1[1])); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x455, &mut x456, x3, (arg1[0])); let mut x457: u32 = 0; let mut x458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x457, &mut x458, 0x0, x456, x453); let mut x459: u32 = 0; let mut x460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x459, &mut x460, x458, x454, x451); let mut x461: u32 = 0; let mut x462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x452, x449); let mut x463: u32 = 0; let mut x464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x450, x447); let mut x465: u32 = 0; let mut x466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x448, x445); let mut x467: u32 = 0; let mut x468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x446, x443); let mut x469: u32 = 0; let mut x470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x444, x441); let mut x471: u32 = 0; let mut x472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x442, x439); let mut x473: u32 = 0; let mut x474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x473, &mut x474, x472, x440, x437); let mut x475: u32 = 0; let mut x476: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x475, &mut x476, x474, x438, x435); let mut x477: u32 = 0; let mut x478: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x477, &mut x478, x476, x436, x433); let x479: u32 = ((x478 as u32) + x434); let mut x480: u32 = 0; let mut x481: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x480, &mut x481, 0x0, x408, x455); let mut x482: u32 = 0; let mut x483: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x482, &mut x483, x481, x410, x457); let mut x484: u32 = 0; let mut x485: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x412, x459); let mut x486: u32 = 0; let mut x487: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x414, x461); let mut x488: u32 = 0; let mut x489: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x416, x463); let mut x490: u32 = 0; let mut x491: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x418, x465); let mut x492: u32 = 0; let mut x493: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x492, &mut x493, x491, x420, x467); let mut x494: u32 = 0; let mut x495: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x494, &mut x495, x493, x422, x469); let mut x496: u32 = 0; let mut x497: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x496, &mut x497, x495, x424, x471); let mut x498: u32 = 0; let mut x499: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x498, &mut x499, x497, x426, x473); let mut x500: u32 = 0; let mut x501: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x500, &mut x501, x499, x428, x475); let mut x502: u32 = 0; let mut x503: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x502, &mut x503, x501, x430, x477); let mut x504: u32 = 0; let mut x505: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x504, &mut x505, x503, x432, x479); let mut x506: u32 = 0; let mut x507: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x506, &mut x507, x480, 0xe88fdc45); let mut x508: u32 = 0; let mut x509: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x508, &mut x509, x506, 0xffffffff); let mut x510: u32 = 0; let mut x511: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x510, &mut x511, x506, 0xffffffff); let mut x512: u32 = 0; let mut x513: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x512, &mut x513, x506, 0xffffffff); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x514, &mut x515, x506, 0xffffffff); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x516, &mut x517, x506, 0xffffffff); let mut x518: u32 = 0; let mut x519: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x518, &mut x519, x506, 0xffffffff); let mut x520: u32 = 0; let mut x521: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x520, &mut x521, x506, 0xc7634d81); let mut x522: u32 = 0; let mut x523: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x522, &mut x523, x506, 0xf4372ddf); let mut x524: u32 = 0; let mut x525: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x524, &mut x525, x506, 0x581a0db2); let mut x526: u32 = 0; let mut x527: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x526, &mut x527, x506, 0x48b0a77a); let mut x528: u32 = 0; let mut x529: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x528, &mut x529, x506, 0xecec196a); let mut x530: u32 = 0; let mut x531: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x530, &mut x531, x506, 0xccc52973); let mut x532: u32 = 0; let mut x533: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x532, &mut x533, 0x0, x531, x528); let mut x534: u32 = 0; let mut x535: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x529, x526); let mut x536: u32 = 0; let mut x537: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x527, x524); let mut x538: u32 = 0; let mut x539: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x525, x522); let mut x540: u32 = 0; let mut x541: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x523, x520); let mut x542: u32 = 0; let mut x543: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x542, &mut x543, x541, x521, x518); let mut x544: u32 = 0; let mut x545: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x544, &mut x545, x543, x519, x516); let mut x546: u32 = 0; let mut x547: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x546, &mut x547, x545, x517, x514); let mut x548: u32 = 0; let mut x549: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x548, &mut x549, x547, x515, x512); let mut x550: u32 = 0; let mut x551: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x550, &mut x551, x549, x513, x510); let mut x552: u32 = 0; let mut x553: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x552, &mut x553, x551, x511, x508); let x554: u32 = ((x553 as u32) + x509); let mut x555: u32 = 0; let mut x556: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x555, &mut x556, 0x0, x480, x530); let mut x557: u32 = 0; let mut x558: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x482, x532); let mut x559: u32 = 0; let mut x560: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x484, x534); let mut x561: u32 = 0; let mut x562: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x561, &mut x562, x560, x486, x536); let mut x563: u32 = 0; let mut x564: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x563, &mut x564, x562, x488, x538); let mut x565: u32 = 0; let mut x566: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x565, &mut x566, x564, x490, x540); let mut x567: u32 = 0; let mut x568: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x567, &mut x568, x566, x492, x542); let mut x569: u32 = 0; let mut x570: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x569, &mut x570, x568, x494, x544); let mut x571: u32 = 0; let mut x572: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x571, &mut x572, x570, x496, x546); let mut x573: u32 = 0; let mut x574: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x573, &mut x574, x572, x498, x548); let mut x575: u32 = 0; let mut x576: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x575, &mut x576, x574, x500, x550); let mut x577: u32 = 0; let mut x578: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x577, &mut x578, x576, x502, x552); let mut x579: u32 = 0; let mut x580: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x579, &mut x580, x578, x504, x554); let x581: u32 = ((x580 as u32) + (x505 as u32)); let mut x582: u32 = 0; let mut x583: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x582, &mut x583, x4, (arg1[11])); let mut x584: u32 = 0; let mut x585: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x584, &mut x585, x4, (arg1[10])); let mut x586: u32 = 0; let mut x587: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x586, &mut x587, x4, (arg1[9])); let mut x588: u32 = 0; let mut x589: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x588, &mut x589, x4, (arg1[8])); let mut x590: u32 = 0; let mut x591: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x590, &mut x591, x4, (arg1[7])); let mut x592: u32 = 0; let mut x593: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x592, &mut x593, x4, (arg1[6])); let mut x594: u32 = 0; let mut x595: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x594, &mut x595, x4, (arg1[5])); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x596, &mut x597, x4, (arg1[4])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x598, &mut x599, x4, (arg1[3])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x600, &mut x601, x4, (arg1[2])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x602, &mut x603, x4, (arg1[1])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x604, &mut x605, x4, (arg1[0])); let mut x606: u32 = 0; let mut x607: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x606, &mut x607, 0x0, x605, x602); let mut x608: u32 = 0; let mut x609: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x608, &mut x609, x607, x603, x600); let mut x610: u32 = 0; let mut x611: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x610, &mut x611, x609, x601, x598); let mut x612: u32 = 0; let mut x613: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x612, &mut x613, x611, x599, x596); let mut x614: u32 = 0; let mut x615: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x614, &mut x615, x613, x597, x594); let mut x616: u32 = 0; let mut x617: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x616, &mut x617, x615, x595, x592); let mut x618: u32 = 0; let mut x619: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x618, &mut x619, x617, x593, x590); let mut x620: u32 = 0; let mut x621: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x620, &mut x621, x619, x591, x588); let mut x622: u32 = 0; let mut x623: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x622, &mut x623, x621, x589, x586); let mut x624: u32 = 0; let mut x625: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x624, &mut x625, x623, x587, x584); let mut x626: u32 = 0; let mut x627: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x626, &mut x627, x625, x585, x582); let x628: u32 = ((x627 as u32) + x583); let mut x629: u32 = 0; let mut x630: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x629, &mut x630, 0x0, x557, x604); let mut x631: u32 = 0; let mut x632: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x559, x606); let mut x633: u32 = 0; let mut x634: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x561, x608); let mut x635: u32 = 0; let mut x636: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x635, &mut x636, x634, x563, x610); let mut x637: u32 = 0; let mut x638: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x637, &mut x638, x636, x565, x612); let mut x639: u32 = 0; let mut x640: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x639, &mut x640, x638, x567, x614); let mut x641: u32 = 0; let mut x642: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x569, x616); let mut x643: u32 = 0; let mut x644: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x571, x618); let mut x645: u32 = 0; let mut x646: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x645, &mut x646, x644, x573, x620); let mut x647: u32 = 0; let mut x648: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x647, &mut x648, x646, x575, x622); let mut x649: u32 = 0; let mut x650: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x649, &mut x650, x648, x577, x624); let mut x651: u32 = 0; let mut x652: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x651, &mut x652, x650, x579, x626); let mut x653: u32 = 0; let mut x654: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x653, &mut x654, x652, x581, x628); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x655, &mut x656, x629, 0xe88fdc45); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x657, &mut x658, x655, 0xffffffff); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x659, &mut x660, x655, 0xffffffff); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x661, &mut x662, x655, 0xffffffff); let mut x663: u32 = 0; let mut x664: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x663, &mut x664, x655, 0xffffffff); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x665, &mut x666, x655, 0xffffffff); let mut x667: u32 = 0; let mut x668: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x667, &mut x668, x655, 0xffffffff); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x669, &mut x670, x655, 0xc7634d81); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x671, &mut x672, x655, 0xf4372ddf); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x673, &mut x674, x655, 0x581a0db2); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x675, &mut x676, x655, 0x48b0a77a); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x677, &mut x678, x655, 0xecec196a); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x679, &mut x680, x655, 0xccc52973); let mut x681: u32 = 0; let mut x682: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x681, &mut x682, 0x0, x680, x677); let mut x683: u32 = 0; let mut x684: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x678, x675); let mut x685: u32 = 0; let mut x686: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x685, &mut x686, x684, x676, x673); let mut x687: u32 = 0; let mut x688: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x687, &mut x688, x686, x674, x671); let mut x689: u32 = 0; let mut x690: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x689, &mut x690, x688, x672, x669); let mut x691: u32 = 0; let mut x692: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x691, &mut x692, x690, x670, x667); let mut x693: u32 = 0; let mut x694: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x693, &mut x694, x692, x668, x665); let mut x695: u32 = 0; let mut x696: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x695, &mut x696, x694, x666, x663); let mut x697: u32 = 0; let mut x698: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x697, &mut x698, x696, x664, x661); let mut x699: u32 = 0; let mut x700: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x699, &mut x700, x698, x662, x659); let mut x701: u32 = 0; let mut x702: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x701, &mut x702, x700, x660, x657); let x703: u32 = ((x702 as u32) + x658); let mut x704: u32 = 0; let mut x705: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x704, &mut x705, 0x0, x629, x679); let mut x706: u32 = 0; let mut x707: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x706, &mut x707, x705, x631, x681); let mut x708: u32 = 0; let mut x709: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x708, &mut x709, x707, x633, x683); let mut x710: u32 = 0; let mut x711: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x710, &mut x711, x709, x635, x685); let mut x712: u32 = 0; let mut x713: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x712, &mut x713, x711, x637, x687); let mut x714: u32 = 0; let mut x715: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x714, &mut x715, x713, x639, x689); let mut x716: u32 = 0; let mut x717: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x716, &mut x717, x715, x641, x691); let mut x718: u32 = 0; let mut x719: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x718, &mut x719, x717, x643, x693); let mut x720: u32 = 0; let mut x721: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x720, &mut x721, x719, x645, x695); let mut x722: u32 = 0; let mut x723: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x722, &mut x723, x721, x647, x697); let mut x724: u32 = 0; let mut x725: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x724, &mut x725, x723, x649, x699); let mut x726: u32 = 0; let mut x727: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x726, &mut x727, x725, x651, x701); let mut x728: u32 = 0; let mut x729: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x728, &mut x729, x727, x653, x703); let x730: u32 = ((x729 as u32) + (x654 as u32)); let mut x731: u32 = 0; let mut x732: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x731, &mut x732, x5, (arg1[11])); let mut x733: u32 = 0; let mut x734: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x733, &mut x734, x5, (arg1[10])); let mut x735: u32 = 0; let mut x736: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x735, &mut x736, x5, (arg1[9])); let mut x737: u32 = 0; let mut x738: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x737, &mut x738, x5, (arg1[8])); let mut x739: u32 = 0; let mut x740: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x739, &mut x740, x5, (arg1[7])); let mut x741: u32 = 0; let mut x742: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x741, &mut x742, x5, (arg1[6])); let mut x743: u32 = 0; let mut x744: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x743, &mut x744, x5, (arg1[5])); let mut x745: u32 = 0; let mut x746: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x745, &mut x746, x5, (arg1[4])); let mut x747: u32 = 0; let mut x748: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x747, &mut x748, x5, (arg1[3])); let mut x749: u32 = 0; let mut x750: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x749, &mut x750, x5, (arg1[2])); let mut x751: u32 = 0; let mut x752: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x751, &mut x752, x5, (arg1[1])); let mut x753: u32 = 0; let mut x754: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x753, &mut x754, x5, (arg1[0])); let mut x755: u32 = 0; let mut x756: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x755, &mut x756, 0x0, x754, x751); let mut x757: u32 = 0; let mut x758: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x757, &mut x758, x756, x752, x749); let mut x759: u32 = 0; let mut x760: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x759, &mut x760, x758, x750, x747); let mut x761: u32 = 0; let mut x762: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x761, &mut x762, x760, x748, x745); let mut x763: u32 = 0; let mut x764: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x763, &mut x764, x762, x746, x743); let mut x765: u32 = 0; let mut x766: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x765, &mut x766, x764, x744, x741); let mut x767: u32 = 0; let mut x768: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x767, &mut x768, x766, x742, x739); let mut x769: u32 = 0; let mut x770: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x769, &mut x770, x768, x740, x737); let mut x771: u32 = 0; let mut x772: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x771, &mut x772, x770, x738, x735); let mut x773: u32 = 0; let mut x774: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x773, &mut x774, x772, x736, x733); let mut x775: u32 = 0; let mut x776: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x775, &mut x776, x774, x734, x731); let x777: u32 = ((x776 as u32) + x732); let mut x778: u32 = 0; let mut x779: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x778, &mut x779, 0x0, x706, x753); let mut x780: u32 = 0; let mut x781: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x780, &mut x781, x779, x708, x755); let mut x782: u32 = 0; let mut x783: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x782, &mut x783, x781, x710, x757); let mut x784: u32 = 0; let mut x785: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x784, &mut x785, x783, x712, x759); let mut x786: u32 = 0; let mut x787: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x786, &mut x787, x785, x714, x761); let mut x788: u32 = 0; let mut x789: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x788, &mut x789, x787, x716, x763); let mut x790: u32 = 0; let mut x791: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x790, &mut x791, x789, x718, x765); let mut x792: u32 = 0; let mut x793: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x792, &mut x793, x791, x720, x767); let mut x794: u32 = 0; let mut x795: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x794, &mut x795, x793, x722, x769); let mut x796: u32 = 0; let mut x797: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x796, &mut x797, x795, x724, x771); let mut x798: u32 = 0; let mut x799: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x798, &mut x799, x797, x726, x773); let mut x800: u32 = 0; let mut x801: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x800, &mut x801, x799, x728, x775); let mut x802: u32 = 0; let mut x803: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x802, &mut x803, x801, x730, x777); let mut x804: u32 = 0; let mut x805: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x804, &mut x805, x778, 0xe88fdc45); let mut x806: u32 = 0; let mut x807: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x806, &mut x807, x804, 0xffffffff); let mut x808: u32 = 0; let mut x809: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x808, &mut x809, x804, 0xffffffff); let mut x810: u32 = 0; let mut x811: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x810, &mut x811, x804, 0xffffffff); let mut x812: u32 = 0; let mut x813: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x812, &mut x813, x804, 0xffffffff); let mut x814: u32 = 0; let mut x815: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x814, &mut x815, x804, 0xffffffff); let mut x816: u32 = 0; let mut x817: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x816, &mut x817, x804, 0xffffffff); let mut x818: u32 = 0; let mut x819: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x818, &mut x819, x804, 0xc7634d81); let mut x820: u32 = 0; let mut x821: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x820, &mut x821, x804, 0xf4372ddf); let mut x822: u32 = 0; let mut x823: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x822, &mut x823, x804, 0x581a0db2); let mut x824: u32 = 0; let mut x825: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x824, &mut x825, x804, 0x48b0a77a); let mut x826: u32 = 0; let mut x827: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x826, &mut x827, x804, 0xecec196a); let mut x828: u32 = 0; let mut x829: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x828, &mut x829, x804, 0xccc52973); let mut x830: u32 = 0; let mut x831: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x830, &mut x831, 0x0, x829, x826); let mut x832: u32 = 0; let mut x833: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x832, &mut x833, x831, x827, x824); let mut x834: u32 = 0; let mut x835: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x834, &mut x835, x833, x825, x822); let mut x836: u32 = 0; let mut x837: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x836, &mut x837, x835, x823, x820); let mut x838: u32 = 0; let mut x839: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x838, &mut x839, x837, x821, x818); let mut x840: u32 = 0; let mut x841: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x840, &mut x841, x839, x819, x816); let mut x842: u32 = 0; let mut x843: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x842, &mut x843, x841, x817, x814); let mut x844: u32 = 0; let mut x845: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x844, &mut x845, x843, x815, x812); let mut x846: u32 = 0; let mut x847: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x846, &mut x847, x845, x813, x810); let mut x848: u32 = 0; let mut x849: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x848, &mut x849, x847, x811, x808); let mut x850: u32 = 0; let mut x851: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x850, &mut x851, x849, x809, x806); let x852: u32 = ((x851 as u32) + x807); let mut x853: u32 = 0; let mut x854: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x853, &mut x854, 0x0, x778, x828); let mut x855: u32 = 0; let mut x856: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x855, &mut x856, x854, x780, x830); let mut x857: u32 = 0; let mut x858: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x857, &mut x858, x856, x782, x832); let mut x859: u32 = 0; let mut x860: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x859, &mut x860, x858, x784, x834); let mut x861: u32 = 0; let mut x862: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x861, &mut x862, x860, x786, x836); let mut x863: u32 = 0; let mut x864: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x863, &mut x864, x862, x788, x838); let mut x865: u32 = 0; let mut x866: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x865, &mut x866, x864, x790, x840); let mut x867: u32 = 0; let mut x868: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x867, &mut x868, x866, x792, x842); let mut x869: u32 = 0; let mut x870: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x869, &mut x870, x868, x794, x844); let mut x871: u32 = 0; let mut x872: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x871, &mut x872, x870, x796, x846); let mut x873: u32 = 0; let mut x874: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x873, &mut x874, x872, x798, x848); let mut x875: u32 = 0; let mut x876: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x875, &mut x876, x874, x800, x850); let mut x877: u32 = 0; let mut x878: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x877, &mut x878, x876, x802, x852); let x879: u32 = ((x878 as u32) + (x803 as u32)); let mut x880: u32 = 0; let mut x881: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x880, &mut x881, x6, (arg1[11])); let mut x882: u32 = 0; let mut x883: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x882, &mut x883, x6, (arg1[10])); let mut x884: u32 = 0; let mut x885: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x884, &mut x885, x6, (arg1[9])); let mut x886: u32 = 0; let mut x887: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x886, &mut x887, x6, (arg1[8])); let mut x888: u32 = 0; let mut x889: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x888, &mut x889, x6, (arg1[7])); let mut x890: u32 = 0; let mut x891: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x890, &mut x891, x6, (arg1[6])); let mut x892: u32 = 0; let mut x893: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x892, &mut x893, x6, (arg1[5])); let mut x894: u32 = 0; let mut x895: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x894, &mut x895, x6, (arg1[4])); let mut x896: u32 = 0; let mut x897: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x896, &mut x897, x6, (arg1[3])); let mut x898: u32 = 0; let mut x899: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x898, &mut x899, x6, (arg1[2])); let mut x900: u32 = 0; let mut x901: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x900, &mut x901, x6, (arg1[1])); let mut x902: u32 = 0; let mut x903: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x902, &mut x903, x6, (arg1[0])); let mut x904: u32 = 0; let mut x905: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x904, &mut x905, 0x0, x903, x900); let mut x906: u32 = 0; let mut x907: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x906, &mut x907, x905, x901, x898); let mut x908: u32 = 0; let mut x909: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x908, &mut x909, x907, x899, x896); let mut x910: u32 = 0; let mut x911: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x910, &mut x911, x909, x897, x894); let mut x912: u32 = 0; let mut x913: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x912, &mut x913, x911, x895, x892); let mut x914: u32 = 0; let mut x915: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x914, &mut x915, x913, x893, x890); let mut x916: u32 = 0; let mut x917: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x916, &mut x917, x915, x891, x888); let mut x918: u32 = 0; let mut x919: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x918, &mut x919, x917, x889, x886); let mut x920: u32 = 0; let mut x921: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x920, &mut x921, x919, x887, x884); let mut x922: u32 = 0; let mut x923: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x922, &mut x923, x921, x885, x882); let mut x924: u32 = 0; let mut x925: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x924, &mut x925, x923, x883, x880); let x926: u32 = ((x925 as u32) + x881); let mut x927: u32 = 0; let mut x928: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x927, &mut x928, 0x0, x855, x902); let mut x929: u32 = 0; let mut x930: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x929, &mut x930, x928, x857, x904); let mut x931: u32 = 0; let mut x932: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x931, &mut x932, x930, x859, x906); let mut x933: u32 = 0; let mut x934: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x933, &mut x934, x932, x861, x908); let mut x935: u32 = 0; let mut x936: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x935, &mut x936, x934, x863, x910); let mut x937: u32 = 0; let mut x938: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x937, &mut x938, x936, x865, x912); let mut x939: u32 = 0; let mut x940: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x939, &mut x940, x938, x867, x914); let mut x941: u32 = 0; let mut x942: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x941, &mut x942, x940, x869, x916); let mut x943: u32 = 0; let mut x944: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x943, &mut x944, x942, x871, x918); let mut x945: u32 = 0; let mut x946: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x945, &mut x946, x944, x873, x920); let mut x947: u32 = 0; let mut x948: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x947, &mut x948, x946, x875, x922); let mut x949: u32 = 0; let mut x950: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x949, &mut x950, x948, x877, x924); let mut x951: u32 = 0; let mut x952: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x951, &mut x952, x950, x879, x926); let mut x953: u32 = 0; let mut x954: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x953, &mut x954, x927, 0xe88fdc45); let mut x955: u32 = 0; let mut x956: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x955, &mut x956, x953, 0xffffffff); let mut x957: u32 = 0; let mut x958: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x957, &mut x958, x953, 0xffffffff); let mut x959: u32 = 0; let mut x960: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x959, &mut x960, x953, 0xffffffff); let mut x961: u32 = 0; let mut x962: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x961, &mut x962, x953, 0xffffffff); let mut x963: u32 = 0; let mut x964: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x963, &mut x964, x953, 0xffffffff); let mut x965: u32 = 0; let mut x966: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x965, &mut x966, x953, 0xffffffff); let mut x967: u32 = 0; let mut x968: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x967, &mut x968, x953, 0xc7634d81); let mut x969: u32 = 0; let mut x970: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x969, &mut x970, x953, 0xf4372ddf); let mut x971: u32 = 0; let mut x972: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x971, &mut x972, x953, 0x581a0db2); let mut x973: u32 = 0; let mut x974: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x973, &mut x974, x953, 0x48b0a77a); let mut x975: u32 = 0; let mut x976: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x975, &mut x976, x953, 0xecec196a); let mut x977: u32 = 0; let mut x978: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x977, &mut x978, x953, 0xccc52973); let mut x979: u32 = 0; let mut x980: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x979, &mut x980, 0x0, x978, x975); let mut x981: u32 = 0; let mut x982: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x981, &mut x982, x980, x976, x973); let mut x983: u32 = 0; let mut x984: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x983, &mut x984, x982, x974, x971); let mut x985: u32 = 0; let mut x986: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x985, &mut x986, x984, x972, x969); let mut x987: u32 = 0; let mut x988: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x987, &mut x988, x986, x970, x967); let mut x989: u32 = 0; let mut x990: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x989, &mut x990, x988, x968, x965); let mut x991: u32 = 0; let mut x992: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x991, &mut x992, x990, x966, x963); let mut x993: u32 = 0; let mut x994: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x993, &mut x994, x992, x964, x961); let mut x995: u32 = 0; let mut x996: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x995, &mut x996, x994, x962, x959); let mut x997: u32 = 0; let mut x998: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x997, &mut x998, x996, x960, x957); let mut x999: u32 = 0; let mut x1000: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x999, &mut x1000, x998, x958, x955); let x1001: u32 = ((x1000 as u32) + x956); let mut x1002: u32 = 0; let mut x1003: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1002, &mut x1003, 0x0, x927, x977); let mut x1004: u32 = 0; let mut x1005: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1004, &mut x1005, x1003, x929, x979); let mut x1006: u32 = 0; let mut x1007: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1006, &mut x1007, x1005, x931, x981); let mut x1008: u32 = 0; let mut x1009: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1008, &mut x1009, x1007, x933, x983); let mut x1010: u32 = 0; let mut x1011: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1010, &mut x1011, x1009, x935, x985); let mut x1012: u32 = 0; let mut x1013: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1012, &mut x1013, x1011, x937, x987); let mut x1014: u32 = 0; let mut x1015: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1014, &mut x1015, x1013, x939, x989); let mut x1016: u32 = 0; let mut x1017: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1016, &mut x1017, x1015, x941, x991); let mut x1018: u32 = 0; let mut x1019: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1018, &mut x1019, x1017, x943, x993); let mut x1020: u32 = 0; let mut x1021: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1020, &mut x1021, x1019, x945, x995); let mut x1022: u32 = 0; let mut x1023: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1022, &mut x1023, x1021, x947, x997); let mut x1024: u32 = 0; let mut x1025: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1024, &mut x1025, x1023, x949, x999); let mut x1026: u32 = 0; let mut x1027: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1026, &mut x1027, x1025, x951, x1001); let x1028: u32 = ((x1027 as u32) + (x952 as u32)); let mut x1029: u32 = 0; let mut x1030: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1029, &mut x1030, x7, (arg1[11])); let mut x1031: u32 = 0; let mut x1032: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1031, &mut x1032, x7, (arg1[10])); let mut x1033: u32 = 0; let mut x1034: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1033, &mut x1034, x7, (arg1[9])); let mut x1035: u32 = 0; let mut x1036: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1035, &mut x1036, x7, (arg1[8])); let mut x1037: u32 = 0; let mut x1038: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1037, &mut x1038, x7, (arg1[7])); let mut x1039: u32 = 0; let mut x1040: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1039, &mut x1040, x7, (arg1[6])); let mut x1041: u32 = 0; let mut x1042: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1041, &mut x1042, x7, (arg1[5])); let mut x1043: u32 = 0; let mut x1044: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1043, &mut x1044, x7, (arg1[4])); let mut x1045: u32 = 0; let mut x1046: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1045, &mut x1046, x7, (arg1[3])); let mut x1047: u32 = 0; let mut x1048: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1047, &mut x1048, x7, (arg1[2])); let mut x1049: u32 = 0; let mut x1050: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1049, &mut x1050, x7, (arg1[1])); let mut x1051: u32 = 0; let mut x1052: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1051, &mut x1052, x7, (arg1[0])); let mut x1053: u32 = 0; let mut x1054: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1053, &mut x1054, 0x0, x1052, x1049); let mut x1055: u32 = 0; let mut x1056: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1055, &mut x1056, x1054, x1050, x1047); let mut x1057: u32 = 0; let mut x1058: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1057, &mut x1058, x1056, x1048, x1045); let mut x1059: u32 = 0; let mut x1060: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1059, &mut x1060, x1058, x1046, x1043); let mut x1061: u32 = 0; let mut x1062: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1061, &mut x1062, x1060, x1044, x1041); let mut x1063: u32 = 0; let mut x1064: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1063, &mut x1064, x1062, x1042, x1039); let mut x1065: u32 = 0; let mut x1066: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1065, &mut x1066, x1064, x1040, x1037); let mut x1067: u32 = 0; let mut x1068: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1067, &mut x1068, x1066, x1038, x1035); let mut x1069: u32 = 0; let mut x1070: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1069, &mut x1070, x1068, x1036, x1033); let mut x1071: u32 = 0; let mut x1072: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1071, &mut x1072, x1070, x1034, x1031); let mut x1073: u32 = 0; let mut x1074: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1073, &mut x1074, x1072, x1032, x1029); let x1075: u32 = ((x1074 as u32) + x1030); let mut x1076: u32 = 0; let mut x1077: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1076, &mut x1077, 0x0, x1004, x1051); let mut x1078: u32 = 0; let mut x1079: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1078, &mut x1079, x1077, x1006, x1053); let mut x1080: u32 = 0; let mut x1081: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1080, &mut x1081, x1079, x1008, x1055); let mut x1082: u32 = 0; let mut x1083: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1082, &mut x1083, x1081, x1010, x1057); let mut x1084: u32 = 0; let mut x1085: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1084, &mut x1085, x1083, x1012, x1059); let mut x1086: u32 = 0; let mut x1087: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1086, &mut x1087, x1085, x1014, x1061); let mut x1088: u32 = 0; let mut x1089: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1088, &mut x1089, x1087, x1016, x1063); let mut x1090: u32 = 0; let mut x1091: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1090, &mut x1091, x1089, x1018, x1065); let mut x1092: u32 = 0; let mut x1093: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1092, &mut x1093, x1091, x1020, x1067); let mut x1094: u32 = 0; let mut x1095: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1094, &mut x1095, x1093, x1022, x1069); let mut x1096: u32 = 0; let mut x1097: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1096, &mut x1097, x1095, x1024, x1071); let mut x1098: u32 = 0; let mut x1099: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1098, &mut x1099, x1097, x1026, x1073); let mut x1100: u32 = 0; let mut x1101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1100, &mut x1101, x1099, x1028, x1075); let mut x1102: u32 = 0; let mut x1103: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1102, &mut x1103, x1076, 0xe88fdc45); let mut x1104: u32 = 0; let mut x1105: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1104, &mut x1105, x1102, 0xffffffff); let mut x1106: u32 = 0; let mut x1107: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1106, &mut x1107, x1102, 0xffffffff); let mut x1108: u32 = 0; let mut x1109: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1108, &mut x1109, x1102, 0xffffffff); let mut x1110: u32 = 0; let mut x1111: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1110, &mut x1111, x1102, 0xffffffff); let mut x1112: u32 = 0; let mut x1113: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1112, &mut x1113, x1102, 0xffffffff); let mut x1114: u32 = 0; let mut x1115: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1114, &mut x1115, x1102, 0xffffffff); let mut x1116: u32 = 0; let mut x1117: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1116, &mut x1117, x1102, 0xc7634d81); let mut x1118: u32 = 0; let mut x1119: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1118, &mut x1119, x1102, 0xf4372ddf); let mut x1120: u32 = 0; let mut x1121: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1120, &mut x1121, x1102, 0x581a0db2); let mut x1122: u32 = 0; let mut x1123: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1122, &mut x1123, x1102, 0x48b0a77a); let mut x1124: u32 = 0; let mut x1125: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1124, &mut x1125, x1102, 0xecec196a); let mut x1126: u32 = 0; let mut x1127: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1126, &mut x1127, x1102, 0xccc52973); let mut x1128: u32 = 0; let mut x1129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1128, &mut x1129, 0x0, x1127, x1124); let mut x1130: u32 = 0; let mut x1131: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1130, &mut x1131, x1129, x1125, x1122); let mut x1132: u32 = 0; let mut x1133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1132, &mut x1133, x1131, x1123, x1120); let mut x1134: u32 = 0; let mut x1135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1134, &mut x1135, x1133, x1121, x1118); let mut x1136: u32 = 0; let mut x1137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1136, &mut x1137, x1135, x1119, x1116); let mut x1138: u32 = 0; let mut x1139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1138, &mut x1139, x1137, x1117, x1114); let mut x1140: u32 = 0; let mut x1141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1140, &mut x1141, x1139, x1115, x1112); let mut x1142: u32 = 0; let mut x1143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1142, &mut x1143, x1141, x1113, x1110); let mut x1144: u32 = 0; let mut x1145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1144, &mut x1145, x1143, x1111, x1108); let mut x1146: u32 = 0; let mut x1147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1146, &mut x1147, x1145, x1109, x1106); let mut x1148: u32 = 0; let mut x1149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1148, &mut x1149, x1147, x1107, x1104); let x1150: u32 = ((x1149 as u32) + x1105); let mut x1151: u32 = 0; let mut x1152: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1151, &mut x1152, 0x0, x1076, x1126); let mut x1153: u32 = 0; let mut x1154: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1153, &mut x1154, x1152, x1078, x1128); let mut x1155: u32 = 0; let mut x1156: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1155, &mut x1156, x1154, x1080, x1130); let mut x1157: u32 = 0; let mut x1158: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1157, &mut x1158, x1156, x1082, x1132); let mut x1159: u32 = 0; let mut x1160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1159, &mut x1160, x1158, x1084, x1134); let mut x1161: u32 = 0; let mut x1162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1161, &mut x1162, x1160, x1086, x1136); let mut x1163: u32 = 0; let mut x1164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1163, &mut x1164, x1162, x1088, x1138); let mut x1165: u32 = 0; let mut x1166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1165, &mut x1166, x1164, x1090, x1140); let mut x1167: u32 = 0; let mut x1168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1167, &mut x1168, x1166, x1092, x1142); let mut x1169: u32 = 0; let mut x1170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1169, &mut x1170, x1168, x1094, x1144); let mut x1171: u32 = 0; let mut x1172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1171, &mut x1172, x1170, x1096, x1146); let mut x1173: u32 = 0; let mut x1174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1173, &mut x1174, x1172, x1098, x1148); let mut x1175: u32 = 0; let mut x1176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1175, &mut x1176, x1174, x1100, x1150); let x1177: u32 = ((x1176 as u32) + (x1101 as u32)); let mut x1178: u32 = 0; let mut x1179: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1178, &mut x1179, x8, (arg1[11])); let mut x1180: u32 = 0; let mut x1181: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1180, &mut x1181, x8, (arg1[10])); let mut x1182: u32 = 0; let mut x1183: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1182, &mut x1183, x8, (arg1[9])); let mut x1184: u32 = 0; let mut x1185: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1184, &mut x1185, x8, (arg1[8])); let mut x1186: u32 = 0; let mut x1187: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1186, &mut x1187, x8, (arg1[7])); let mut x1188: u32 = 0; let mut x1189: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1188, &mut x1189, x8, (arg1[6])); let mut x1190: u32 = 0; let mut x1191: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1190, &mut x1191, x8, (arg1[5])); let mut x1192: u32 = 0; let mut x1193: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1192, &mut x1193, x8, (arg1[4])); let mut x1194: u32 = 0; let mut x1195: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1194, &mut x1195, x8, (arg1[3])); let mut x1196: u32 = 0; let mut x1197: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1196, &mut x1197, x8, (arg1[2])); let mut x1198: u32 = 0; let mut x1199: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1198, &mut x1199, x8, (arg1[1])); let mut x1200: u32 = 0; let mut x1201: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1200, &mut x1201, x8, (arg1[0])); let mut x1202: u32 = 0; let mut x1203: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1202, &mut x1203, 0x0, x1201, x1198); let mut x1204: u32 = 0; let mut x1205: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1204, &mut x1205, x1203, x1199, x1196); let mut x1206: u32 = 0; let mut x1207: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1206, &mut x1207, x1205, x1197, x1194); let mut x1208: u32 = 0; let mut x1209: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1208, &mut x1209, x1207, x1195, x1192); let mut x1210: u32 = 0; let mut x1211: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1210, &mut x1211, x1209, x1193, x1190); let mut x1212: u32 = 0; let mut x1213: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1212, &mut x1213, x1211, x1191, x1188); let mut x1214: u32 = 0; let mut x1215: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1214, &mut x1215, x1213, x1189, x1186); let mut x1216: u32 = 0; let mut x1217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1216, &mut x1217, x1215, x1187, x1184); let mut x1218: u32 = 0; let mut x1219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1218, &mut x1219, x1217, x1185, x1182); let mut x1220: u32 = 0; let mut x1221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1220, &mut x1221, x1219, x1183, x1180); let mut x1222: u32 = 0; let mut x1223: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1222, &mut x1223, x1221, x1181, x1178); let x1224: u32 = ((x1223 as u32) + x1179); let mut x1225: u32 = 0; let mut x1226: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1225, &mut x1226, 0x0, x1153, x1200); let mut x1227: u32 = 0; let mut x1228: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1227, &mut x1228, x1226, x1155, x1202); let mut x1229: u32 = 0; let mut x1230: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1229, &mut x1230, x1228, x1157, x1204); let mut x1231: u32 = 0; let mut x1232: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1231, &mut x1232, x1230, x1159, x1206); let mut x1233: u32 = 0; let mut x1234: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1233, &mut x1234, x1232, x1161, x1208); let mut x1235: u32 = 0; let mut x1236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1235, &mut x1236, x1234, x1163, x1210); let mut x1237: u32 = 0; let mut x1238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1237, &mut x1238, x1236, x1165, x1212); let mut x1239: u32 = 0; let mut x1240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1239, &mut x1240, x1238, x1167, x1214); let mut x1241: u32 = 0; let mut x1242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1241, &mut x1242, x1240, x1169, x1216); let mut x1243: u32 = 0; let mut x1244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1243, &mut x1244, x1242, x1171, x1218); let mut x1245: u32 = 0; let mut x1246: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1245, &mut x1246, x1244, x1173, x1220); let mut x1247: u32 = 0; let mut x1248: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1247, &mut x1248, x1246, x1175, x1222); let mut x1249: u32 = 0; let mut x1250: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1249, &mut x1250, x1248, x1177, x1224); let mut x1251: u32 = 0; let mut x1252: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1251, &mut x1252, x1225, 0xe88fdc45); let mut x1253: u32 = 0; let mut x1254: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1253, &mut x1254, x1251, 0xffffffff); let mut x1255: u32 = 0; let mut x1256: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1255, &mut x1256, x1251, 0xffffffff); let mut x1257: u32 = 0; let mut x1258: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1257, &mut x1258, x1251, 0xffffffff); let mut x1259: u32 = 0; let mut x1260: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1259, &mut x1260, x1251, 0xffffffff); let mut x1261: u32 = 0; let mut x1262: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1261, &mut x1262, x1251, 0xffffffff); let mut x1263: u32 = 0; let mut x1264: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1263, &mut x1264, x1251, 0xffffffff); let mut x1265: u32 = 0; let mut x1266: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1265, &mut x1266, x1251, 0xc7634d81); let mut x1267: u32 = 0; let mut x1268: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1267, &mut x1268, x1251, 0xf4372ddf); let mut x1269: u32 = 0; let mut x1270: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1269, &mut x1270, x1251, 0x581a0db2); let mut x1271: u32 = 0; let mut x1272: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1271, &mut x1272, x1251, 0x48b0a77a); let mut x1273: u32 = 0; let mut x1274: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1273, &mut x1274, x1251, 0xecec196a); let mut x1275: u32 = 0; let mut x1276: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1275, &mut x1276, x1251, 0xccc52973); let mut x1277: u32 = 0; let mut x1278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1277, &mut x1278, 0x0, x1276, x1273); let mut x1279: u32 = 0; let mut x1280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1279, &mut x1280, x1278, x1274, x1271); let mut x1281: u32 = 0; let mut x1282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1281, &mut x1282, x1280, x1272, x1269); let mut x1283: u32 = 0; let mut x1284: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1283, &mut x1284, x1282, x1270, x1267); let mut x1285: u32 = 0; let mut x1286: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1285, &mut x1286, x1284, x1268, x1265); let mut x1287: u32 = 0; let mut x1288: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1287, &mut x1288, x1286, x1266, x1263); let mut x1289: u32 = 0; let mut x1290: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1289, &mut x1290, x1288, x1264, x1261); let mut x1291: u32 = 0; let mut x1292: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1291, &mut x1292, x1290, x1262, x1259); let mut x1293: u32 = 0; let mut x1294: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1293, &mut x1294, x1292, x1260, x1257); let mut x1295: u32 = 0; let mut x1296: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1295, &mut x1296, x1294, x1258, x1255); let mut x1297: u32 = 0; let mut x1298: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1297, &mut x1298, x1296, x1256, x1253); let x1299: u32 = ((x1298 as u32) + x1254); let mut x1300: u32 = 0; let mut x1301: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1300, &mut x1301, 0x0, x1225, x1275); let mut x1302: u32 = 0; let mut x1303: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1302, &mut x1303, x1301, x1227, x1277); let mut x1304: u32 = 0; let mut x1305: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1304, &mut x1305, x1303, x1229, x1279); let mut x1306: u32 = 0; let mut x1307: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1306, &mut x1307, x1305, x1231, x1281); let mut x1308: u32 = 0; let mut x1309: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1308, &mut x1309, x1307, x1233, x1283); let mut x1310: u32 = 0; let mut x1311: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1310, &mut x1311, x1309, x1235, x1285); let mut x1312: u32 = 0; let mut x1313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1312, &mut x1313, x1311, x1237, x1287); let mut x1314: u32 = 0; let mut x1315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1314, &mut x1315, x1313, x1239, x1289); let mut x1316: u32 = 0; let mut x1317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1316, &mut x1317, x1315, x1241, x1291); let mut x1318: u32 = 0; let mut x1319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1318, &mut x1319, x1317, x1243, x1293); let mut x1320: u32 = 0; let mut x1321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1320, &mut x1321, x1319, x1245, x1295); let mut x1322: u32 = 0; let mut x1323: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1322, &mut x1323, x1321, x1247, x1297); let mut x1324: u32 = 0; let mut x1325: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1324, &mut x1325, x1323, x1249, x1299); let x1326: u32 = ((x1325 as u32) + (x1250 as u32)); let mut x1327: u32 = 0; let mut x1328: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1327, &mut x1328, x9, (arg1[11])); let mut x1329: u32 = 0; let mut x1330: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1329, &mut x1330, x9, (arg1[10])); let mut x1331: u32 = 0; let mut x1332: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1331, &mut x1332, x9, (arg1[9])); let mut x1333: u32 = 0; let mut x1334: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1333, &mut x1334, x9, (arg1[8])); let mut x1335: u32 = 0; let mut x1336: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1335, &mut x1336, x9, (arg1[7])); let mut x1337: u32 = 0; let mut x1338: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1337, &mut x1338, x9, (arg1[6])); let mut x1339: u32 = 0; let mut x1340: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1339, &mut x1340, x9, (arg1[5])); let mut x1341: u32 = 0; let mut x1342: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1341, &mut x1342, x9, (arg1[4])); let mut x1343: u32 = 0; let mut x1344: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1343, &mut x1344, x9, (arg1[3])); let mut x1345: u32 = 0; let mut x1346: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1345, &mut x1346, x9, (arg1[2])); let mut x1347: u32 = 0; let mut x1348: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1347, &mut x1348, x9, (arg1[1])); let mut x1349: u32 = 0; let mut x1350: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1349, &mut x1350, x9, (arg1[0])); let mut x1351: u32 = 0; let mut x1352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1351, &mut x1352, 0x0, x1350, x1347); let mut x1353: u32 = 0; let mut x1354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1353, &mut x1354, x1352, x1348, x1345); let mut x1355: u32 = 0; let mut x1356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1355, &mut x1356, x1354, x1346, x1343); let mut x1357: u32 = 0; let mut x1358: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1357, &mut x1358, x1356, x1344, x1341); let mut x1359: u32 = 0; let mut x1360: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1359, &mut x1360, x1358, x1342, x1339); let mut x1361: u32 = 0; let mut x1362: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1361, &mut x1362, x1360, x1340, x1337); let mut x1363: u32 = 0; let mut x1364: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1363, &mut x1364, x1362, x1338, x1335); let mut x1365: u32 = 0; let mut x1366: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1365, &mut x1366, x1364, x1336, x1333); let mut x1367: u32 = 0; let mut x1368: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1367, &mut x1368, x1366, x1334, x1331); let mut x1369: u32 = 0; let mut x1370: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1369, &mut x1370, x1368, x1332, x1329); let mut x1371: u32 = 0; let mut x1372: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1371, &mut x1372, x1370, x1330, x1327); let x1373: u32 = ((x1372 as u32) + x1328); let mut x1374: u32 = 0; let mut x1375: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1374, &mut x1375, 0x0, x1302, x1349); let mut x1376: u32 = 0; let mut x1377: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1376, &mut x1377, x1375, x1304, x1351); let mut x1378: u32 = 0; let mut x1379: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1378, &mut x1379, x1377, x1306, x1353); let mut x1380: u32 = 0; let mut x1381: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1380, &mut x1381, x1379, x1308, x1355); let mut x1382: u32 = 0; let mut x1383: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1382, &mut x1383, x1381, x1310, x1357); let mut x1384: u32 = 0; let mut x1385: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1384, &mut x1385, x1383, x1312, x1359); let mut x1386: u32 = 0; let mut x1387: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1386, &mut x1387, x1385, x1314, x1361); let mut x1388: u32 = 0; let mut x1389: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1388, &mut x1389, x1387, x1316, x1363); let mut x1390: u32 = 0; let mut x1391: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1390, &mut x1391, x1389, x1318, x1365); let mut x1392: u32 = 0; let mut x1393: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1392, &mut x1393, x1391, x1320, x1367); let mut x1394: u32 = 0; let mut x1395: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1394, &mut x1395, x1393, x1322, x1369); let mut x1396: u32 = 0; let mut x1397: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1396, &mut x1397, x1395, x1324, x1371); let mut x1398: u32 = 0; let mut x1399: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1398, &mut x1399, x1397, x1326, x1373); let mut x1400: u32 = 0; let mut x1401: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1400, &mut x1401, x1374, 0xe88fdc45); let mut x1402: u32 = 0; let mut x1403: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1402, &mut x1403, x1400, 0xffffffff); let mut x1404: u32 = 0; let mut x1405: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1404, &mut x1405, x1400, 0xffffffff); let mut x1406: u32 = 0; let mut x1407: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1406, &mut x1407, x1400, 0xffffffff); let mut x1408: u32 = 0; let mut x1409: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1408, &mut x1409, x1400, 0xffffffff); let mut x1410: u32 = 0; let mut x1411: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1410, &mut x1411, x1400, 0xffffffff); let mut x1412: u32 = 0; let mut x1413: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1412, &mut x1413, x1400, 0xffffffff); let mut x1414: u32 = 0; let mut x1415: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1414, &mut x1415, x1400, 0xc7634d81); let mut x1416: u32 = 0; let mut x1417: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1416, &mut x1417, x1400, 0xf4372ddf); let mut x1418: u32 = 0; let mut x1419: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1418, &mut x1419, x1400, 0x581a0db2); let mut x1420: u32 = 0; let mut x1421: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1420, &mut x1421, x1400, 0x48b0a77a); let mut x1422: u32 = 0; let mut x1423: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1422, &mut x1423, x1400, 0xecec196a); let mut x1424: u32 = 0; let mut x1425: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1424, &mut x1425, x1400, 0xccc52973); let mut x1426: u32 = 0; let mut x1427: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1426, &mut x1427, 0x0, x1425, x1422); let mut x1428: u32 = 0; let mut x1429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1428, &mut x1429, x1427, x1423, x1420); let mut x1430: u32 = 0; let mut x1431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1430, &mut x1431, x1429, x1421, x1418); let mut x1432: u32 = 0; let mut x1433: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1432, &mut x1433, x1431, x1419, x1416); let mut x1434: u32 = 0; let mut x1435: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1434, &mut x1435, x1433, x1417, x1414); let mut x1436: u32 = 0; let mut x1437: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1436, &mut x1437, x1435, x1415, x1412); let mut x1438: u32 = 0; let mut x1439: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1438, &mut x1439, x1437, x1413, x1410); let mut x1440: u32 = 0; let mut x1441: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1440, &mut x1441, x1439, x1411, x1408); let mut x1442: u32 = 0; let mut x1443: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1442, &mut x1443, x1441, x1409, x1406); let mut x1444: u32 = 0; let mut x1445: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1444, &mut x1445, x1443, x1407, x1404); let mut x1446: u32 = 0; let mut x1447: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1446, &mut x1447, x1445, x1405, x1402); let x1448: u32 = ((x1447 as u32) + x1403); let mut x1449: u32 = 0; let mut x1450: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1449, &mut x1450, 0x0, x1374, x1424); let mut x1451: u32 = 0; let mut x1452: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1451, &mut x1452, x1450, x1376, x1426); let mut x1453: u32 = 0; let mut x1454: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1453, &mut x1454, x1452, x1378, x1428); let mut x1455: u32 = 0; let mut x1456: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1455, &mut x1456, x1454, x1380, x1430); let mut x1457: u32 = 0; let mut x1458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1457, &mut x1458, x1456, x1382, x1432); let mut x1459: u32 = 0; let mut x1460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1459, &mut x1460, x1458, x1384, x1434); let mut x1461: u32 = 0; let mut x1462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1461, &mut x1462, x1460, x1386, x1436); let mut x1463: u32 = 0; let mut x1464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1463, &mut x1464, x1462, x1388, x1438); let mut x1465: u32 = 0; let mut x1466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1465, &mut x1466, x1464, x1390, x1440); let mut x1467: u32 = 0; let mut x1468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1467, &mut x1468, x1466, x1392, x1442); let mut x1469: u32 = 0; let mut x1470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1469, &mut x1470, x1468, x1394, x1444); let mut x1471: u32 = 0; let mut x1472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1471, &mut x1472, x1470, x1396, x1446); let mut x1473: u32 = 0; let mut x1474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1473, &mut x1474, x1472, x1398, x1448); let x1475: u32 = ((x1474 as u32) + (x1399 as u32)); let mut x1476: u32 = 0; let mut x1477: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1476, &mut x1477, x10, (arg1[11])); let mut x1478: u32 = 0; let mut x1479: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1478, &mut x1479, x10, (arg1[10])); let mut x1480: u32 = 0; let mut x1481: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1480, &mut x1481, x10, (arg1[9])); let mut x1482: u32 = 0; let mut x1483: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1482, &mut x1483, x10, (arg1[8])); let mut x1484: u32 = 0; let mut x1485: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1484, &mut x1485, x10, (arg1[7])); let mut x1486: u32 = 0; let mut x1487: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1486, &mut x1487, x10, (arg1[6])); let mut x1488: u32 = 0; let mut x1489: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1488, &mut x1489, x10, (arg1[5])); let mut x1490: u32 = 0; let mut x1491: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1490, &mut x1491, x10, (arg1[4])); let mut x1492: u32 = 0; let mut x1493: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1492, &mut x1493, x10, (arg1[3])); let mut x1494: u32 = 0; let mut x1495: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1494, &mut x1495, x10, (arg1[2])); let mut x1496: u32 = 0; let mut x1497: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1496, &mut x1497, x10, (arg1[1])); let mut x1498: u32 = 0; let mut x1499: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1498, &mut x1499, x10, (arg1[0])); let mut x1500: u32 = 0; let mut x1501: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1500, &mut x1501, 0x0, x1499, x1496); let mut x1502: u32 = 0; let mut x1503: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1502, &mut x1503, x1501, x1497, x1494); let mut x1504: u32 = 0; let mut x1505: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1504, &mut x1505, x1503, x1495, x1492); let mut x1506: u32 = 0; let mut x1507: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1506, &mut x1507, x1505, x1493, x1490); let mut x1508: u32 = 0; let mut x1509: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1508, &mut x1509, x1507, x1491, x1488); let mut x1510: u32 = 0; let mut x1511: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1510, &mut x1511, x1509, x1489, x1486); let mut x1512: u32 = 0; let mut x1513: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1512, &mut x1513, x1511, x1487, x1484); let mut x1514: u32 = 0; let mut x1515: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1514, &mut x1515, x1513, x1485, x1482); let mut x1516: u32 = 0; let mut x1517: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1516, &mut x1517, x1515, x1483, x1480); let mut x1518: u32 = 0; let mut x1519: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1518, &mut x1519, x1517, x1481, x1478); let mut x1520: u32 = 0; let mut x1521: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1520, &mut x1521, x1519, x1479, x1476); let x1522: u32 = ((x1521 as u32) + x1477); let mut x1523: u32 = 0; let mut x1524: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1523, &mut x1524, 0x0, x1451, x1498); let mut x1525: u32 = 0; let mut x1526: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1525, &mut x1526, x1524, x1453, x1500); let mut x1527: u32 = 0; let mut x1528: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1527, &mut x1528, x1526, x1455, x1502); let mut x1529: u32 = 0; let mut x1530: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1529, &mut x1530, x1528, x1457, x1504); let mut x1531: u32 = 0; let mut x1532: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1531, &mut x1532, x1530, x1459, x1506); let mut x1533: u32 = 0; let mut x1534: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1533, &mut x1534, x1532, x1461, x1508); let mut x1535: u32 = 0; let mut x1536: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1535, &mut x1536, x1534, x1463, x1510); let mut x1537: u32 = 0; let mut x1538: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1537, &mut x1538, x1536, x1465, x1512); let mut x1539: u32 = 0; let mut x1540: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1539, &mut x1540, x1538, x1467, x1514); let mut x1541: u32 = 0; let mut x1542: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1541, &mut x1542, x1540, x1469, x1516); let mut x1543: u32 = 0; let mut x1544: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1543, &mut x1544, x1542, x1471, x1518); let mut x1545: u32 = 0; let mut x1546: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1545, &mut x1546, x1544, x1473, x1520); let mut x1547: u32 = 0; let mut x1548: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1547, &mut x1548, x1546, x1475, x1522); let mut x1549: u32 = 0; let mut x1550: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1549, &mut x1550, x1523, 0xe88fdc45); let mut x1551: u32 = 0; let mut x1552: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1551, &mut x1552, x1549, 0xffffffff); let mut x1553: u32 = 0; let mut x1554: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1553, &mut x1554, x1549, 0xffffffff); let mut x1555: u32 = 0; let mut x1556: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1555, &mut x1556, x1549, 0xffffffff); let mut x1557: u32 = 0; let mut x1558: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1557, &mut x1558, x1549, 0xffffffff); let mut x1559: u32 = 0; let mut x1560: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1559, &mut x1560, x1549, 0xffffffff); let mut x1561: u32 = 0; let mut x1562: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1561, &mut x1562, x1549, 0xffffffff); let mut x1563: u32 = 0; let mut x1564: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1563, &mut x1564, x1549, 0xc7634d81); let mut x1565: u32 = 0; let mut x1566: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1565, &mut x1566, x1549, 0xf4372ddf); let mut x1567: u32 = 0; let mut x1568: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1567, &mut x1568, x1549, 0x581a0db2); let mut x1569: u32 = 0; let mut x1570: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1569, &mut x1570, x1549, 0x48b0a77a); let mut x1571: u32 = 0; let mut x1572: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1571, &mut x1572, x1549, 0xecec196a); let mut x1573: u32 = 0; let mut x1574: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1573, &mut x1574, x1549, 0xccc52973); let mut x1575: u32 = 0; let mut x1576: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1575, &mut x1576, 0x0, x1574, x1571); let mut x1577: u32 = 0; let mut x1578: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1577, &mut x1578, x1576, x1572, x1569); let mut x1579: u32 = 0; let mut x1580: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1579, &mut x1580, x1578, x1570, x1567); let mut x1581: u32 = 0; let mut x1582: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1581, &mut x1582, x1580, x1568, x1565); let mut x1583: u32 = 0; let mut x1584: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1583, &mut x1584, x1582, x1566, x1563); let mut x1585: u32 = 0; let mut x1586: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1585, &mut x1586, x1584, x1564, x1561); let mut x1587: u32 = 0; let mut x1588: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1587, &mut x1588, x1586, x1562, x1559); let mut x1589: u32 = 0; let mut x1590: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1589, &mut x1590, x1588, x1560, x1557); let mut x1591: u32 = 0; let mut x1592: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1591, &mut x1592, x1590, x1558, x1555); let mut x1593: u32 = 0; let mut x1594: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1593, &mut x1594, x1592, x1556, x1553); let mut x1595: u32 = 0; let mut x1596: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1595, &mut x1596, x1594, x1554, x1551); let x1597: u32 = ((x1596 as u32) + x1552); let mut x1598: u32 = 0; let mut x1599: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1598, &mut x1599, 0x0, x1523, x1573); let mut x1600: u32 = 0; let mut x1601: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1600, &mut x1601, x1599, x1525, x1575); let mut x1602: u32 = 0; let mut x1603: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1602, &mut x1603, x1601, x1527, x1577); let mut x1604: u32 = 0; let mut x1605: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1604, &mut x1605, x1603, x1529, x1579); let mut x1606: u32 = 0; let mut x1607: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1606, &mut x1607, x1605, x1531, x1581); let mut x1608: u32 = 0; let mut x1609: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1608, &mut x1609, x1607, x1533, x1583); let mut x1610: u32 = 0; let mut x1611: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1610, &mut x1611, x1609, x1535, x1585); let mut x1612: u32 = 0; let mut x1613: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1612, &mut x1613, x1611, x1537, x1587); let mut x1614: u32 = 0; let mut x1615: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1614, &mut x1615, x1613, x1539, x1589); let mut x1616: u32 = 0; let mut x1617: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1616, &mut x1617, x1615, x1541, x1591); let mut x1618: u32 = 0; let mut x1619: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1618, &mut x1619, x1617, x1543, x1593); let mut x1620: u32 = 0; let mut x1621: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1620, &mut x1621, x1619, x1545, x1595); let mut x1622: u32 = 0; let mut x1623: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1622, &mut x1623, x1621, x1547, x1597); let x1624: u32 = ((x1623 as u32) + (x1548 as u32)); let mut x1625: u32 = 0; let mut x1626: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1625, &mut x1626, x11, (arg1[11])); let mut x1627: u32 = 0; let mut x1628: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1627, &mut x1628, x11, (arg1[10])); let mut x1629: u32 = 0; let mut x1630: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1629, &mut x1630, x11, (arg1[9])); let mut x1631: u32 = 0; let mut x1632: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1631, &mut x1632, x11, (arg1[8])); let mut x1633: u32 = 0; let mut x1634: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1633, &mut x1634, x11, (arg1[7])); let mut x1635: u32 = 0; let mut x1636: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1635, &mut x1636, x11, (arg1[6])); let mut x1637: u32 = 0; let mut x1638: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1637, &mut x1638, x11, (arg1[5])); let mut x1639: u32 = 0; let mut x1640: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1639, &mut x1640, x11, (arg1[4])); let mut x1641: u32 = 0; let mut x1642: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1641, &mut x1642, x11, (arg1[3])); let mut x1643: u32 = 0; let mut x1644: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1643, &mut x1644, x11, (arg1[2])); let mut x1645: u32 = 0; let mut x1646: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1645, &mut x1646, x11, (arg1[1])); let mut x1647: u32 = 0; let mut x1648: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1647, &mut x1648, x11, (arg1[0])); let mut x1649: u32 = 0; let mut x1650: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1649, &mut x1650, 0x0, x1648, x1645); let mut x1651: u32 = 0; let mut x1652: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1651, &mut x1652, x1650, x1646, x1643); let mut x1653: u32 = 0; let mut x1654: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1653, &mut x1654, x1652, x1644, x1641); let mut x1655: u32 = 0; let mut x1656: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1655, &mut x1656, x1654, x1642, x1639); let mut x1657: u32 = 0; let mut x1658: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1657, &mut x1658, x1656, x1640, x1637); let mut x1659: u32 = 0; let mut x1660: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1659, &mut x1660, x1658, x1638, x1635); let mut x1661: u32 = 0; let mut x1662: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1661, &mut x1662, x1660, x1636, x1633); let mut x1663: u32 = 0; let mut x1664: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1663, &mut x1664, x1662, x1634, x1631); let mut x1665: u32 = 0; let mut x1666: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1665, &mut x1666, x1664, x1632, x1629); let mut x1667: u32 = 0; let mut x1668: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1667, &mut x1668, x1666, x1630, x1627); let mut x1669: u32 = 0; let mut x1670: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1669, &mut x1670, x1668, x1628, x1625); let x1671: u32 = ((x1670 as u32) + x1626); let mut x1672: u32 = 0; let mut x1673: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1672, &mut x1673, 0x0, x1600, x1647); let mut x1674: u32 = 0; let mut x1675: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1674, &mut x1675, x1673, x1602, x1649); let mut x1676: u32 = 0; let mut x1677: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1676, &mut x1677, x1675, x1604, x1651); let mut x1678: u32 = 0; let mut x1679: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1678, &mut x1679, x1677, x1606, x1653); let mut x1680: u32 = 0; let mut x1681: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1680, &mut x1681, x1679, x1608, x1655); let mut x1682: u32 = 0; let mut x1683: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1682, &mut x1683, x1681, x1610, x1657); let mut x1684: u32 = 0; let mut x1685: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1684, &mut x1685, x1683, x1612, x1659); let mut x1686: u32 = 0; let mut x1687: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1686, &mut x1687, x1685, x1614, x1661); let mut x1688: u32 = 0; let mut x1689: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1688, &mut x1689, x1687, x1616, x1663); let mut x1690: u32 = 0; let mut x1691: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1690, &mut x1691, x1689, x1618, x1665); let mut x1692: u32 = 0; let mut x1693: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1692, &mut x1693, x1691, x1620, x1667); let mut x1694: u32 = 0; let mut x1695: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1694, &mut x1695, x1693, x1622, x1669); let mut x1696: u32 = 0; let mut x1697: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1696, &mut x1697, x1695, x1624, x1671); let mut x1698: u32 = 0; let mut x1699: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1698, &mut x1699, x1672, 0xe88fdc45); let mut x1700: u32 = 0; let mut x1701: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1700, &mut x1701, x1698, 0xffffffff); let mut x1702: u32 = 0; let mut x1703: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1702, &mut x1703, x1698, 0xffffffff); let mut x1704: u32 = 0; let mut x1705: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1704, &mut x1705, x1698, 0xffffffff); let mut x1706: u32 = 0; let mut x1707: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1706, &mut x1707, x1698, 0xffffffff); let mut x1708: u32 = 0; let mut x1709: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1708, &mut x1709, x1698, 0xffffffff); let mut x1710: u32 = 0; let mut x1711: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1710, &mut x1711, x1698, 0xffffffff); let mut x1712: u32 = 0; let mut x1713: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1712, &mut x1713, x1698, 0xc7634d81); let mut x1714: u32 = 0; let mut x1715: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1714, &mut x1715, x1698, 0xf4372ddf); let mut x1716: u32 = 0; let mut x1717: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1716, &mut x1717, x1698, 0x581a0db2); let mut x1718: u32 = 0; let mut x1719: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1718, &mut x1719, x1698, 0x48b0a77a); let mut x1720: u32 = 0; let mut x1721: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1720, &mut x1721, x1698, 0xecec196a); let mut x1722: u32 = 0; let mut x1723: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1722, &mut x1723, x1698, 0xccc52973); let mut x1724: u32 = 0; let mut x1725: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1724, &mut x1725, 0x0, x1723, x1720); let mut x1726: u32 = 0; let mut x1727: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1726, &mut x1727, x1725, x1721, x1718); let mut x1728: u32 = 0; let mut x1729: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1728, &mut x1729, x1727, x1719, x1716); let mut x1730: u32 = 0; let mut x1731: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1730, &mut x1731, x1729, x1717, x1714); let mut x1732: u32 = 0; let mut x1733: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1732, &mut x1733, x1731, x1715, x1712); let mut x1734: u32 = 0; let mut x1735: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1734, &mut x1735, x1733, x1713, x1710); let mut x1736: u32 = 0; let mut x1737: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1736, &mut x1737, x1735, x1711, x1708); let mut x1738: u32 = 0; let mut x1739: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1738, &mut x1739, x1737, x1709, x1706); let mut x1740: u32 = 0; let mut x1741: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1740, &mut x1741, x1739, x1707, x1704); let mut x1742: u32 = 0; let mut x1743: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1742, &mut x1743, x1741, x1705, x1702); let mut x1744: u32 = 0; let mut x1745: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1744, &mut x1745, x1743, x1703, x1700); let x1746: u32 = ((x1745 as u32) + x1701); let mut x1747: u32 = 0; let mut x1748: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1747, &mut x1748, 0x0, x1672, x1722); let mut x1749: u32 = 0; let mut x1750: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1749, &mut x1750, x1748, x1674, x1724); let mut x1751: u32 = 0; let mut x1752: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1751, &mut x1752, x1750, x1676, x1726); let mut x1753: u32 = 0; let mut x1754: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1753, &mut x1754, x1752, x1678, x1728); let mut x1755: u32 = 0; let mut x1756: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1755, &mut x1756, x1754, x1680, x1730); let mut x1757: u32 = 0; let mut x1758: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1757, &mut x1758, x1756, x1682, x1732); let mut x1759: u32 = 0; let mut x1760: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1759, &mut x1760, x1758, x1684, x1734); let mut x1761: u32 = 0; let mut x1762: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1761, &mut x1762, x1760, x1686, x1736); let mut x1763: u32 = 0; let mut x1764: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1763, &mut x1764, x1762, x1688, x1738); let mut x1765: u32 = 0; let mut x1766: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1765, &mut x1766, x1764, x1690, x1740); let mut x1767: u32 = 0; let mut x1768: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1767, &mut x1768, x1766, x1692, x1742); let mut x1769: u32 = 0; let mut x1770: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1769, &mut x1770, x1768, x1694, x1744); let mut x1771: u32 = 0; let mut x1772: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1771, &mut x1772, x1770, x1696, x1746); let x1773: u32 = ((x1772 as u32) + (x1697 as u32)); let mut x1774: u32 = 0; let mut x1775: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1774, &mut x1775, 0x0, x1749, 0xccc52973); let mut x1776: u32 = 0; let mut x1777: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1776, &mut x1777, x1775, x1751, 0xecec196a); let mut x1778: u32 = 0; let mut x1779: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1778, &mut x1779, x1777, x1753, 0x48b0a77a); let mut x1780: u32 = 0; let mut x1781: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1780, &mut x1781, x1779, x1755, 0x581a0db2); let mut x1782: u32 = 0; let mut x1783: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1782, &mut x1783, x1781, x1757, 0xf4372ddf); let mut x1784: u32 = 0; let mut x1785: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1784, &mut x1785, x1783, x1759, 0xc7634d81); let mut x1786: u32 = 0; let mut x1787: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1786, &mut x1787, x1785, x1761, 0xffffffff); let mut x1788: u32 = 0; let mut x1789: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1788, &mut x1789, x1787, x1763, 0xffffffff); let mut x1790: u32 = 0; let mut x1791: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1790, &mut x1791, x1789, x1765, 0xffffffff); let mut x1792: u32 = 0; let mut x1793: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1792, &mut x1793, x1791, x1767, 0xffffffff); let mut x1794: u32 = 0; let mut x1795: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1794, &mut x1795, x1793, x1769, 0xffffffff); let mut x1796: u32 = 0; let mut x1797: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1796, &mut x1797, x1795, x1771, 0xffffffff); let mut x1798: u32 = 0; let mut x1799: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1798, &mut x1799, x1797, x1773, (0x0 as u32)); let mut x1800: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1800, x1799, x1774, x1749); let mut x1801: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1801, x1799, x1776, x1751); let mut x1802: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1802, x1799, x1778, x1753); let mut x1803: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1803, x1799, x1780, x1755); let mut x1804: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1804, x1799, x1782, x1757); let mut x1805: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1805, x1799, x1784, x1759); let mut x1806: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1806, x1799, x1786, x1761); let mut x1807: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1807, x1799, x1788, x1763); let mut x1808: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1808, x1799, x1790, x1765); let mut x1809: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1809, x1799, x1792, x1767); let mut x1810: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1810, x1799, x1794, x1769); let mut x1811: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1811, x1799, x1796, x1771); out1[0] = x1800; out1[1] = x1801; out1[2] = x1802; out1[3] = x1803; out1[4] = x1804; out1[5] = x1805; out1[6] = x1806; out1[7] = x1807; out1[8] = x1808; out1[9] = x1809; out1[10] = x1810; out1[11] = x1811; } /// The function fiat_p384_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_add(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x17, &mut x18, x16, (arg1[8]), (arg2[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x19, &mut x20, x18, (arg1[9]), (arg2[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x21, &mut x22, x20, (arg1[10]), (arg2[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x23, &mut x24, x22, (arg1[11]), (arg2[11])); let mut x25: u32 = 0; let mut x26: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x25, &mut x26, 0x0, x1, 0xccc52973); let mut x27: u32 = 0; let mut x28: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x27, &mut x28, x26, x3, 0xecec196a); let mut x29: u32 = 0; let mut x30: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x29, &mut x30, x28, x5, 0x48b0a77a); let mut x31: u32 = 0; let mut x32: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x31, &mut x32, x30, x7, 0x581a0db2); let mut x33: u32 = 0; let mut x34: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x33, &mut x34, x32, x9, 0xf4372ddf); let mut x35: u32 = 0; let mut x36: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x35, &mut x36, x34, x11, 0xc7634d81); let mut x37: u32 = 0; let mut x38: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x37, &mut x38, x36, x13, 0xffffffff); let mut x39: u32 = 0; let mut x40: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x39, &mut x40, x38, x15, 0xffffffff); let mut x41: u32 = 0; let mut x42: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x41, &mut x42, x40, x17, 0xffffffff); let mut x43: u32 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x43, &mut x44, x42, x19, 0xffffffff); let mut x45: u32 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x45, &mut x46, x44, x21, 0xffffffff); let mut x47: u32 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x47, &mut x48, x46, x23, 0xffffffff); let mut x49: u32 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x49, &mut x50, x48, (x24 as u32), (0x0 as u32)); let mut x51: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x51, x50, x25, x1); let mut x52: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x52, x50, x27, x3); let mut x53: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x53, x50, x29, x5); let mut x54: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x54, x50, x31, x7); let mut x55: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x55, x50, x33, x9); let mut x56: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x56, x50, x35, x11); let mut x57: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x57, x50, x37, x13); let mut x58: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x58, x50, x39, x15); let mut x59: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x59, x50, x41, x17); let mut x60: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x60, x50, x43, x19); let mut x61: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x61, x50, x45, x21); let mut x62: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x62, x50, x47, x23); out1[0] = x51; out1[1] = x52; out1[2] = x53; out1[3] = x54; out1[4] = x55; out1[5] = x56; out1[6] = x57; out1[7] = x58; out1[8] = x59; out1[9] = x60; out1[10] = x61; out1[11] = x62; } /// The function fiat_p384_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_sub(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x17, &mut x18, x16, (arg1[8]), (arg2[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x19, &mut x20, x18, (arg1[9]), (arg2[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x21, &mut x22, x20, (arg1[10]), (arg2[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x23, &mut x24, x22, (arg1[11]), (arg2[11])); let mut x25: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x25, x24, (0x0 as u32), 0xffffffff); let mut x26: u32 = 0; let mut x27: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x26, &mut x27, 0x0, x1, (x25 & 0xccc52973)); let mut x28: u32 = 0; let mut x29: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x3, (x25 & 0xecec196a)); let mut x30: u32 = 0; let mut x31: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x5, (x25 & 0x48b0a77a)); let mut x32: u32 = 0; let mut x33: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x7, (x25 & 0x581a0db2)); let mut x34: u32 = 0; let mut x35: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x34, &mut x35, x33, x9, (x25 & 0xf4372ddf)); let mut x36: u32 = 0; let mut x37: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x36, &mut x37, x35, x11, (x25 & 0xc7634d81)); let mut x38: u32 = 0; let mut x39: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x38, &mut x39, x37, x13, x25); let mut x40: u32 = 0; let mut x41: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x40, &mut x41, x39, x15, x25); let mut x42: u32 = 0; let mut x43: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x42, &mut x43, x41, x17, x25); let mut x44: u32 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x44, &mut x45, x43, x19, x25); let mut x46: u32 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x46, &mut x47, x45, x21, x25); let mut x48: u32 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x48, &mut x49, x47, x23, x25); out1[0] = x26; out1[1] = x28; out1[2] = x30; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x38; out1[7] = x40; out1[8] = x42; out1[9] = x44; out1[10] = x46; out1[11] = x48; } /// The function fiat_p384_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_opp(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; let mut x18: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x17, &mut x18, x16, (0x0 as u32), (arg1[8])); let mut x19: u32 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x19, &mut x20, x18, (0x0 as u32), (arg1[9])); let mut x21: u32 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x21, &mut x22, x20, (0x0 as u32), (arg1[10])); let mut x23: u32 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x23, &mut x24, x22, (0x0 as u32), (arg1[11])); let mut x25: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x25, x24, (0x0 as u32), 0xffffffff); let mut x26: u32 = 0; let mut x27: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x26, &mut x27, 0x0, x1, (x25 & 0xccc52973)); let mut x28: u32 = 0; let mut x29: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x3, (x25 & 0xecec196a)); let mut x30: u32 = 0; let mut x31: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x5, (x25 & 0x48b0a77a)); let mut x32: u32 = 0; let mut x33: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x7, (x25 & 0x581a0db2)); let mut x34: u32 = 0; let mut x35: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x34, &mut x35, x33, x9, (x25 & 0xf4372ddf)); let mut x36: u32 = 0; let mut x37: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x36, &mut x37, x35, x11, (x25 & 0xc7634d81)); let mut x38: u32 = 0; let mut x39: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x38, &mut x39, x37, x13, x25); let mut x40: u32 = 0; let mut x41: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x40, &mut x41, x39, x15, x25); let mut x42: u32 = 0; let mut x43: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x42, &mut x43, x41, x17, x25); let mut x44: u32 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x44, &mut x45, x43, x19, x25); let mut x46: u32 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x46, &mut x47, x45, x21, x25); let mut x48: u32 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x48, &mut x49, x47, x23, x25); out1[0] = x26; out1[1] = x28; out1[2] = x30; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x38; out1[7] = x40; out1[8] = x42; out1[9] = x44; out1[10] = x46; out1[11] = x48; } /// The function fiat_p384_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^12) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_from_montgomery(out1: &mut fiat_p384_scalar_non_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x2, &mut x3, x1, 0xe88fdc45); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x6, &mut x7, x2, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x8, &mut x9, x2, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x10, &mut x11, x2, 0xffffffff); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x12, &mut x13, x2, 0xffffffff); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x14, &mut x15, x2, 0xffffffff); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x16, &mut x17, x2, 0xc7634d81); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x18, &mut x19, x2, 0xf4372ddf); let mut x20: u32 = 0; let mut x21: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x20, &mut x21, x2, 0x581a0db2); let mut x22: u32 = 0; let mut x23: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x22, &mut x23, x2, 0x48b0a77a); let mut x24: u32 = 0; let mut x25: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x24, &mut x25, x2, 0xecec196a); let mut x26: u32 = 0; let mut x27: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x26, &mut x27, x2, 0xccc52973); let mut x28: u32 = 0; let mut x29: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x28, &mut x29, 0x0, x27, x24); let mut x30: u32 = 0; let mut x31: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x25, x22); let mut x32: u32 = 0; let mut x33: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x23, x20); let mut x34: u32 = 0; let mut x35: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x34, &mut x35, x33, x21, x18); let mut x36: u32 = 0; let mut x37: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x36, &mut x37, x35, x19, x16); let mut x38: u32 = 0; let mut x39: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x38, &mut x39, x37, x17, x14); let mut x40: u32 = 0; let mut x41: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x40, &mut x41, x39, x15, x12); let mut x42: u32 = 0; let mut x43: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x42, &mut x43, x41, x13, x10); let mut x44: u32 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x44, &mut x45, x43, x11, x8); let mut x46: u32 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x46, &mut x47, x45, x9, x6); let mut x48: u32 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x48, &mut x49, x47, x7, x4); let mut x50: u32 = 0; let mut x51: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x50, &mut x51, 0x0, x1, x26); let mut x52: u32 = 0; let mut x53: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x52, &mut x53, x51, (0x0 as u32), x28); let mut x54: u32 = 0; let mut x55: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x54, &mut x55, x53, (0x0 as u32), x30); let mut x56: u32 = 0; let mut x57: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x56, &mut x57, x55, (0x0 as u32), x32); let mut x58: u32 = 0; let mut x59: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x58, &mut x59, x57, (0x0 as u32), x34); let mut x60: u32 = 0; let mut x61: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x60, &mut x61, x59, (0x0 as u32), x36); let mut x62: u32 = 0; let mut x63: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x62, &mut x63, x61, (0x0 as u32), x38); let mut x64: u32 = 0; let mut x65: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x64, &mut x65, x63, (0x0 as u32), x40); let mut x66: u32 = 0; let mut x67: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x66, &mut x67, x65, (0x0 as u32), x42); let mut x68: u32 = 0; let mut x69: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x68, &mut x69, x67, (0x0 as u32), x44); let mut x70: u32 = 0; let mut x71: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x70, &mut x71, x69, (0x0 as u32), x46); let mut x72: u32 = 0; let mut x73: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x72, &mut x73, x71, (0x0 as u32), x48); let mut x74: u32 = 0; let mut x75: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x74, &mut x75, x73, (0x0 as u32), ((x49 as u32) + x5)); let mut x76: u32 = 0; let mut x77: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x76, &mut x77, 0x0, x52, (arg1[1])); let mut x78: u32 = 0; let mut x79: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x78, &mut x79, x77, x54, (0x0 as u32)); let mut x80: u32 = 0; let mut x81: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x80, &mut x81, x79, x56, (0x0 as u32)); let mut x82: u32 = 0; let mut x83: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x82, &mut x83, x81, x58, (0x0 as u32)); let mut x84: u32 = 0; let mut x85: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x84, &mut x85, x83, x60, (0x0 as u32)); let mut x86: u32 = 0; let mut x87: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x86, &mut x87, x85, x62, (0x0 as u32)); let mut x88: u32 = 0; let mut x89: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x64, (0x0 as u32)); let mut x90: u32 = 0; let mut x91: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x66, (0x0 as u32)); let mut x92: u32 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x92, &mut x93, x91, x68, (0x0 as u32)); let mut x94: u32 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x94, &mut x95, x93, x70, (0x0 as u32)); let mut x96: u32 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x96, &mut x97, x95, x72, (0x0 as u32)); let mut x98: u32 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x74, (0x0 as u32)); let mut x100: u32 = 0; let mut x101: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x100, &mut x101, x76, 0xe88fdc45); let mut x102: u32 = 0; let mut x103: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x102, &mut x103, x100, 0xffffffff); let mut x104: u32 = 0; let mut x105: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x104, &mut x105, x100, 0xffffffff); let mut x106: u32 = 0; let mut x107: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x106, &mut x107, x100, 0xffffffff); let mut x108: u32 = 0; let mut x109: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x108, &mut x109, x100, 0xffffffff); let mut x110: u32 = 0; let mut x111: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x110, &mut x111, x100, 0xffffffff); let mut x112: u32 = 0; let mut x113: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x112, &mut x113, x100, 0xffffffff); let mut x114: u32 = 0; let mut x115: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x114, &mut x115, x100, 0xc7634d81); let mut x116: u32 = 0; let mut x117: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x116, &mut x117, x100, 0xf4372ddf); let mut x118: u32 = 0; let mut x119: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x118, &mut x119, x100, 0x581a0db2); let mut x120: u32 = 0; let mut x121: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x120, &mut x121, x100, 0x48b0a77a); let mut x122: u32 = 0; let mut x123: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x122, &mut x123, x100, 0xecec196a); let mut x124: u32 = 0; let mut x125: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x124, &mut x125, x100, 0xccc52973); let mut x126: u32 = 0; let mut x127: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x126, &mut x127, 0x0, x125, x122); let mut x128: u32 = 0; let mut x129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x123, x120); let mut x130: u32 = 0; let mut x131: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x121, x118); let mut x132: u32 = 0; let mut x133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x132, &mut x133, x131, x119, x116); let mut x134: u32 = 0; let mut x135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x134, &mut x135, x133, x117, x114); let mut x136: u32 = 0; let mut x137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x136, &mut x137, x135, x115, x112); let mut x138: u32 = 0; let mut x139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x138, &mut x139, x137, x113, x110); let mut x140: u32 = 0; let mut x141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x140, &mut x141, x139, x111, x108); let mut x142: u32 = 0; let mut x143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x142, &mut x143, x141, x109, x106); let mut x144: u32 = 0; let mut x145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x144, &mut x145, x143, x107, x104); let mut x146: u32 = 0; let mut x147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x146, &mut x147, x145, x105, x102); let mut x148: u32 = 0; let mut x149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x148, &mut x149, 0x0, x76, x124); let mut x150: u32 = 0; let mut x151: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x150, &mut x151, x149, x78, x126); let mut x152: u32 = 0; let mut x153: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x80, x128); let mut x154: u32 = 0; let mut x155: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x82, x130); let mut x156: u32 = 0; let mut x157: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x84, x132); let mut x158: u32 = 0; let mut x159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x86, x134); let mut x160: u32 = 0; let mut x161: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x88, x136); let mut x162: u32 = 0; let mut x163: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x162, &mut x163, x161, x90, x138); let mut x164: u32 = 0; let mut x165: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x92, x140); let mut x166: u32 = 0; let mut x167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x94, x142); let mut x168: u32 = 0; let mut x169: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x96, x144); let mut x170: u32 = 0; let mut x171: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x98, x146); let mut x172: u32 = 0; let mut x173: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x172, &mut x173, x171, ((x99 as u32) + (x75 as u32)), ((x147 as u32) + x103)); let mut x174: u32 = 0; let mut x175: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x174, &mut x175, 0x0, x150, (arg1[2])); let mut x176: u32 = 0; let mut x177: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x152, (0x0 as u32)); let mut x178: u32 = 0; let mut x179: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x154, (0x0 as u32)); let mut x180: u32 = 0; let mut x181: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x156, (0x0 as u32)); let mut x182: u32 = 0; let mut x183: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x158, (0x0 as u32)); let mut x184: u32 = 0; let mut x185: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x160, (0x0 as u32)); let mut x186: u32 = 0; let mut x187: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x162, (0x0 as u32)); let mut x188: u32 = 0; let mut x189: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x164, (0x0 as u32)); let mut x190: u32 = 0; let mut x191: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x166, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x168, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x194, &mut x195, x193, x170, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x196, &mut x197, x195, x172, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x198, &mut x199, x174, 0xe88fdc45); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x200, &mut x201, x198, 0xffffffff); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x202, &mut x203, x198, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x204, &mut x205, x198, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x206, &mut x207, x198, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x208, &mut x209, x198, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x210, &mut x211, x198, 0xffffffff); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x212, &mut x213, x198, 0xc7634d81); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x214, &mut x215, x198, 0xf4372ddf); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x216, &mut x217, x198, 0x581a0db2); let mut x218: u32 = 0; let mut x219: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x218, &mut x219, x198, 0x48b0a77a); let mut x220: u32 = 0; let mut x221: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x220, &mut x221, x198, 0xecec196a); let mut x222: u32 = 0; let mut x223: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x222, &mut x223, x198, 0xccc52973); let mut x224: u32 = 0; let mut x225: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x224, &mut x225, 0x0, x223, x220); let mut x226: u32 = 0; let mut x227: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x226, &mut x227, x225, x221, x218); let mut x228: u32 = 0; let mut x229: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x228, &mut x229, x227, x219, x216); let mut x230: u32 = 0; let mut x231: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x230, &mut x231, x229, x217, x214); let mut x232: u32 = 0; let mut x233: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x232, &mut x233, x231, x215, x212); let mut x234: u32 = 0; let mut x235: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x213, x210); let mut x236: u32 = 0; let mut x237: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x211, x208); let mut x238: u32 = 0; let mut x239: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x209, x206); let mut x240: u32 = 0; let mut x241: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x207, x204); let mut x242: u32 = 0; let mut x243: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x205, x202); let mut x244: u32 = 0; let mut x245: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x203, x200); let mut x246: u32 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x246, &mut x247, 0x0, x174, x222); let mut x248: u32 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x176, x224); let mut x250: u32 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x250, &mut x251, x249, x178, x226); let mut x252: u32 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x252, &mut x253, x251, x180, x228); let mut x254: u32 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x254, &mut x255, x253, x182, x230); let mut x256: u32 = 0; let mut x257: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x256, &mut x257, x255, x184, x232); let mut x258: u32 = 0; let mut x259: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x186, x234); let mut x260: u32 = 0; let mut x261: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x188, x236); let mut x262: u32 = 0; let mut x263: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x190, x238); let mut x264: u32 = 0; let mut x265: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x192, x240); let mut x266: u32 = 0; let mut x267: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x266, &mut x267, x265, x194, x242); let mut x268: u32 = 0; let mut x269: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x196, x244); let mut x270: u32 = 0; let mut x271: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x270, &mut x271, x269, ((x197 as u32) + (x173 as u32)), ((x245 as u32) + x201)); let mut x272: u32 = 0; let mut x273: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x272, &mut x273, 0x0, x248, (arg1[3])); let mut x274: u32 = 0; let mut x275: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x274, &mut x275, x273, x250, (0x0 as u32)); let mut x276: u32 = 0; let mut x277: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x276, &mut x277, x275, x252, (0x0 as u32)); let mut x278: u32 = 0; let mut x279: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x278, &mut x279, x277, x254, (0x0 as u32)); let mut x280: u32 = 0; let mut x281: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x280, &mut x281, x279, x256, (0x0 as u32)); let mut x282: u32 = 0; let mut x283: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x282, &mut x283, x281, x258, (0x0 as u32)); let mut x284: u32 = 0; let mut x285: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x260, (0x0 as u32)); let mut x286: u32 = 0; let mut x287: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x262, (0x0 as u32)); let mut x288: u32 = 0; let mut x289: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x264, (0x0 as u32)); let mut x290: u32 = 0; let mut x291: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x266, (0x0 as u32)); let mut x292: u32 = 0; let mut x293: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x268, (0x0 as u32)); let mut x294: u32 = 0; let mut x295: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x294, &mut x295, x293, x270, (0x0 as u32)); let mut x296: u32 = 0; let mut x297: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x296, &mut x297, x272, 0xe88fdc45); let mut x298: u32 = 0; let mut x299: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x298, &mut x299, x296, 0xffffffff); let mut x300: u32 = 0; let mut x301: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x300, &mut x301, x296, 0xffffffff); let mut x302: u32 = 0; let mut x303: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x302, &mut x303, x296, 0xffffffff); let mut x304: u32 = 0; let mut x305: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x304, &mut x305, x296, 0xffffffff); let mut x306: u32 = 0; let mut x307: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x306, &mut x307, x296, 0xffffffff); let mut x308: u32 = 0; let mut x309: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x308, &mut x309, x296, 0xffffffff); let mut x310: u32 = 0; let mut x311: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x310, &mut x311, x296, 0xc7634d81); let mut x312: u32 = 0; let mut x313: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x312, &mut x313, x296, 0xf4372ddf); let mut x314: u32 = 0; let mut x315: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x314, &mut x315, x296, 0x581a0db2); let mut x316: u32 = 0; let mut x317: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x316, &mut x317, x296, 0x48b0a77a); let mut x318: u32 = 0; let mut x319: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x318, &mut x319, x296, 0xecec196a); let mut x320: u32 = 0; let mut x321: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x320, &mut x321, x296, 0xccc52973); let mut x322: u32 = 0; let mut x323: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x322, &mut x323, 0x0, x321, x318); let mut x324: u32 = 0; let mut x325: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x319, x316); let mut x326: u32 = 0; let mut x327: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x317, x314); let mut x328: u32 = 0; let mut x329: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x315, x312); let mut x330: u32 = 0; let mut x331: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x330, &mut x331, x329, x313, x310); let mut x332: u32 = 0; let mut x333: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x332, &mut x333, x331, x311, x308); let mut x334: u32 = 0; let mut x335: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x334, &mut x335, x333, x309, x306); let mut x336: u32 = 0; let mut x337: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x336, &mut x337, x335, x307, x304); let mut x338: u32 = 0; let mut x339: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x338, &mut x339, x337, x305, x302); let mut x340: u32 = 0; let mut x341: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x340, &mut x341, x339, x303, x300); let mut x342: u32 = 0; let mut x343: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x342, &mut x343, x341, x301, x298); let mut x344: u32 = 0; let mut x345: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x344, &mut x345, 0x0, x272, x320); let mut x346: u32 = 0; let mut x347: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x346, &mut x347, x345, x274, x322); let mut x348: u32 = 0; let mut x349: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x348, &mut x349, x347, x276, x324); let mut x350: u32 = 0; let mut x351: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x350, &mut x351, x349, x278, x326); let mut x352: u32 = 0; let mut x353: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x352, &mut x353, x351, x280, x328); let mut x354: u32 = 0; let mut x355: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x354, &mut x355, x353, x282, x330); let mut x356: u32 = 0; let mut x357: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x356, &mut x357, x355, x284, x332); let mut x358: u32 = 0; let mut x359: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x358, &mut x359, x357, x286, x334); let mut x360: u32 = 0; let mut x361: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x360, &mut x361, x359, x288, x336); let mut x362: u32 = 0; let mut x363: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x290, x338); let mut x364: u32 = 0; let mut x365: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x364, &mut x365, x363, x292, x340); let mut x366: u32 = 0; let mut x367: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x294, x342); let mut x368: u32 = 0; let mut x369: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x368, &mut x369, x367, ((x295 as u32) + (x271 as u32)), ((x343 as u32) + x299)); let mut x370: u32 = 0; let mut x371: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x370, &mut x371, 0x0, x346, (arg1[4])); let mut x372: u32 = 0; let mut x373: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x372, &mut x373, x371, x348, (0x0 as u32)); let mut x374: u32 = 0; let mut x375: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x374, &mut x375, x373, x350, (0x0 as u32)); let mut x376: u32 = 0; let mut x377: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x376, &mut x377, x375, x352, (0x0 as u32)); let mut x378: u32 = 0; let mut x379: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x378, &mut x379, x377, x354, (0x0 as u32)); let mut x380: u32 = 0; let mut x381: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x380, &mut x381, x379, x356, (0x0 as u32)); let mut x382: u32 = 0; let mut x383: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x382, &mut x383, x381, x358, (0x0 as u32)); let mut x384: u32 = 0; let mut x385: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x384, &mut x385, x383, x360, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x386, &mut x387, x385, x362, (0x0 as u32)); let mut x388: u32 = 0; let mut x389: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x388, &mut x389, x387, x364, (0x0 as u32)); let mut x390: u32 = 0; let mut x391: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x390, &mut x391, x389, x366, (0x0 as u32)); let mut x392: u32 = 0; let mut x393: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x392, &mut x393, x391, x368, (0x0 as u32)); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x394, &mut x395, x370, 0xe88fdc45); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x396, &mut x397, x394, 0xffffffff); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x398, &mut x399, x394, 0xffffffff); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x400, &mut x401, x394, 0xffffffff); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x402, &mut x403, x394, 0xffffffff); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x404, &mut x405, x394, 0xffffffff); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x406, &mut x407, x394, 0xffffffff); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x408, &mut x409, x394, 0xc7634d81); let mut x410: u32 = 0; let mut x411: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x410, &mut x411, x394, 0xf4372ddf); let mut x412: u32 = 0; let mut x413: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x412, &mut x413, x394, 0x581a0db2); let mut x414: u32 = 0; let mut x415: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x414, &mut x415, x394, 0x48b0a77a); let mut x416: u32 = 0; let mut x417: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x416, &mut x417, x394, 0xecec196a); let mut x418: u32 = 0; let mut x419: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x418, &mut x419, x394, 0xccc52973); let mut x420: u32 = 0; let mut x421: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x420, &mut x421, 0x0, x419, x416); let mut x422: u32 = 0; let mut x423: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x417, x414); let mut x424: u32 = 0; let mut x425: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x424, &mut x425, x423, x415, x412); let mut x426: u32 = 0; let mut x427: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x426, &mut x427, x425, x413, x410); let mut x428: u32 = 0; let mut x429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x428, &mut x429, x427, x411, x408); let mut x430: u32 = 0; let mut x431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x430, &mut x431, x429, x409, x406); let mut x432: u32 = 0; let mut x433: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x432, &mut x433, x431, x407, x404); let mut x434: u32 = 0; let mut x435: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x434, &mut x435, x433, x405, x402); let mut x436: u32 = 0; let mut x437: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x436, &mut x437, x435, x403, x400); let mut x438: u32 = 0; let mut x439: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x438, &mut x439, x437, x401, x398); let mut x440: u32 = 0; let mut x441: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x440, &mut x441, x439, x399, x396); let mut x442: u32 = 0; let mut x443: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x442, &mut x443, 0x0, x370, x418); let mut x444: u32 = 0; let mut x445: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x444, &mut x445, x443, x372, x420); let mut x446: u32 = 0; let mut x447: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x446, &mut x447, x445, x374, x422); let mut x448: u32 = 0; let mut x449: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x448, &mut x449, x447, x376, x424); let mut x450: u32 = 0; let mut x451: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x450, &mut x451, x449, x378, x426); let mut x452: u32 = 0; let mut x453: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x452, &mut x453, x451, x380, x428); let mut x454: u32 = 0; let mut x455: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x454, &mut x455, x453, x382, x430); let mut x456: u32 = 0; let mut x457: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x456, &mut x457, x455, x384, x432); let mut x458: u32 = 0; let mut x459: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x386, x434); let mut x460: u32 = 0; let mut x461: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x388, x436); let mut x462: u32 = 0; let mut x463: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x390, x438); let mut x464: u32 = 0; let mut x465: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x464, &mut x465, x463, x392, x440); let mut x466: u32 = 0; let mut x467: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x466, &mut x467, x465, ((x393 as u32) + (x369 as u32)), ((x441 as u32) + x397)); let mut x468: u32 = 0; let mut x469: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x468, &mut x469, 0x0, x444, (arg1[5])); let mut x470: u32 = 0; let mut x471: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x470, &mut x471, x469, x446, (0x0 as u32)); let mut x472: u32 = 0; let mut x473: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x472, &mut x473, x471, x448, (0x0 as u32)); let mut x474: u32 = 0; let mut x475: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x474, &mut x475, x473, x450, (0x0 as u32)); let mut x476: u32 = 0; let mut x477: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x476, &mut x477, x475, x452, (0x0 as u32)); let mut x478: u32 = 0; let mut x479: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x478, &mut x479, x477, x454, (0x0 as u32)); let mut x480: u32 = 0; let mut x481: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x480, &mut x481, x479, x456, (0x0 as u32)); let mut x482: u32 = 0; let mut x483: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x482, &mut x483, x481, x458, (0x0 as u32)); let mut x484: u32 = 0; let mut x485: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x460, (0x0 as u32)); let mut x486: u32 = 0; let mut x487: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x462, (0x0 as u32)); let mut x488: u32 = 0; let mut x489: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x464, (0x0 as u32)); let mut x490: u32 = 0; let mut x491: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x466, (0x0 as u32)); let mut x492: u32 = 0; let mut x493: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x492, &mut x493, x468, 0xe88fdc45); let mut x494: u32 = 0; let mut x495: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x494, &mut x495, x492, 0xffffffff); let mut x496: u32 = 0; let mut x497: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x496, &mut x497, x492, 0xffffffff); let mut x498: u32 = 0; let mut x499: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x498, &mut x499, x492, 0xffffffff); let mut x500: u32 = 0; let mut x501: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x500, &mut x501, x492, 0xffffffff); let mut x502: u32 = 0; let mut x503: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x502, &mut x503, x492, 0xffffffff); let mut x504: u32 = 0; let mut x505: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x504, &mut x505, x492, 0xffffffff); let mut x506: u32 = 0; let mut x507: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x506, &mut x507, x492, 0xc7634d81); let mut x508: u32 = 0; let mut x509: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x508, &mut x509, x492, 0xf4372ddf); let mut x510: u32 = 0; let mut x511: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x510, &mut x511, x492, 0x581a0db2); let mut x512: u32 = 0; let mut x513: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x512, &mut x513, x492, 0x48b0a77a); let mut x514: u32 = 0; let mut x515: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x514, &mut x515, x492, 0xecec196a); let mut x516: u32 = 0; let mut x517: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x516, &mut x517, x492, 0xccc52973); let mut x518: u32 = 0; let mut x519: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x518, &mut x519, 0x0, x517, x514); let mut x520: u32 = 0; let mut x521: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x520, &mut x521, x519, x515, x512); let mut x522: u32 = 0; let mut x523: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x522, &mut x523, x521, x513, x510); let mut x524: u32 = 0; let mut x525: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x524, &mut x525, x523, x511, x508); let mut x526: u32 = 0; let mut x527: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x526, &mut x527, x525, x509, x506); let mut x528: u32 = 0; let mut x529: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x528, &mut x529, x527, x507, x504); let mut x530: u32 = 0; let mut x531: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x530, &mut x531, x529, x505, x502); let mut x532: u32 = 0; let mut x533: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x503, x500); let mut x534: u32 = 0; let mut x535: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x501, x498); let mut x536: u32 = 0; let mut x537: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x499, x496); let mut x538: u32 = 0; let mut x539: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x497, x494); let mut x540: u32 = 0; let mut x541: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x540, &mut x541, 0x0, x468, x516); let mut x542: u32 = 0; let mut x543: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x542, &mut x543, x541, x470, x518); let mut x544: u32 = 0; let mut x545: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x544, &mut x545, x543, x472, x520); let mut x546: u32 = 0; let mut x547: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x546, &mut x547, x545, x474, x522); let mut x548: u32 = 0; let mut x549: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x548, &mut x549, x547, x476, x524); let mut x550: u32 = 0; let mut x551: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x550, &mut x551, x549, x478, x526); let mut x552: u32 = 0; let mut x553: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x552, &mut x553, x551, x480, x528); let mut x554: u32 = 0; let mut x555: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x554, &mut x555, x553, x482, x530); let mut x556: u32 = 0; let mut x557: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x556, &mut x557, x555, x484, x532); let mut x558: u32 = 0; let mut x559: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x558, &mut x559, x557, x486, x534); let mut x560: u32 = 0; let mut x561: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x560, &mut x561, x559, x488, x536); let mut x562: u32 = 0; let mut x563: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x562, &mut x563, x561, x490, x538); let mut x564: u32 = 0; let mut x565: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x564, &mut x565, x563, ((x491 as u32) + (x467 as u32)), ((x539 as u32) + x495)); let mut x566: u32 = 0; let mut x567: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x566, &mut x567, 0x0, x542, (arg1[6])); let mut x568: u32 = 0; let mut x569: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x568, &mut x569, x567, x544, (0x0 as u32)); let mut x570: u32 = 0; let mut x571: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x570, &mut x571, x569, x546, (0x0 as u32)); let mut x572: u32 = 0; let mut x573: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x572, &mut x573, x571, x548, (0x0 as u32)); let mut x574: u32 = 0; let mut x575: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x574, &mut x575, x573, x550, (0x0 as u32)); let mut x576: u32 = 0; let mut x577: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x576, &mut x577, x575, x552, (0x0 as u32)); let mut x578: u32 = 0; let mut x579: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x578, &mut x579, x577, x554, (0x0 as u32)); let mut x580: u32 = 0; let mut x581: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x580, &mut x581, x579, x556, (0x0 as u32)); let mut x582: u32 = 0; let mut x583: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x582, &mut x583, x581, x558, (0x0 as u32)); let mut x584: u32 = 0; let mut x585: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x584, &mut x585, x583, x560, (0x0 as u32)); let mut x586: u32 = 0; let mut x587: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x586, &mut x587, x585, x562, (0x0 as u32)); let mut x588: u32 = 0; let mut x589: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x588, &mut x589, x587, x564, (0x0 as u32)); let mut x590: u32 = 0; let mut x591: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x590, &mut x591, x566, 0xe88fdc45); let mut x592: u32 = 0; let mut x593: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x592, &mut x593, x590, 0xffffffff); let mut x594: u32 = 0; let mut x595: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x594, &mut x595, x590, 0xffffffff); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x596, &mut x597, x590, 0xffffffff); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x598, &mut x599, x590, 0xffffffff); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x600, &mut x601, x590, 0xffffffff); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x602, &mut x603, x590, 0xffffffff); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x604, &mut x605, x590, 0xc7634d81); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x606, &mut x607, x590, 0xf4372ddf); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x608, &mut x609, x590, 0x581a0db2); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x610, &mut x611, x590, 0x48b0a77a); let mut x612: u32 = 0; let mut x613: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x612, &mut x613, x590, 0xecec196a); let mut x614: u32 = 0; let mut x615: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x614, &mut x615, x590, 0xccc52973); let mut x616: u32 = 0; let mut x617: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x616, &mut x617, 0x0, x615, x612); let mut x618: u32 = 0; let mut x619: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x618, &mut x619, x617, x613, x610); let mut x620: u32 = 0; let mut x621: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x620, &mut x621, x619, x611, x608); let mut x622: u32 = 0; let mut x623: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x622, &mut x623, x621, x609, x606); let mut x624: u32 = 0; let mut x625: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x624, &mut x625, x623, x607, x604); let mut x626: u32 = 0; let mut x627: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x626, &mut x627, x625, x605, x602); let mut x628: u32 = 0; let mut x629: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x628, &mut x629, x627, x603, x600); let mut x630: u32 = 0; let mut x631: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x630, &mut x631, x629, x601, x598); let mut x632: u32 = 0; let mut x633: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x632, &mut x633, x631, x599, x596); let mut x634: u32 = 0; let mut x635: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x634, &mut x635, x633, x597, x594); let mut x636: u32 = 0; let mut x637: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x636, &mut x637, x635, x595, x592); let mut x638: u32 = 0; let mut x639: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x638, &mut x639, 0x0, x566, x614); let mut x640: u32 = 0; let mut x641: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x640, &mut x641, x639, x568, x616); let mut x642: u32 = 0; let mut x643: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x642, &mut x643, x641, x570, x618); let mut x644: u32 = 0; let mut x645: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x644, &mut x645, x643, x572, x620); let mut x646: u32 = 0; let mut x647: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x646, &mut x647, x645, x574, x622); let mut x648: u32 = 0; let mut x649: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x648, &mut x649, x647, x576, x624); let mut x650: u32 = 0; let mut x651: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x650, &mut x651, x649, x578, x626); let mut x652: u32 = 0; let mut x653: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x652, &mut x653, x651, x580, x628); let mut x654: u32 = 0; let mut x655: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x654, &mut x655, x653, x582, x630); let mut x656: u32 = 0; let mut x657: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x656, &mut x657, x655, x584, x632); let mut x658: u32 = 0; let mut x659: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x658, &mut x659, x657, x586, x634); let mut x660: u32 = 0; let mut x661: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x660, &mut x661, x659, x588, x636); let mut x662: u32 = 0; let mut x663: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x662, &mut x663, x661, ((x589 as u32) + (x565 as u32)), ((x637 as u32) + x593)); let mut x664: u32 = 0; let mut x665: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x664, &mut x665, 0x0, x640, (arg1[7])); let mut x666: u32 = 0; let mut x667: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x666, &mut x667, x665, x642, (0x0 as u32)); let mut x668: u32 = 0; let mut x669: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x668, &mut x669, x667, x644, (0x0 as u32)); let mut x670: u32 = 0; let mut x671: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x670, &mut x671, x669, x646, (0x0 as u32)); let mut x672: u32 = 0; let mut x673: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x672, &mut x673, x671, x648, (0x0 as u32)); let mut x674: u32 = 0; let mut x675: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x674, &mut x675, x673, x650, (0x0 as u32)); let mut x676: u32 = 0; let mut x677: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x676, &mut x677, x675, x652, (0x0 as u32)); let mut x678: u32 = 0; let mut x679: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x678, &mut x679, x677, x654, (0x0 as u32)); let mut x680: u32 = 0; let mut x681: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x680, &mut x681, x679, x656, (0x0 as u32)); let mut x682: u32 = 0; let mut x683: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x682, &mut x683, x681, x658, (0x0 as u32)); let mut x684: u32 = 0; let mut x685: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x684, &mut x685, x683, x660, (0x0 as u32)); let mut x686: u32 = 0; let mut x687: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x686, &mut x687, x685, x662, (0x0 as u32)); let mut x688: u32 = 0; let mut x689: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x688, &mut x689, x664, 0xe88fdc45); let mut x690: u32 = 0; let mut x691: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x690, &mut x691, x688, 0xffffffff); let mut x692: u32 = 0; let mut x693: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x692, &mut x693, x688, 0xffffffff); let mut x694: u32 = 0; let mut x695: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x694, &mut x695, x688, 0xffffffff); let mut x696: u32 = 0; let mut x697: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x696, &mut x697, x688, 0xffffffff); let mut x698: u32 = 0; let mut x699: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x698, &mut x699, x688, 0xffffffff); let mut x700: u32 = 0; let mut x701: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x700, &mut x701, x688, 0xffffffff); let mut x702: u32 = 0; let mut x703: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x702, &mut x703, x688, 0xc7634d81); let mut x704: u32 = 0; let mut x705: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x704, &mut x705, x688, 0xf4372ddf); let mut x706: u32 = 0; let mut x707: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x706, &mut x707, x688, 0x581a0db2); let mut x708: u32 = 0; let mut x709: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x708, &mut x709, x688, 0x48b0a77a); let mut x710: u32 = 0; let mut x711: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x710, &mut x711, x688, 0xecec196a); let mut x712: u32 = 0; let mut x713: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x712, &mut x713, x688, 0xccc52973); let mut x714: u32 = 0; let mut x715: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x714, &mut x715, 0x0, x713, x710); let mut x716: u32 = 0; let mut x717: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x716, &mut x717, x715, x711, x708); let mut x718: u32 = 0; let mut x719: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x718, &mut x719, x717, x709, x706); let mut x720: u32 = 0; let mut x721: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x720, &mut x721, x719, x707, x704); let mut x722: u32 = 0; let mut x723: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x722, &mut x723, x721, x705, x702); let mut x724: u32 = 0; let mut x725: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x724, &mut x725, x723, x703, x700); let mut x726: u32 = 0; let mut x727: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x726, &mut x727, x725, x701, x698); let mut x728: u32 = 0; let mut x729: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x728, &mut x729, x727, x699, x696); let mut x730: u32 = 0; let mut x731: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x730, &mut x731, x729, x697, x694); let mut x732: u32 = 0; let mut x733: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x732, &mut x733, x731, x695, x692); let mut x734: u32 = 0; let mut x735: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x734, &mut x735, x733, x693, x690); let mut x736: u32 = 0; let mut x737: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x736, &mut x737, 0x0, x664, x712); let mut x738: u32 = 0; let mut x739: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x738, &mut x739, x737, x666, x714); let mut x740: u32 = 0; let mut x741: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x740, &mut x741, x739, x668, x716); let mut x742: u32 = 0; let mut x743: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x742, &mut x743, x741, x670, x718); let mut x744: u32 = 0; let mut x745: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x744, &mut x745, x743, x672, x720); let mut x746: u32 = 0; let mut x747: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x746, &mut x747, x745, x674, x722); let mut x748: u32 = 0; let mut x749: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x748, &mut x749, x747, x676, x724); let mut x750: u32 = 0; let mut x751: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x750, &mut x751, x749, x678, x726); let mut x752: u32 = 0; let mut x753: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x752, &mut x753, x751, x680, x728); let mut x754: u32 = 0; let mut x755: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x754, &mut x755, x753, x682, x730); let mut x756: u32 = 0; let mut x757: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x756, &mut x757, x755, x684, x732); let mut x758: u32 = 0; let mut x759: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x758, &mut x759, x757, x686, x734); let mut x760: u32 = 0; let mut x761: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x760, &mut x761, x759, ((x687 as u32) + (x663 as u32)), ((x735 as u32) + x691)); let mut x762: u32 = 0; let mut x763: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x762, &mut x763, 0x0, x738, (arg1[8])); let mut x764: u32 = 0; let mut x765: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x764, &mut x765, x763, x740, (0x0 as u32)); let mut x766: u32 = 0; let mut x767: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x766, &mut x767, x765, x742, (0x0 as u32)); let mut x768: u32 = 0; let mut x769: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x768, &mut x769, x767, x744, (0x0 as u32)); let mut x770: u32 = 0; let mut x771: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x770, &mut x771, x769, x746, (0x0 as u32)); let mut x772: u32 = 0; let mut x773: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x772, &mut x773, x771, x748, (0x0 as u32)); let mut x774: u32 = 0; let mut x775: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x774, &mut x775, x773, x750, (0x0 as u32)); let mut x776: u32 = 0; let mut x777: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x776, &mut x777, x775, x752, (0x0 as u32)); let mut x778: u32 = 0; let mut x779: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x778, &mut x779, x777, x754, (0x0 as u32)); let mut x780: u32 = 0; let mut x781: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x780, &mut x781, x779, x756, (0x0 as u32)); let mut x782: u32 = 0; let mut x783: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x782, &mut x783, x781, x758, (0x0 as u32)); let mut x784: u32 = 0; let mut x785: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x784, &mut x785, x783, x760, (0x0 as u32)); let mut x786: u32 = 0; let mut x787: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x786, &mut x787, x762, 0xe88fdc45); let mut x788: u32 = 0; let mut x789: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x788, &mut x789, x786, 0xffffffff); let mut x790: u32 = 0; let mut x791: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x790, &mut x791, x786, 0xffffffff); let mut x792: u32 = 0; let mut x793: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x792, &mut x793, x786, 0xffffffff); let mut x794: u32 = 0; let mut x795: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x794, &mut x795, x786, 0xffffffff); let mut x796: u32 = 0; let mut x797: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x796, &mut x797, x786, 0xffffffff); let mut x798: u32 = 0; let mut x799: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x798, &mut x799, x786, 0xffffffff); let mut x800: u32 = 0; let mut x801: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x800, &mut x801, x786, 0xc7634d81); let mut x802: u32 = 0; let mut x803: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x802, &mut x803, x786, 0xf4372ddf); let mut x804: u32 = 0; let mut x805: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x804, &mut x805, x786, 0x581a0db2); let mut x806: u32 = 0; let mut x807: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x806, &mut x807, x786, 0x48b0a77a); let mut x808: u32 = 0; let mut x809: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x808, &mut x809, x786, 0xecec196a); let mut x810: u32 = 0; let mut x811: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x810, &mut x811, x786, 0xccc52973); let mut x812: u32 = 0; let mut x813: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x812, &mut x813, 0x0, x811, x808); let mut x814: u32 = 0; let mut x815: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x814, &mut x815, x813, x809, x806); let mut x816: u32 = 0; let mut x817: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x816, &mut x817, x815, x807, x804); let mut x818: u32 = 0; let mut x819: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x818, &mut x819, x817, x805, x802); let mut x820: u32 = 0; let mut x821: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x820, &mut x821, x819, x803, x800); let mut x822: u32 = 0; let mut x823: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x822, &mut x823, x821, x801, x798); let mut x824: u32 = 0; let mut x825: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x824, &mut x825, x823, x799, x796); let mut x826: u32 = 0; let mut x827: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x826, &mut x827, x825, x797, x794); let mut x828: u32 = 0; let mut x829: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x828, &mut x829, x827, x795, x792); let mut x830: u32 = 0; let mut x831: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x830, &mut x831, x829, x793, x790); let mut x832: u32 = 0; let mut x833: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x832, &mut x833, x831, x791, x788); let mut x834: u32 = 0; let mut x835: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x834, &mut x835, 0x0, x762, x810); let mut x836: u32 = 0; let mut x837: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x836, &mut x837, x835, x764, x812); let mut x838: u32 = 0; let mut x839: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x838, &mut x839, x837, x766, x814); let mut x840: u32 = 0; let mut x841: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x840, &mut x841, x839, x768, x816); let mut x842: u32 = 0; let mut x843: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x842, &mut x843, x841, x770, x818); let mut x844: u32 = 0; let mut x845: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x844, &mut x845, x843, x772, x820); let mut x846: u32 = 0; let mut x847: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x846, &mut x847, x845, x774, x822); let mut x848: u32 = 0; let mut x849: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x848, &mut x849, x847, x776, x824); let mut x850: u32 = 0; let mut x851: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x850, &mut x851, x849, x778, x826); let mut x852: u32 = 0; let mut x853: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x852, &mut x853, x851, x780, x828); let mut x854: u32 = 0; let mut x855: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x854, &mut x855, x853, x782, x830); let mut x856: u32 = 0; let mut x857: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x856, &mut x857, x855, x784, x832); let mut x858: u32 = 0; let mut x859: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x858, &mut x859, x857, ((x785 as u32) + (x761 as u32)), ((x833 as u32) + x789)); let mut x860: u32 = 0; let mut x861: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x860, &mut x861, 0x0, x836, (arg1[9])); let mut x862: u32 = 0; let mut x863: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x862, &mut x863, x861, x838, (0x0 as u32)); let mut x864: u32 = 0; let mut x865: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x864, &mut x865, x863, x840, (0x0 as u32)); let mut x866: u32 = 0; let mut x867: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x866, &mut x867, x865, x842, (0x0 as u32)); let mut x868: u32 = 0; let mut x869: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x868, &mut x869, x867, x844, (0x0 as u32)); let mut x870: u32 = 0; let mut x871: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x870, &mut x871, x869, x846, (0x0 as u32)); let mut x872: u32 = 0; let mut x873: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x872, &mut x873, x871, x848, (0x0 as u32)); let mut x874: u32 = 0; let mut x875: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x874, &mut x875, x873, x850, (0x0 as u32)); let mut x876: u32 = 0; let mut x877: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x876, &mut x877, x875, x852, (0x0 as u32)); let mut x878: u32 = 0; let mut x879: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x878, &mut x879, x877, x854, (0x0 as u32)); let mut x880: u32 = 0; let mut x881: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x880, &mut x881, x879, x856, (0x0 as u32)); let mut x882: u32 = 0; let mut x883: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x882, &mut x883, x881, x858, (0x0 as u32)); let mut x884: u32 = 0; let mut x885: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x884, &mut x885, x860, 0xe88fdc45); let mut x886: u32 = 0; let mut x887: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x886, &mut x887, x884, 0xffffffff); let mut x888: u32 = 0; let mut x889: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x888, &mut x889, x884, 0xffffffff); let mut x890: u32 = 0; let mut x891: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x890, &mut x891, x884, 0xffffffff); let mut x892: u32 = 0; let mut x893: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x892, &mut x893, x884, 0xffffffff); let mut x894: u32 = 0; let mut x895: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x894, &mut x895, x884, 0xffffffff); let mut x896: u32 = 0; let mut x897: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x896, &mut x897, x884, 0xffffffff); let mut x898: u32 = 0; let mut x899: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x898, &mut x899, x884, 0xc7634d81); let mut x900: u32 = 0; let mut x901: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x900, &mut x901, x884, 0xf4372ddf); let mut x902: u32 = 0; let mut x903: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x902, &mut x903, x884, 0x581a0db2); let mut x904: u32 = 0; let mut x905: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x904, &mut x905, x884, 0x48b0a77a); let mut x906: u32 = 0; let mut x907: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x906, &mut x907, x884, 0xecec196a); let mut x908: u32 = 0; let mut x909: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x908, &mut x909, x884, 0xccc52973); let mut x910: u32 = 0; let mut x911: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x910, &mut x911, 0x0, x909, x906); let mut x912: u32 = 0; let mut x913: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x912, &mut x913, x911, x907, x904); let mut x914: u32 = 0; let mut x915: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x914, &mut x915, x913, x905, x902); let mut x916: u32 = 0; let mut x917: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x916, &mut x917, x915, x903, x900); let mut x918: u32 = 0; let mut x919: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x918, &mut x919, x917, x901, x898); let mut x920: u32 = 0; let mut x921: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x920, &mut x921, x919, x899, x896); let mut x922: u32 = 0; let mut x923: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x922, &mut x923, x921, x897, x894); let mut x924: u32 = 0; let mut x925: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x924, &mut x925, x923, x895, x892); let mut x926: u32 = 0; let mut x927: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x926, &mut x927, x925, x893, x890); let mut x928: u32 = 0; let mut x929: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x928, &mut x929, x927, x891, x888); let mut x930: u32 = 0; let mut x931: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x930, &mut x931, x929, x889, x886); let mut x932: u32 = 0; let mut x933: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x932, &mut x933, 0x0, x860, x908); let mut x934: u32 = 0; let mut x935: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x934, &mut x935, x933, x862, x910); let mut x936: u32 = 0; let mut x937: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x936, &mut x937, x935, x864, x912); let mut x938: u32 = 0; let mut x939: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x938, &mut x939, x937, x866, x914); let mut x940: u32 = 0; let mut x941: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x940, &mut x941, x939, x868, x916); let mut x942: u32 = 0; let mut x943: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x942, &mut x943, x941, x870, x918); let mut x944: u32 = 0; let mut x945: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x944, &mut x945, x943, x872, x920); let mut x946: u32 = 0; let mut x947: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x946, &mut x947, x945, x874, x922); let mut x948: u32 = 0; let mut x949: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x948, &mut x949, x947, x876, x924); let mut x950: u32 = 0; let mut x951: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x950, &mut x951, x949, x878, x926); let mut x952: u32 = 0; let mut x953: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x952, &mut x953, x951, x880, x928); let mut x954: u32 = 0; let mut x955: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x954, &mut x955, x953, x882, x930); let mut x956: u32 = 0; let mut x957: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x956, &mut x957, x955, ((x883 as u32) + (x859 as u32)), ((x931 as u32) + x887)); let mut x958: u32 = 0; let mut x959: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x958, &mut x959, 0x0, x934, (arg1[10])); let mut x960: u32 = 0; let mut x961: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x960, &mut x961, x959, x936, (0x0 as u32)); let mut x962: u32 = 0; let mut x963: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x962, &mut x963, x961, x938, (0x0 as u32)); let mut x964: u32 = 0; let mut x965: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x964, &mut x965, x963, x940, (0x0 as u32)); let mut x966: u32 = 0; let mut x967: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x966, &mut x967, x965, x942, (0x0 as u32)); let mut x968: u32 = 0; let mut x969: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x968, &mut x969, x967, x944, (0x0 as u32)); let mut x970: u32 = 0; let mut x971: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x970, &mut x971, x969, x946, (0x0 as u32)); let mut x972: u32 = 0; let mut x973: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x972, &mut x973, x971, x948, (0x0 as u32)); let mut x974: u32 = 0; let mut x975: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x974, &mut x975, x973, x950, (0x0 as u32)); let mut x976: u32 = 0; let mut x977: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x976, &mut x977, x975, x952, (0x0 as u32)); let mut x978: u32 = 0; let mut x979: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x978, &mut x979, x977, x954, (0x0 as u32)); let mut x980: u32 = 0; let mut x981: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x980, &mut x981, x979, x956, (0x0 as u32)); let mut x982: u32 = 0; let mut x983: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x982, &mut x983, x958, 0xe88fdc45); let mut x984: u32 = 0; let mut x985: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x984, &mut x985, x982, 0xffffffff); let mut x986: u32 = 0; let mut x987: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x986, &mut x987, x982, 0xffffffff); let mut x988: u32 = 0; let mut x989: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x988, &mut x989, x982, 0xffffffff); let mut x990: u32 = 0; let mut x991: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x990, &mut x991, x982, 0xffffffff); let mut x992: u32 = 0; let mut x993: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x992, &mut x993, x982, 0xffffffff); let mut x994: u32 = 0; let mut x995: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x994, &mut x995, x982, 0xffffffff); let mut x996: u32 = 0; let mut x997: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x996, &mut x997, x982, 0xc7634d81); let mut x998: u32 = 0; let mut x999: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x998, &mut x999, x982, 0xf4372ddf); let mut x1000: u32 = 0; let mut x1001: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1000, &mut x1001, x982, 0x581a0db2); let mut x1002: u32 = 0; let mut x1003: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1002, &mut x1003, x982, 0x48b0a77a); let mut x1004: u32 = 0; let mut x1005: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1004, &mut x1005, x982, 0xecec196a); let mut x1006: u32 = 0; let mut x1007: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1006, &mut x1007, x982, 0xccc52973); let mut x1008: u32 = 0; let mut x1009: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1008, &mut x1009, 0x0, x1007, x1004); let mut x1010: u32 = 0; let mut x1011: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1010, &mut x1011, x1009, x1005, x1002); let mut x1012: u32 = 0; let mut x1013: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1012, &mut x1013, x1011, x1003, x1000); let mut x1014: u32 = 0; let mut x1015: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1014, &mut x1015, x1013, x1001, x998); let mut x1016: u32 = 0; let mut x1017: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1016, &mut x1017, x1015, x999, x996); let mut x1018: u32 = 0; let mut x1019: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1018, &mut x1019, x1017, x997, x994); let mut x1020: u32 = 0; let mut x1021: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1020, &mut x1021, x1019, x995, x992); let mut x1022: u32 = 0; let mut x1023: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1022, &mut x1023, x1021, x993, x990); let mut x1024: u32 = 0; let mut x1025: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1024, &mut x1025, x1023, x991, x988); let mut x1026: u32 = 0; let mut x1027: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1026, &mut x1027, x1025, x989, x986); let mut x1028: u32 = 0; let mut x1029: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1028, &mut x1029, x1027, x987, x984); let mut x1030: u32 = 0; let mut x1031: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1030, &mut x1031, 0x0, x958, x1006); let mut x1032: u32 = 0; let mut x1033: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1032, &mut x1033, x1031, x960, x1008); let mut x1034: u32 = 0; let mut x1035: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1034, &mut x1035, x1033, x962, x1010); let mut x1036: u32 = 0; let mut x1037: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1036, &mut x1037, x1035, x964, x1012); let mut x1038: u32 = 0; let mut x1039: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1038, &mut x1039, x1037, x966, x1014); let mut x1040: u32 = 0; let mut x1041: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1040, &mut x1041, x1039, x968, x1016); let mut x1042: u32 = 0; let mut x1043: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1042, &mut x1043, x1041, x970, x1018); let mut x1044: u32 = 0; let mut x1045: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1044, &mut x1045, x1043, x972, x1020); let mut x1046: u32 = 0; let mut x1047: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1046, &mut x1047, x1045, x974, x1022); let mut x1048: u32 = 0; let mut x1049: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1048, &mut x1049, x1047, x976, x1024); let mut x1050: u32 = 0; let mut x1051: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1050, &mut x1051, x1049, x978, x1026); let mut x1052: u32 = 0; let mut x1053: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1052, &mut x1053, x1051, x980, x1028); let mut x1054: u32 = 0; let mut x1055: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1054, &mut x1055, x1053, ((x981 as u32) + (x957 as u32)), ((x1029 as u32) + x985)); let mut x1056: u32 = 0; let mut x1057: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1056, &mut x1057, 0x0, x1032, (arg1[11])); let mut x1058: u32 = 0; let mut x1059: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1058, &mut x1059, x1057, x1034, (0x0 as u32)); let mut x1060: u32 = 0; let mut x1061: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1060, &mut x1061, x1059, x1036, (0x0 as u32)); let mut x1062: u32 = 0; let mut x1063: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1062, &mut x1063, x1061, x1038, (0x0 as u32)); let mut x1064: u32 = 0; let mut x1065: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1064, &mut x1065, x1063, x1040, (0x0 as u32)); let mut x1066: u32 = 0; let mut x1067: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1066, &mut x1067, x1065, x1042, (0x0 as u32)); let mut x1068: u32 = 0; let mut x1069: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1068, &mut x1069, x1067, x1044, (0x0 as u32)); let mut x1070: u32 = 0; let mut x1071: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1070, &mut x1071, x1069, x1046, (0x0 as u32)); let mut x1072: u32 = 0; let mut x1073: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1072, &mut x1073, x1071, x1048, (0x0 as u32)); let mut x1074: u32 = 0; let mut x1075: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1074, &mut x1075, x1073, x1050, (0x0 as u32)); let mut x1076: u32 = 0; let mut x1077: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1076, &mut x1077, x1075, x1052, (0x0 as u32)); let mut x1078: u32 = 0; let mut x1079: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1078, &mut x1079, x1077, x1054, (0x0 as u32)); let mut x1080: u32 = 0; let mut x1081: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1080, &mut x1081, x1056, 0xe88fdc45); let mut x1082: u32 = 0; let mut x1083: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1082, &mut x1083, x1080, 0xffffffff); let mut x1084: u32 = 0; let mut x1085: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1084, &mut x1085, x1080, 0xffffffff); let mut x1086: u32 = 0; let mut x1087: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1086, &mut x1087, x1080, 0xffffffff); let mut x1088: u32 = 0; let mut x1089: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1088, &mut x1089, x1080, 0xffffffff); let mut x1090: u32 = 0; let mut x1091: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1090, &mut x1091, x1080, 0xffffffff); let mut x1092: u32 = 0; let mut x1093: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1092, &mut x1093, x1080, 0xffffffff); let mut x1094: u32 = 0; let mut x1095: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1094, &mut x1095, x1080, 0xc7634d81); let mut x1096: u32 = 0; let mut x1097: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1096, &mut x1097, x1080, 0xf4372ddf); let mut x1098: u32 = 0; let mut x1099: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1098, &mut x1099, x1080, 0x581a0db2); let mut x1100: u32 = 0; let mut x1101: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1100, &mut x1101, x1080, 0x48b0a77a); let mut x1102: u32 = 0; let mut x1103: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1102, &mut x1103, x1080, 0xecec196a); let mut x1104: u32 = 0; let mut x1105: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1104, &mut x1105, x1080, 0xccc52973); let mut x1106: u32 = 0; let mut x1107: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1106, &mut x1107, 0x0, x1105, x1102); let mut x1108: u32 = 0; let mut x1109: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1108, &mut x1109, x1107, x1103, x1100); let mut x1110: u32 = 0; let mut x1111: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1110, &mut x1111, x1109, x1101, x1098); let mut x1112: u32 = 0; let mut x1113: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1112, &mut x1113, x1111, x1099, x1096); let mut x1114: u32 = 0; let mut x1115: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1114, &mut x1115, x1113, x1097, x1094); let mut x1116: u32 = 0; let mut x1117: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1116, &mut x1117, x1115, x1095, x1092); let mut x1118: u32 = 0; let mut x1119: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1118, &mut x1119, x1117, x1093, x1090); let mut x1120: u32 = 0; let mut x1121: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1120, &mut x1121, x1119, x1091, x1088); let mut x1122: u32 = 0; let mut x1123: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1122, &mut x1123, x1121, x1089, x1086); let mut x1124: u32 = 0; let mut x1125: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1124, &mut x1125, x1123, x1087, x1084); let mut x1126: u32 = 0; let mut x1127: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1126, &mut x1127, x1125, x1085, x1082); let mut x1128: u32 = 0; let mut x1129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1128, &mut x1129, 0x0, x1056, x1104); let mut x1130: u32 = 0; let mut x1131: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1130, &mut x1131, x1129, x1058, x1106); let mut x1132: u32 = 0; let mut x1133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1132, &mut x1133, x1131, x1060, x1108); let mut x1134: u32 = 0; let mut x1135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1134, &mut x1135, x1133, x1062, x1110); let mut x1136: u32 = 0; let mut x1137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1136, &mut x1137, x1135, x1064, x1112); let mut x1138: u32 = 0; let mut x1139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1138, &mut x1139, x1137, x1066, x1114); let mut x1140: u32 = 0; let mut x1141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1140, &mut x1141, x1139, x1068, x1116); let mut x1142: u32 = 0; let mut x1143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1142, &mut x1143, x1141, x1070, x1118); let mut x1144: u32 = 0; let mut x1145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1144, &mut x1145, x1143, x1072, x1120); let mut x1146: u32 = 0; let mut x1147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1146, &mut x1147, x1145, x1074, x1122); let mut x1148: u32 = 0; let mut x1149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1148, &mut x1149, x1147, x1076, x1124); let mut x1150: u32 = 0; let mut x1151: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1150, &mut x1151, x1149, x1078, x1126); let mut x1152: u32 = 0; let mut x1153: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1152, &mut x1153, x1151, ((x1079 as u32) + (x1055 as u32)), ((x1127 as u32) + x1083)); let mut x1154: u32 = 0; let mut x1155: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1154, &mut x1155, 0x0, x1130, 0xccc52973); let mut x1156: u32 = 0; let mut x1157: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1156, &mut x1157, x1155, x1132, 0xecec196a); let mut x1158: u32 = 0; let mut x1159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1158, &mut x1159, x1157, x1134, 0x48b0a77a); let mut x1160: u32 = 0; let mut x1161: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1160, &mut x1161, x1159, x1136, 0x581a0db2); let mut x1162: u32 = 0; let mut x1163: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1162, &mut x1163, x1161, x1138, 0xf4372ddf); let mut x1164: u32 = 0; let mut x1165: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1164, &mut x1165, x1163, x1140, 0xc7634d81); let mut x1166: u32 = 0; let mut x1167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1166, &mut x1167, x1165, x1142, 0xffffffff); let mut x1168: u32 = 0; let mut x1169: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1168, &mut x1169, x1167, x1144, 0xffffffff); let mut x1170: u32 = 0; let mut x1171: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1170, &mut x1171, x1169, x1146, 0xffffffff); let mut x1172: u32 = 0; let mut x1173: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1172, &mut x1173, x1171, x1148, 0xffffffff); let mut x1174: u32 = 0; let mut x1175: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1174, &mut x1175, x1173, x1150, 0xffffffff); let mut x1176: u32 = 0; let mut x1177: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1176, &mut x1177, x1175, x1152, 0xffffffff); let mut x1178: u32 = 0; let mut x1179: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1178, &mut x1179, x1177, (x1153 as u32), (0x0 as u32)); let mut x1180: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1180, x1179, x1154, x1130); let mut x1181: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1181, x1179, x1156, x1132); let mut x1182: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1182, x1179, x1158, x1134); let mut x1183: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1183, x1179, x1160, x1136); let mut x1184: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1184, x1179, x1162, x1138); let mut x1185: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1185, x1179, x1164, x1140); let mut x1186: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1186, x1179, x1166, x1142); let mut x1187: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1187, x1179, x1168, x1144); let mut x1188: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1188, x1179, x1170, x1146); let mut x1189: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1189, x1179, x1172, x1148); let mut x1190: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1190, x1179, x1174, x1150); let mut x1191: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1191, x1179, x1176, x1152); out1[0] = x1180; out1[1] = x1181; out1[2] = x1182; out1[3] = x1183; out1[4] = x1184; out1[5] = x1185; out1[6] = x1186; out1[7] = x1187; out1[8] = x1188; out1[9] = x1189; out1[10] = x1190; out1[11] = x1191; } /// The function fiat_p384_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_to_montgomery(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[8]); let x9: u32 = (arg1[9]); let x10: u32 = (arg1[10]); let x11: u32 = (arg1[11]); let x12: u32 = (arg1[0]); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x13, &mut x14, x12, 0xc84ee01); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x15, &mut x16, x12, 0x2b39bf21); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x17, &mut x18, x12, 0x3fb05b7a); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x19, &mut x20, x12, 0x28266895); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x21, &mut x22, x12, 0xd40d4917); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x23, &mut x24, x12, 0x4aab1cc5); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x25, &mut x26, x12, 0xbc3e483a); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x27, &mut x28, x12, 0xfcb82947); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x29, &mut x30, x12, 0xff3d81e5); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x31, &mut x32, x12, 0xdf1aa419); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x33, &mut x34, x12, 0x2d319b24); let mut x35: u32 = 0; let mut x36: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x35, &mut x36, x12, 0x19b409a9); let mut x37: u32 = 0; let mut x38: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x37, &mut x38, 0x0, x36, x33); let mut x39: u32 = 0; let mut x40: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x39, &mut x40, x38, x34, x31); let mut x41: u32 = 0; let mut x42: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x41, &mut x42, x40, x32, x29); let mut x43: u32 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x43, &mut x44, x42, x30, x27); let mut x45: u32 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x45, &mut x46, x44, x28, x25); let mut x47: u32 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x47, &mut x48, x46, x26, x23); let mut x49: u32 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x49, &mut x50, x48, x24, x21); let mut x51: u32 = 0; let mut x52: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x51, &mut x52, x50, x22, x19); let mut x53: u32 = 0; let mut x54: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x20, x17); let mut x55: u32 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x18, x15); let mut x57: u32 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x16, x13); let mut x59: u32 = 0; let mut x60: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x59, &mut x60, x35, 0xe88fdc45); let mut x61: u32 = 0; let mut x62: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x61, &mut x62, x59, 0xffffffff); let mut x63: u32 = 0; let mut x64: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x63, &mut x64, x59, 0xffffffff); let mut x65: u32 = 0; let mut x66: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x65, &mut x66, x59, 0xffffffff); let mut x67: u32 = 0; let mut x68: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x67, &mut x68, x59, 0xffffffff); let mut x69: u32 = 0; let mut x70: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x69, &mut x70, x59, 0xffffffff); let mut x71: u32 = 0; let mut x72: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x71, &mut x72, x59, 0xffffffff); let mut x73: u32 = 0; let mut x74: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x73, &mut x74, x59, 0xc7634d81); let mut x75: u32 = 0; let mut x76: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x75, &mut x76, x59, 0xf4372ddf); let mut x77: u32 = 0; let mut x78: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x77, &mut x78, x59, 0x581a0db2); let mut x79: u32 = 0; let mut x80: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x79, &mut x80, x59, 0x48b0a77a); let mut x81: u32 = 0; let mut x82: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x81, &mut x82, x59, 0xecec196a); let mut x83: u32 = 0; let mut x84: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x83, &mut x84, x59, 0xccc52973); let mut x85: u32 = 0; let mut x86: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x85, &mut x86, 0x0, x84, x81); let mut x87: u32 = 0; let mut x88: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x87, &mut x88, x86, x82, x79); let mut x89: u32 = 0; let mut x90: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x89, &mut x90, x88, x80, x77); let mut x91: u32 = 0; let mut x92: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x91, &mut x92, x90, x78, x75); let mut x93: u32 = 0; let mut x94: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x93, &mut x94, x92, x76, x73); let mut x95: u32 = 0; let mut x96: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x95, &mut x96, x94, x74, x71); let mut x97: u32 = 0; let mut x98: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x97, &mut x98, x96, x72, x69); let mut x99: u32 = 0; let mut x100: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x99, &mut x100, x98, x70, x67); let mut x101: u32 = 0; let mut x102: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x101, &mut x102, x100, x68, x65); let mut x103: u32 = 0; let mut x104: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x103, &mut x104, x102, x66, x63); let mut x105: u32 = 0; let mut x106: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x105, &mut x106, x104, x64, x61); let mut x107: u32 = 0; let mut x108: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x107, &mut x108, 0x0, x35, x83); let mut x109: u32 = 0; let mut x110: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x37, x85); let mut x111: u32 = 0; let mut x112: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x39, x87); let mut x113: u32 = 0; let mut x114: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x41, x89); let mut x115: u32 = 0; let mut x116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x43, x91); let mut x117: u32 = 0; let mut x118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x45, x93); let mut x119: u32 = 0; let mut x120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x47, x95); let mut x121: u32 = 0; let mut x122: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x121, &mut x122, x120, x49, x97); let mut x123: u32 = 0; let mut x124: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x123, &mut x124, x122, x51, x99); let mut x125: u32 = 0; let mut x126: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x125, &mut x126, x124, x53, x101); let mut x127: u32 = 0; let mut x128: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x127, &mut x128, x126, x55, x103); let mut x129: u32 = 0; let mut x130: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x129, &mut x130, x128, x57, x105); let mut x131: u32 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x131, &mut x132, x130, ((x58 as u32) + x14), ((x106 as u32) + x62)); let mut x133: u32 = 0; let mut x134: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x133, &mut x134, x1, 0xc84ee01); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x135, &mut x136, x1, 0x2b39bf21); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x137, &mut x138, x1, 0x3fb05b7a); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x139, &mut x140, x1, 0x28266895); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x141, &mut x142, x1, 0xd40d4917); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x143, &mut x144, x1, 0x4aab1cc5); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x145, &mut x146, x1, 0xbc3e483a); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x147, &mut x148, x1, 0xfcb82947); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x149, &mut x150, x1, 0xff3d81e5); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x151, &mut x152, x1, 0xdf1aa419); let mut x153: u32 = 0; let mut x154: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x153, &mut x154, x1, 0x2d319b24); let mut x155: u32 = 0; let mut x156: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x155, &mut x156, x1, 0x19b409a9); let mut x157: u32 = 0; let mut x158: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x157, &mut x158, 0x0, x156, x153); let mut x159: u32 = 0; let mut x160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x159, &mut x160, x158, x154, x151); let mut x161: u32 = 0; let mut x162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x152, x149); let mut x163: u32 = 0; let mut x164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x150, x147); let mut x165: u32 = 0; let mut x166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x148, x145); let mut x167: u32 = 0; let mut x168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x167, &mut x168, x166, x146, x143); let mut x169: u32 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x144, x141); let mut x171: u32 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x142, x139); let mut x173: u32 = 0; let mut x174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x140, x137); let mut x175: u32 = 0; let mut x176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x138, x135); let mut x177: u32 = 0; let mut x178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x136, x133); let mut x179: u32 = 0; let mut x180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x179, &mut x180, 0x0, x109, x155); let mut x181: u32 = 0; let mut x182: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x181, &mut x182, x180, x111, x157); let mut x183: u32 = 0; let mut x184: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x183, &mut x184, x182, x113, x159); let mut x185: u32 = 0; let mut x186: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x185, &mut x186, x184, x115, x161); let mut x187: u32 = 0; let mut x188: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x187, &mut x188, x186, x117, x163); let mut x189: u32 = 0; let mut x190: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x189, &mut x190, x188, x119, x165); let mut x191: u32 = 0; let mut x192: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x191, &mut x192, x190, x121, x167); let mut x193: u32 = 0; let mut x194: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x193, &mut x194, x192, x123, x169); let mut x195: u32 = 0; let mut x196: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x195, &mut x196, x194, x125, x171); let mut x197: u32 = 0; let mut x198: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x197, &mut x198, x196, x127, x173); let mut x199: u32 = 0; let mut x200: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x199, &mut x200, x198, x129, x175); let mut x201: u32 = 0; let mut x202: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x201, &mut x202, x200, x131, x177); let mut x203: u32 = 0; let mut x204: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x203, &mut x204, x179, 0xe88fdc45); let mut x205: u32 = 0; let mut x206: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x205, &mut x206, x203, 0xffffffff); let mut x207: u32 = 0; let mut x208: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x207, &mut x208, x203, 0xffffffff); let mut x209: u32 = 0; let mut x210: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x209, &mut x210, x203, 0xffffffff); let mut x211: u32 = 0; let mut x212: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x211, &mut x212, x203, 0xffffffff); let mut x213: u32 = 0; let mut x214: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x213, &mut x214, x203, 0xffffffff); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x215, &mut x216, x203, 0xffffffff); let mut x217: u32 = 0; let mut x218: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x217, &mut x218, x203, 0xc7634d81); let mut x219: u32 = 0; let mut x220: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x219, &mut x220, x203, 0xf4372ddf); let mut x221: u32 = 0; let mut x222: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x221, &mut x222, x203, 0x581a0db2); let mut x223: u32 = 0; let mut x224: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x223, &mut x224, x203, 0x48b0a77a); let mut x225: u32 = 0; let mut x226: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x225, &mut x226, x203, 0xecec196a); let mut x227: u32 = 0; let mut x228: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x227, &mut x228, x203, 0xccc52973); let mut x229: u32 = 0; let mut x230: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x229, &mut x230, 0x0, x228, x225); let mut x231: u32 = 0; let mut x232: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x231, &mut x232, x230, x226, x223); let mut x233: u32 = 0; let mut x234: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x233, &mut x234, x232, x224, x221); let mut x235: u32 = 0; let mut x236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x235, &mut x236, x234, x222, x219); let mut x237: u32 = 0; let mut x238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x237, &mut x238, x236, x220, x217); let mut x239: u32 = 0; let mut x240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x239, &mut x240, x238, x218, x215); let mut x241: u32 = 0; let mut x242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x241, &mut x242, x240, x216, x213); let mut x243: u32 = 0; let mut x244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x243, &mut x244, x242, x214, x211); let mut x245: u32 = 0; let mut x246: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x245, &mut x246, x244, x212, x209); let mut x247: u32 = 0; let mut x248: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x247, &mut x248, x246, x210, x207); let mut x249: u32 = 0; let mut x250: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x249, &mut x250, x248, x208, x205); let mut x251: u32 = 0; let mut x252: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x251, &mut x252, 0x0, x179, x227); let mut x253: u32 = 0; let mut x254: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x181, x229); let mut x255: u32 = 0; let mut x256: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x255, &mut x256, x254, x183, x231); let mut x257: u32 = 0; let mut x258: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x257, &mut x258, x256, x185, x233); let mut x259: u32 = 0; let mut x260: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x187, x235); let mut x261: u32 = 0; let mut x262: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x189, x237); let mut x263: u32 = 0; let mut x264: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x263, &mut x264, x262, x191, x239); let mut x265: u32 = 0; let mut x266: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x193, x241); let mut x267: u32 = 0; let mut x268: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x195, x243); let mut x269: u32 = 0; let mut x270: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x197, x245); let mut x271: u32 = 0; let mut x272: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x199, x247); let mut x273: u32 = 0; let mut x274: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x201, x249); let mut x275: u32 = 0; let mut x276: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x275, &mut x276, x274, (((x202 as u32) + (x132 as u32)) + ((x178 as u32) + x134)), ((x250 as u32) + x206)); let mut x277: u32 = 0; let mut x278: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x277, &mut x278, x2, 0xc84ee01); let mut x279: u32 = 0; let mut x280: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x279, &mut x280, x2, 0x2b39bf21); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x281, &mut x282, x2, 0x3fb05b7a); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x283, &mut x284, x2, 0x28266895); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x285, &mut x286, x2, 0xd40d4917); let mut x287: u32 = 0; let mut x288: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x287, &mut x288, x2, 0x4aab1cc5); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x289, &mut x290, x2, 0xbc3e483a); let mut x291: u32 = 0; let mut x292: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x291, &mut x292, x2, 0xfcb82947); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x293, &mut x294, x2, 0xff3d81e5); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x295, &mut x296, x2, 0xdf1aa419); let mut x297: u32 = 0; let mut x298: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x297, &mut x298, x2, 0x2d319b24); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x299, &mut x300, x2, 0x19b409a9); let mut x301: u32 = 0; let mut x302: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x301, &mut x302, 0x0, x300, x297); let mut x303: u32 = 0; let mut x304: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x298, x295); let mut x305: u32 = 0; let mut x306: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x305, &mut x306, x304, x296, x293); let mut x307: u32 = 0; let mut x308: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x307, &mut x308, x306, x294, x291); let mut x309: u32 = 0; let mut x310: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x309, &mut x310, x308, x292, x289); let mut x311: u32 = 0; let mut x312: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x311, &mut x312, x310, x290, x287); let mut x313: u32 = 0; let mut x314: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x313, &mut x314, x312, x288, x285); let mut x315: u32 = 0; let mut x316: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x315, &mut x316, x314, x286, x283); let mut x317: u32 = 0; let mut x318: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x317, &mut x318, x316, x284, x281); let mut x319: u32 = 0; let mut x320: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x319, &mut x320, x318, x282, x279); let mut x321: u32 = 0; let mut x322: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x280, x277); let mut x323: u32 = 0; let mut x324: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x323, &mut x324, 0x0, x253, x299); let mut x325: u32 = 0; let mut x326: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x325, &mut x326, x324, x255, x301); let mut x327: u32 = 0; let mut x328: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x327, &mut x328, x326, x257, x303); let mut x329: u32 = 0; let mut x330: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x329, &mut x330, x328, x259, x305); let mut x331: u32 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x331, &mut x332, x330, x261, x307); let mut x333: u32 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x333, &mut x334, x332, x263, x309); let mut x335: u32 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x335, &mut x336, x334, x265, x311); let mut x337: u32 = 0; let mut x338: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x337, &mut x338, x336, x267, x313); let mut x339: u32 = 0; let mut x340: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x339, &mut x340, x338, x269, x315); let mut x341: u32 = 0; let mut x342: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x341, &mut x342, x340, x271, x317); let mut x343: u32 = 0; let mut x344: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x343, &mut x344, x342, x273, x319); let mut x345: u32 = 0; let mut x346: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x345, &mut x346, x344, x275, x321); let mut x347: u32 = 0; let mut x348: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x347, &mut x348, x323, 0xe88fdc45); let mut x349: u32 = 0; let mut x350: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x349, &mut x350, x347, 0xffffffff); let mut x351: u32 = 0; let mut x352: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x351, &mut x352, x347, 0xffffffff); let mut x353: u32 = 0; let mut x354: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x353, &mut x354, x347, 0xffffffff); let mut x355: u32 = 0; let mut x356: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x355, &mut x356, x347, 0xffffffff); let mut x357: u32 = 0; let mut x358: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x357, &mut x358, x347, 0xffffffff); let mut x359: u32 = 0; let mut x360: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x359, &mut x360, x347, 0xffffffff); let mut x361: u32 = 0; let mut x362: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x361, &mut x362, x347, 0xc7634d81); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x363, &mut x364, x347, 0xf4372ddf); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x365, &mut x366, x347, 0x581a0db2); let mut x367: u32 = 0; let mut x368: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x367, &mut x368, x347, 0x48b0a77a); let mut x369: u32 = 0; let mut x370: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x369, &mut x370, x347, 0xecec196a); let mut x371: u32 = 0; let mut x372: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x371, &mut x372, x347, 0xccc52973); let mut x373: u32 = 0; let mut x374: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x373, &mut x374, 0x0, x372, x369); let mut x375: u32 = 0; let mut x376: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x375, &mut x376, x374, x370, x367); let mut x377: u32 = 0; let mut x378: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x368, x365); let mut x379: u32 = 0; let mut x380: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x366, x363); let mut x381: u32 = 0; let mut x382: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x364, x361); let mut x383: u32 = 0; let mut x384: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x362, x359); let mut x385: u32 = 0; let mut x386: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x360, x357); let mut x387: u32 = 0; let mut x388: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x358, x355); let mut x389: u32 = 0; let mut x390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x356, x353); let mut x391: u32 = 0; let mut x392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x354, x351); let mut x393: u32 = 0; let mut x394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x393, &mut x394, x392, x352, x349); let mut x395: u32 = 0; let mut x396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x395, &mut x396, 0x0, x323, x371); let mut x397: u32 = 0; let mut x398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x397, &mut x398, x396, x325, x373); let mut x399: u32 = 0; let mut x400: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x399, &mut x400, x398, x327, x375); let mut x401: u32 = 0; let mut x402: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x329, x377); let mut x403: u32 = 0; let mut x404: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x331, x379); let mut x405: u32 = 0; let mut x406: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x405, &mut x406, x404, x333, x381); let mut x407: u32 = 0; let mut x408: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x407, &mut x408, x406, x335, x383); let mut x409: u32 = 0; let mut x410: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x409, &mut x410, x408, x337, x385); let mut x411: u32 = 0; let mut x412: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x411, &mut x412, x410, x339, x387); let mut x413: u32 = 0; let mut x414: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x413, &mut x414, x412, x341, x389); let mut x415: u32 = 0; let mut x416: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x415, &mut x416, x414, x343, x391); let mut x417: u32 = 0; let mut x418: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x345, x393); let mut x419: u32 = 0; let mut x420: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x419, &mut x420, x418, (((x346 as u32) + (x276 as u32)) + ((x322 as u32) + x278)), ((x394 as u32) + x350)); let mut x421: u32 = 0; let mut x422: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x421, &mut x422, x3, 0xc84ee01); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x423, &mut x424, x3, 0x2b39bf21); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x425, &mut x426, x3, 0x3fb05b7a); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x427, &mut x428, x3, 0x28266895); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x429, &mut x430, x3, 0xd40d4917); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x431, &mut x432, x3, 0x4aab1cc5); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x433, &mut x434, x3, 0xbc3e483a); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x435, &mut x436, x3, 0xfcb82947); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x437, &mut x438, x3, 0xff3d81e5); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x439, &mut x440, x3, 0xdf1aa419); let mut x441: u32 = 0; let mut x442: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x441, &mut x442, x3, 0x2d319b24); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x443, &mut x444, x3, 0x19b409a9); let mut x445: u32 = 0; let mut x446: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x445, &mut x446, 0x0, x444, x441); let mut x447: u32 = 0; let mut x448: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x447, &mut x448, x446, x442, x439); let mut x449: u32 = 0; let mut x450: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x449, &mut x450, x448, x440, x437); let mut x451: u32 = 0; let mut x452: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x451, &mut x452, x450, x438, x435); let mut x453: u32 = 0; let mut x454: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x453, &mut x454, x452, x436, x433); let mut x455: u32 = 0; let mut x456: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x455, &mut x456, x454, x434, x431); let mut x457: u32 = 0; let mut x458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x457, &mut x458, x456, x432, x429); let mut x459: u32 = 0; let mut x460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x459, &mut x460, x458, x430, x427); let mut x461: u32 = 0; let mut x462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x428, x425); let mut x463: u32 = 0; let mut x464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x426, x423); let mut x465: u32 = 0; let mut x466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x424, x421); let mut x467: u32 = 0; let mut x468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x467, &mut x468, 0x0, x397, x443); let mut x469: u32 = 0; let mut x470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x399, x445); let mut x471: u32 = 0; let mut x472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x401, x447); let mut x473: u32 = 0; let mut x474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x473, &mut x474, x472, x403, x449); let mut x475: u32 = 0; let mut x476: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x475, &mut x476, x474, x405, x451); let mut x477: u32 = 0; let mut x478: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x477, &mut x478, x476, x407, x453); let mut x479: u32 = 0; let mut x480: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x479, &mut x480, x478, x409, x455); let mut x481: u32 = 0; let mut x482: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x481, &mut x482, x480, x411, x457); let mut x483: u32 = 0; let mut x484: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x483, &mut x484, x482, x413, x459); let mut x485: u32 = 0; let mut x486: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x485, &mut x486, x484, x415, x461); let mut x487: u32 = 0; let mut x488: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x487, &mut x488, x486, x417, x463); let mut x489: u32 = 0; let mut x490: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x489, &mut x490, x488, x419, x465); let mut x491: u32 = 0; let mut x492: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x491, &mut x492, x467, 0xe88fdc45); let mut x493: u32 = 0; let mut x494: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x493, &mut x494, x491, 0xffffffff); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x495, &mut x496, x491, 0xffffffff); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x497, &mut x498, x491, 0xffffffff); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x499, &mut x500, x491, 0xffffffff); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x501, &mut x502, x491, 0xffffffff); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x503, &mut x504, x491, 0xffffffff); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x505, &mut x506, x491, 0xc7634d81); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x507, &mut x508, x491, 0xf4372ddf); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x509, &mut x510, x491, 0x581a0db2); let mut x511: u32 = 0; let mut x512: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x511, &mut x512, x491, 0x48b0a77a); let mut x513: u32 = 0; let mut x514: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x513, &mut x514, x491, 0xecec196a); let mut x515: u32 = 0; let mut x516: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x515, &mut x516, x491, 0xccc52973); let mut x517: u32 = 0; let mut x518: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x517, &mut x518, 0x0, x516, x513); let mut x519: u32 = 0; let mut x520: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x519, &mut x520, x518, x514, x511); let mut x521: u32 = 0; let mut x522: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x521, &mut x522, x520, x512, x509); let mut x523: u32 = 0; let mut x524: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x523, &mut x524, x522, x510, x507); let mut x525: u32 = 0; let mut x526: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x525, &mut x526, x524, x508, x505); let mut x527: u32 = 0; let mut x528: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x527, &mut x528, x526, x506, x503); let mut x529: u32 = 0; let mut x530: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x529, &mut x530, x528, x504, x501); let mut x531: u32 = 0; let mut x532: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x531, &mut x532, x530, x502, x499); let mut x533: u32 = 0; let mut x534: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x533, &mut x534, x532, x500, x497); let mut x535: u32 = 0; let mut x536: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x535, &mut x536, x534, x498, x495); let mut x537: u32 = 0; let mut x538: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x537, &mut x538, x536, x496, x493); let mut x539: u32 = 0; let mut x540: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x539, &mut x540, 0x0, x467, x515); let mut x541: u32 = 0; let mut x542: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x541, &mut x542, x540, x469, x517); let mut x543: u32 = 0; let mut x544: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x543, &mut x544, x542, x471, x519); let mut x545: u32 = 0; let mut x546: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x473, x521); let mut x547: u32 = 0; let mut x548: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x475, x523); let mut x549: u32 = 0; let mut x550: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x477, x525); let mut x551: u32 = 0; let mut x552: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x551, &mut x552, x550, x479, x527); let mut x553: u32 = 0; let mut x554: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x481, x529); let mut x555: u32 = 0; let mut x556: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x483, x531); let mut x557: u32 = 0; let mut x558: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x485, x533); let mut x559: u32 = 0; let mut x560: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x487, x535); let mut x561: u32 = 0; let mut x562: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x561, &mut x562, x560, x489, x537); let mut x563: u32 = 0; let mut x564: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x563, &mut x564, x562, (((x490 as u32) + (x420 as u32)) + ((x466 as u32) + x422)), ((x538 as u32) + x494)); let mut x565: u32 = 0; let mut x566: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x565, &mut x566, x4, 0xc84ee01); let mut x567: u32 = 0; let mut x568: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x567, &mut x568, x4, 0x2b39bf21); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x569, &mut x570, x4, 0x3fb05b7a); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x571, &mut x572, x4, 0x28266895); let mut x573: u32 = 0; let mut x574: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x573, &mut x574, x4, 0xd40d4917); let mut x575: u32 = 0; let mut x576: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x575, &mut x576, x4, 0x4aab1cc5); let mut x577: u32 = 0; let mut x578: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x577, &mut x578, x4, 0xbc3e483a); let mut x579: u32 = 0; let mut x580: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x579, &mut x580, x4, 0xfcb82947); let mut x581: u32 = 0; let mut x582: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x581, &mut x582, x4, 0xff3d81e5); let mut x583: u32 = 0; let mut x584: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x583, &mut x584, x4, 0xdf1aa419); let mut x585: u32 = 0; let mut x586: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x585, &mut x586, x4, 0x2d319b24); let mut x587: u32 = 0; let mut x588: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x587, &mut x588, x4, 0x19b409a9); let mut x589: u32 = 0; let mut x590: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x589, &mut x590, 0x0, x588, x585); let mut x591: u32 = 0; let mut x592: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x591, &mut x592, x590, x586, x583); let mut x593: u32 = 0; let mut x594: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x584, x581); let mut x595: u32 = 0; let mut x596: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x595, &mut x596, x594, x582, x579); let mut x597: u32 = 0; let mut x598: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x597, &mut x598, x596, x580, x577); let mut x599: u32 = 0; let mut x600: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x599, &mut x600, x598, x578, x575); let mut x601: u32 = 0; let mut x602: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x601, &mut x602, x600, x576, x573); let mut x603: u32 = 0; let mut x604: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x603, &mut x604, x602, x574, x571); let mut x605: u32 = 0; let mut x606: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x605, &mut x606, x604, x572, x569); let mut x607: u32 = 0; let mut x608: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x607, &mut x608, x606, x570, x567); let mut x609: u32 = 0; let mut x610: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x609, &mut x610, x608, x568, x565); let mut x611: u32 = 0; let mut x612: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x611, &mut x612, 0x0, x541, x587); let mut x613: u32 = 0; let mut x614: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x613, &mut x614, x612, x543, x589); let mut x615: u32 = 0; let mut x616: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x615, &mut x616, x614, x545, x591); let mut x617: u32 = 0; let mut x618: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x617, &mut x618, x616, x547, x593); let mut x619: u32 = 0; let mut x620: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x619, &mut x620, x618, x549, x595); let mut x621: u32 = 0; let mut x622: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x621, &mut x622, x620, x551, x597); let mut x623: u32 = 0; let mut x624: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x623, &mut x624, x622, x553, x599); let mut x625: u32 = 0; let mut x626: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x625, &mut x626, x624, x555, x601); let mut x627: u32 = 0; let mut x628: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x627, &mut x628, x626, x557, x603); let mut x629: u32 = 0; let mut x630: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x559, x605); let mut x631: u32 = 0; let mut x632: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x561, x607); let mut x633: u32 = 0; let mut x634: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x563, x609); let mut x635: u32 = 0; let mut x636: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x635, &mut x636, x611, 0xe88fdc45); let mut x637: u32 = 0; let mut x638: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x637, &mut x638, x635, 0xffffffff); let mut x639: u32 = 0; let mut x640: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x639, &mut x640, x635, 0xffffffff); let mut x641: u32 = 0; let mut x642: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x641, &mut x642, x635, 0xffffffff); let mut x643: u32 = 0; let mut x644: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x643, &mut x644, x635, 0xffffffff); let mut x645: u32 = 0; let mut x646: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x645, &mut x646, x635, 0xffffffff); let mut x647: u32 = 0; let mut x648: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x647, &mut x648, x635, 0xffffffff); let mut x649: u32 = 0; let mut x650: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x649, &mut x650, x635, 0xc7634d81); let mut x651: u32 = 0; let mut x652: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x651, &mut x652, x635, 0xf4372ddf); let mut x653: u32 = 0; let mut x654: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x653, &mut x654, x635, 0x581a0db2); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x655, &mut x656, x635, 0x48b0a77a); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x657, &mut x658, x635, 0xecec196a); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x659, &mut x660, x635, 0xccc52973); let mut x661: u32 = 0; let mut x662: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x661, &mut x662, 0x0, x660, x657); let mut x663: u32 = 0; let mut x664: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x663, &mut x664, x662, x658, x655); let mut x665: u32 = 0; let mut x666: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x665, &mut x666, x664, x656, x653); let mut x667: u32 = 0; let mut x668: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x667, &mut x668, x666, x654, x651); let mut x669: u32 = 0; let mut x670: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x669, &mut x670, x668, x652, x649); let mut x671: u32 = 0; let mut x672: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x671, &mut x672, x670, x650, x647); let mut x673: u32 = 0; let mut x674: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x648, x645); let mut x675: u32 = 0; let mut x676: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x646, x643); let mut x677: u32 = 0; let mut x678: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x677, &mut x678, x676, x644, x641); let mut x679: u32 = 0; let mut x680: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x679, &mut x680, x678, x642, x639); let mut x681: u32 = 0; let mut x682: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x681, &mut x682, x680, x640, x637); let mut x683: u32 = 0; let mut x684: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x683, &mut x684, 0x0, x611, x659); let mut x685: u32 = 0; let mut x686: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x685, &mut x686, x684, x613, x661); let mut x687: u32 = 0; let mut x688: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x687, &mut x688, x686, x615, x663); let mut x689: u32 = 0; let mut x690: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x689, &mut x690, x688, x617, x665); let mut x691: u32 = 0; let mut x692: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x691, &mut x692, x690, x619, x667); let mut x693: u32 = 0; let mut x694: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x693, &mut x694, x692, x621, x669); let mut x695: u32 = 0; let mut x696: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x695, &mut x696, x694, x623, x671); let mut x697: u32 = 0; let mut x698: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x697, &mut x698, x696, x625, x673); let mut x699: u32 = 0; let mut x700: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x699, &mut x700, x698, x627, x675); let mut x701: u32 = 0; let mut x702: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x701, &mut x702, x700, x629, x677); let mut x703: u32 = 0; let mut x704: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x703, &mut x704, x702, x631, x679); let mut x705: u32 = 0; let mut x706: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x705, &mut x706, x704, x633, x681); let mut x707: u32 = 0; let mut x708: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x707, &mut x708, x706, (((x634 as u32) + (x564 as u32)) + ((x610 as u32) + x566)), ((x682 as u32) + x638)); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x709, &mut x710, x5, 0xc84ee01); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x711, &mut x712, x5, 0x2b39bf21); let mut x713: u32 = 0; let mut x714: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x713, &mut x714, x5, 0x3fb05b7a); let mut x715: u32 = 0; let mut x716: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x715, &mut x716, x5, 0x28266895); let mut x717: u32 = 0; let mut x718: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x717, &mut x718, x5, 0xd40d4917); let mut x719: u32 = 0; let mut x720: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x719, &mut x720, x5, 0x4aab1cc5); let mut x721: u32 = 0; let mut x722: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x721, &mut x722, x5, 0xbc3e483a); let mut x723: u32 = 0; let mut x724: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x723, &mut x724, x5, 0xfcb82947); let mut x725: u32 = 0; let mut x726: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x725, &mut x726, x5, 0xff3d81e5); let mut x727: u32 = 0; let mut x728: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x727, &mut x728, x5, 0xdf1aa419); let mut x729: u32 = 0; let mut x730: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x729, &mut x730, x5, 0x2d319b24); let mut x731: u32 = 0; let mut x732: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x731, &mut x732, x5, 0x19b409a9); let mut x733: u32 = 0; let mut x734: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x733, &mut x734, 0x0, x732, x729); let mut x735: u32 = 0; let mut x736: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x735, &mut x736, x734, x730, x727); let mut x737: u32 = 0; let mut x738: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x737, &mut x738, x736, x728, x725); let mut x739: u32 = 0; let mut x740: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x739, &mut x740, x738, x726, x723); let mut x741: u32 = 0; let mut x742: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x741, &mut x742, x740, x724, x721); let mut x743: u32 = 0; let mut x744: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x743, &mut x744, x742, x722, x719); let mut x745: u32 = 0; let mut x746: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x745, &mut x746, x744, x720, x717); let mut x747: u32 = 0; let mut x748: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x747, &mut x748, x746, x718, x715); let mut x749: u32 = 0; let mut x750: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x749, &mut x750, x748, x716, x713); let mut x751: u32 = 0; let mut x752: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x751, &mut x752, x750, x714, x711); let mut x753: u32 = 0; let mut x754: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x753, &mut x754, x752, x712, x709); let mut x755: u32 = 0; let mut x756: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x755, &mut x756, 0x0, x685, x731); let mut x757: u32 = 0; let mut x758: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x757, &mut x758, x756, x687, x733); let mut x759: u32 = 0; let mut x760: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x759, &mut x760, x758, x689, x735); let mut x761: u32 = 0; let mut x762: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x761, &mut x762, x760, x691, x737); let mut x763: u32 = 0; let mut x764: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x763, &mut x764, x762, x693, x739); let mut x765: u32 = 0; let mut x766: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x765, &mut x766, x764, x695, x741); let mut x767: u32 = 0; let mut x768: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x767, &mut x768, x766, x697, x743); let mut x769: u32 = 0; let mut x770: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x769, &mut x770, x768, x699, x745); let mut x771: u32 = 0; let mut x772: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x771, &mut x772, x770, x701, x747); let mut x773: u32 = 0; let mut x774: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x773, &mut x774, x772, x703, x749); let mut x775: u32 = 0; let mut x776: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x775, &mut x776, x774, x705, x751); let mut x777: u32 = 0; let mut x778: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x777, &mut x778, x776, x707, x753); let mut x779: u32 = 0; let mut x780: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x779, &mut x780, x755, 0xe88fdc45); let mut x781: u32 = 0; let mut x782: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x781, &mut x782, x779, 0xffffffff); let mut x783: u32 = 0; let mut x784: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x783, &mut x784, x779, 0xffffffff); let mut x785: u32 = 0; let mut x786: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x785, &mut x786, x779, 0xffffffff); let mut x787: u32 = 0; let mut x788: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x787, &mut x788, x779, 0xffffffff); let mut x789: u32 = 0; let mut x790: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x789, &mut x790, x779, 0xffffffff); let mut x791: u32 = 0; let mut x792: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x791, &mut x792, x779, 0xffffffff); let mut x793: u32 = 0; let mut x794: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x793, &mut x794, x779, 0xc7634d81); let mut x795: u32 = 0; let mut x796: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x795, &mut x796, x779, 0xf4372ddf); let mut x797: u32 = 0; let mut x798: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x797, &mut x798, x779, 0x581a0db2); let mut x799: u32 = 0; let mut x800: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x799, &mut x800, x779, 0x48b0a77a); let mut x801: u32 = 0; let mut x802: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x801, &mut x802, x779, 0xecec196a); let mut x803: u32 = 0; let mut x804: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x803, &mut x804, x779, 0xccc52973); let mut x805: u32 = 0; let mut x806: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x805, &mut x806, 0x0, x804, x801); let mut x807: u32 = 0; let mut x808: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x807, &mut x808, x806, x802, x799); let mut x809: u32 = 0; let mut x810: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x809, &mut x810, x808, x800, x797); let mut x811: u32 = 0; let mut x812: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x811, &mut x812, x810, x798, x795); let mut x813: u32 = 0; let mut x814: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x813, &mut x814, x812, x796, x793); let mut x815: u32 = 0; let mut x816: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x815, &mut x816, x814, x794, x791); let mut x817: u32 = 0; let mut x818: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x817, &mut x818, x816, x792, x789); let mut x819: u32 = 0; let mut x820: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x819, &mut x820, x818, x790, x787); let mut x821: u32 = 0; let mut x822: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x821, &mut x822, x820, x788, x785); let mut x823: u32 = 0; let mut x824: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x823, &mut x824, x822, x786, x783); let mut x825: u32 = 0; let mut x826: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x825, &mut x826, x824, x784, x781); let mut x827: u32 = 0; let mut x828: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x827, &mut x828, 0x0, x755, x803); let mut x829: u32 = 0; let mut x830: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x829, &mut x830, x828, x757, x805); let mut x831: u32 = 0; let mut x832: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x831, &mut x832, x830, x759, x807); let mut x833: u32 = 0; let mut x834: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x833, &mut x834, x832, x761, x809); let mut x835: u32 = 0; let mut x836: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x835, &mut x836, x834, x763, x811); let mut x837: u32 = 0; let mut x838: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x837, &mut x838, x836, x765, x813); let mut x839: u32 = 0; let mut x840: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x839, &mut x840, x838, x767, x815); let mut x841: u32 = 0; let mut x842: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x841, &mut x842, x840, x769, x817); let mut x843: u32 = 0; let mut x844: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x843, &mut x844, x842, x771, x819); let mut x845: u32 = 0; let mut x846: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x845, &mut x846, x844, x773, x821); let mut x847: u32 = 0; let mut x848: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x847, &mut x848, x846, x775, x823); let mut x849: u32 = 0; let mut x850: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x849, &mut x850, x848, x777, x825); let mut x851: u32 = 0; let mut x852: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x851, &mut x852, x850, (((x778 as u32) + (x708 as u32)) + ((x754 as u32) + x710)), ((x826 as u32) + x782)); let mut x853: u32 = 0; let mut x854: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x853, &mut x854, x6, 0xc84ee01); let mut x855: u32 = 0; let mut x856: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x855, &mut x856, x6, 0x2b39bf21); let mut x857: u32 = 0; let mut x858: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x857, &mut x858, x6, 0x3fb05b7a); let mut x859: u32 = 0; let mut x860: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x859, &mut x860, x6, 0x28266895); let mut x861: u32 = 0; let mut x862: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x861, &mut x862, x6, 0xd40d4917); let mut x863: u32 = 0; let mut x864: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x863, &mut x864, x6, 0x4aab1cc5); let mut x865: u32 = 0; let mut x866: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x865, &mut x866, x6, 0xbc3e483a); let mut x867: u32 = 0; let mut x868: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x867, &mut x868, x6, 0xfcb82947); let mut x869: u32 = 0; let mut x870: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x869, &mut x870, x6, 0xff3d81e5); let mut x871: u32 = 0; let mut x872: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x871, &mut x872, x6, 0xdf1aa419); let mut x873: u32 = 0; let mut x874: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x873, &mut x874, x6, 0x2d319b24); let mut x875: u32 = 0; let mut x876: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x875, &mut x876, x6, 0x19b409a9); let mut x877: u32 = 0; let mut x878: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x877, &mut x878, 0x0, x876, x873); let mut x879: u32 = 0; let mut x880: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x879, &mut x880, x878, x874, x871); let mut x881: u32 = 0; let mut x882: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x881, &mut x882, x880, x872, x869); let mut x883: u32 = 0; let mut x884: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x883, &mut x884, x882, x870, x867); let mut x885: u32 = 0; let mut x886: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x885, &mut x886, x884, x868, x865); let mut x887: u32 = 0; let mut x888: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x887, &mut x888, x886, x866, x863); let mut x889: u32 = 0; let mut x890: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x889, &mut x890, x888, x864, x861); let mut x891: u32 = 0; let mut x892: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x891, &mut x892, x890, x862, x859); let mut x893: u32 = 0; let mut x894: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x893, &mut x894, x892, x860, x857); let mut x895: u32 = 0; let mut x896: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x895, &mut x896, x894, x858, x855); let mut x897: u32 = 0; let mut x898: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x897, &mut x898, x896, x856, x853); let mut x899: u32 = 0; let mut x900: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x899, &mut x900, 0x0, x829, x875); let mut x901: u32 = 0; let mut x902: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x901, &mut x902, x900, x831, x877); let mut x903: u32 = 0; let mut x904: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x903, &mut x904, x902, x833, x879); let mut x905: u32 = 0; let mut x906: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x905, &mut x906, x904, x835, x881); let mut x907: u32 = 0; let mut x908: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x907, &mut x908, x906, x837, x883); let mut x909: u32 = 0; let mut x910: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x909, &mut x910, x908, x839, x885); let mut x911: u32 = 0; let mut x912: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x911, &mut x912, x910, x841, x887); let mut x913: u32 = 0; let mut x914: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x913, &mut x914, x912, x843, x889); let mut x915: u32 = 0; let mut x916: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x915, &mut x916, x914, x845, x891); let mut x917: u32 = 0; let mut x918: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x917, &mut x918, x916, x847, x893); let mut x919: u32 = 0; let mut x920: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x919, &mut x920, x918, x849, x895); let mut x921: u32 = 0; let mut x922: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x921, &mut x922, x920, x851, x897); let mut x923: u32 = 0; let mut x924: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x923, &mut x924, x899, 0xe88fdc45); let mut x925: u32 = 0; let mut x926: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x925, &mut x926, x923, 0xffffffff); let mut x927: u32 = 0; let mut x928: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x927, &mut x928, x923, 0xffffffff); let mut x929: u32 = 0; let mut x930: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x929, &mut x930, x923, 0xffffffff); let mut x931: u32 = 0; let mut x932: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x931, &mut x932, x923, 0xffffffff); let mut x933: u32 = 0; let mut x934: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x933, &mut x934, x923, 0xffffffff); let mut x935: u32 = 0; let mut x936: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x935, &mut x936, x923, 0xffffffff); let mut x937: u32 = 0; let mut x938: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x937, &mut x938, x923, 0xc7634d81); let mut x939: u32 = 0; let mut x940: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x939, &mut x940, x923, 0xf4372ddf); let mut x941: u32 = 0; let mut x942: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x941, &mut x942, x923, 0x581a0db2); let mut x943: u32 = 0; let mut x944: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x943, &mut x944, x923, 0x48b0a77a); let mut x945: u32 = 0; let mut x946: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x945, &mut x946, x923, 0xecec196a); let mut x947: u32 = 0; let mut x948: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x947, &mut x948, x923, 0xccc52973); let mut x949: u32 = 0; let mut x950: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x949, &mut x950, 0x0, x948, x945); let mut x951: u32 = 0; let mut x952: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x951, &mut x952, x950, x946, x943); let mut x953: u32 = 0; let mut x954: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x953, &mut x954, x952, x944, x941); let mut x955: u32 = 0; let mut x956: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x955, &mut x956, x954, x942, x939); let mut x957: u32 = 0; let mut x958: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x957, &mut x958, x956, x940, x937); let mut x959: u32 = 0; let mut x960: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x959, &mut x960, x958, x938, x935); let mut x961: u32 = 0; let mut x962: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x961, &mut x962, x960, x936, x933); let mut x963: u32 = 0; let mut x964: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x963, &mut x964, x962, x934, x931); let mut x965: u32 = 0; let mut x966: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x965, &mut x966, x964, x932, x929); let mut x967: u32 = 0; let mut x968: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x967, &mut x968, x966, x930, x927); let mut x969: u32 = 0; let mut x970: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x969, &mut x970, x968, x928, x925); let mut x971: u32 = 0; let mut x972: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x971, &mut x972, 0x0, x899, x947); let mut x973: u32 = 0; let mut x974: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x973, &mut x974, x972, x901, x949); let mut x975: u32 = 0; let mut x976: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x975, &mut x976, x974, x903, x951); let mut x977: u32 = 0; let mut x978: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x977, &mut x978, x976, x905, x953); let mut x979: u32 = 0; let mut x980: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x979, &mut x980, x978, x907, x955); let mut x981: u32 = 0; let mut x982: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x981, &mut x982, x980, x909, x957); let mut x983: u32 = 0; let mut x984: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x983, &mut x984, x982, x911, x959); let mut x985: u32 = 0; let mut x986: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x985, &mut x986, x984, x913, x961); let mut x987: u32 = 0; let mut x988: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x987, &mut x988, x986, x915, x963); let mut x989: u32 = 0; let mut x990: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x989, &mut x990, x988, x917, x965); let mut x991: u32 = 0; let mut x992: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x991, &mut x992, x990, x919, x967); let mut x993: u32 = 0; let mut x994: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x993, &mut x994, x992, x921, x969); let mut x995: u32 = 0; let mut x996: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x995, &mut x996, x994, (((x922 as u32) + (x852 as u32)) + ((x898 as u32) + x854)), ((x970 as u32) + x926)); let mut x997: u32 = 0; let mut x998: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x997, &mut x998, x7, 0xc84ee01); let mut x999: u32 = 0; let mut x1000: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x999, &mut x1000, x7, 0x2b39bf21); let mut x1001: u32 = 0; let mut x1002: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1001, &mut x1002, x7, 0x3fb05b7a); let mut x1003: u32 = 0; let mut x1004: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1003, &mut x1004, x7, 0x28266895); let mut x1005: u32 = 0; let mut x1006: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1005, &mut x1006, x7, 0xd40d4917); let mut x1007: u32 = 0; let mut x1008: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1007, &mut x1008, x7, 0x4aab1cc5); let mut x1009: u32 = 0; let mut x1010: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1009, &mut x1010, x7, 0xbc3e483a); let mut x1011: u32 = 0; let mut x1012: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1011, &mut x1012, x7, 0xfcb82947); let mut x1013: u32 = 0; let mut x1014: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1013, &mut x1014, x7, 0xff3d81e5); let mut x1015: u32 = 0; let mut x1016: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1015, &mut x1016, x7, 0xdf1aa419); let mut x1017: u32 = 0; let mut x1018: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1017, &mut x1018, x7, 0x2d319b24); let mut x1019: u32 = 0; let mut x1020: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1019, &mut x1020, x7, 0x19b409a9); let mut x1021: u32 = 0; let mut x1022: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1021, &mut x1022, 0x0, x1020, x1017); let mut x1023: u32 = 0; let mut x1024: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1023, &mut x1024, x1022, x1018, x1015); let mut x1025: u32 = 0; let mut x1026: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1025, &mut x1026, x1024, x1016, x1013); let mut x1027: u32 = 0; let mut x1028: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1027, &mut x1028, x1026, x1014, x1011); let mut x1029: u32 = 0; let mut x1030: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1029, &mut x1030, x1028, x1012, x1009); let mut x1031: u32 = 0; let mut x1032: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1031, &mut x1032, x1030, x1010, x1007); let mut x1033: u32 = 0; let mut x1034: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1033, &mut x1034, x1032, x1008, x1005); let mut x1035: u32 = 0; let mut x1036: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1035, &mut x1036, x1034, x1006, x1003); let mut x1037: u32 = 0; let mut x1038: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1037, &mut x1038, x1036, x1004, x1001); let mut x1039: u32 = 0; let mut x1040: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1039, &mut x1040, x1038, x1002, x999); let mut x1041: u32 = 0; let mut x1042: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1041, &mut x1042, x1040, x1000, x997); let mut x1043: u32 = 0; let mut x1044: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1043, &mut x1044, 0x0, x973, x1019); let mut x1045: u32 = 0; let mut x1046: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1045, &mut x1046, x1044, x975, x1021); let mut x1047: u32 = 0; let mut x1048: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1047, &mut x1048, x1046, x977, x1023); let mut x1049: u32 = 0; let mut x1050: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1049, &mut x1050, x1048, x979, x1025); let mut x1051: u32 = 0; let mut x1052: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1051, &mut x1052, x1050, x981, x1027); let mut x1053: u32 = 0; let mut x1054: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1053, &mut x1054, x1052, x983, x1029); let mut x1055: u32 = 0; let mut x1056: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1055, &mut x1056, x1054, x985, x1031); let mut x1057: u32 = 0; let mut x1058: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1057, &mut x1058, x1056, x987, x1033); let mut x1059: u32 = 0; let mut x1060: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1059, &mut x1060, x1058, x989, x1035); let mut x1061: u32 = 0; let mut x1062: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1061, &mut x1062, x1060, x991, x1037); let mut x1063: u32 = 0; let mut x1064: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1063, &mut x1064, x1062, x993, x1039); let mut x1065: u32 = 0; let mut x1066: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1065, &mut x1066, x1064, x995, x1041); let mut x1067: u32 = 0; let mut x1068: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1067, &mut x1068, x1043, 0xe88fdc45); let mut x1069: u32 = 0; let mut x1070: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1069, &mut x1070, x1067, 0xffffffff); let mut x1071: u32 = 0; let mut x1072: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1071, &mut x1072, x1067, 0xffffffff); let mut x1073: u32 = 0; let mut x1074: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1073, &mut x1074, x1067, 0xffffffff); let mut x1075: u32 = 0; let mut x1076: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1075, &mut x1076, x1067, 0xffffffff); let mut x1077: u32 = 0; let mut x1078: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1077, &mut x1078, x1067, 0xffffffff); let mut x1079: u32 = 0; let mut x1080: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1079, &mut x1080, x1067, 0xffffffff); let mut x1081: u32 = 0; let mut x1082: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1081, &mut x1082, x1067, 0xc7634d81); let mut x1083: u32 = 0; let mut x1084: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1083, &mut x1084, x1067, 0xf4372ddf); let mut x1085: u32 = 0; let mut x1086: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1085, &mut x1086, x1067, 0x581a0db2); let mut x1087: u32 = 0; let mut x1088: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1087, &mut x1088, x1067, 0x48b0a77a); let mut x1089: u32 = 0; let mut x1090: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1089, &mut x1090, x1067, 0xecec196a); let mut x1091: u32 = 0; let mut x1092: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1091, &mut x1092, x1067, 0xccc52973); let mut x1093: u32 = 0; let mut x1094: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1093, &mut x1094, 0x0, x1092, x1089); let mut x1095: u32 = 0; let mut x1096: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1095, &mut x1096, x1094, x1090, x1087); let mut x1097: u32 = 0; let mut x1098: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1097, &mut x1098, x1096, x1088, x1085); let mut x1099: u32 = 0; let mut x1100: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1099, &mut x1100, x1098, x1086, x1083); let mut x1101: u32 = 0; let mut x1102: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1101, &mut x1102, x1100, x1084, x1081); let mut x1103: u32 = 0; let mut x1104: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1103, &mut x1104, x1102, x1082, x1079); let mut x1105: u32 = 0; let mut x1106: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1105, &mut x1106, x1104, x1080, x1077); let mut x1107: u32 = 0; let mut x1108: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1107, &mut x1108, x1106, x1078, x1075); let mut x1109: u32 = 0; let mut x1110: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1109, &mut x1110, x1108, x1076, x1073); let mut x1111: u32 = 0; let mut x1112: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1111, &mut x1112, x1110, x1074, x1071); let mut x1113: u32 = 0; let mut x1114: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1113, &mut x1114, x1112, x1072, x1069); let mut x1115: u32 = 0; let mut x1116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1115, &mut x1116, 0x0, x1043, x1091); let mut x1117: u32 = 0; let mut x1118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1117, &mut x1118, x1116, x1045, x1093); let mut x1119: u32 = 0; let mut x1120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1119, &mut x1120, x1118, x1047, x1095); let mut x1121: u32 = 0; let mut x1122: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1121, &mut x1122, x1120, x1049, x1097); let mut x1123: u32 = 0; let mut x1124: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1123, &mut x1124, x1122, x1051, x1099); let mut x1125: u32 = 0; let mut x1126: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1125, &mut x1126, x1124, x1053, x1101); let mut x1127: u32 = 0; let mut x1128: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1127, &mut x1128, x1126, x1055, x1103); let mut x1129: u32 = 0; let mut x1130: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1129, &mut x1130, x1128, x1057, x1105); let mut x1131: u32 = 0; let mut x1132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1131, &mut x1132, x1130, x1059, x1107); let mut x1133: u32 = 0; let mut x1134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1133, &mut x1134, x1132, x1061, x1109); let mut x1135: u32 = 0; let mut x1136: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1135, &mut x1136, x1134, x1063, x1111); let mut x1137: u32 = 0; let mut x1138: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1137, &mut x1138, x1136, x1065, x1113); let mut x1139: u32 = 0; let mut x1140: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1139, &mut x1140, x1138, (((x1066 as u32) + (x996 as u32)) + ((x1042 as u32) + x998)), ((x1114 as u32) + x1070)); let mut x1141: u32 = 0; let mut x1142: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1141, &mut x1142, x8, 0xc84ee01); let mut x1143: u32 = 0; let mut x1144: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1143, &mut x1144, x8, 0x2b39bf21); let mut x1145: u32 = 0; let mut x1146: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1145, &mut x1146, x8, 0x3fb05b7a); let mut x1147: u32 = 0; let mut x1148: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1147, &mut x1148, x8, 0x28266895); let mut x1149: u32 = 0; let mut x1150: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1149, &mut x1150, x8, 0xd40d4917); let mut x1151: u32 = 0; let mut x1152: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1151, &mut x1152, x8, 0x4aab1cc5); let mut x1153: u32 = 0; let mut x1154: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1153, &mut x1154, x8, 0xbc3e483a); let mut x1155: u32 = 0; let mut x1156: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1155, &mut x1156, x8, 0xfcb82947); let mut x1157: u32 = 0; let mut x1158: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1157, &mut x1158, x8, 0xff3d81e5); let mut x1159: u32 = 0; let mut x1160: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1159, &mut x1160, x8, 0xdf1aa419); let mut x1161: u32 = 0; let mut x1162: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1161, &mut x1162, x8, 0x2d319b24); let mut x1163: u32 = 0; let mut x1164: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1163, &mut x1164, x8, 0x19b409a9); let mut x1165: u32 = 0; let mut x1166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1165, &mut x1166, 0x0, x1164, x1161); let mut x1167: u32 = 0; let mut x1168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1167, &mut x1168, x1166, x1162, x1159); let mut x1169: u32 = 0; let mut x1170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1169, &mut x1170, x1168, x1160, x1157); let mut x1171: u32 = 0; let mut x1172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1171, &mut x1172, x1170, x1158, x1155); let mut x1173: u32 = 0; let mut x1174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1173, &mut x1174, x1172, x1156, x1153); let mut x1175: u32 = 0; let mut x1176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1175, &mut x1176, x1174, x1154, x1151); let mut x1177: u32 = 0; let mut x1178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1177, &mut x1178, x1176, x1152, x1149); let mut x1179: u32 = 0; let mut x1180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1179, &mut x1180, x1178, x1150, x1147); let mut x1181: u32 = 0; let mut x1182: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1181, &mut x1182, x1180, x1148, x1145); let mut x1183: u32 = 0; let mut x1184: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1183, &mut x1184, x1182, x1146, x1143); let mut x1185: u32 = 0; let mut x1186: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1185, &mut x1186, x1184, x1144, x1141); let mut x1187: u32 = 0; let mut x1188: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1187, &mut x1188, 0x0, x1117, x1163); let mut x1189: u32 = 0; let mut x1190: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1189, &mut x1190, x1188, x1119, x1165); let mut x1191: u32 = 0; let mut x1192: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1191, &mut x1192, x1190, x1121, x1167); let mut x1193: u32 = 0; let mut x1194: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1193, &mut x1194, x1192, x1123, x1169); let mut x1195: u32 = 0; let mut x1196: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1195, &mut x1196, x1194, x1125, x1171); let mut x1197: u32 = 0; let mut x1198: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1197, &mut x1198, x1196, x1127, x1173); let mut x1199: u32 = 0; let mut x1200: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1199, &mut x1200, x1198, x1129, x1175); let mut x1201: u32 = 0; let mut x1202: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1201, &mut x1202, x1200, x1131, x1177); let mut x1203: u32 = 0; let mut x1204: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1203, &mut x1204, x1202, x1133, x1179); let mut x1205: u32 = 0; let mut x1206: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1205, &mut x1206, x1204, x1135, x1181); let mut x1207: u32 = 0; let mut x1208: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1207, &mut x1208, x1206, x1137, x1183); let mut x1209: u32 = 0; let mut x1210: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1209, &mut x1210, x1208, x1139, x1185); let mut x1211: u32 = 0; let mut x1212: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1211, &mut x1212, x1187, 0xe88fdc45); let mut x1213: u32 = 0; let mut x1214: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1213, &mut x1214, x1211, 0xffffffff); let mut x1215: u32 = 0; let mut x1216: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1215, &mut x1216, x1211, 0xffffffff); let mut x1217: u32 = 0; let mut x1218: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1217, &mut x1218, x1211, 0xffffffff); let mut x1219: u32 = 0; let mut x1220: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1219, &mut x1220, x1211, 0xffffffff); let mut x1221: u32 = 0; let mut x1222: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1221, &mut x1222, x1211, 0xffffffff); let mut x1223: u32 = 0; let mut x1224: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1223, &mut x1224, x1211, 0xffffffff); let mut x1225: u32 = 0; let mut x1226: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1225, &mut x1226, x1211, 0xc7634d81); let mut x1227: u32 = 0; let mut x1228: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1227, &mut x1228, x1211, 0xf4372ddf); let mut x1229: u32 = 0; let mut x1230: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1229, &mut x1230, x1211, 0x581a0db2); let mut x1231: u32 = 0; let mut x1232: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1231, &mut x1232, x1211, 0x48b0a77a); let mut x1233: u32 = 0; let mut x1234: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1233, &mut x1234, x1211, 0xecec196a); let mut x1235: u32 = 0; let mut x1236: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1235, &mut x1236, x1211, 0xccc52973); let mut x1237: u32 = 0; let mut x1238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1237, &mut x1238, 0x0, x1236, x1233); let mut x1239: u32 = 0; let mut x1240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1239, &mut x1240, x1238, x1234, x1231); let mut x1241: u32 = 0; let mut x1242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1241, &mut x1242, x1240, x1232, x1229); let mut x1243: u32 = 0; let mut x1244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1243, &mut x1244, x1242, x1230, x1227); let mut x1245: u32 = 0; let mut x1246: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1245, &mut x1246, x1244, x1228, x1225); let mut x1247: u32 = 0; let mut x1248: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1247, &mut x1248, x1246, x1226, x1223); let mut x1249: u32 = 0; let mut x1250: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1249, &mut x1250, x1248, x1224, x1221); let mut x1251: u32 = 0; let mut x1252: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1251, &mut x1252, x1250, x1222, x1219); let mut x1253: u32 = 0; let mut x1254: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1253, &mut x1254, x1252, x1220, x1217); let mut x1255: u32 = 0; let mut x1256: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1255, &mut x1256, x1254, x1218, x1215); let mut x1257: u32 = 0; let mut x1258: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1257, &mut x1258, x1256, x1216, x1213); let mut x1259: u32 = 0; let mut x1260: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1259, &mut x1260, 0x0, x1187, x1235); let mut x1261: u32 = 0; let mut x1262: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1261, &mut x1262, x1260, x1189, x1237); let mut x1263: u32 = 0; let mut x1264: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1263, &mut x1264, x1262, x1191, x1239); let mut x1265: u32 = 0; let mut x1266: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1265, &mut x1266, x1264, x1193, x1241); let mut x1267: u32 = 0; let mut x1268: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1267, &mut x1268, x1266, x1195, x1243); let mut x1269: u32 = 0; let mut x1270: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1269, &mut x1270, x1268, x1197, x1245); let mut x1271: u32 = 0; let mut x1272: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1271, &mut x1272, x1270, x1199, x1247); let mut x1273: u32 = 0; let mut x1274: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1273, &mut x1274, x1272, x1201, x1249); let mut x1275: u32 = 0; let mut x1276: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1275, &mut x1276, x1274, x1203, x1251); let mut x1277: u32 = 0; let mut x1278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1277, &mut x1278, x1276, x1205, x1253); let mut x1279: u32 = 0; let mut x1280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1279, &mut x1280, x1278, x1207, x1255); let mut x1281: u32 = 0; let mut x1282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1281, &mut x1282, x1280, x1209, x1257); let mut x1283: u32 = 0; let mut x1284: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1283, &mut x1284, x1282, (((x1210 as u32) + (x1140 as u32)) + ((x1186 as u32) + x1142)), ((x1258 as u32) + x1214)); let mut x1285: u32 = 0; let mut x1286: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1285, &mut x1286, x9, 0xc84ee01); let mut x1287: u32 = 0; let mut x1288: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1287, &mut x1288, x9, 0x2b39bf21); let mut x1289: u32 = 0; let mut x1290: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1289, &mut x1290, x9, 0x3fb05b7a); let mut x1291: u32 = 0; let mut x1292: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1291, &mut x1292, x9, 0x28266895); let mut x1293: u32 = 0; let mut x1294: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1293, &mut x1294, x9, 0xd40d4917); let mut x1295: u32 = 0; let mut x1296: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1295, &mut x1296, x9, 0x4aab1cc5); let mut x1297: u32 = 0; let mut x1298: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1297, &mut x1298, x9, 0xbc3e483a); let mut x1299: u32 = 0; let mut x1300: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1299, &mut x1300, x9, 0xfcb82947); let mut x1301: u32 = 0; let mut x1302: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1301, &mut x1302, x9, 0xff3d81e5); let mut x1303: u32 = 0; let mut x1304: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1303, &mut x1304, x9, 0xdf1aa419); let mut x1305: u32 = 0; let mut x1306: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1305, &mut x1306, x9, 0x2d319b24); let mut x1307: u32 = 0; let mut x1308: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1307, &mut x1308, x9, 0x19b409a9); let mut x1309: u32 = 0; let mut x1310: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1309, &mut x1310, 0x0, x1308, x1305); let mut x1311: u32 = 0; let mut x1312: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1311, &mut x1312, x1310, x1306, x1303); let mut x1313: u32 = 0; let mut x1314: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1313, &mut x1314, x1312, x1304, x1301); let mut x1315: u32 = 0; let mut x1316: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1315, &mut x1316, x1314, x1302, x1299); let mut x1317: u32 = 0; let mut x1318: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1317, &mut x1318, x1316, x1300, x1297); let mut x1319: u32 = 0; let mut x1320: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1319, &mut x1320, x1318, x1298, x1295); let mut x1321: u32 = 0; let mut x1322: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1321, &mut x1322, x1320, x1296, x1293); let mut x1323: u32 = 0; let mut x1324: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1323, &mut x1324, x1322, x1294, x1291); let mut x1325: u32 = 0; let mut x1326: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1325, &mut x1326, x1324, x1292, x1289); let mut x1327: u32 = 0; let mut x1328: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1327, &mut x1328, x1326, x1290, x1287); let mut x1329: u32 = 0; let mut x1330: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1329, &mut x1330, x1328, x1288, x1285); let mut x1331: u32 = 0; let mut x1332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1331, &mut x1332, 0x0, x1261, x1307); let mut x1333: u32 = 0; let mut x1334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1333, &mut x1334, x1332, x1263, x1309); let mut x1335: u32 = 0; let mut x1336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1335, &mut x1336, x1334, x1265, x1311); let mut x1337: u32 = 0; let mut x1338: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1337, &mut x1338, x1336, x1267, x1313); let mut x1339: u32 = 0; let mut x1340: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1339, &mut x1340, x1338, x1269, x1315); let mut x1341: u32 = 0; let mut x1342: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1341, &mut x1342, x1340, x1271, x1317); let mut x1343: u32 = 0; let mut x1344: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1343, &mut x1344, x1342, x1273, x1319); let mut x1345: u32 = 0; let mut x1346: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1345, &mut x1346, x1344, x1275, x1321); let mut x1347: u32 = 0; let mut x1348: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1347, &mut x1348, x1346, x1277, x1323); let mut x1349: u32 = 0; let mut x1350: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1349, &mut x1350, x1348, x1279, x1325); let mut x1351: u32 = 0; let mut x1352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1351, &mut x1352, x1350, x1281, x1327); let mut x1353: u32 = 0; let mut x1354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1353, &mut x1354, x1352, x1283, x1329); let mut x1355: u32 = 0; let mut x1356: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1355, &mut x1356, x1331, 0xe88fdc45); let mut x1357: u32 = 0; let mut x1358: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1357, &mut x1358, x1355, 0xffffffff); let mut x1359: u32 = 0; let mut x1360: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1359, &mut x1360, x1355, 0xffffffff); let mut x1361: u32 = 0; let mut x1362: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1361, &mut x1362, x1355, 0xffffffff); let mut x1363: u32 = 0; let mut x1364: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1363, &mut x1364, x1355, 0xffffffff); let mut x1365: u32 = 0; let mut x1366: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1365, &mut x1366, x1355, 0xffffffff); let mut x1367: u32 = 0; let mut x1368: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1367, &mut x1368, x1355, 0xffffffff); let mut x1369: u32 = 0; let mut x1370: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1369, &mut x1370, x1355, 0xc7634d81); let mut x1371: u32 = 0; let mut x1372: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1371, &mut x1372, x1355, 0xf4372ddf); let mut x1373: u32 = 0; let mut x1374: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1373, &mut x1374, x1355, 0x581a0db2); let mut x1375: u32 = 0; let mut x1376: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1375, &mut x1376, x1355, 0x48b0a77a); let mut x1377: u32 = 0; let mut x1378: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1377, &mut x1378, x1355, 0xecec196a); let mut x1379: u32 = 0; let mut x1380: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1379, &mut x1380, x1355, 0xccc52973); let mut x1381: u32 = 0; let mut x1382: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1381, &mut x1382, 0x0, x1380, x1377); let mut x1383: u32 = 0; let mut x1384: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1383, &mut x1384, x1382, x1378, x1375); let mut x1385: u32 = 0; let mut x1386: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1385, &mut x1386, x1384, x1376, x1373); let mut x1387: u32 = 0; let mut x1388: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1387, &mut x1388, x1386, x1374, x1371); let mut x1389: u32 = 0; let mut x1390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1389, &mut x1390, x1388, x1372, x1369); let mut x1391: u32 = 0; let mut x1392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1391, &mut x1392, x1390, x1370, x1367); let mut x1393: u32 = 0; let mut x1394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1393, &mut x1394, x1392, x1368, x1365); let mut x1395: u32 = 0; let mut x1396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1395, &mut x1396, x1394, x1366, x1363); let mut x1397: u32 = 0; let mut x1398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1397, &mut x1398, x1396, x1364, x1361); let mut x1399: u32 = 0; let mut x1400: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1399, &mut x1400, x1398, x1362, x1359); let mut x1401: u32 = 0; let mut x1402: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1401, &mut x1402, x1400, x1360, x1357); let mut x1403: u32 = 0; let mut x1404: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1403, &mut x1404, 0x0, x1331, x1379); let mut x1405: u32 = 0; let mut x1406: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1405, &mut x1406, x1404, x1333, x1381); let mut x1407: u32 = 0; let mut x1408: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1407, &mut x1408, x1406, x1335, x1383); let mut x1409: u32 = 0; let mut x1410: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1409, &mut x1410, x1408, x1337, x1385); let mut x1411: u32 = 0; let mut x1412: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1411, &mut x1412, x1410, x1339, x1387); let mut x1413: u32 = 0; let mut x1414: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1413, &mut x1414, x1412, x1341, x1389); let mut x1415: u32 = 0; let mut x1416: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1415, &mut x1416, x1414, x1343, x1391); let mut x1417: u32 = 0; let mut x1418: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1417, &mut x1418, x1416, x1345, x1393); let mut x1419: u32 = 0; let mut x1420: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1419, &mut x1420, x1418, x1347, x1395); let mut x1421: u32 = 0; let mut x1422: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1421, &mut x1422, x1420, x1349, x1397); let mut x1423: u32 = 0; let mut x1424: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1423, &mut x1424, x1422, x1351, x1399); let mut x1425: u32 = 0; let mut x1426: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1425, &mut x1426, x1424, x1353, x1401); let mut x1427: u32 = 0; let mut x1428: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1427, &mut x1428, x1426, (((x1354 as u32) + (x1284 as u32)) + ((x1330 as u32) + x1286)), ((x1402 as u32) + x1358)); let mut x1429: u32 = 0; let mut x1430: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1429, &mut x1430, x10, 0xc84ee01); let mut x1431: u32 = 0; let mut x1432: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1431, &mut x1432, x10, 0x2b39bf21); let mut x1433: u32 = 0; let mut x1434: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1433, &mut x1434, x10, 0x3fb05b7a); let mut x1435: u32 = 0; let mut x1436: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1435, &mut x1436, x10, 0x28266895); let mut x1437: u32 = 0; let mut x1438: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1437, &mut x1438, x10, 0xd40d4917); let mut x1439: u32 = 0; let mut x1440: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1439, &mut x1440, x10, 0x4aab1cc5); let mut x1441: u32 = 0; let mut x1442: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1441, &mut x1442, x10, 0xbc3e483a); let mut x1443: u32 = 0; let mut x1444: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1443, &mut x1444, x10, 0xfcb82947); let mut x1445: u32 = 0; let mut x1446: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1445, &mut x1446, x10, 0xff3d81e5); let mut x1447: u32 = 0; let mut x1448: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1447, &mut x1448, x10, 0xdf1aa419); let mut x1449: u32 = 0; let mut x1450: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1449, &mut x1450, x10, 0x2d319b24); let mut x1451: u32 = 0; let mut x1452: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1451, &mut x1452, x10, 0x19b409a9); let mut x1453: u32 = 0; let mut x1454: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1453, &mut x1454, 0x0, x1452, x1449); let mut x1455: u32 = 0; let mut x1456: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1455, &mut x1456, x1454, x1450, x1447); let mut x1457: u32 = 0; let mut x1458: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1457, &mut x1458, x1456, x1448, x1445); let mut x1459: u32 = 0; let mut x1460: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1459, &mut x1460, x1458, x1446, x1443); let mut x1461: u32 = 0; let mut x1462: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1461, &mut x1462, x1460, x1444, x1441); let mut x1463: u32 = 0; let mut x1464: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1463, &mut x1464, x1462, x1442, x1439); let mut x1465: u32 = 0; let mut x1466: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1465, &mut x1466, x1464, x1440, x1437); let mut x1467: u32 = 0; let mut x1468: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1467, &mut x1468, x1466, x1438, x1435); let mut x1469: u32 = 0; let mut x1470: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1469, &mut x1470, x1468, x1436, x1433); let mut x1471: u32 = 0; let mut x1472: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1471, &mut x1472, x1470, x1434, x1431); let mut x1473: u32 = 0; let mut x1474: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1473, &mut x1474, x1472, x1432, x1429); let mut x1475: u32 = 0; let mut x1476: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1475, &mut x1476, 0x0, x1405, x1451); let mut x1477: u32 = 0; let mut x1478: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1477, &mut x1478, x1476, x1407, x1453); let mut x1479: u32 = 0; let mut x1480: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1479, &mut x1480, x1478, x1409, x1455); let mut x1481: u32 = 0; let mut x1482: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1481, &mut x1482, x1480, x1411, x1457); let mut x1483: u32 = 0; let mut x1484: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1483, &mut x1484, x1482, x1413, x1459); let mut x1485: u32 = 0; let mut x1486: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1485, &mut x1486, x1484, x1415, x1461); let mut x1487: u32 = 0; let mut x1488: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1487, &mut x1488, x1486, x1417, x1463); let mut x1489: u32 = 0; let mut x1490: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1489, &mut x1490, x1488, x1419, x1465); let mut x1491: u32 = 0; let mut x1492: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1491, &mut x1492, x1490, x1421, x1467); let mut x1493: u32 = 0; let mut x1494: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1493, &mut x1494, x1492, x1423, x1469); let mut x1495: u32 = 0; let mut x1496: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1495, &mut x1496, x1494, x1425, x1471); let mut x1497: u32 = 0; let mut x1498: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1497, &mut x1498, x1496, x1427, x1473); let mut x1499: u32 = 0; let mut x1500: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1499, &mut x1500, x1475, 0xe88fdc45); let mut x1501: u32 = 0; let mut x1502: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1501, &mut x1502, x1499, 0xffffffff); let mut x1503: u32 = 0; let mut x1504: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1503, &mut x1504, x1499, 0xffffffff); let mut x1505: u32 = 0; let mut x1506: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1505, &mut x1506, x1499, 0xffffffff); let mut x1507: u32 = 0; let mut x1508: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1507, &mut x1508, x1499, 0xffffffff); let mut x1509: u32 = 0; let mut x1510: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1509, &mut x1510, x1499, 0xffffffff); let mut x1511: u32 = 0; let mut x1512: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1511, &mut x1512, x1499, 0xffffffff); let mut x1513: u32 = 0; let mut x1514: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1513, &mut x1514, x1499, 0xc7634d81); let mut x1515: u32 = 0; let mut x1516: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1515, &mut x1516, x1499, 0xf4372ddf); let mut x1517: u32 = 0; let mut x1518: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1517, &mut x1518, x1499, 0x581a0db2); let mut x1519: u32 = 0; let mut x1520: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1519, &mut x1520, x1499, 0x48b0a77a); let mut x1521: u32 = 0; let mut x1522: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1521, &mut x1522, x1499, 0xecec196a); let mut x1523: u32 = 0; let mut x1524: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1523, &mut x1524, x1499, 0xccc52973); let mut x1525: u32 = 0; let mut x1526: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1525, &mut x1526, 0x0, x1524, x1521); let mut x1527: u32 = 0; let mut x1528: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1527, &mut x1528, x1526, x1522, x1519); let mut x1529: u32 = 0; let mut x1530: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1529, &mut x1530, x1528, x1520, x1517); let mut x1531: u32 = 0; let mut x1532: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1531, &mut x1532, x1530, x1518, x1515); let mut x1533: u32 = 0; let mut x1534: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1533, &mut x1534, x1532, x1516, x1513); let mut x1535: u32 = 0; let mut x1536: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1535, &mut x1536, x1534, x1514, x1511); let mut x1537: u32 = 0; let mut x1538: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1537, &mut x1538, x1536, x1512, x1509); let mut x1539: u32 = 0; let mut x1540: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1539, &mut x1540, x1538, x1510, x1507); let mut x1541: u32 = 0; let mut x1542: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1541, &mut x1542, x1540, x1508, x1505); let mut x1543: u32 = 0; let mut x1544: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1543, &mut x1544, x1542, x1506, x1503); let mut x1545: u32 = 0; let mut x1546: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1545, &mut x1546, x1544, x1504, x1501); let mut x1547: u32 = 0; let mut x1548: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1547, &mut x1548, 0x0, x1475, x1523); let mut x1549: u32 = 0; let mut x1550: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1549, &mut x1550, x1548, x1477, x1525); let mut x1551: u32 = 0; let mut x1552: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1551, &mut x1552, x1550, x1479, x1527); let mut x1553: u32 = 0; let mut x1554: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1553, &mut x1554, x1552, x1481, x1529); let mut x1555: u32 = 0; let mut x1556: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1555, &mut x1556, x1554, x1483, x1531); let mut x1557: u32 = 0; let mut x1558: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1557, &mut x1558, x1556, x1485, x1533); let mut x1559: u32 = 0; let mut x1560: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1559, &mut x1560, x1558, x1487, x1535); let mut x1561: u32 = 0; let mut x1562: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1561, &mut x1562, x1560, x1489, x1537); let mut x1563: u32 = 0; let mut x1564: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1563, &mut x1564, x1562, x1491, x1539); let mut x1565: u32 = 0; let mut x1566: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1565, &mut x1566, x1564, x1493, x1541); let mut x1567: u32 = 0; let mut x1568: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1567, &mut x1568, x1566, x1495, x1543); let mut x1569: u32 = 0; let mut x1570: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1569, &mut x1570, x1568, x1497, x1545); let mut x1571: u32 = 0; let mut x1572: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1571, &mut x1572, x1570, (((x1498 as u32) + (x1428 as u32)) + ((x1474 as u32) + x1430)), ((x1546 as u32) + x1502)); let mut x1573: u32 = 0; let mut x1574: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1573, &mut x1574, x11, 0xc84ee01); let mut x1575: u32 = 0; let mut x1576: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1575, &mut x1576, x11, 0x2b39bf21); let mut x1577: u32 = 0; let mut x1578: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1577, &mut x1578, x11, 0x3fb05b7a); let mut x1579: u32 = 0; let mut x1580: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1579, &mut x1580, x11, 0x28266895); let mut x1581: u32 = 0; let mut x1582: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1581, &mut x1582, x11, 0xd40d4917); let mut x1583: u32 = 0; let mut x1584: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1583, &mut x1584, x11, 0x4aab1cc5); let mut x1585: u32 = 0; let mut x1586: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1585, &mut x1586, x11, 0xbc3e483a); let mut x1587: u32 = 0; let mut x1588: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1587, &mut x1588, x11, 0xfcb82947); let mut x1589: u32 = 0; let mut x1590: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1589, &mut x1590, x11, 0xff3d81e5); let mut x1591: u32 = 0; let mut x1592: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1591, &mut x1592, x11, 0xdf1aa419); let mut x1593: u32 = 0; let mut x1594: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1593, &mut x1594, x11, 0x2d319b24); let mut x1595: u32 = 0; let mut x1596: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1595, &mut x1596, x11, 0x19b409a9); let mut x1597: u32 = 0; let mut x1598: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1597, &mut x1598, 0x0, x1596, x1593); let mut x1599: u32 = 0; let mut x1600: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1599, &mut x1600, x1598, x1594, x1591); let mut x1601: u32 = 0; let mut x1602: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1601, &mut x1602, x1600, x1592, x1589); let mut x1603: u32 = 0; let mut x1604: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1603, &mut x1604, x1602, x1590, x1587); let mut x1605: u32 = 0; let mut x1606: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1605, &mut x1606, x1604, x1588, x1585); let mut x1607: u32 = 0; let mut x1608: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1607, &mut x1608, x1606, x1586, x1583); let mut x1609: u32 = 0; let mut x1610: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1609, &mut x1610, x1608, x1584, x1581); let mut x1611: u32 = 0; let mut x1612: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1611, &mut x1612, x1610, x1582, x1579); let mut x1613: u32 = 0; let mut x1614: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1613, &mut x1614, x1612, x1580, x1577); let mut x1615: u32 = 0; let mut x1616: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1615, &mut x1616, x1614, x1578, x1575); let mut x1617: u32 = 0; let mut x1618: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1617, &mut x1618, x1616, x1576, x1573); let mut x1619: u32 = 0; let mut x1620: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1619, &mut x1620, 0x0, x1549, x1595); let mut x1621: u32 = 0; let mut x1622: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1621, &mut x1622, x1620, x1551, x1597); let mut x1623: u32 = 0; let mut x1624: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1623, &mut x1624, x1622, x1553, x1599); let mut x1625: u32 = 0; let mut x1626: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1625, &mut x1626, x1624, x1555, x1601); let mut x1627: u32 = 0; let mut x1628: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1627, &mut x1628, x1626, x1557, x1603); let mut x1629: u32 = 0; let mut x1630: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1629, &mut x1630, x1628, x1559, x1605); let mut x1631: u32 = 0; let mut x1632: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1631, &mut x1632, x1630, x1561, x1607); let mut x1633: u32 = 0; let mut x1634: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1633, &mut x1634, x1632, x1563, x1609); let mut x1635: u32 = 0; let mut x1636: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1635, &mut x1636, x1634, x1565, x1611); let mut x1637: u32 = 0; let mut x1638: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1637, &mut x1638, x1636, x1567, x1613); let mut x1639: u32 = 0; let mut x1640: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1639, &mut x1640, x1638, x1569, x1615); let mut x1641: u32 = 0; let mut x1642: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1641, &mut x1642, x1640, x1571, x1617); let mut x1643: u32 = 0; let mut x1644: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1643, &mut x1644, x1619, 0xe88fdc45); let mut x1645: u32 = 0; let mut x1646: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1645, &mut x1646, x1643, 0xffffffff); let mut x1647: u32 = 0; let mut x1648: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1647, &mut x1648, x1643, 0xffffffff); let mut x1649: u32 = 0; let mut x1650: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1649, &mut x1650, x1643, 0xffffffff); let mut x1651: u32 = 0; let mut x1652: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1651, &mut x1652, x1643, 0xffffffff); let mut x1653: u32 = 0; let mut x1654: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1653, &mut x1654, x1643, 0xffffffff); let mut x1655: u32 = 0; let mut x1656: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1655, &mut x1656, x1643, 0xffffffff); let mut x1657: u32 = 0; let mut x1658: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1657, &mut x1658, x1643, 0xc7634d81); let mut x1659: u32 = 0; let mut x1660: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1659, &mut x1660, x1643, 0xf4372ddf); let mut x1661: u32 = 0; let mut x1662: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1661, &mut x1662, x1643, 0x581a0db2); let mut x1663: u32 = 0; let mut x1664: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1663, &mut x1664, x1643, 0x48b0a77a); let mut x1665: u32 = 0; let mut x1666: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1665, &mut x1666, x1643, 0xecec196a); let mut x1667: u32 = 0; let mut x1668: u32 = 0; fiat_p384_scalar_mulx_u32(&mut x1667, &mut x1668, x1643, 0xccc52973); let mut x1669: u32 = 0; let mut x1670: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1669, &mut x1670, 0x0, x1668, x1665); let mut x1671: u32 = 0; let mut x1672: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1671, &mut x1672, x1670, x1666, x1663); let mut x1673: u32 = 0; let mut x1674: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1673, &mut x1674, x1672, x1664, x1661); let mut x1675: u32 = 0; let mut x1676: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1675, &mut x1676, x1674, x1662, x1659); let mut x1677: u32 = 0; let mut x1678: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1677, &mut x1678, x1676, x1660, x1657); let mut x1679: u32 = 0; let mut x1680: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1679, &mut x1680, x1678, x1658, x1655); let mut x1681: u32 = 0; let mut x1682: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1681, &mut x1682, x1680, x1656, x1653); let mut x1683: u32 = 0; let mut x1684: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1683, &mut x1684, x1682, x1654, x1651); let mut x1685: u32 = 0; let mut x1686: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1685, &mut x1686, x1684, x1652, x1649); let mut x1687: u32 = 0; let mut x1688: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1687, &mut x1688, x1686, x1650, x1647); let mut x1689: u32 = 0; let mut x1690: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1689, &mut x1690, x1688, x1648, x1645); let mut x1691: u32 = 0; let mut x1692: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1691, &mut x1692, 0x0, x1619, x1667); let mut x1693: u32 = 0; let mut x1694: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1693, &mut x1694, x1692, x1621, x1669); let mut x1695: u32 = 0; let mut x1696: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1695, &mut x1696, x1694, x1623, x1671); let mut x1697: u32 = 0; let mut x1698: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1697, &mut x1698, x1696, x1625, x1673); let mut x1699: u32 = 0; let mut x1700: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1699, &mut x1700, x1698, x1627, x1675); let mut x1701: u32 = 0; let mut x1702: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1701, &mut x1702, x1700, x1629, x1677); let mut x1703: u32 = 0; let mut x1704: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1703, &mut x1704, x1702, x1631, x1679); let mut x1705: u32 = 0; let mut x1706: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1705, &mut x1706, x1704, x1633, x1681); let mut x1707: u32 = 0; let mut x1708: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1707, &mut x1708, x1706, x1635, x1683); let mut x1709: u32 = 0; let mut x1710: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1709, &mut x1710, x1708, x1637, x1685); let mut x1711: u32 = 0; let mut x1712: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1711, &mut x1712, x1710, x1639, x1687); let mut x1713: u32 = 0; let mut x1714: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1713, &mut x1714, x1712, x1641, x1689); let mut x1715: u32 = 0; let mut x1716: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1715, &mut x1716, x1714, (((x1642 as u32) + (x1572 as u32)) + ((x1618 as u32) + x1574)), ((x1690 as u32) + x1646)); let mut x1717: u32 = 0; let mut x1718: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1717, &mut x1718, 0x0, x1693, 0xccc52973); let mut x1719: u32 = 0; let mut x1720: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1719, &mut x1720, x1718, x1695, 0xecec196a); let mut x1721: u32 = 0; let mut x1722: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1721, &mut x1722, x1720, x1697, 0x48b0a77a); let mut x1723: u32 = 0; let mut x1724: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1723, &mut x1724, x1722, x1699, 0x581a0db2); let mut x1725: u32 = 0; let mut x1726: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1725, &mut x1726, x1724, x1701, 0xf4372ddf); let mut x1727: u32 = 0; let mut x1728: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1727, &mut x1728, x1726, x1703, 0xc7634d81); let mut x1729: u32 = 0; let mut x1730: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1729, &mut x1730, x1728, x1705, 0xffffffff); let mut x1731: u32 = 0; let mut x1732: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1731, &mut x1732, x1730, x1707, 0xffffffff); let mut x1733: u32 = 0; let mut x1734: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1733, &mut x1734, x1732, x1709, 0xffffffff); let mut x1735: u32 = 0; let mut x1736: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1735, &mut x1736, x1734, x1711, 0xffffffff); let mut x1737: u32 = 0; let mut x1738: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1737, &mut x1738, x1736, x1713, 0xffffffff); let mut x1739: u32 = 0; let mut x1740: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1739, &mut x1740, x1738, x1715, 0xffffffff); let mut x1741: u32 = 0; let mut x1742: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x1741, &mut x1742, x1740, (x1716 as u32), (0x0 as u32)); let mut x1743: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1743, x1742, x1717, x1693); let mut x1744: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1744, x1742, x1719, x1695); let mut x1745: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1745, x1742, x1721, x1697); let mut x1746: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1746, x1742, x1723, x1699); let mut x1747: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1747, x1742, x1725, x1701); let mut x1748: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1748, x1742, x1727, x1703); let mut x1749: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1749, x1742, x1729, x1705); let mut x1750: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1750, x1742, x1731, x1707); let mut x1751: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1751, x1742, x1733, x1709); let mut x1752: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1752, x1742, x1735, x1711); let mut x1753: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1753, x1742, x1737, x1713); let mut x1754: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1754, x1742, x1739, x1715); out1[0] = x1743; out1[1] = x1744; out1[2] = x1745; out1[3] = x1746; out1[4] = x1747; out1[5] = x1748; out1[6] = x1749; out1[7] = x1750; out1[8] = x1751; out1[9] = x1752; out1[10] = x1753; out1[11] = x1754; } /// The function fiat_p384_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p384_scalar_nonzero(out1: &mut u32, arg1: &[u32; 12]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | ((arg1[8]) | ((arg1[9]) | ((arg1[10]) | (arg1[11])))))))))))); *out1 = x1; } /// The function fiat_p384_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_scalar_selectznz(out1: &mut [u32; 12], arg1: fiat_p384_scalar_u1, arg2: &[u32; 12], arg3: &[u32; 12]) { let mut x1: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x9, arg1, (arg2[8]), (arg3[8])); let mut x10: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x10, arg1, (arg2[9]), (arg3[9])); let mut x11: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x11, arg1, (arg2[10]), (arg3[10])); let mut x12: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x12, arg1, (arg2[11]), (arg3[11])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; } /// The function fiat_p384_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p384_scalar_to_bytes(out1: &mut [u8; 48], arg1: &[u32; 12]) { let x1: u32 = (arg1[11]); let x2: u32 = (arg1[10]); let x3: u32 = (arg1[9]); let x4: u32 = (arg1[8]); let x5: u32 = (arg1[7]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[5]); let x8: u32 = (arg1[4]); let x9: u32 = (arg1[3]); let x10: u32 = (arg1[2]); let x11: u32 = (arg1[1]); let x12: u32 = (arg1[0]); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u32 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u32)) as u8); let x16: u32 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x11 & (0xff as u32)) as u8); let x20: u32 = (x11 >> 8); let x21: u8 = ((x20 & (0xff as u32)) as u8); let x22: u32 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u8 = ((x22 >> 8) as u8); let x25: u8 = ((x10 & (0xff as u32)) as u8); let x26: u32 = (x10 >> 8); let x27: u8 = ((x26 & (0xff as u32)) as u8); let x28: u32 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u8 = ((x28 >> 8) as u8); let x31: u8 = ((x9 & (0xff as u32)) as u8); let x32: u32 = (x9 >> 8); let x33: u8 = ((x32 & (0xff as u32)) as u8); let x34: u32 = (x32 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u8 = ((x34 >> 8) as u8); let x37: u8 = ((x8 & (0xff as u32)) as u8); let x38: u32 = (x8 >> 8); let x39: u8 = ((x38 & (0xff as u32)) as u8); let x40: u32 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u8 = ((x40 >> 8) as u8); let x43: u8 = ((x7 & (0xff as u32)) as u8); let x44: u32 = (x7 >> 8); let x45: u8 = ((x44 & (0xff as u32)) as u8); let x46: u32 = (x44 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u8 = ((x46 >> 8) as u8); let x49: u8 = ((x6 & (0xff as u32)) as u8); let x50: u32 = (x6 >> 8); let x51: u8 = ((x50 & (0xff as u32)) as u8); let x52: u32 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u8 = ((x52 >> 8) as u8); let x55: u8 = ((x5 & (0xff as u32)) as u8); let x56: u32 = (x5 >> 8); let x57: u8 = ((x56 & (0xff as u32)) as u8); let x58: u32 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u32)) as u8); let x60: u8 = ((x58 >> 8) as u8); let x61: u8 = ((x4 & (0xff as u32)) as u8); let x62: u32 = (x4 >> 8); let x63: u8 = ((x62 & (0xff as u32)) as u8); let x64: u32 = (x62 >> 8); let x65: u8 = ((x64 & (0xff as u32)) as u8); let x66: u8 = ((x64 >> 8) as u8); let x67: u8 = ((x3 & (0xff as u32)) as u8); let x68: u32 = (x3 >> 8); let x69: u8 = ((x68 & (0xff as u32)) as u8); let x70: u32 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u32)) as u8); let x72: u8 = ((x70 >> 8) as u8); let x73: u8 = ((x2 & (0xff as u32)) as u8); let x74: u32 = (x2 >> 8); let x75: u8 = ((x74 & (0xff as u32)) as u8); let x76: u32 = (x74 >> 8); let x77: u8 = ((x76 & (0xff as u32)) as u8); let x78: u8 = ((x76 >> 8) as u8); let x79: u8 = ((x1 & (0xff as u32)) as u8); let x80: u32 = (x1 >> 8); let x81: u8 = ((x80 & (0xff as u32)) as u8); let x82: u32 = (x80 >> 8); let x83: u8 = ((x82 & (0xff as u32)) as u8); let x84: u8 = ((x82 >> 8) as u8); out1[0] = x13; out1[1] = x15; out1[2] = x17; out1[3] = x18; out1[4] = x19; out1[5] = x21; out1[6] = x23; out1[7] = x24; out1[8] = x25; out1[9] = x27; out1[10] = x29; out1[11] = x30; out1[12] = x31; out1[13] = x33; out1[14] = x35; out1[15] = x36; out1[16] = x37; out1[17] = x39; out1[18] = x41; out1[19] = x42; out1[20] = x43; out1[21] = x45; out1[22] = x47; out1[23] = x48; out1[24] = x49; out1[25] = x51; out1[26] = x53; out1[27] = x54; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; out1[32] = x61; out1[33] = x63; out1[34] = x65; out1[35] = x66; out1[36] = x67; out1[37] = x69; out1[38] = x71; out1[39] = x72; out1[40] = x73; out1[41] = x75; out1[42] = x77; out1[43] = x78; out1[44] = x79; out1[45] = x81; out1[46] = x83; out1[47] = x84; } /// The function fiat_p384_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_scalar_from_bytes(out1: &mut [u32; 12], arg1: &[u8; 48]) { let x1: u32 = (((arg1[47]) as u32) << 24); let x2: u32 = (((arg1[46]) as u32) << 16); let x3: u32 = (((arg1[45]) as u32) << 8); let x4: u8 = (arg1[44]); let x5: u32 = (((arg1[43]) as u32) << 24); let x6: u32 = (((arg1[42]) as u32) << 16); let x7: u32 = (((arg1[41]) as u32) << 8); let x8: u8 = (arg1[40]); let x9: u32 = (((arg1[39]) as u32) << 24); let x10: u32 = (((arg1[38]) as u32) << 16); let x11: u32 = (((arg1[37]) as u32) << 8); let x12: u8 = (arg1[36]); let x13: u32 = (((arg1[35]) as u32) << 24); let x14: u32 = (((arg1[34]) as u32) << 16); let x15: u32 = (((arg1[33]) as u32) << 8); let x16: u8 = (arg1[32]); let x17: u32 = (((arg1[31]) as u32) << 24); let x18: u32 = (((arg1[30]) as u32) << 16); let x19: u32 = (((arg1[29]) as u32) << 8); let x20: u8 = (arg1[28]); let x21: u32 = (((arg1[27]) as u32) << 24); let x22: u32 = (((arg1[26]) as u32) << 16); let x23: u32 = (((arg1[25]) as u32) << 8); let x24: u8 = (arg1[24]); let x25: u32 = (((arg1[23]) as u32) << 24); let x26: u32 = (((arg1[22]) as u32) << 16); let x27: u32 = (((arg1[21]) as u32) << 8); let x28: u8 = (arg1[20]); let x29: u32 = (((arg1[19]) as u32) << 24); let x30: u32 = (((arg1[18]) as u32) << 16); let x31: u32 = (((arg1[17]) as u32) << 8); let x32: u8 = (arg1[16]); let x33: u32 = (((arg1[15]) as u32) << 24); let x34: u32 = (((arg1[14]) as u32) << 16); let x35: u32 = (((arg1[13]) as u32) << 8); let x36: u8 = (arg1[12]); let x37: u32 = (((arg1[11]) as u32) << 24); let x38: u32 = (((arg1[10]) as u32) << 16); let x39: u32 = (((arg1[9]) as u32) << 8); let x40: u8 = (arg1[8]); let x41: u32 = (((arg1[7]) as u32) << 24); let x42: u32 = (((arg1[6]) as u32) << 16); let x43: u32 = (((arg1[5]) as u32) << 8); let x44: u8 = (arg1[4]); let x45: u32 = (((arg1[3]) as u32) << 24); let x46: u32 = (((arg1[2]) as u32) << 16); let x47: u32 = (((arg1[1]) as u32) << 8); let x48: u8 = (arg1[0]); let x49: u32 = (x47 + (x48 as u32)); let x50: u32 = (x46 + x49); let x51: u32 = (x45 + x50); let x52: u32 = (x43 + (x44 as u32)); let x53: u32 = (x42 + x52); let x54: u32 = (x41 + x53); let x55: u32 = (x39 + (x40 as u32)); let x56: u32 = (x38 + x55); let x57: u32 = (x37 + x56); let x58: u32 = (x35 + (x36 as u32)); let x59: u32 = (x34 + x58); let x60: u32 = (x33 + x59); let x61: u32 = (x31 + (x32 as u32)); let x62: u32 = (x30 + x61); let x63: u32 = (x29 + x62); let x64: u32 = (x27 + (x28 as u32)); let x65: u32 = (x26 + x64); let x66: u32 = (x25 + x65); let x67: u32 = (x23 + (x24 as u32)); let x68: u32 = (x22 + x67); let x69: u32 = (x21 + x68); let x70: u32 = (x19 + (x20 as u32)); let x71: u32 = (x18 + x70); let x72: u32 = (x17 + x71); let x73: u32 = (x15 + (x16 as u32)); let x74: u32 = (x14 + x73); let x75: u32 = (x13 + x74); let x76: u32 = (x11 + (x12 as u32)); let x77: u32 = (x10 + x76); let x78: u32 = (x9 + x77); let x79: u32 = (x7 + (x8 as u32)); let x80: u32 = (x6 + x79); let x81: u32 = (x5 + x80); let x82: u32 = (x3 + (x4 as u32)); let x83: u32 = (x2 + x82); let x84: u32 = (x1 + x83); out1[0] = x51; out1[1] = x54; out1[2] = x57; out1[3] = x60; out1[4] = x63; out1[5] = x66; out1[6] = x69; out1[7] = x72; out1[8] = x75; out1[9] = x78; out1[10] = x81; out1[11] = x84; } /// The function fiat_p384_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_set_one(out1: &mut fiat_p384_scalar_montgomery_domain_field_element) { out1[0] = 0x333ad68d; out1[1] = 0x1313e695; out1[2] = 0xb74f5885; out1[3] = 0xa7e5f24d; out1[4] = 0xbc8d220; out1[5] = 0x389cb27e; out1[6] = (0x0 as u32); out1[7] = (0x0 as u32); out1[8] = (0x0 as u32); out1[9] = (0x0 as u32); out1[10] = (0x0 as u32); out1[11] = (0x0 as u32); } /// The function fiat_p384_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_scalar_msat(out1: &mut [u32; 13]) { out1[0] = 0xccc52973; out1[1] = 0xecec196a; out1[2] = 0x48b0a77a; out1[3] = 0x581a0db2; out1[4] = 0xf4372ddf; out1[5] = 0xc7634d81; out1[6] = 0xffffffff; out1[7] = 0xffffffff; out1[8] = 0xffffffff; out1[9] = 0xffffffff; out1[10] = 0xffffffff; out1[11] = 0xffffffff; out1[12] = (0x0 as u32); } /// The function fiat_p384_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_scalar_divstep(out1: &mut u32, out2: &mut [u32; 13], out3: &mut [u32; 13], out4: &mut [u32; 12], out5: &mut [u32; 12], arg1: u32, arg2: &[u32; 13], arg3: &[u32; 13], arg4: &[u32; 12], arg5: &[u32; 12]) { let mut x1: u32 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_p384_scalar_u1 = (((x1 >> 31) as fiat_p384_scalar_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_p384_scalar_u1)); let mut x4: u32 = 0; let mut x5: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x16, x3, (arg2[9]), (arg3[9])); let mut x17: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x17, x3, (arg2[10]), (arg3[10])); let mut x18: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x18, x3, (arg2[11]), (arg3[11])); let mut x19: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x19, x3, (arg2[12]), (arg3[12])); let mut x20: u32 = 0; let mut x21: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x20, &mut x21, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x22: u32 = 0; let mut x23: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[1]))); let mut x24: u32 = 0; let mut x25: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[2]))); let mut x26: u32 = 0; let mut x27: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[3]))); let mut x28: u32 = 0; let mut x29: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[4]))); let mut x30: u32 = 0; let mut x31: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[5]))); let mut x32: u32 = 0; let mut x33: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[6]))); let mut x34: u32 = 0; let mut x35: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x34, &mut x35, x33, (0x0 as u32), (!(arg2[7]))); let mut x36: u32 = 0; let mut x37: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x36, &mut x37, x35, (0x0 as u32), (!(arg2[8]))); let mut x38: u32 = 0; let mut x39: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x38, &mut x39, x37, (0x0 as u32), (!(arg2[9]))); let mut x40: u32 = 0; let mut x41: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x40, &mut x41, x39, (0x0 as u32), (!(arg2[10]))); let mut x42: u32 = 0; let mut x43: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), (!(arg2[11]))); let mut x44: u32 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x44, &mut x45, x43, (0x0 as u32), (!(arg2[12]))); let mut x46: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x46, x3, (arg3[0]), x20); let mut x47: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x47, x3, (arg3[1]), x22); let mut x48: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x48, x3, (arg3[2]), x24); let mut x49: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x49, x3, (arg3[3]), x26); let mut x50: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x50, x3, (arg3[4]), x28); let mut x51: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x51, x3, (arg3[5]), x30); let mut x52: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x52, x3, (arg3[6]), x32); let mut x53: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x53, x3, (arg3[7]), x34); let mut x54: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x54, x3, (arg3[8]), x36); let mut x55: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x55, x3, (arg3[9]), x38); let mut x56: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x56, x3, (arg3[10]), x40); let mut x57: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x57, x3, (arg3[11]), x42); let mut x58: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x58, x3, (arg3[12]), x44); let mut x59: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x59, x3, (arg4[0]), (arg5[0])); let mut x60: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x60, x3, (arg4[1]), (arg5[1])); let mut x61: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x61, x3, (arg4[2]), (arg5[2])); let mut x62: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x62, x3, (arg4[3]), (arg5[3])); let mut x63: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x63, x3, (arg4[4]), (arg5[4])); let mut x64: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x64, x3, (arg4[5]), (arg5[5])); let mut x65: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x65, x3, (arg4[6]), (arg5[6])); let mut x66: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x66, x3, (arg4[7]), (arg5[7])); let mut x67: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x67, x3, (arg4[8]), (arg5[8])); let mut x68: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x68, x3, (arg4[9]), (arg5[9])); let mut x69: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x69, x3, (arg4[10]), (arg5[10])); let mut x70: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x70, x3, (arg4[11]), (arg5[11])); let mut x71: u32 = 0; let mut x72: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x71, &mut x72, 0x0, x59, x59); let mut x73: u32 = 0; let mut x74: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x60, x60); let mut x75: u32 = 0; let mut x76: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x61, x61); let mut x77: u32 = 0; let mut x78: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x62, x62); let mut x79: u32 = 0; let mut x80: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x63, x63); let mut x81: u32 = 0; let mut x82: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x64, x64); let mut x83: u32 = 0; let mut x84: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x65, x65); let mut x85: u32 = 0; let mut x86: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x85, &mut x86, x84, x66, x66); let mut x87: u32 = 0; let mut x88: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x87, &mut x88, x86, x67, x67); let mut x89: u32 = 0; let mut x90: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x89, &mut x90, x88, x68, x68); let mut x91: u32 = 0; let mut x92: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x91, &mut x92, x90, x69, x69); let mut x93: u32 = 0; let mut x94: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x93, &mut x94, x92, x70, x70); let mut x95: u32 = 0; let mut x96: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x95, &mut x96, 0x0, x71, 0xccc52973); let mut x97: u32 = 0; let mut x98: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x97, &mut x98, x96, x73, 0xecec196a); let mut x99: u32 = 0; let mut x100: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x99, &mut x100, x98, x75, 0x48b0a77a); let mut x101: u32 = 0; let mut x102: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x101, &mut x102, x100, x77, 0x581a0db2); let mut x103: u32 = 0; let mut x104: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x103, &mut x104, x102, x79, 0xf4372ddf); let mut x105: u32 = 0; let mut x106: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x105, &mut x106, x104, x81, 0xc7634d81); let mut x107: u32 = 0; let mut x108: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x107, &mut x108, x106, x83, 0xffffffff); let mut x109: u32 = 0; let mut x110: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x109, &mut x110, x108, x85, 0xffffffff); let mut x111: u32 = 0; let mut x112: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x111, &mut x112, x110, x87, 0xffffffff); let mut x113: u32 = 0; let mut x114: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x113, &mut x114, x112, x89, 0xffffffff); let mut x115: u32 = 0; let mut x116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x115, &mut x116, x114, x91, 0xffffffff); let mut x117: u32 = 0; let mut x118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x117, &mut x118, x116, x93, 0xffffffff); let mut x119: u32 = 0; let mut x120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x119, &mut x120, x118, (x94 as u32), (0x0 as u32)); let x121: u32 = (arg4[11]); let x122: u32 = (arg4[10]); let x123: u32 = (arg4[9]); let x124: u32 = (arg4[8]); let x125: u32 = (arg4[7]); let x126: u32 = (arg4[6]); let x127: u32 = (arg4[5]); let x128: u32 = (arg4[4]); let x129: u32 = (arg4[3]); let x130: u32 = (arg4[2]); let x131: u32 = (arg4[1]); let x132: u32 = (arg4[0]); let mut x133: u32 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x133, &mut x134, 0x0, (0x0 as u32), x132); let mut x135: u32 = 0; let mut x136: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x135, &mut x136, x134, (0x0 as u32), x131); let mut x137: u32 = 0; let mut x138: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x137, &mut x138, x136, (0x0 as u32), x130); let mut x139: u32 = 0; let mut x140: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x139, &mut x140, x138, (0x0 as u32), x129); let mut x141: u32 = 0; let mut x142: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x141, &mut x142, x140, (0x0 as u32), x128); let mut x143: u32 = 0; let mut x144: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x143, &mut x144, x142, (0x0 as u32), x127); let mut x145: u32 = 0; let mut x146: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x145, &mut x146, x144, (0x0 as u32), x126); let mut x147: u32 = 0; let mut x148: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x147, &mut x148, x146, (0x0 as u32), x125); let mut x149: u32 = 0; let mut x150: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x149, &mut x150, x148, (0x0 as u32), x124); let mut x151: u32 = 0; let mut x152: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x151, &mut x152, x150, (0x0 as u32), x123); let mut x153: u32 = 0; let mut x154: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x153, &mut x154, x152, (0x0 as u32), x122); let mut x155: u32 = 0; let mut x156: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x155, &mut x156, x154, (0x0 as u32), x121); let mut x157: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x157, x156, (0x0 as u32), 0xffffffff); let mut x158: u32 = 0; let mut x159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x158, &mut x159, 0x0, x133, (x157 & 0xccc52973)); let mut x160: u32 = 0; let mut x161: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x135, (x157 & 0xecec196a)); let mut x162: u32 = 0; let mut x163: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x162, &mut x163, x161, x137, (x157 & 0x48b0a77a)); let mut x164: u32 = 0; let mut x165: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x139, (x157 & 0x581a0db2)); let mut x166: u32 = 0; let mut x167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x141, (x157 & 0xf4372ddf)); let mut x168: u32 = 0; let mut x169: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x143, (x157 & 0xc7634d81)); let mut x170: u32 = 0; let mut x171: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x145, x157); let mut x172: u32 = 0; let mut x173: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x147, x157); let mut x174: u32 = 0; let mut x175: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x149, x157); let mut x176: u32 = 0; let mut x177: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x151, x157); let mut x178: u32 = 0; let mut x179: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x153, x157); let mut x180: u32 = 0; let mut x181: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x155, x157); let mut x182: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x182, x3, (arg5[0]), x158); let mut x183: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x183, x3, (arg5[1]), x160); let mut x184: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x184, x3, (arg5[2]), x162); let mut x185: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x185, x3, (arg5[3]), x164); let mut x186: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x186, x3, (arg5[4]), x166); let mut x187: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x187, x3, (arg5[5]), x168); let mut x188: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x188, x3, (arg5[6]), x170); let mut x189: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x189, x3, (arg5[7]), x172); let mut x190: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x190, x3, (arg5[8]), x174); let mut x191: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x191, x3, (arg5[9]), x176); let mut x192: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x192, x3, (arg5[10]), x178); let mut x193: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x193, x3, (arg5[11]), x180); let x194: fiat_p384_scalar_u1 = ((x46 & (0x1 as u32)) as fiat_p384_scalar_u1); let mut x195: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x195, x194, (0x0 as u32), x7); let mut x196: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x196, x194, (0x0 as u32), x8); let mut x197: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x197, x194, (0x0 as u32), x9); let mut x198: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x198, x194, (0x0 as u32), x10); let mut x199: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x199, x194, (0x0 as u32), x11); let mut x200: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x200, x194, (0x0 as u32), x12); let mut x201: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x201, x194, (0x0 as u32), x13); let mut x202: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x202, x194, (0x0 as u32), x14); let mut x203: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x203, x194, (0x0 as u32), x15); let mut x204: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x204, x194, (0x0 as u32), x16); let mut x205: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x205, x194, (0x0 as u32), x17); let mut x206: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x206, x194, (0x0 as u32), x18); let mut x207: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x207, x194, (0x0 as u32), x19); let mut x208: u32 = 0; let mut x209: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x208, &mut x209, 0x0, x46, x195); let mut x210: u32 = 0; let mut x211: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x210, &mut x211, x209, x47, x196); let mut x212: u32 = 0; let mut x213: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x212, &mut x213, x211, x48, x197); let mut x214: u32 = 0; let mut x215: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x214, &mut x215, x213, x49, x198); let mut x216: u32 = 0; let mut x217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x216, &mut x217, x215, x50, x199); let mut x218: u32 = 0; let mut x219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x218, &mut x219, x217, x51, x200); let mut x220: u32 = 0; let mut x221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x52, x201); let mut x222: u32 = 0; let mut x223: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x222, &mut x223, x221, x53, x202); let mut x224: u32 = 0; let mut x225: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x224, &mut x225, x223, x54, x203); let mut x226: u32 = 0; let mut x227: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x226, &mut x227, x225, x55, x204); let mut x228: u32 = 0; let mut x229: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x228, &mut x229, x227, x56, x205); let mut x230: u32 = 0; let mut x231: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x230, &mut x231, x229, x57, x206); let mut x232: u32 = 0; let mut x233: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x232, &mut x233, x231, x58, x207); let mut x234: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x234, x194, (0x0 as u32), x59); let mut x235: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x235, x194, (0x0 as u32), x60); let mut x236: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x236, x194, (0x0 as u32), x61); let mut x237: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x237, x194, (0x0 as u32), x62); let mut x238: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x238, x194, (0x0 as u32), x63); let mut x239: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x239, x194, (0x0 as u32), x64); let mut x240: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x240, x194, (0x0 as u32), x65); let mut x241: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x241, x194, (0x0 as u32), x66); let mut x242: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x242, x194, (0x0 as u32), x67); let mut x243: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x243, x194, (0x0 as u32), x68); let mut x244: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x244, x194, (0x0 as u32), x69); let mut x245: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x245, x194, (0x0 as u32), x70); let mut x246: u32 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x246, &mut x247, 0x0, x182, x234); let mut x248: u32 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x248, &mut x249, x247, x183, x235); let mut x250: u32 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x250, &mut x251, x249, x184, x236); let mut x252: u32 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x252, &mut x253, x251, x185, x237); let mut x254: u32 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x254, &mut x255, x253, x186, x238); let mut x256: u32 = 0; let mut x257: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x256, &mut x257, x255, x187, x239); let mut x258: u32 = 0; let mut x259: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x188, x240); let mut x260: u32 = 0; let mut x261: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x189, x241); let mut x262: u32 = 0; let mut x263: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x190, x242); let mut x264: u32 = 0; let mut x265: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x191, x243); let mut x266: u32 = 0; let mut x267: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x266, &mut x267, x265, x192, x244); let mut x268: u32 = 0; let mut x269: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x268, &mut x269, x267, x193, x245); let mut x270: u32 = 0; let mut x271: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x270, &mut x271, 0x0, x246, 0xccc52973); let mut x272: u32 = 0; let mut x273: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x272, &mut x273, x271, x248, 0xecec196a); let mut x274: u32 = 0; let mut x275: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x274, &mut x275, x273, x250, 0x48b0a77a); let mut x276: u32 = 0; let mut x277: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x276, &mut x277, x275, x252, 0x581a0db2); let mut x278: u32 = 0; let mut x279: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x278, &mut x279, x277, x254, 0xf4372ddf); let mut x280: u32 = 0; let mut x281: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x280, &mut x281, x279, x256, 0xc7634d81); let mut x282: u32 = 0; let mut x283: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x282, &mut x283, x281, x258, 0xffffffff); let mut x284: u32 = 0; let mut x285: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x284, &mut x285, x283, x260, 0xffffffff); let mut x286: u32 = 0; let mut x287: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x286, &mut x287, x285, x262, 0xffffffff); let mut x288: u32 = 0; let mut x289: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x288, &mut x289, x287, x264, 0xffffffff); let mut x290: u32 = 0; let mut x291: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x290, &mut x291, x289, x266, 0xffffffff); let mut x292: u32 = 0; let mut x293: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x292, &mut x293, x291, x268, 0xffffffff); let mut x294: u32 = 0; let mut x295: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u32(&mut x294, &mut x295, x293, (x269 as u32), (0x0 as u32)); let mut x296: u32 = 0; let mut x297: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u32(&mut x296, &mut x297, 0x0, x6, (0x1 as u32)); let x298: u32 = ((x208 >> 1) | ((x210 << 31) & 0xffffffff)); let x299: u32 = ((x210 >> 1) | ((x212 << 31) & 0xffffffff)); let x300: u32 = ((x212 >> 1) | ((x214 << 31) & 0xffffffff)); let x301: u32 = ((x214 >> 1) | ((x216 << 31) & 0xffffffff)); let x302: u32 = ((x216 >> 1) | ((x218 << 31) & 0xffffffff)); let x303: u32 = ((x218 >> 1) | ((x220 << 31) & 0xffffffff)); let x304: u32 = ((x220 >> 1) | ((x222 << 31) & 0xffffffff)); let x305: u32 = ((x222 >> 1) | ((x224 << 31) & 0xffffffff)); let x306: u32 = ((x224 >> 1) | ((x226 << 31) & 0xffffffff)); let x307: u32 = ((x226 >> 1) | ((x228 << 31) & 0xffffffff)); let x308: u32 = ((x228 >> 1) | ((x230 << 31) & 0xffffffff)); let x309: u32 = ((x230 >> 1) | ((x232 << 31) & 0xffffffff)); let x310: u32 = ((x232 & 0x80000000) | (x232 >> 1)); let mut x311: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x311, x120, x95, x71); let mut x312: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x312, x120, x97, x73); let mut x313: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x313, x120, x99, x75); let mut x314: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x314, x120, x101, x77); let mut x315: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x315, x120, x103, x79); let mut x316: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x316, x120, x105, x81); let mut x317: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x317, x120, x107, x83); let mut x318: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x318, x120, x109, x85); let mut x319: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x319, x120, x111, x87); let mut x320: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x320, x120, x113, x89); let mut x321: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x321, x120, x115, x91); let mut x322: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x322, x120, x117, x93); let mut x323: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x323, x295, x270, x246); let mut x324: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x324, x295, x272, x248); let mut x325: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x325, x295, x274, x250); let mut x326: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x326, x295, x276, x252); let mut x327: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x327, x295, x278, x254); let mut x328: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x328, x295, x280, x256); let mut x329: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x329, x295, x282, x258); let mut x330: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x330, x295, x284, x260); let mut x331: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x331, x295, x286, x262); let mut x332: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x332, x295, x288, x264); let mut x333: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x333, x295, x290, x266); let mut x334: u32 = 0; fiat_p384_scalar_cmovznz_u32(&mut x334, x295, x292, x268); *out1 = x296; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out2[9] = x16; out2[10] = x17; out2[11] = x18; out2[12] = x19; out3[0] = x298; out3[1] = x299; out3[2] = x300; out3[3] = x301; out3[4] = x302; out3[5] = x303; out3[6] = x304; out3[7] = x305; out3[8] = x306; out3[9] = x307; out3[10] = x308; out3[11] = x309; out3[12] = x310; out4[0] = x311; out4[1] = x312; out4[2] = x313; out4[3] = x314; out4[4] = x315; out4[5] = x316; out4[6] = x317; out4[7] = x318; out4[8] = x319; out4[9] = x320; out4[10] = x321; out4[11] = x322; out5[0] = x323; out5[1] = x324; out5[2] = x325; out5[3] = x326; out5[4] = x327; out5[5] = x328; out5[6] = x329; out5[7] = x330; out5[8] = x331; out5[9] = x332; out5[10] = x333; out5[11] = x334; } /// The function fiat_p384_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p384_scalar_divstep_precomp(out1: &mut [u32; 12]) { out1[0] = 0xe6045b6a; out1[1] = 0x49589ae0; out1[2] = 0x870040ed; out1[3] = 0x3c9a5352; out1[4] = 0x977dc242; out1[5] = 0xdacb097e; out1[6] = 0xd1ecbe36; out1[7] = 0xb5ab30a6; out1[8] = 0x1f959973; out1[9] = 0x97d7a108; out1[10] = 0xd27192bc; out1[11] = 0x2ba012f8; } fiat-crypto-0.2.2/src/p384_scalar_64.rs000064400000000000000000004754061046102023000155770ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p384_scalar 64 '2^384 - 1388124618062372383947042015309946732620727252194336364173' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p384_scalar //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 (from "2^384 - 1388124618062372383947042015309946732620727252194336364173") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in //! if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p384_scalar_u1 = u8; pub type fiat_p384_scalar_i1 = i8; pub type fiat_p384_scalar_u2 = u8; pub type fiat_p384_scalar_i2 = i8; /** The type fiat_p384_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_scalar_montgomery_domain_field_element(pub [u64; 6]); impl core::ops::Index for fiat_p384_scalar_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p384_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p384_scalar_non_montgomery_domain_field_element(pub [u64; 6]); impl core::ops::Index for fiat_p384_scalar_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p384_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p384_scalar_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_scalar_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p384_scalar_u1, arg1: fiat_p384_scalar_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p384_scalar_u1 = ((x1 >> 64) as fiat_p384_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p384_scalar_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p384_scalar_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p384_scalar_u1, arg1: fiat_p384_scalar_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p384_scalar_i1 = ((x1 >> 64) as fiat_p384_scalar_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p384_scalar_i2) - (x2 as fiat_p384_scalar_i2)) as fiat_p384_scalar_u1); } /// The function fiat_p384_scalar_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_scalar_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p384_scalar_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_scalar_cmovznz_u64(out1: &mut u64, arg1: fiat_p384_scalar_u1, arg2: u64, arg3: u64) { let x1: fiat_p384_scalar_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p384_scalar_i2) - (x1 as fiat_p384_scalar_i2)) as fiat_p384_scalar_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p384_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_mul(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x7, &mut x8, x6, (arg2[5])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x9, &mut x10, x6, (arg2[4])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x11, &mut x12, x6, (arg2[3])); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x13, &mut x14, x6, (arg2[2])); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x15, &mut x16, x6, (arg2[1])); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x17, &mut x18, x6, (arg2[0])); let mut x19: u64 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x25, &mut x26, x24, x12, x9); let mut x27: u64 = 0; let mut x28: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x27, &mut x28, x26, x10, x7); let x29: u64 = ((x28 as u64) + x8); let mut x30: u64 = 0; let mut x31: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x30, &mut x31, x17, 0x6ed46089e88fdc45); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x32, &mut x33, x30, 0xffffffffffffffff); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x34, &mut x35, x30, 0xffffffffffffffff); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x36, &mut x37, x30, 0xffffffffffffffff); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x38, &mut x39, x30, 0xc7634d81f4372ddf); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x40, &mut x41, x30, 0x581a0db248b0a77a); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x42, &mut x43, x30, 0xecec196accc52973); let mut x44: u64 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x44, &mut x45, 0x0, x43, x40); let mut x46: u64 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x46, &mut x47, x45, x41, x38); let mut x48: u64 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x48, &mut x49, x47, x39, x36); let mut x50: u64 = 0; let mut x51: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x50, &mut x51, x49, x37, x34); let mut x52: u64 = 0; let mut x53: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x52, &mut x53, x51, x35, x32); let x54: u64 = ((x53 as u64) + x33); let mut x55: u64 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x17, x42); let mut x57: u64 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x19, x44); let mut x59: u64 = 0; let mut x60: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x21, x46); let mut x61: u64 = 0; let mut x62: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x61, &mut x62, x60, x23, x48); let mut x63: u64 = 0; let mut x64: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x63, &mut x64, x62, x25, x50); let mut x65: u64 = 0; let mut x66: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x65, &mut x66, x64, x27, x52); let mut x67: u64 = 0; let mut x68: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x67, &mut x68, x66, x29, x54); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x69, &mut x70, x1, (arg2[5])); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x71, &mut x72, x1, (arg2[4])); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x73, &mut x74, x1, (arg2[3])); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x75, &mut x76, x1, (arg2[2])); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x77, &mut x78, x1, (arg2[1])); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x79, &mut x80, x1, (arg2[0])); let mut x81: u64 = 0; let mut x82: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x81, &mut x82, 0x0, x80, x77); let mut x83: u64 = 0; let mut x84: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x83, &mut x84, x82, x78, x75); let mut x85: u64 = 0; let mut x86: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x76, x73); let mut x87: u64 = 0; let mut x88: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x74, x71); let mut x89: u64 = 0; let mut x90: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x89, &mut x90, x88, x72, x69); let x91: u64 = ((x90 as u64) + x70); let mut x92: u64 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x92, &mut x93, 0x0, x57, x79); let mut x94: u64 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x94, &mut x95, x93, x59, x81); let mut x96: u64 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x61, x83); let mut x98: u64 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x63, x85); let mut x100: u64 = 0; let mut x101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x65, x87); let mut x102: u64 = 0; let mut x103: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x102, &mut x103, x101, x67, x89); let mut x104: u64 = 0; let mut x105: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x104, &mut x105, x103, (x68 as u64), x91); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x106, &mut x107, x92, 0x6ed46089e88fdc45); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x108, &mut x109, x106, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x110, &mut x111, x106, 0xffffffffffffffff); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x112, &mut x113, x106, 0xffffffffffffffff); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x114, &mut x115, x106, 0xc7634d81f4372ddf); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x116, &mut x117, x106, 0x581a0db248b0a77a); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x118, &mut x119, x106, 0xecec196accc52973); let mut x120: u64 = 0; let mut x121: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u64 = 0; let mut x123: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x122, &mut x123, x121, x117, x114); let mut x124: u64 = 0; let mut x125: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x124, &mut x125, x123, x115, x112); let mut x126: u64 = 0; let mut x127: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x126, &mut x127, x125, x113, x110); let mut x128: u64 = 0; let mut x129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x128, &mut x129, x127, x111, x108); let x130: u64 = ((x129 as u64) + x109); let mut x131: u64 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x131, &mut x132, 0x0, x92, x118); let mut x133: u64 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x94, x120); let mut x135: u64 = 0; let mut x136: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x96, x122); let mut x137: u64 = 0; let mut x138: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x98, x124); let mut x139: u64 = 0; let mut x140: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x100, x126); let mut x141: u64 = 0; let mut x142: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x141, &mut x142, x140, x102, x128); let mut x143: u64 = 0; let mut x144: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x143, &mut x144, x142, x104, x130); let x145: u64 = ((x144 as u64) + (x105 as u64)); let mut x146: u64 = 0; let mut x147: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x146, &mut x147, x2, (arg2[5])); let mut x148: u64 = 0; let mut x149: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x148, &mut x149, x2, (arg2[4])); let mut x150: u64 = 0; let mut x151: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x150, &mut x151, x2, (arg2[3])); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x152, &mut x153, x2, (arg2[2])); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x154, &mut x155, x2, (arg2[1])); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x156, &mut x157, x2, (arg2[0])); let mut x158: u64 = 0; let mut x159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u64 = 0; let mut x161: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x160, &mut x161, x159, x155, x152); let mut x162: u64 = 0; let mut x163: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x162, &mut x163, x161, x153, x150); let mut x164: u64 = 0; let mut x165: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x164, &mut x165, x163, x151, x148); let mut x166: u64 = 0; let mut x167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x166, &mut x167, x165, x149, x146); let x168: u64 = ((x167 as u64) + x147); let mut x169: u64 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x169, &mut x170, 0x0, x133, x156); let mut x171: u64 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x171, &mut x172, x170, x135, x158); let mut x173: u64 = 0; let mut x174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x173, &mut x174, x172, x137, x160); let mut x175: u64 = 0; let mut x176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x139, x162); let mut x177: u64 = 0; let mut x178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x141, x164); let mut x179: u64 = 0; let mut x180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x179, &mut x180, x178, x143, x166); let mut x181: u64 = 0; let mut x182: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x181, &mut x182, x180, x145, x168); let mut x183: u64 = 0; let mut x184: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x183, &mut x184, x169, 0x6ed46089e88fdc45); let mut x185: u64 = 0; let mut x186: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x185, &mut x186, x183, 0xffffffffffffffff); let mut x187: u64 = 0; let mut x188: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x187, &mut x188, x183, 0xffffffffffffffff); let mut x189: u64 = 0; let mut x190: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x189, &mut x190, x183, 0xffffffffffffffff); let mut x191: u64 = 0; let mut x192: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x191, &mut x192, x183, 0xc7634d81f4372ddf); let mut x193: u64 = 0; let mut x194: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x193, &mut x194, x183, 0x581a0db248b0a77a); let mut x195: u64 = 0; let mut x196: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x195, &mut x196, x183, 0xecec196accc52973); let mut x197: u64 = 0; let mut x198: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x197, &mut x198, 0x0, x196, x193); let mut x199: u64 = 0; let mut x200: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x194, x191); let mut x201: u64 = 0; let mut x202: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x192, x189); let mut x203: u64 = 0; let mut x204: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x190, x187); let mut x205: u64 = 0; let mut x206: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x205, &mut x206, x204, x188, x185); let x207: u64 = ((x206 as u64) + x186); let mut x208: u64 = 0; let mut x209: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x208, &mut x209, 0x0, x169, x195); let mut x210: u64 = 0; let mut x211: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x210, &mut x211, x209, x171, x197); let mut x212: u64 = 0; let mut x213: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x212, &mut x213, x211, x173, x199); let mut x214: u64 = 0; let mut x215: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x214, &mut x215, x213, x175, x201); let mut x216: u64 = 0; let mut x217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x216, &mut x217, x215, x177, x203); let mut x218: u64 = 0; let mut x219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x218, &mut x219, x217, x179, x205); let mut x220: u64 = 0; let mut x221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x220, &mut x221, x219, x181, x207); let x222: u64 = ((x221 as u64) + (x182 as u64)); let mut x223: u64 = 0; let mut x224: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x223, &mut x224, x3, (arg2[5])); let mut x225: u64 = 0; let mut x226: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x225, &mut x226, x3, (arg2[4])); let mut x227: u64 = 0; let mut x228: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x227, &mut x228, x3, (arg2[3])); let mut x229: u64 = 0; let mut x230: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x229, &mut x230, x3, (arg2[2])); let mut x231: u64 = 0; let mut x232: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x231, &mut x232, x3, (arg2[1])); let mut x233: u64 = 0; let mut x234: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x233, &mut x234, x3, (arg2[0])); let mut x235: u64 = 0; let mut x236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u64 = 0; let mut x238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x237, &mut x238, x236, x232, x229); let mut x239: u64 = 0; let mut x240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x239, &mut x240, x238, x230, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x241, &mut x242, x240, x228, x225); let mut x243: u64 = 0; let mut x244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x243, &mut x244, x242, x226, x223); let x245: u64 = ((x244 as u64) + x224); let mut x246: u64 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x246, &mut x247, 0x0, x210, x233); let mut x248: u64 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x248, &mut x249, x247, x212, x235); let mut x250: u64 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x250, &mut x251, x249, x214, x237); let mut x252: u64 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x252, &mut x253, x251, x216, x239); let mut x254: u64 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x254, &mut x255, x253, x218, x241); let mut x256: u64 = 0; let mut x257: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x256, &mut x257, x255, x220, x243); let mut x258: u64 = 0; let mut x259: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x258, &mut x259, x257, x222, x245); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x260, &mut x261, x246, 0x6ed46089e88fdc45); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x262, &mut x263, x260, 0xffffffffffffffff); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x264, &mut x265, x260, 0xffffffffffffffff); let mut x266: u64 = 0; let mut x267: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x266, &mut x267, x260, 0xffffffffffffffff); let mut x268: u64 = 0; let mut x269: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x268, &mut x269, x260, 0xc7634d81f4372ddf); let mut x270: u64 = 0; let mut x271: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x270, &mut x271, x260, 0x581a0db248b0a77a); let mut x272: u64 = 0; let mut x273: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x272, &mut x273, x260, 0xecec196accc52973); let mut x274: u64 = 0; let mut x275: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x274, &mut x275, 0x0, x273, x270); let mut x276: u64 = 0; let mut x277: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x276, &mut x277, x275, x271, x268); let mut x278: u64 = 0; let mut x279: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x278, &mut x279, x277, x269, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x280, &mut x281, x279, x267, x264); let mut x282: u64 = 0; let mut x283: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x282, &mut x283, x281, x265, x262); let x284: u64 = ((x283 as u64) + x263); let mut x285: u64 = 0; let mut x286: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x285, &mut x286, 0x0, x246, x272); let mut x287: u64 = 0; let mut x288: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x287, &mut x288, x286, x248, x274); let mut x289: u64 = 0; let mut x290: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x289, &mut x290, x288, x250, x276); let mut x291: u64 = 0; let mut x292: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x291, &mut x292, x290, x252, x278); let mut x293: u64 = 0; let mut x294: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x293, &mut x294, x292, x254, x280); let mut x295: u64 = 0; let mut x296: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x295, &mut x296, x294, x256, x282); let mut x297: u64 = 0; let mut x298: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x297, &mut x298, x296, x258, x284); let x299: u64 = ((x298 as u64) + (x259 as u64)); let mut x300: u64 = 0; let mut x301: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x300, &mut x301, x4, (arg2[5])); let mut x302: u64 = 0; let mut x303: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x302, &mut x303, x4, (arg2[4])); let mut x304: u64 = 0; let mut x305: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x304, &mut x305, x4, (arg2[3])); let mut x306: u64 = 0; let mut x307: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x306, &mut x307, x4, (arg2[2])); let mut x308: u64 = 0; let mut x309: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x308, &mut x309, x4, (arg2[1])); let mut x310: u64 = 0; let mut x311: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x310, &mut x311, x4, (arg2[0])); let mut x312: u64 = 0; let mut x313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u64 = 0; let mut x315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x314, &mut x315, x313, x309, x306); let mut x316: u64 = 0; let mut x317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x316, &mut x317, x315, x307, x304); let mut x318: u64 = 0; let mut x319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x318, &mut x319, x317, x305, x302); let mut x320: u64 = 0; let mut x321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x320, &mut x321, x319, x303, x300); let x322: u64 = ((x321 as u64) + x301); let mut x323: u64 = 0; let mut x324: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x323, &mut x324, 0x0, x287, x310); let mut x325: u64 = 0; let mut x326: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x325, &mut x326, x324, x289, x312); let mut x327: u64 = 0; let mut x328: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x327, &mut x328, x326, x291, x314); let mut x329: u64 = 0; let mut x330: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x329, &mut x330, x328, x293, x316); let mut x331: u64 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x331, &mut x332, x330, x295, x318); let mut x333: u64 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x333, &mut x334, x332, x297, x320); let mut x335: u64 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x335, &mut x336, x334, x299, x322); let mut x337: u64 = 0; let mut x338: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x337, &mut x338, x323, 0x6ed46089e88fdc45); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x339, &mut x340, x337, 0xffffffffffffffff); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x341, &mut x342, x337, 0xffffffffffffffff); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x343, &mut x344, x337, 0xffffffffffffffff); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x345, &mut x346, x337, 0xc7634d81f4372ddf); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x347, &mut x348, x337, 0x581a0db248b0a77a); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x349, &mut x350, x337, 0xecec196accc52973); let mut x351: u64 = 0; let mut x352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x351, &mut x352, 0x0, x350, x347); let mut x353: u64 = 0; let mut x354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x353, &mut x354, x352, x348, x345); let mut x355: u64 = 0; let mut x356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x355, &mut x356, x354, x346, x343); let mut x357: u64 = 0; let mut x358: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x357, &mut x358, x356, x344, x341); let mut x359: u64 = 0; let mut x360: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x359, &mut x360, x358, x342, x339); let x361: u64 = ((x360 as u64) + x340); let mut x362: u64 = 0; let mut x363: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x362, &mut x363, 0x0, x323, x349); let mut x364: u64 = 0; let mut x365: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x364, &mut x365, x363, x325, x351); let mut x366: u64 = 0; let mut x367: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x366, &mut x367, x365, x327, x353); let mut x368: u64 = 0; let mut x369: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x368, &mut x369, x367, x329, x355); let mut x370: u64 = 0; let mut x371: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x370, &mut x371, x369, x331, x357); let mut x372: u64 = 0; let mut x373: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x372, &mut x373, x371, x333, x359); let mut x374: u64 = 0; let mut x375: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x374, &mut x375, x373, x335, x361); let x376: u64 = ((x375 as u64) + (x336 as u64)); let mut x377: u64 = 0; let mut x378: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x377, &mut x378, x5, (arg2[5])); let mut x379: u64 = 0; let mut x380: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x379, &mut x380, x5, (arg2[4])); let mut x381: u64 = 0; let mut x382: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x381, &mut x382, x5, (arg2[3])); let mut x383: u64 = 0; let mut x384: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x383, &mut x384, x5, (arg2[2])); let mut x385: u64 = 0; let mut x386: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x385, &mut x386, x5, (arg2[1])); let mut x387: u64 = 0; let mut x388: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x387, &mut x388, x5, (arg2[0])); let mut x389: u64 = 0; let mut x390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x389, &mut x390, 0x0, x388, x385); let mut x391: u64 = 0; let mut x392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x391, &mut x392, x390, x386, x383); let mut x393: u64 = 0; let mut x394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x393, &mut x394, x392, x384, x381); let mut x395: u64 = 0; let mut x396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x395, &mut x396, x394, x382, x379); let mut x397: u64 = 0; let mut x398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x397, &mut x398, x396, x380, x377); let x399: u64 = ((x398 as u64) + x378); let mut x400: u64 = 0; let mut x401: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x400, &mut x401, 0x0, x364, x387); let mut x402: u64 = 0; let mut x403: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x402, &mut x403, x401, x366, x389); let mut x404: u64 = 0; let mut x405: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x404, &mut x405, x403, x368, x391); let mut x406: u64 = 0; let mut x407: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x406, &mut x407, x405, x370, x393); let mut x408: u64 = 0; let mut x409: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x408, &mut x409, x407, x372, x395); let mut x410: u64 = 0; let mut x411: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x410, &mut x411, x409, x374, x397); let mut x412: u64 = 0; let mut x413: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x412, &mut x413, x411, x376, x399); let mut x414: u64 = 0; let mut x415: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x414, &mut x415, x400, 0x6ed46089e88fdc45); let mut x416: u64 = 0; let mut x417: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x416, &mut x417, x414, 0xffffffffffffffff); let mut x418: u64 = 0; let mut x419: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x418, &mut x419, x414, 0xffffffffffffffff); let mut x420: u64 = 0; let mut x421: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x420, &mut x421, x414, 0xffffffffffffffff); let mut x422: u64 = 0; let mut x423: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x422, &mut x423, x414, 0xc7634d81f4372ddf); let mut x424: u64 = 0; let mut x425: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x424, &mut x425, x414, 0x581a0db248b0a77a); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x426, &mut x427, x414, 0xecec196accc52973); let mut x428: u64 = 0; let mut x429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x428, &mut x429, 0x0, x427, x424); let mut x430: u64 = 0; let mut x431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x430, &mut x431, x429, x425, x422); let mut x432: u64 = 0; let mut x433: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x432, &mut x433, x431, x423, x420); let mut x434: u64 = 0; let mut x435: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x434, &mut x435, x433, x421, x418); let mut x436: u64 = 0; let mut x437: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x436, &mut x437, x435, x419, x416); let x438: u64 = ((x437 as u64) + x417); let mut x439: u64 = 0; let mut x440: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x439, &mut x440, 0x0, x400, x426); let mut x441: u64 = 0; let mut x442: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x441, &mut x442, x440, x402, x428); let mut x443: u64 = 0; let mut x444: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x443, &mut x444, x442, x404, x430); let mut x445: u64 = 0; let mut x446: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x445, &mut x446, x444, x406, x432); let mut x447: u64 = 0; let mut x448: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x447, &mut x448, x446, x408, x434); let mut x449: u64 = 0; let mut x450: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x449, &mut x450, x448, x410, x436); let mut x451: u64 = 0; let mut x452: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x451, &mut x452, x450, x412, x438); let x453: u64 = ((x452 as u64) + (x413 as u64)); let mut x454: u64 = 0; let mut x455: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x454, &mut x455, 0x0, x441, 0xecec196accc52973); let mut x456: u64 = 0; let mut x457: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x456, &mut x457, x455, x443, 0x581a0db248b0a77a); let mut x458: u64 = 0; let mut x459: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x458, &mut x459, x457, x445, 0xc7634d81f4372ddf); let mut x460: u64 = 0; let mut x461: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x460, &mut x461, x459, x447, 0xffffffffffffffff); let mut x462: u64 = 0; let mut x463: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x462, &mut x463, x461, x449, 0xffffffffffffffff); let mut x464: u64 = 0; let mut x465: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x464, &mut x465, x463, x451, 0xffffffffffffffff); let mut x466: u64 = 0; let mut x467: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x466, &mut x467, x465, x453, (0x0 as u64)); let mut x468: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x468, x467, x454, x441); let mut x469: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x469, x467, x456, x443); let mut x470: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x470, x467, x458, x445); let mut x471: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x471, x467, x460, x447); let mut x472: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x472, x467, x462, x449); let mut x473: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x473, x467, x464, x451); out1[0] = x468; out1[1] = x469; out1[2] = x470; out1[3] = x471; out1[4] = x472; out1[5] = x473; } /// The function fiat_p384_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_square(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x7, &mut x8, x6, (arg1[5])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x9, &mut x10, x6, (arg1[4])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x11, &mut x12, x6, (arg1[3])); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x13, &mut x14, x6, (arg1[2])); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x15, &mut x16, x6, (arg1[1])); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x17, &mut x18, x6, (arg1[0])); let mut x19: u64 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x25, &mut x26, x24, x12, x9); let mut x27: u64 = 0; let mut x28: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x27, &mut x28, x26, x10, x7); let x29: u64 = ((x28 as u64) + x8); let mut x30: u64 = 0; let mut x31: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x30, &mut x31, x17, 0x6ed46089e88fdc45); let mut x32: u64 = 0; let mut x33: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x32, &mut x33, x30, 0xffffffffffffffff); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x34, &mut x35, x30, 0xffffffffffffffff); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x36, &mut x37, x30, 0xffffffffffffffff); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x38, &mut x39, x30, 0xc7634d81f4372ddf); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x40, &mut x41, x30, 0x581a0db248b0a77a); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x42, &mut x43, x30, 0xecec196accc52973); let mut x44: u64 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x44, &mut x45, 0x0, x43, x40); let mut x46: u64 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x46, &mut x47, x45, x41, x38); let mut x48: u64 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x48, &mut x49, x47, x39, x36); let mut x50: u64 = 0; let mut x51: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x50, &mut x51, x49, x37, x34); let mut x52: u64 = 0; let mut x53: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x52, &mut x53, x51, x35, x32); let x54: u64 = ((x53 as u64) + x33); let mut x55: u64 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x17, x42); let mut x57: u64 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x19, x44); let mut x59: u64 = 0; let mut x60: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x21, x46); let mut x61: u64 = 0; let mut x62: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x61, &mut x62, x60, x23, x48); let mut x63: u64 = 0; let mut x64: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x63, &mut x64, x62, x25, x50); let mut x65: u64 = 0; let mut x66: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x65, &mut x66, x64, x27, x52); let mut x67: u64 = 0; let mut x68: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x67, &mut x68, x66, x29, x54); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x69, &mut x70, x1, (arg1[5])); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x71, &mut x72, x1, (arg1[4])); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x73, &mut x74, x1, (arg1[3])); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x75, &mut x76, x1, (arg1[2])); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x77, &mut x78, x1, (arg1[1])); let mut x79: u64 = 0; let mut x80: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x79, &mut x80, x1, (arg1[0])); let mut x81: u64 = 0; let mut x82: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x81, &mut x82, 0x0, x80, x77); let mut x83: u64 = 0; let mut x84: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x83, &mut x84, x82, x78, x75); let mut x85: u64 = 0; let mut x86: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x76, x73); let mut x87: u64 = 0; let mut x88: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x74, x71); let mut x89: u64 = 0; let mut x90: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x89, &mut x90, x88, x72, x69); let x91: u64 = ((x90 as u64) + x70); let mut x92: u64 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x92, &mut x93, 0x0, x57, x79); let mut x94: u64 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x94, &mut x95, x93, x59, x81); let mut x96: u64 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x61, x83); let mut x98: u64 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x63, x85); let mut x100: u64 = 0; let mut x101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x65, x87); let mut x102: u64 = 0; let mut x103: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x102, &mut x103, x101, x67, x89); let mut x104: u64 = 0; let mut x105: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x104, &mut x105, x103, (x68 as u64), x91); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x106, &mut x107, x92, 0x6ed46089e88fdc45); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x108, &mut x109, x106, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x110, &mut x111, x106, 0xffffffffffffffff); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x112, &mut x113, x106, 0xffffffffffffffff); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x114, &mut x115, x106, 0xc7634d81f4372ddf); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x116, &mut x117, x106, 0x581a0db248b0a77a); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x118, &mut x119, x106, 0xecec196accc52973); let mut x120: u64 = 0; let mut x121: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u64 = 0; let mut x123: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x122, &mut x123, x121, x117, x114); let mut x124: u64 = 0; let mut x125: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x124, &mut x125, x123, x115, x112); let mut x126: u64 = 0; let mut x127: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x126, &mut x127, x125, x113, x110); let mut x128: u64 = 0; let mut x129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x128, &mut x129, x127, x111, x108); let x130: u64 = ((x129 as u64) + x109); let mut x131: u64 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x131, &mut x132, 0x0, x92, x118); let mut x133: u64 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x94, x120); let mut x135: u64 = 0; let mut x136: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x96, x122); let mut x137: u64 = 0; let mut x138: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x98, x124); let mut x139: u64 = 0; let mut x140: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x100, x126); let mut x141: u64 = 0; let mut x142: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x141, &mut x142, x140, x102, x128); let mut x143: u64 = 0; let mut x144: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x143, &mut x144, x142, x104, x130); let x145: u64 = ((x144 as u64) + (x105 as u64)); let mut x146: u64 = 0; let mut x147: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x146, &mut x147, x2, (arg1[5])); let mut x148: u64 = 0; let mut x149: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x148, &mut x149, x2, (arg1[4])); let mut x150: u64 = 0; let mut x151: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x150, &mut x151, x2, (arg1[3])); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x152, &mut x153, x2, (arg1[2])); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x154, &mut x155, x2, (arg1[1])); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x156, &mut x157, x2, (arg1[0])); let mut x158: u64 = 0; let mut x159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u64 = 0; let mut x161: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x160, &mut x161, x159, x155, x152); let mut x162: u64 = 0; let mut x163: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x162, &mut x163, x161, x153, x150); let mut x164: u64 = 0; let mut x165: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x164, &mut x165, x163, x151, x148); let mut x166: u64 = 0; let mut x167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x166, &mut x167, x165, x149, x146); let x168: u64 = ((x167 as u64) + x147); let mut x169: u64 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x169, &mut x170, 0x0, x133, x156); let mut x171: u64 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x171, &mut x172, x170, x135, x158); let mut x173: u64 = 0; let mut x174: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x173, &mut x174, x172, x137, x160); let mut x175: u64 = 0; let mut x176: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x139, x162); let mut x177: u64 = 0; let mut x178: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x141, x164); let mut x179: u64 = 0; let mut x180: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x179, &mut x180, x178, x143, x166); let mut x181: u64 = 0; let mut x182: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x181, &mut x182, x180, x145, x168); let mut x183: u64 = 0; let mut x184: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x183, &mut x184, x169, 0x6ed46089e88fdc45); let mut x185: u64 = 0; let mut x186: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x185, &mut x186, x183, 0xffffffffffffffff); let mut x187: u64 = 0; let mut x188: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x187, &mut x188, x183, 0xffffffffffffffff); let mut x189: u64 = 0; let mut x190: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x189, &mut x190, x183, 0xffffffffffffffff); let mut x191: u64 = 0; let mut x192: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x191, &mut x192, x183, 0xc7634d81f4372ddf); let mut x193: u64 = 0; let mut x194: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x193, &mut x194, x183, 0x581a0db248b0a77a); let mut x195: u64 = 0; let mut x196: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x195, &mut x196, x183, 0xecec196accc52973); let mut x197: u64 = 0; let mut x198: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x197, &mut x198, 0x0, x196, x193); let mut x199: u64 = 0; let mut x200: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x194, x191); let mut x201: u64 = 0; let mut x202: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x192, x189); let mut x203: u64 = 0; let mut x204: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x190, x187); let mut x205: u64 = 0; let mut x206: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x205, &mut x206, x204, x188, x185); let x207: u64 = ((x206 as u64) + x186); let mut x208: u64 = 0; let mut x209: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x208, &mut x209, 0x0, x169, x195); let mut x210: u64 = 0; let mut x211: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x210, &mut x211, x209, x171, x197); let mut x212: u64 = 0; let mut x213: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x212, &mut x213, x211, x173, x199); let mut x214: u64 = 0; let mut x215: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x214, &mut x215, x213, x175, x201); let mut x216: u64 = 0; let mut x217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x216, &mut x217, x215, x177, x203); let mut x218: u64 = 0; let mut x219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x218, &mut x219, x217, x179, x205); let mut x220: u64 = 0; let mut x221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x220, &mut x221, x219, x181, x207); let x222: u64 = ((x221 as u64) + (x182 as u64)); let mut x223: u64 = 0; let mut x224: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x223, &mut x224, x3, (arg1[5])); let mut x225: u64 = 0; let mut x226: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x225, &mut x226, x3, (arg1[4])); let mut x227: u64 = 0; let mut x228: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x227, &mut x228, x3, (arg1[3])); let mut x229: u64 = 0; let mut x230: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x229, &mut x230, x3, (arg1[2])); let mut x231: u64 = 0; let mut x232: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x231, &mut x232, x3, (arg1[1])); let mut x233: u64 = 0; let mut x234: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x233, &mut x234, x3, (arg1[0])); let mut x235: u64 = 0; let mut x236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x235, &mut x236, 0x0, x234, x231); let mut x237: u64 = 0; let mut x238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x237, &mut x238, x236, x232, x229); let mut x239: u64 = 0; let mut x240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x239, &mut x240, x238, x230, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x241, &mut x242, x240, x228, x225); let mut x243: u64 = 0; let mut x244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x243, &mut x244, x242, x226, x223); let x245: u64 = ((x244 as u64) + x224); let mut x246: u64 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x246, &mut x247, 0x0, x210, x233); let mut x248: u64 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x248, &mut x249, x247, x212, x235); let mut x250: u64 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x250, &mut x251, x249, x214, x237); let mut x252: u64 = 0; let mut x253: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x252, &mut x253, x251, x216, x239); let mut x254: u64 = 0; let mut x255: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x254, &mut x255, x253, x218, x241); let mut x256: u64 = 0; let mut x257: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x256, &mut x257, x255, x220, x243); let mut x258: u64 = 0; let mut x259: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x258, &mut x259, x257, x222, x245); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x260, &mut x261, x246, 0x6ed46089e88fdc45); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x262, &mut x263, x260, 0xffffffffffffffff); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x264, &mut x265, x260, 0xffffffffffffffff); let mut x266: u64 = 0; let mut x267: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x266, &mut x267, x260, 0xffffffffffffffff); let mut x268: u64 = 0; let mut x269: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x268, &mut x269, x260, 0xc7634d81f4372ddf); let mut x270: u64 = 0; let mut x271: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x270, &mut x271, x260, 0x581a0db248b0a77a); let mut x272: u64 = 0; let mut x273: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x272, &mut x273, x260, 0xecec196accc52973); let mut x274: u64 = 0; let mut x275: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x274, &mut x275, 0x0, x273, x270); let mut x276: u64 = 0; let mut x277: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x276, &mut x277, x275, x271, x268); let mut x278: u64 = 0; let mut x279: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x278, &mut x279, x277, x269, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x280, &mut x281, x279, x267, x264); let mut x282: u64 = 0; let mut x283: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x282, &mut x283, x281, x265, x262); let x284: u64 = ((x283 as u64) + x263); let mut x285: u64 = 0; let mut x286: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x285, &mut x286, 0x0, x246, x272); let mut x287: u64 = 0; let mut x288: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x287, &mut x288, x286, x248, x274); let mut x289: u64 = 0; let mut x290: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x289, &mut x290, x288, x250, x276); let mut x291: u64 = 0; let mut x292: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x291, &mut x292, x290, x252, x278); let mut x293: u64 = 0; let mut x294: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x293, &mut x294, x292, x254, x280); let mut x295: u64 = 0; let mut x296: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x295, &mut x296, x294, x256, x282); let mut x297: u64 = 0; let mut x298: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x297, &mut x298, x296, x258, x284); let x299: u64 = ((x298 as u64) + (x259 as u64)); let mut x300: u64 = 0; let mut x301: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x300, &mut x301, x4, (arg1[5])); let mut x302: u64 = 0; let mut x303: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x302, &mut x303, x4, (arg1[4])); let mut x304: u64 = 0; let mut x305: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x304, &mut x305, x4, (arg1[3])); let mut x306: u64 = 0; let mut x307: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x306, &mut x307, x4, (arg1[2])); let mut x308: u64 = 0; let mut x309: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x308, &mut x309, x4, (arg1[1])); let mut x310: u64 = 0; let mut x311: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x310, &mut x311, x4, (arg1[0])); let mut x312: u64 = 0; let mut x313: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x312, &mut x313, 0x0, x311, x308); let mut x314: u64 = 0; let mut x315: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x314, &mut x315, x313, x309, x306); let mut x316: u64 = 0; let mut x317: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x316, &mut x317, x315, x307, x304); let mut x318: u64 = 0; let mut x319: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x318, &mut x319, x317, x305, x302); let mut x320: u64 = 0; let mut x321: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x320, &mut x321, x319, x303, x300); let x322: u64 = ((x321 as u64) + x301); let mut x323: u64 = 0; let mut x324: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x323, &mut x324, 0x0, x287, x310); let mut x325: u64 = 0; let mut x326: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x325, &mut x326, x324, x289, x312); let mut x327: u64 = 0; let mut x328: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x327, &mut x328, x326, x291, x314); let mut x329: u64 = 0; let mut x330: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x329, &mut x330, x328, x293, x316); let mut x331: u64 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x331, &mut x332, x330, x295, x318); let mut x333: u64 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x333, &mut x334, x332, x297, x320); let mut x335: u64 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x335, &mut x336, x334, x299, x322); let mut x337: u64 = 0; let mut x338: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x337, &mut x338, x323, 0x6ed46089e88fdc45); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x339, &mut x340, x337, 0xffffffffffffffff); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x341, &mut x342, x337, 0xffffffffffffffff); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x343, &mut x344, x337, 0xffffffffffffffff); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x345, &mut x346, x337, 0xc7634d81f4372ddf); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x347, &mut x348, x337, 0x581a0db248b0a77a); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x349, &mut x350, x337, 0xecec196accc52973); let mut x351: u64 = 0; let mut x352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x351, &mut x352, 0x0, x350, x347); let mut x353: u64 = 0; let mut x354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x353, &mut x354, x352, x348, x345); let mut x355: u64 = 0; let mut x356: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x355, &mut x356, x354, x346, x343); let mut x357: u64 = 0; let mut x358: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x357, &mut x358, x356, x344, x341); let mut x359: u64 = 0; let mut x360: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x359, &mut x360, x358, x342, x339); let x361: u64 = ((x360 as u64) + x340); let mut x362: u64 = 0; let mut x363: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x362, &mut x363, 0x0, x323, x349); let mut x364: u64 = 0; let mut x365: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x364, &mut x365, x363, x325, x351); let mut x366: u64 = 0; let mut x367: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x366, &mut x367, x365, x327, x353); let mut x368: u64 = 0; let mut x369: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x368, &mut x369, x367, x329, x355); let mut x370: u64 = 0; let mut x371: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x370, &mut x371, x369, x331, x357); let mut x372: u64 = 0; let mut x373: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x372, &mut x373, x371, x333, x359); let mut x374: u64 = 0; let mut x375: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x374, &mut x375, x373, x335, x361); let x376: u64 = ((x375 as u64) + (x336 as u64)); let mut x377: u64 = 0; let mut x378: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x377, &mut x378, x5, (arg1[5])); let mut x379: u64 = 0; let mut x380: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x379, &mut x380, x5, (arg1[4])); let mut x381: u64 = 0; let mut x382: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x381, &mut x382, x5, (arg1[3])); let mut x383: u64 = 0; let mut x384: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x383, &mut x384, x5, (arg1[2])); let mut x385: u64 = 0; let mut x386: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x385, &mut x386, x5, (arg1[1])); let mut x387: u64 = 0; let mut x388: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x387, &mut x388, x5, (arg1[0])); let mut x389: u64 = 0; let mut x390: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x389, &mut x390, 0x0, x388, x385); let mut x391: u64 = 0; let mut x392: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x391, &mut x392, x390, x386, x383); let mut x393: u64 = 0; let mut x394: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x393, &mut x394, x392, x384, x381); let mut x395: u64 = 0; let mut x396: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x395, &mut x396, x394, x382, x379); let mut x397: u64 = 0; let mut x398: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x397, &mut x398, x396, x380, x377); let x399: u64 = ((x398 as u64) + x378); let mut x400: u64 = 0; let mut x401: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x400, &mut x401, 0x0, x364, x387); let mut x402: u64 = 0; let mut x403: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x402, &mut x403, x401, x366, x389); let mut x404: u64 = 0; let mut x405: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x404, &mut x405, x403, x368, x391); let mut x406: u64 = 0; let mut x407: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x406, &mut x407, x405, x370, x393); let mut x408: u64 = 0; let mut x409: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x408, &mut x409, x407, x372, x395); let mut x410: u64 = 0; let mut x411: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x410, &mut x411, x409, x374, x397); let mut x412: u64 = 0; let mut x413: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x412, &mut x413, x411, x376, x399); let mut x414: u64 = 0; let mut x415: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x414, &mut x415, x400, 0x6ed46089e88fdc45); let mut x416: u64 = 0; let mut x417: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x416, &mut x417, x414, 0xffffffffffffffff); let mut x418: u64 = 0; let mut x419: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x418, &mut x419, x414, 0xffffffffffffffff); let mut x420: u64 = 0; let mut x421: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x420, &mut x421, x414, 0xffffffffffffffff); let mut x422: u64 = 0; let mut x423: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x422, &mut x423, x414, 0xc7634d81f4372ddf); let mut x424: u64 = 0; let mut x425: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x424, &mut x425, x414, 0x581a0db248b0a77a); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x426, &mut x427, x414, 0xecec196accc52973); let mut x428: u64 = 0; let mut x429: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x428, &mut x429, 0x0, x427, x424); let mut x430: u64 = 0; let mut x431: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x430, &mut x431, x429, x425, x422); let mut x432: u64 = 0; let mut x433: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x432, &mut x433, x431, x423, x420); let mut x434: u64 = 0; let mut x435: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x434, &mut x435, x433, x421, x418); let mut x436: u64 = 0; let mut x437: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x436, &mut x437, x435, x419, x416); let x438: u64 = ((x437 as u64) + x417); let mut x439: u64 = 0; let mut x440: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x439, &mut x440, 0x0, x400, x426); let mut x441: u64 = 0; let mut x442: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x441, &mut x442, x440, x402, x428); let mut x443: u64 = 0; let mut x444: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x443, &mut x444, x442, x404, x430); let mut x445: u64 = 0; let mut x446: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x445, &mut x446, x444, x406, x432); let mut x447: u64 = 0; let mut x448: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x447, &mut x448, x446, x408, x434); let mut x449: u64 = 0; let mut x450: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x449, &mut x450, x448, x410, x436); let mut x451: u64 = 0; let mut x452: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x451, &mut x452, x450, x412, x438); let x453: u64 = ((x452 as u64) + (x413 as u64)); let mut x454: u64 = 0; let mut x455: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x454, &mut x455, 0x0, x441, 0xecec196accc52973); let mut x456: u64 = 0; let mut x457: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x456, &mut x457, x455, x443, 0x581a0db248b0a77a); let mut x458: u64 = 0; let mut x459: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x458, &mut x459, x457, x445, 0xc7634d81f4372ddf); let mut x460: u64 = 0; let mut x461: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x460, &mut x461, x459, x447, 0xffffffffffffffff); let mut x462: u64 = 0; let mut x463: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x462, &mut x463, x461, x449, 0xffffffffffffffff); let mut x464: u64 = 0; let mut x465: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x464, &mut x465, x463, x451, 0xffffffffffffffff); let mut x466: u64 = 0; let mut x467: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x466, &mut x467, x465, x453, (0x0 as u64)); let mut x468: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x468, x467, x454, x441); let mut x469: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x469, x467, x456, x443); let mut x470: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x470, x467, x458, x445); let mut x471: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x471, x467, x460, x447); let mut x472: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x472, x467, x462, x449); let mut x473: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x473, x467, x464, x451); out1[0] = x468; out1[1] = x469; out1[2] = x470; out1[3] = x471; out1[4] = x472; out1[5] = x473; } /// The function fiat_p384_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_add(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; let mut x14: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x13, &mut x14, 0x0, x1, 0xecec196accc52973); let mut x15: u64 = 0; let mut x16: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x15, &mut x16, x14, x3, 0x581a0db248b0a77a); let mut x17: u64 = 0; let mut x18: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x17, &mut x18, x16, x5, 0xc7634d81f4372ddf); let mut x19: u64 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x19, &mut x20, x18, x7, 0xffffffffffffffff); let mut x21: u64 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x21, &mut x22, x20, x9, 0xffffffffffffffff); let mut x23: u64 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x23, &mut x24, x22, x11, 0xffffffffffffffff); let mut x25: u64 = 0; let mut x26: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x25, &mut x26, x24, (x12 as u64), (0x0 as u64)); let mut x27: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x27, x26, x13, x1); let mut x28: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x28, x26, x15, x3); let mut x29: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x29, x26, x17, x5); let mut x30: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x30, x26, x19, x7); let mut x31: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x31, x26, x21, x9); let mut x32: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x32, x26, x23, x11); out1[0] = x27; out1[1] = x28; out1[2] = x29; out1[3] = x30; out1[4] = x31; out1[5] = x32; } /// The function fiat_p384_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_sub(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element, arg2: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x13, x12, (0x0 as u64), 0xffffffffffffffff); let mut x14: u64 = 0; let mut x15: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x14, &mut x15, 0x0, x1, (x13 & 0xecec196accc52973)); let mut x16: u64 = 0; let mut x17: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x3, (x13 & 0x581a0db248b0a77a)); let mut x18: u64 = 0; let mut x19: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x18, &mut x19, x17, x5, (x13 & 0xc7634d81f4372ddf)); let mut x20: u64 = 0; let mut x21: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x20, &mut x21, x19, x7, x13); let mut x22: u64 = 0; let mut x23: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x22, &mut x23, x21, x9, x13); let mut x24: u64 = 0; let mut x25: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x24, &mut x25, x23, x11, x13); out1[0] = x14; out1[1] = x16; out1[2] = x18; out1[3] = x20; out1[4] = x22; out1[5] = x24; } /// The function fiat_p384_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_opp(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; let mut x10: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x9, &mut x10, x8, (0x0 as u64), (arg1[4])); let mut x11: u64 = 0; let mut x12: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x11, &mut x12, x10, (0x0 as u64), (arg1[5])); let mut x13: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x13, x12, (0x0 as u64), 0xffffffffffffffff); let mut x14: u64 = 0; let mut x15: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x14, &mut x15, 0x0, x1, (x13 & 0xecec196accc52973)); let mut x16: u64 = 0; let mut x17: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x3, (x13 & 0x581a0db248b0a77a)); let mut x18: u64 = 0; let mut x19: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x18, &mut x19, x17, x5, (x13 & 0xc7634d81f4372ddf)); let mut x20: u64 = 0; let mut x21: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x20, &mut x21, x19, x7, x13); let mut x22: u64 = 0; let mut x23: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x22, &mut x23, x21, x9, x13); let mut x24: u64 = 0; let mut x25: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x24, &mut x25, x23, x11, x13); out1[0] = x14; out1[1] = x16; out1[2] = x18; out1[3] = x20; out1[4] = x22; out1[5] = x24; } /// The function fiat_p384_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_from_montgomery(out1: &mut fiat_p384_scalar_non_montgomery_domain_field_element, arg1: &fiat_p384_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x2, &mut x3, x1, 0x6ed46089e88fdc45); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x4, &mut x5, x2, 0xffffffffffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x6, &mut x7, x2, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x8, &mut x9, x2, 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x10, &mut x11, x2, 0xc7634d81f4372ddf); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x12, &mut x13, x2, 0x581a0db248b0a77a); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x14, &mut x15, x2, 0xecec196accc52973); let mut x16: u64 = 0; let mut x17: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x16, &mut x17, 0x0, x15, x12); let mut x18: u64 = 0; let mut x19: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x18, &mut x19, x17, x13, x10); let mut x20: u64 = 0; let mut x21: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x20, &mut x21, x19, x11, x8); let mut x22: u64 = 0; let mut x23: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x22, &mut x23, x21, x9, x6); let mut x24: u64 = 0; let mut x25: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x24, &mut x25, x23, x7, x4); let mut x26: u64 = 0; let mut x27: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x26, &mut x27, 0x0, x1, x14); let mut x28: u64 = 0; let mut x29: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x28, &mut x29, x27, (0x0 as u64), x16); let mut x30: u64 = 0; let mut x31: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x30, &mut x31, x29, (0x0 as u64), x18); let mut x32: u64 = 0; let mut x33: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x32, &mut x33, x31, (0x0 as u64), x20); let mut x34: u64 = 0; let mut x35: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x34, &mut x35, x33, (0x0 as u64), x22); let mut x36: u64 = 0; let mut x37: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x36, &mut x37, x35, (0x0 as u64), x24); let mut x38: u64 = 0; let mut x39: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x38, &mut x39, x37, (0x0 as u64), ((x25 as u64) + x5)); let mut x40: u64 = 0; let mut x41: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x40, &mut x41, 0x0, x28, (arg1[1])); let mut x42: u64 = 0; let mut x43: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x42, &mut x43, x41, x30, (0x0 as u64)); let mut x44: u64 = 0; let mut x45: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x44, &mut x45, x43, x32, (0x0 as u64)); let mut x46: u64 = 0; let mut x47: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x46, &mut x47, x45, x34, (0x0 as u64)); let mut x48: u64 = 0; let mut x49: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x48, &mut x49, x47, x36, (0x0 as u64)); let mut x50: u64 = 0; let mut x51: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x50, &mut x51, x49, x38, (0x0 as u64)); let mut x52: u64 = 0; let mut x53: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x52, &mut x53, x40, 0x6ed46089e88fdc45); let mut x54: u64 = 0; let mut x55: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x54, &mut x55, x52, 0xffffffffffffffff); let mut x56: u64 = 0; let mut x57: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x56, &mut x57, x52, 0xffffffffffffffff); let mut x58: u64 = 0; let mut x59: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x58, &mut x59, x52, 0xffffffffffffffff); let mut x60: u64 = 0; let mut x61: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x60, &mut x61, x52, 0xc7634d81f4372ddf); let mut x62: u64 = 0; let mut x63: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x62, &mut x63, x52, 0x581a0db248b0a77a); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x64, &mut x65, x52, 0xecec196accc52973); let mut x66: u64 = 0; let mut x67: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x66, &mut x67, 0x0, x65, x62); let mut x68: u64 = 0; let mut x69: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x63, x60); let mut x70: u64 = 0; let mut x71: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x70, &mut x71, x69, x61, x58); let mut x72: u64 = 0; let mut x73: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x72, &mut x73, x71, x59, x56); let mut x74: u64 = 0; let mut x75: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x74, &mut x75, x73, x57, x54); let mut x76: u64 = 0; let mut x77: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x76, &mut x77, 0x0, x40, x64); let mut x78: u64 = 0; let mut x79: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x78, &mut x79, x77, x42, x66); let mut x80: u64 = 0; let mut x81: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x80, &mut x81, x79, x44, x68); let mut x82: u64 = 0; let mut x83: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x46, x70); let mut x84: u64 = 0; let mut x85: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x48, x72); let mut x86: u64 = 0; let mut x87: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x50, x74); let mut x88: u64 = 0; let mut x89: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x88, &mut x89, x87, ((x51 as u64) + (x39 as u64)), ((x75 as u64) + x55)); let mut x90: u64 = 0; let mut x91: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x90, &mut x91, 0x0, x78, (arg1[2])); let mut x92: u64 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x92, &mut x93, x91, x80, (0x0 as u64)); let mut x94: u64 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x94, &mut x95, x93, x82, (0x0 as u64)); let mut x96: u64 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x84, (0x0 as u64)); let mut x98: u64 = 0; let mut x99: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x86, (0x0 as u64)); let mut x100: u64 = 0; let mut x101: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x88, (0x0 as u64)); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x102, &mut x103, x90, 0x6ed46089e88fdc45); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x104, &mut x105, x102, 0xffffffffffffffff); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x106, &mut x107, x102, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x108, &mut x109, x102, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x110, &mut x111, x102, 0xc7634d81f4372ddf); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x112, &mut x113, x102, 0x581a0db248b0a77a); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x114, &mut x115, x102, 0xecec196accc52973); let mut x116: u64 = 0; let mut x117: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x116, &mut x117, 0x0, x115, x112); let mut x118: u64 = 0; let mut x119: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x118, &mut x119, x117, x113, x110); let mut x120: u64 = 0; let mut x121: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x120, &mut x121, x119, x111, x108); let mut x122: u64 = 0; let mut x123: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x122, &mut x123, x121, x109, x106); let mut x124: u64 = 0; let mut x125: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x124, &mut x125, x123, x107, x104); let mut x126: u64 = 0; let mut x127: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x126, &mut x127, 0x0, x90, x114); let mut x128: u64 = 0; let mut x129: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x128, &mut x129, x127, x92, x116); let mut x130: u64 = 0; let mut x131: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x130, &mut x131, x129, x94, x118); let mut x132: u64 = 0; let mut x133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x132, &mut x133, x131, x96, x120); let mut x134: u64 = 0; let mut x135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x134, &mut x135, x133, x98, x122); let mut x136: u64 = 0; let mut x137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x136, &mut x137, x135, x100, x124); let mut x138: u64 = 0; let mut x139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x138, &mut x139, x137, ((x101 as u64) + (x89 as u64)), ((x125 as u64) + x105)); let mut x140: u64 = 0; let mut x141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x140, &mut x141, 0x0, x128, (arg1[3])); let mut x142: u64 = 0; let mut x143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x142, &mut x143, x141, x130, (0x0 as u64)); let mut x144: u64 = 0; let mut x145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x144, &mut x145, x143, x132, (0x0 as u64)); let mut x146: u64 = 0; let mut x147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x146, &mut x147, x145, x134, (0x0 as u64)); let mut x148: u64 = 0; let mut x149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x148, &mut x149, x147, x136, (0x0 as u64)); let mut x150: u64 = 0; let mut x151: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x150, &mut x151, x149, x138, (0x0 as u64)); let mut x152: u64 = 0; let mut x153: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x152, &mut x153, x140, 0x6ed46089e88fdc45); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x154, &mut x155, x152, 0xffffffffffffffff); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x156, &mut x157, x152, 0xffffffffffffffff); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x158, &mut x159, x152, 0xffffffffffffffff); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x160, &mut x161, x152, 0xc7634d81f4372ddf); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x162, &mut x163, x152, 0x581a0db248b0a77a); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x164, &mut x165, x152, 0xecec196accc52973); let mut x166: u64 = 0; let mut x167: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x166, &mut x167, 0x0, x165, x162); let mut x168: u64 = 0; let mut x169: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x168, &mut x169, x167, x163, x160); let mut x170: u64 = 0; let mut x171: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x170, &mut x171, x169, x161, x158); let mut x172: u64 = 0; let mut x173: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x172, &mut x173, x171, x159, x156); let mut x174: u64 = 0; let mut x175: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x174, &mut x175, x173, x157, x154); let mut x176: u64 = 0; let mut x177: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x176, &mut x177, 0x0, x140, x164); let mut x178: u64 = 0; let mut x179: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x178, &mut x179, x177, x142, x166); let mut x180: u64 = 0; let mut x181: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x180, &mut x181, x179, x144, x168); let mut x182: u64 = 0; let mut x183: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x182, &mut x183, x181, x146, x170); let mut x184: u64 = 0; let mut x185: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x184, &mut x185, x183, x148, x172); let mut x186: u64 = 0; let mut x187: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x186, &mut x187, x185, x150, x174); let mut x188: u64 = 0; let mut x189: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x188, &mut x189, x187, ((x151 as u64) + (x139 as u64)), ((x175 as u64) + x155)); let mut x190: u64 = 0; let mut x191: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x190, &mut x191, 0x0, x178, (arg1[4])); let mut x192: u64 = 0; let mut x193: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x192, &mut x193, x191, x180, (0x0 as u64)); let mut x194: u64 = 0; let mut x195: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x194, &mut x195, x193, x182, (0x0 as u64)); let mut x196: u64 = 0; let mut x197: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x196, &mut x197, x195, x184, (0x0 as u64)); let mut x198: u64 = 0; let mut x199: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x198, &mut x199, x197, x186, (0x0 as u64)); let mut x200: u64 = 0; let mut x201: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x200, &mut x201, x199, x188, (0x0 as u64)); let mut x202: u64 = 0; let mut x203: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x202, &mut x203, x190, 0x6ed46089e88fdc45); let mut x204: u64 = 0; let mut x205: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x204, &mut x205, x202, 0xffffffffffffffff); let mut x206: u64 = 0; let mut x207: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x206, &mut x207, x202, 0xffffffffffffffff); let mut x208: u64 = 0; let mut x209: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x208, &mut x209, x202, 0xffffffffffffffff); let mut x210: u64 = 0; let mut x211: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x210, &mut x211, x202, 0xc7634d81f4372ddf); let mut x212: u64 = 0; let mut x213: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x212, &mut x213, x202, 0x581a0db248b0a77a); let mut x214: u64 = 0; let mut x215: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x214, &mut x215, x202, 0xecec196accc52973); let mut x216: u64 = 0; let mut x217: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x216, &mut x217, 0x0, x215, x212); let mut x218: u64 = 0; let mut x219: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x218, &mut x219, x217, x213, x210); let mut x220: u64 = 0; let mut x221: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x220, &mut x221, x219, x211, x208); let mut x222: u64 = 0; let mut x223: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x222, &mut x223, x221, x209, x206); let mut x224: u64 = 0; let mut x225: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x224, &mut x225, x223, x207, x204); let mut x226: u64 = 0; let mut x227: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x226, &mut x227, 0x0, x190, x214); let mut x228: u64 = 0; let mut x229: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x228, &mut x229, x227, x192, x216); let mut x230: u64 = 0; let mut x231: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x230, &mut x231, x229, x194, x218); let mut x232: u64 = 0; let mut x233: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x232, &mut x233, x231, x196, x220); let mut x234: u64 = 0; let mut x235: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x234, &mut x235, x233, x198, x222); let mut x236: u64 = 0; let mut x237: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x236, &mut x237, x235, x200, x224); let mut x238: u64 = 0; let mut x239: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x238, &mut x239, x237, ((x201 as u64) + (x189 as u64)), ((x225 as u64) + x205)); let mut x240: u64 = 0; let mut x241: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x240, &mut x241, 0x0, x228, (arg1[5])); let mut x242: u64 = 0; let mut x243: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x242, &mut x243, x241, x230, (0x0 as u64)); let mut x244: u64 = 0; let mut x245: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x244, &mut x245, x243, x232, (0x0 as u64)); let mut x246: u64 = 0; let mut x247: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x246, &mut x247, x245, x234, (0x0 as u64)); let mut x248: u64 = 0; let mut x249: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x248, &mut x249, x247, x236, (0x0 as u64)); let mut x250: u64 = 0; let mut x251: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x250, &mut x251, x249, x238, (0x0 as u64)); let mut x252: u64 = 0; let mut x253: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x252, &mut x253, x240, 0x6ed46089e88fdc45); let mut x254: u64 = 0; let mut x255: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x254, &mut x255, x252, 0xffffffffffffffff); let mut x256: u64 = 0; let mut x257: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x256, &mut x257, x252, 0xffffffffffffffff); let mut x258: u64 = 0; let mut x259: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x258, &mut x259, x252, 0xffffffffffffffff); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x260, &mut x261, x252, 0xc7634d81f4372ddf); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x262, &mut x263, x252, 0x581a0db248b0a77a); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x264, &mut x265, x252, 0xecec196accc52973); let mut x266: u64 = 0; let mut x267: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x266, &mut x267, 0x0, x265, x262); let mut x268: u64 = 0; let mut x269: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x268, &mut x269, x267, x263, x260); let mut x270: u64 = 0; let mut x271: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x270, &mut x271, x269, x261, x258); let mut x272: u64 = 0; let mut x273: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x272, &mut x273, x271, x259, x256); let mut x274: u64 = 0; let mut x275: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x274, &mut x275, x273, x257, x254); let mut x276: u64 = 0; let mut x277: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x276, &mut x277, 0x0, x240, x264); let mut x278: u64 = 0; let mut x279: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x278, &mut x279, x277, x242, x266); let mut x280: u64 = 0; let mut x281: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x280, &mut x281, x279, x244, x268); let mut x282: u64 = 0; let mut x283: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x282, &mut x283, x281, x246, x270); let mut x284: u64 = 0; let mut x285: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x284, &mut x285, x283, x248, x272); let mut x286: u64 = 0; let mut x287: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x286, &mut x287, x285, x250, x274); let mut x288: u64 = 0; let mut x289: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x288, &mut x289, x287, ((x251 as u64) + (x239 as u64)), ((x275 as u64) + x255)); let mut x290: u64 = 0; let mut x291: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x290, &mut x291, 0x0, x278, 0xecec196accc52973); let mut x292: u64 = 0; let mut x293: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x292, &mut x293, x291, x280, 0x581a0db248b0a77a); let mut x294: u64 = 0; let mut x295: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x294, &mut x295, x293, x282, 0xc7634d81f4372ddf); let mut x296: u64 = 0; let mut x297: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x296, &mut x297, x295, x284, 0xffffffffffffffff); let mut x298: u64 = 0; let mut x299: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x298, &mut x299, x297, x286, 0xffffffffffffffff); let mut x300: u64 = 0; let mut x301: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x300, &mut x301, x299, x288, 0xffffffffffffffff); let mut x302: u64 = 0; let mut x303: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x302, &mut x303, x301, (x289 as u64), (0x0 as u64)); let mut x304: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x304, x303, x290, x278); let mut x305: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x305, x303, x292, x280); let mut x306: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x306, x303, x294, x282); let mut x307: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x307, x303, x296, x284); let mut x308: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x308, x303, x298, x286); let mut x309: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x309, x303, x300, x288); out1[0] = x304; out1[1] = x305; out1[2] = x306; out1[3] = x307; out1[4] = x308; out1[5] = x309; } /// The function fiat_p384_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_to_montgomery(out1: &mut fiat_p384_scalar_montgomery_domain_field_element, arg1: &fiat_p384_scalar_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[0]); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x7, &mut x8, x6, 0xc84ee012b39bf21); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x9, &mut x10, x6, 0x3fb05b7a28266895); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x11, &mut x12, x6, 0xd40d49174aab1cc5); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x13, &mut x14, x6, 0xbc3e483afcb82947); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x15, &mut x16, x6, 0xff3d81e5df1aa419); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x17, &mut x18, x6, 0x2d319b2419b409a9); let mut x19: u64 = 0; let mut x20: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x25, &mut x26, x24, x12, x9); let mut x27: u64 = 0; let mut x28: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x27, &mut x28, x26, x10, x7); let mut x29: u64 = 0; let mut x30: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x29, &mut x30, x17, 0x6ed46089e88fdc45); let mut x31: u64 = 0; let mut x32: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x31, &mut x32, x29, 0xffffffffffffffff); let mut x33: u64 = 0; let mut x34: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x33, &mut x34, x29, 0xffffffffffffffff); let mut x35: u64 = 0; let mut x36: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x35, &mut x36, x29, 0xffffffffffffffff); let mut x37: u64 = 0; let mut x38: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x37, &mut x38, x29, 0xc7634d81f4372ddf); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x39, &mut x40, x29, 0x581a0db248b0a77a); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x41, &mut x42, x29, 0xecec196accc52973); let mut x43: u64 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x43, &mut x44, 0x0, x42, x39); let mut x45: u64 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x40, x37); let mut x47: u64 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x47, &mut x48, x46, x38, x35); let mut x49: u64 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x49, &mut x50, x48, x36, x33); let mut x51: u64 = 0; let mut x52: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x51, &mut x52, x50, x34, x31); let mut x53: u64 = 0; let mut x54: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x53, &mut x54, 0x0, x17, x41); let mut x55: u64 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x55, &mut x56, x54, x19, x43); let mut x57: u64 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x21, x45); let mut x59: u64 = 0; let mut x60: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x23, x47); let mut x61: u64 = 0; let mut x62: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x61, &mut x62, x60, x25, x49); let mut x63: u64 = 0; let mut x64: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x63, &mut x64, x62, x27, x51); let mut x65: u64 = 0; let mut x66: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x65, &mut x66, x64, ((x28 as u64) + x8), ((x52 as u64) + x32)); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x67, &mut x68, x1, 0xc84ee012b39bf21); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x69, &mut x70, x1, 0x3fb05b7a28266895); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x71, &mut x72, x1, 0xd40d49174aab1cc5); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x73, &mut x74, x1, 0xbc3e483afcb82947); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x75, &mut x76, x1, 0xff3d81e5df1aa419); let mut x77: u64 = 0; let mut x78: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x77, &mut x78, x1, 0x2d319b2419b409a9); let mut x79: u64 = 0; let mut x80: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x79, &mut x80, 0x0, x78, x75); let mut x81: u64 = 0; let mut x82: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x81, &mut x82, x80, x76, x73); let mut x83: u64 = 0; let mut x84: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x83, &mut x84, x82, x74, x71); let mut x85: u64 = 0; let mut x86: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x72, x69); let mut x87: u64 = 0; let mut x88: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x70, x67); let mut x89: u64 = 0; let mut x90: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x89, &mut x90, 0x0, x55, x77); let mut x91: u64 = 0; let mut x92: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x91, &mut x92, x90, x57, x79); let mut x93: u64 = 0; let mut x94: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x59, x81); let mut x95: u64 = 0; let mut x96: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x61, x83); let mut x97: u64 = 0; let mut x98: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x97, &mut x98, x96, x63, x85); let mut x99: u64 = 0; let mut x100: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x99, &mut x100, x98, x65, x87); let mut x101: u64 = 0; let mut x102: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x101, &mut x102, x89, 0x6ed46089e88fdc45); let mut x103: u64 = 0; let mut x104: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x103, &mut x104, x101, 0xffffffffffffffff); let mut x105: u64 = 0; let mut x106: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x105, &mut x106, x101, 0xffffffffffffffff); let mut x107: u64 = 0; let mut x108: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x107, &mut x108, x101, 0xffffffffffffffff); let mut x109: u64 = 0; let mut x110: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x109, &mut x110, x101, 0xc7634d81f4372ddf); let mut x111: u64 = 0; let mut x112: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x111, &mut x112, x101, 0x581a0db248b0a77a); let mut x113: u64 = 0; let mut x114: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x113, &mut x114, x101, 0xecec196accc52973); let mut x115: u64 = 0; let mut x116: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x115, &mut x116, 0x0, x114, x111); let mut x117: u64 = 0; let mut x118: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x117, &mut x118, x116, x112, x109); let mut x119: u64 = 0; let mut x120: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x119, &mut x120, x118, x110, x107); let mut x121: u64 = 0; let mut x122: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x121, &mut x122, x120, x108, x105); let mut x123: u64 = 0; let mut x124: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x123, &mut x124, x122, x106, x103); let mut x125: u64 = 0; let mut x126: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x125, &mut x126, 0x0, x89, x113); let mut x127: u64 = 0; let mut x128: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x127, &mut x128, x126, x91, x115); let mut x129: u64 = 0; let mut x130: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x129, &mut x130, x128, x93, x117); let mut x131: u64 = 0; let mut x132: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x131, &mut x132, x130, x95, x119); let mut x133: u64 = 0; let mut x134: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x97, x121); let mut x135: u64 = 0; let mut x136: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x99, x123); let mut x137: u64 = 0; let mut x138: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x137, &mut x138, x136, (((x100 as u64) + (x66 as u64)) + ((x88 as u64) + x68)), ((x124 as u64) + x104)); let mut x139: u64 = 0; let mut x140: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x139, &mut x140, x2, 0xc84ee012b39bf21); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x141, &mut x142, x2, 0x3fb05b7a28266895); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x143, &mut x144, x2, 0xd40d49174aab1cc5); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x145, &mut x146, x2, 0xbc3e483afcb82947); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x147, &mut x148, x2, 0xff3d81e5df1aa419); let mut x149: u64 = 0; let mut x150: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x149, &mut x150, x2, 0x2d319b2419b409a9); let mut x151: u64 = 0; let mut x152: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x151, &mut x152, 0x0, x150, x147); let mut x153: u64 = 0; let mut x154: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x153, &mut x154, x152, x148, x145); let mut x155: u64 = 0; let mut x156: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x155, &mut x156, x154, x146, x143); let mut x157: u64 = 0; let mut x158: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x157, &mut x158, x156, x144, x141); let mut x159: u64 = 0; let mut x160: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x159, &mut x160, x158, x142, x139); let mut x161: u64 = 0; let mut x162: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x161, &mut x162, 0x0, x127, x149); let mut x163: u64 = 0; let mut x164: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x163, &mut x164, x162, x129, x151); let mut x165: u64 = 0; let mut x166: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x165, &mut x166, x164, x131, x153); let mut x167: u64 = 0; let mut x168: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x167, &mut x168, x166, x133, x155); let mut x169: u64 = 0; let mut x170: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x169, &mut x170, x168, x135, x157); let mut x171: u64 = 0; let mut x172: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x171, &mut x172, x170, x137, x159); let mut x173: u64 = 0; let mut x174: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x173, &mut x174, x161, 0x6ed46089e88fdc45); let mut x175: u64 = 0; let mut x176: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x175, &mut x176, x173, 0xffffffffffffffff); let mut x177: u64 = 0; let mut x178: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x177, &mut x178, x173, 0xffffffffffffffff); let mut x179: u64 = 0; let mut x180: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x179, &mut x180, x173, 0xffffffffffffffff); let mut x181: u64 = 0; let mut x182: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x181, &mut x182, x173, 0xc7634d81f4372ddf); let mut x183: u64 = 0; let mut x184: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x183, &mut x184, x173, 0x581a0db248b0a77a); let mut x185: u64 = 0; let mut x186: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x185, &mut x186, x173, 0xecec196accc52973); let mut x187: u64 = 0; let mut x188: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x187, &mut x188, 0x0, x186, x183); let mut x189: u64 = 0; let mut x190: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x189, &mut x190, x188, x184, x181); let mut x191: u64 = 0; let mut x192: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x191, &mut x192, x190, x182, x179); let mut x193: u64 = 0; let mut x194: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x193, &mut x194, x192, x180, x177); let mut x195: u64 = 0; let mut x196: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x195, &mut x196, x194, x178, x175); let mut x197: u64 = 0; let mut x198: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x197, &mut x198, 0x0, x161, x185); let mut x199: u64 = 0; let mut x200: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x163, x187); let mut x201: u64 = 0; let mut x202: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x165, x189); let mut x203: u64 = 0; let mut x204: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x167, x191); let mut x205: u64 = 0; let mut x206: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x205, &mut x206, x204, x169, x193); let mut x207: u64 = 0; let mut x208: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x207, &mut x208, x206, x171, x195); let mut x209: u64 = 0; let mut x210: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x209, &mut x210, x208, (((x172 as u64) + (x138 as u64)) + ((x160 as u64) + x140)), ((x196 as u64) + x176)); let mut x211: u64 = 0; let mut x212: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x211, &mut x212, x3, 0xc84ee012b39bf21); let mut x213: u64 = 0; let mut x214: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x213, &mut x214, x3, 0x3fb05b7a28266895); let mut x215: u64 = 0; let mut x216: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x215, &mut x216, x3, 0xd40d49174aab1cc5); let mut x217: u64 = 0; let mut x218: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x217, &mut x218, x3, 0xbc3e483afcb82947); let mut x219: u64 = 0; let mut x220: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x219, &mut x220, x3, 0xff3d81e5df1aa419); let mut x221: u64 = 0; let mut x222: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x221, &mut x222, x3, 0x2d319b2419b409a9); let mut x223: u64 = 0; let mut x224: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x223, &mut x224, 0x0, x222, x219); let mut x225: u64 = 0; let mut x226: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x225, &mut x226, x224, x220, x217); let mut x227: u64 = 0; let mut x228: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x227, &mut x228, x226, x218, x215); let mut x229: u64 = 0; let mut x230: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x229, &mut x230, x228, x216, x213); let mut x231: u64 = 0; let mut x232: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x231, &mut x232, x230, x214, x211); let mut x233: u64 = 0; let mut x234: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x233, &mut x234, 0x0, x199, x221); let mut x235: u64 = 0; let mut x236: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x235, &mut x236, x234, x201, x223); let mut x237: u64 = 0; let mut x238: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x237, &mut x238, x236, x203, x225); let mut x239: u64 = 0; let mut x240: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x239, &mut x240, x238, x205, x227); let mut x241: u64 = 0; let mut x242: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x241, &mut x242, x240, x207, x229); let mut x243: u64 = 0; let mut x244: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x243, &mut x244, x242, x209, x231); let mut x245: u64 = 0; let mut x246: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x245, &mut x246, x233, 0x6ed46089e88fdc45); let mut x247: u64 = 0; let mut x248: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x247, &mut x248, x245, 0xffffffffffffffff); let mut x249: u64 = 0; let mut x250: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x249, &mut x250, x245, 0xffffffffffffffff); let mut x251: u64 = 0; let mut x252: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x251, &mut x252, x245, 0xffffffffffffffff); let mut x253: u64 = 0; let mut x254: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x253, &mut x254, x245, 0xc7634d81f4372ddf); let mut x255: u64 = 0; let mut x256: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x255, &mut x256, x245, 0x581a0db248b0a77a); let mut x257: u64 = 0; let mut x258: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x257, &mut x258, x245, 0xecec196accc52973); let mut x259: u64 = 0; let mut x260: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x259, &mut x260, 0x0, x258, x255); let mut x261: u64 = 0; let mut x262: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x261, &mut x262, x260, x256, x253); let mut x263: u64 = 0; let mut x264: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x263, &mut x264, x262, x254, x251); let mut x265: u64 = 0; let mut x266: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x265, &mut x266, x264, x252, x249); let mut x267: u64 = 0; let mut x268: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x267, &mut x268, x266, x250, x247); let mut x269: u64 = 0; let mut x270: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x269, &mut x270, 0x0, x233, x257); let mut x271: u64 = 0; let mut x272: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x271, &mut x272, x270, x235, x259); let mut x273: u64 = 0; let mut x274: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x273, &mut x274, x272, x237, x261); let mut x275: u64 = 0; let mut x276: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x275, &mut x276, x274, x239, x263); let mut x277: u64 = 0; let mut x278: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x277, &mut x278, x276, x241, x265); let mut x279: u64 = 0; let mut x280: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x279, &mut x280, x278, x243, x267); let mut x281: u64 = 0; let mut x282: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x281, &mut x282, x280, (((x244 as u64) + (x210 as u64)) + ((x232 as u64) + x212)), ((x268 as u64) + x248)); let mut x283: u64 = 0; let mut x284: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x283, &mut x284, x4, 0xc84ee012b39bf21); let mut x285: u64 = 0; let mut x286: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x285, &mut x286, x4, 0x3fb05b7a28266895); let mut x287: u64 = 0; let mut x288: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x287, &mut x288, x4, 0xd40d49174aab1cc5); let mut x289: u64 = 0; let mut x290: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x289, &mut x290, x4, 0xbc3e483afcb82947); let mut x291: u64 = 0; let mut x292: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x291, &mut x292, x4, 0xff3d81e5df1aa419); let mut x293: u64 = 0; let mut x294: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x293, &mut x294, x4, 0x2d319b2419b409a9); let mut x295: u64 = 0; let mut x296: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x295, &mut x296, 0x0, x294, x291); let mut x297: u64 = 0; let mut x298: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x297, &mut x298, x296, x292, x289); let mut x299: u64 = 0; let mut x300: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x299, &mut x300, x298, x290, x287); let mut x301: u64 = 0; let mut x302: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x301, &mut x302, x300, x288, x285); let mut x303: u64 = 0; let mut x304: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x303, &mut x304, x302, x286, x283); let mut x305: u64 = 0; let mut x306: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x305, &mut x306, 0x0, x271, x293); let mut x307: u64 = 0; let mut x308: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x307, &mut x308, x306, x273, x295); let mut x309: u64 = 0; let mut x310: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x309, &mut x310, x308, x275, x297); let mut x311: u64 = 0; let mut x312: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x311, &mut x312, x310, x277, x299); let mut x313: u64 = 0; let mut x314: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x313, &mut x314, x312, x279, x301); let mut x315: u64 = 0; let mut x316: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x315, &mut x316, x314, x281, x303); let mut x317: u64 = 0; let mut x318: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x317, &mut x318, x305, 0x6ed46089e88fdc45); let mut x319: u64 = 0; let mut x320: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x319, &mut x320, x317, 0xffffffffffffffff); let mut x321: u64 = 0; let mut x322: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x321, &mut x322, x317, 0xffffffffffffffff); let mut x323: u64 = 0; let mut x324: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x323, &mut x324, x317, 0xffffffffffffffff); let mut x325: u64 = 0; let mut x326: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x325, &mut x326, x317, 0xc7634d81f4372ddf); let mut x327: u64 = 0; let mut x328: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x327, &mut x328, x317, 0x581a0db248b0a77a); let mut x329: u64 = 0; let mut x330: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x329, &mut x330, x317, 0xecec196accc52973); let mut x331: u64 = 0; let mut x332: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x331, &mut x332, 0x0, x330, x327); let mut x333: u64 = 0; let mut x334: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x333, &mut x334, x332, x328, x325); let mut x335: u64 = 0; let mut x336: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x335, &mut x336, x334, x326, x323); let mut x337: u64 = 0; let mut x338: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x337, &mut x338, x336, x324, x321); let mut x339: u64 = 0; let mut x340: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x339, &mut x340, x338, x322, x319); let mut x341: u64 = 0; let mut x342: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x341, &mut x342, 0x0, x305, x329); let mut x343: u64 = 0; let mut x344: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x343, &mut x344, x342, x307, x331); let mut x345: u64 = 0; let mut x346: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x345, &mut x346, x344, x309, x333); let mut x347: u64 = 0; let mut x348: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x347, &mut x348, x346, x311, x335); let mut x349: u64 = 0; let mut x350: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x349, &mut x350, x348, x313, x337); let mut x351: u64 = 0; let mut x352: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x351, &mut x352, x350, x315, x339); let mut x353: u64 = 0; let mut x354: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x353, &mut x354, x352, (((x316 as u64) + (x282 as u64)) + ((x304 as u64) + x284)), ((x340 as u64) + x320)); let mut x355: u64 = 0; let mut x356: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x355, &mut x356, x5, 0xc84ee012b39bf21); let mut x357: u64 = 0; let mut x358: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x357, &mut x358, x5, 0x3fb05b7a28266895); let mut x359: u64 = 0; let mut x360: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x359, &mut x360, x5, 0xd40d49174aab1cc5); let mut x361: u64 = 0; let mut x362: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x361, &mut x362, x5, 0xbc3e483afcb82947); let mut x363: u64 = 0; let mut x364: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x363, &mut x364, x5, 0xff3d81e5df1aa419); let mut x365: u64 = 0; let mut x366: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x365, &mut x366, x5, 0x2d319b2419b409a9); let mut x367: u64 = 0; let mut x368: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x367, &mut x368, 0x0, x366, x363); let mut x369: u64 = 0; let mut x370: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x369, &mut x370, x368, x364, x361); let mut x371: u64 = 0; let mut x372: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x371, &mut x372, x370, x362, x359); let mut x373: u64 = 0; let mut x374: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x373, &mut x374, x372, x360, x357); let mut x375: u64 = 0; let mut x376: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x375, &mut x376, x374, x358, x355); let mut x377: u64 = 0; let mut x378: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x377, &mut x378, 0x0, x343, x365); let mut x379: u64 = 0; let mut x380: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x379, &mut x380, x378, x345, x367); let mut x381: u64 = 0; let mut x382: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x381, &mut x382, x380, x347, x369); let mut x383: u64 = 0; let mut x384: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x383, &mut x384, x382, x349, x371); let mut x385: u64 = 0; let mut x386: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x385, &mut x386, x384, x351, x373); let mut x387: u64 = 0; let mut x388: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x387, &mut x388, x386, x353, x375); let mut x389: u64 = 0; let mut x390: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x389, &mut x390, x377, 0x6ed46089e88fdc45); let mut x391: u64 = 0; let mut x392: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x391, &mut x392, x389, 0xffffffffffffffff); let mut x393: u64 = 0; let mut x394: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x393, &mut x394, x389, 0xffffffffffffffff); let mut x395: u64 = 0; let mut x396: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x395, &mut x396, x389, 0xffffffffffffffff); let mut x397: u64 = 0; let mut x398: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x397, &mut x398, x389, 0xc7634d81f4372ddf); let mut x399: u64 = 0; let mut x400: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x399, &mut x400, x389, 0x581a0db248b0a77a); let mut x401: u64 = 0; let mut x402: u64 = 0; fiat_p384_scalar_mulx_u64(&mut x401, &mut x402, x389, 0xecec196accc52973); let mut x403: u64 = 0; let mut x404: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x403, &mut x404, 0x0, x402, x399); let mut x405: u64 = 0; let mut x406: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x405, &mut x406, x404, x400, x397); let mut x407: u64 = 0; let mut x408: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x407, &mut x408, x406, x398, x395); let mut x409: u64 = 0; let mut x410: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x409, &mut x410, x408, x396, x393); let mut x411: u64 = 0; let mut x412: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x411, &mut x412, x410, x394, x391); let mut x413: u64 = 0; let mut x414: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x413, &mut x414, 0x0, x377, x401); let mut x415: u64 = 0; let mut x416: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x415, &mut x416, x414, x379, x403); let mut x417: u64 = 0; let mut x418: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x417, &mut x418, x416, x381, x405); let mut x419: u64 = 0; let mut x420: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x419, &mut x420, x418, x383, x407); let mut x421: u64 = 0; let mut x422: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x421, &mut x422, x420, x385, x409); let mut x423: u64 = 0; let mut x424: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x423, &mut x424, x422, x387, x411); let mut x425: u64 = 0; let mut x426: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x425, &mut x426, x424, (((x388 as u64) + (x354 as u64)) + ((x376 as u64) + x356)), ((x412 as u64) + x392)); let mut x427: u64 = 0; let mut x428: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x427, &mut x428, 0x0, x415, 0xecec196accc52973); let mut x429: u64 = 0; let mut x430: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x429, &mut x430, x428, x417, 0x581a0db248b0a77a); let mut x431: u64 = 0; let mut x432: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x431, &mut x432, x430, x419, 0xc7634d81f4372ddf); let mut x433: u64 = 0; let mut x434: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x433, &mut x434, x432, x421, 0xffffffffffffffff); let mut x435: u64 = 0; let mut x436: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x435, &mut x436, x434, x423, 0xffffffffffffffff); let mut x437: u64 = 0; let mut x438: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x437, &mut x438, x436, x425, 0xffffffffffffffff); let mut x439: u64 = 0; let mut x440: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x439, &mut x440, x438, (x426 as u64), (0x0 as u64)); let mut x441: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x441, x440, x427, x415); let mut x442: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x442, x440, x429, x417); let mut x443: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x443, x440, x431, x419); let mut x444: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x444, x440, x433, x421); let mut x445: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x445, x440, x435, x423); let mut x446: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x446, x440, x437, x425); out1[0] = x441; out1[1] = x442; out1[2] = x443; out1[3] = x444; out1[4] = x445; out1[5] = x446; } /// The function fiat_p384_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p384_scalar_nonzero(out1: &mut u64, arg1: &[u64; 6]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5])))))); *out1 = x1; } /// The function fiat_p384_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_scalar_selectznz(out1: &mut [u64; 6], arg1: fiat_p384_scalar_u1, arg2: &[u64; 6], arg3: &[u64; 6]) { let mut x1: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x6, arg1, (arg2[5]), (arg3[5])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; } /// The function fiat_p384_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p384_scalar_to_bytes(out1: &mut [u8; 48], arg1: &[u64; 6]) { let x1: u64 = (arg1[5]); let x2: u64 = (arg1[4]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[2]); let x5: u64 = (arg1[1]); let x6: u64 = (arg1[0]); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u64 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u64)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x5 & (0xff as u64)) as u8); let x22: u64 = (x5 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u64 = (x30 >> 8); let x33: u8 = ((x32 & (0xff as u64)) as u8); let x34: u8 = ((x32 >> 8) as u8); let x35: u8 = ((x4 & (0xff as u64)) as u8); let x36: u64 = (x4 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u64 = (x44 >> 8); let x47: u8 = ((x46 & (0xff as u64)) as u8); let x48: u8 = ((x46 >> 8) as u8); let x49: u8 = ((x3 & (0xff as u64)) as u8); let x50: u64 = (x3 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u64 = (x58 >> 8); let x61: u8 = ((x60 & (0xff as u64)) as u8); let x62: u8 = ((x60 >> 8) as u8); let x63: u8 = ((x2 & (0xff as u64)) as u8); let x64: u64 = (x2 >> 8); let x65: u8 = ((x64 & (0xff as u64)) as u8); let x66: u64 = (x64 >> 8); let x67: u8 = ((x66 & (0xff as u64)) as u8); let x68: u64 = (x66 >> 8); let x69: u8 = ((x68 & (0xff as u64)) as u8); let x70: u64 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u64)) as u8); let x72: u64 = (x70 >> 8); let x73: u8 = ((x72 & (0xff as u64)) as u8); let x74: u64 = (x72 >> 8); let x75: u8 = ((x74 & (0xff as u64)) as u8); let x76: u8 = ((x74 >> 8) as u8); let x77: u8 = ((x1 & (0xff as u64)) as u8); let x78: u64 = (x1 >> 8); let x79: u8 = ((x78 & (0xff as u64)) as u8); let x80: u64 = (x78 >> 8); let x81: u8 = ((x80 & (0xff as u64)) as u8); let x82: u64 = (x80 >> 8); let x83: u8 = ((x82 & (0xff as u64)) as u8); let x84: u64 = (x82 >> 8); let x85: u8 = ((x84 & (0xff as u64)) as u8); let x86: u64 = (x84 >> 8); let x87: u8 = ((x86 & (0xff as u64)) as u8); let x88: u64 = (x86 >> 8); let x89: u8 = ((x88 & (0xff as u64)) as u8); let x90: u8 = ((x88 >> 8) as u8); out1[0] = x7; out1[1] = x9; out1[2] = x11; out1[3] = x13; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x27; out1[12] = x29; out1[13] = x31; out1[14] = x33; out1[15] = x34; out1[16] = x35; out1[17] = x37; out1[18] = x39; out1[19] = x41; out1[20] = x43; out1[21] = x45; out1[22] = x47; out1[23] = x48; out1[24] = x49; out1[25] = x51; out1[26] = x53; out1[27] = x55; out1[28] = x57; out1[29] = x59; out1[30] = x61; out1[31] = x62; out1[32] = x63; out1[33] = x65; out1[34] = x67; out1[35] = x69; out1[36] = x71; out1[37] = x73; out1[38] = x75; out1[39] = x76; out1[40] = x77; out1[41] = x79; out1[42] = x81; out1[43] = x83; out1[44] = x85; out1[45] = x87; out1[46] = x89; out1[47] = x90; } /// The function fiat_p384_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_scalar_from_bytes(out1: &mut [u64; 6], arg1: &[u8; 48]) { let x1: u64 = (((arg1[47]) as u64) << 56); let x2: u64 = (((arg1[46]) as u64) << 48); let x3: u64 = (((arg1[45]) as u64) << 40); let x4: u64 = (((arg1[44]) as u64) << 32); let x5: u64 = (((arg1[43]) as u64) << 24); let x6: u64 = (((arg1[42]) as u64) << 16); let x7: u64 = (((arg1[41]) as u64) << 8); let x8: u8 = (arg1[40]); let x9: u64 = (((arg1[39]) as u64) << 56); let x10: u64 = (((arg1[38]) as u64) << 48); let x11: u64 = (((arg1[37]) as u64) << 40); let x12: u64 = (((arg1[36]) as u64) << 32); let x13: u64 = (((arg1[35]) as u64) << 24); let x14: u64 = (((arg1[34]) as u64) << 16); let x15: u64 = (((arg1[33]) as u64) << 8); let x16: u8 = (arg1[32]); let x17: u64 = (((arg1[31]) as u64) << 56); let x18: u64 = (((arg1[30]) as u64) << 48); let x19: u64 = (((arg1[29]) as u64) << 40); let x20: u64 = (((arg1[28]) as u64) << 32); let x21: u64 = (((arg1[27]) as u64) << 24); let x22: u64 = (((arg1[26]) as u64) << 16); let x23: u64 = (((arg1[25]) as u64) << 8); let x24: u8 = (arg1[24]); let x25: u64 = (((arg1[23]) as u64) << 56); let x26: u64 = (((arg1[22]) as u64) << 48); let x27: u64 = (((arg1[21]) as u64) << 40); let x28: u64 = (((arg1[20]) as u64) << 32); let x29: u64 = (((arg1[19]) as u64) << 24); let x30: u64 = (((arg1[18]) as u64) << 16); let x31: u64 = (((arg1[17]) as u64) << 8); let x32: u8 = (arg1[16]); let x33: u64 = (((arg1[15]) as u64) << 56); let x34: u64 = (((arg1[14]) as u64) << 48); let x35: u64 = (((arg1[13]) as u64) << 40); let x36: u64 = (((arg1[12]) as u64) << 32); let x37: u64 = (((arg1[11]) as u64) << 24); let x38: u64 = (((arg1[10]) as u64) << 16); let x39: u64 = (((arg1[9]) as u64) << 8); let x40: u8 = (arg1[8]); let x41: u64 = (((arg1[7]) as u64) << 56); let x42: u64 = (((arg1[6]) as u64) << 48); let x43: u64 = (((arg1[5]) as u64) << 40); let x44: u64 = (((arg1[4]) as u64) << 32); let x45: u64 = (((arg1[3]) as u64) << 24); let x46: u64 = (((arg1[2]) as u64) << 16); let x47: u64 = (((arg1[1]) as u64) << 8); let x48: u8 = (arg1[0]); let x49: u64 = (x47 + (x48 as u64)); let x50: u64 = (x46 + x49); let x51: u64 = (x45 + x50); let x52: u64 = (x44 + x51); let x53: u64 = (x43 + x52); let x54: u64 = (x42 + x53); let x55: u64 = (x41 + x54); let x56: u64 = (x39 + (x40 as u64)); let x57: u64 = (x38 + x56); let x58: u64 = (x37 + x57); let x59: u64 = (x36 + x58); let x60: u64 = (x35 + x59); let x61: u64 = (x34 + x60); let x62: u64 = (x33 + x61); let x63: u64 = (x31 + (x32 as u64)); let x64: u64 = (x30 + x63); let x65: u64 = (x29 + x64); let x66: u64 = (x28 + x65); let x67: u64 = (x27 + x66); let x68: u64 = (x26 + x67); let x69: u64 = (x25 + x68); let x70: u64 = (x23 + (x24 as u64)); let x71: u64 = (x22 + x70); let x72: u64 = (x21 + x71); let x73: u64 = (x20 + x72); let x74: u64 = (x19 + x73); let x75: u64 = (x18 + x74); let x76: u64 = (x17 + x75); let x77: u64 = (x15 + (x16 as u64)); let x78: u64 = (x14 + x77); let x79: u64 = (x13 + x78); let x80: u64 = (x12 + x79); let x81: u64 = (x11 + x80); let x82: u64 = (x10 + x81); let x83: u64 = (x9 + x82); let x84: u64 = (x7 + (x8 as u64)); let x85: u64 = (x6 + x84); let x86: u64 = (x5 + x85); let x87: u64 = (x4 + x86); let x88: u64 = (x3 + x87); let x89: u64 = (x2 + x88); let x90: u64 = (x1 + x89); out1[0] = x55; out1[1] = x62; out1[2] = x69; out1[3] = x76; out1[4] = x83; out1[5] = x90; } /// The function fiat_p384_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p384_scalar_set_one(out1: &mut fiat_p384_scalar_montgomery_domain_field_element) { out1[0] = 0x1313e695333ad68d; out1[1] = 0xa7e5f24db74f5885; out1[2] = 0x389cb27e0bc8d220; out1[3] = (0x0 as u64); out1[4] = (0x0 as u64); out1[5] = (0x0 as u64); } /// The function fiat_p384_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_scalar_msat(out1: &mut [u64; 7]) { out1[0] = 0xecec196accc52973; out1[1] = 0x581a0db248b0a77a; out1[2] = 0xc7634d81f4372ddf; out1[3] = 0xffffffffffffffff; out1[4] = 0xffffffffffffffff; out1[5] = 0xffffffffffffffff; out1[6] = (0x0 as u64); } /// The function fiat_p384_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_scalar_divstep(out1: &mut u64, out2: &mut [u64; 7], out3: &mut [u64; 7], out4: &mut [u64; 6], out5: &mut [u64; 6], arg1: u64, arg2: &[u64; 7], arg3: &[u64; 7], arg4: &[u64; 6], arg5: &[u64; 6]) { let mut x1: u64 = 0; let mut x2: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p384_scalar_u1 = (((x1 >> 63) as fiat_p384_scalar_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p384_scalar_u1)); let mut x4: u64 = 0; let mut x5: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u64 = 0; let mut x15: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x14, &mut x15, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x16: u64 = 0; let mut x17: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[1]))); let mut x18: u64 = 0; let mut x19: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[2]))); let mut x20: u64 = 0; let mut x21: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[3]))); let mut x22: u64 = 0; let mut x23: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x22, &mut x23, x21, (0x0 as u64), (!(arg2[4]))); let mut x24: u64 = 0; let mut x25: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x24, &mut x25, x23, (0x0 as u64), (!(arg2[5]))); let mut x26: u64 = 0; let mut x27: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x26, &mut x27, x25, (0x0 as u64), (!(arg2[6]))); let mut x28: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x28, x3, (arg3[0]), x14); let mut x29: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x29, x3, (arg3[1]), x16); let mut x30: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x30, x3, (arg3[2]), x18); let mut x31: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x31, x3, (arg3[3]), x20); let mut x32: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x32, x3, (arg3[4]), x22); let mut x33: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x33, x3, (arg3[5]), x24); let mut x34: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x34, x3, (arg3[6]), x26); let mut x35: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x35, x3, (arg4[0]), (arg5[0])); let mut x36: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x36, x3, (arg4[1]), (arg5[1])); let mut x37: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x37, x3, (arg4[2]), (arg5[2])); let mut x38: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x38, x3, (arg4[3]), (arg5[3])); let mut x39: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x39, x3, (arg4[4]), (arg5[4])); let mut x40: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x40, x3, (arg4[5]), (arg5[5])); let mut x41: u64 = 0; let mut x42: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x41, &mut x42, 0x0, x35, x35); let mut x43: u64 = 0; let mut x44: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x43, &mut x44, x42, x36, x36); let mut x45: u64 = 0; let mut x46: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x37, x37); let mut x47: u64 = 0; let mut x48: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x47, &mut x48, x46, x38, x38); let mut x49: u64 = 0; let mut x50: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x49, &mut x50, x48, x39, x39); let mut x51: u64 = 0; let mut x52: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x51, &mut x52, x50, x40, x40); let mut x53: u64 = 0; let mut x54: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x53, &mut x54, 0x0, x41, 0xecec196accc52973); let mut x55: u64 = 0; let mut x56: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x55, &mut x56, x54, x43, 0x581a0db248b0a77a); let mut x57: u64 = 0; let mut x58: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x57, &mut x58, x56, x45, 0xc7634d81f4372ddf); let mut x59: u64 = 0; let mut x60: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x59, &mut x60, x58, x47, 0xffffffffffffffff); let mut x61: u64 = 0; let mut x62: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x61, &mut x62, x60, x49, 0xffffffffffffffff); let mut x63: u64 = 0; let mut x64: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x63, &mut x64, x62, x51, 0xffffffffffffffff); let mut x65: u64 = 0; let mut x66: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x65, &mut x66, x64, (x52 as u64), (0x0 as u64)); let x67: u64 = (arg4[5]); let x68: u64 = (arg4[4]); let x69: u64 = (arg4[3]); let x70: u64 = (arg4[2]); let x71: u64 = (arg4[1]); let x72: u64 = (arg4[0]); let mut x73: u64 = 0; let mut x74: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x73, &mut x74, 0x0, (0x0 as u64), x72); let mut x75: u64 = 0; let mut x76: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x75, &mut x76, x74, (0x0 as u64), x71); let mut x77: u64 = 0; let mut x78: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x77, &mut x78, x76, (0x0 as u64), x70); let mut x79: u64 = 0; let mut x80: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x79, &mut x80, x78, (0x0 as u64), x69); let mut x81: u64 = 0; let mut x82: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x81, &mut x82, x80, (0x0 as u64), x68); let mut x83: u64 = 0; let mut x84: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x83, &mut x84, x82, (0x0 as u64), x67); let mut x85: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x85, x84, (0x0 as u64), 0xffffffffffffffff); let mut x86: u64 = 0; let mut x87: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x86, &mut x87, 0x0, x73, (x85 & 0xecec196accc52973)); let mut x88: u64 = 0; let mut x89: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x75, (x85 & 0x581a0db248b0a77a)); let mut x90: u64 = 0; let mut x91: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x90, &mut x91, x89, x77, (x85 & 0xc7634d81f4372ddf)); let mut x92: u64 = 0; let mut x93: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x92, &mut x93, x91, x79, x85); let mut x94: u64 = 0; let mut x95: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x94, &mut x95, x93, x81, x85); let mut x96: u64 = 0; let mut x97: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x83, x85); let mut x98: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x98, x3, (arg5[0]), x86); let mut x99: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x99, x3, (arg5[1]), x88); let mut x100: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x100, x3, (arg5[2]), x90); let mut x101: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x101, x3, (arg5[3]), x92); let mut x102: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x102, x3, (arg5[4]), x94); let mut x103: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x103, x3, (arg5[5]), x96); let x104: fiat_p384_scalar_u1 = ((x28 & (0x1 as u64)) as fiat_p384_scalar_u1); let mut x105: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x105, x104, (0x0 as u64), x7); let mut x106: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x106, x104, (0x0 as u64), x8); let mut x107: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x107, x104, (0x0 as u64), x9); let mut x108: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x108, x104, (0x0 as u64), x10); let mut x109: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x109, x104, (0x0 as u64), x11); let mut x110: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x110, x104, (0x0 as u64), x12); let mut x111: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x111, x104, (0x0 as u64), x13); let mut x112: u64 = 0; let mut x113: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x112, &mut x113, 0x0, x28, x105); let mut x114: u64 = 0; let mut x115: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x114, &mut x115, x113, x29, x106); let mut x116: u64 = 0; let mut x117: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x116, &mut x117, x115, x30, x107); let mut x118: u64 = 0; let mut x119: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x118, &mut x119, x117, x31, x108); let mut x120: u64 = 0; let mut x121: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x120, &mut x121, x119, x32, x109); let mut x122: u64 = 0; let mut x123: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x122, &mut x123, x121, x33, x110); let mut x124: u64 = 0; let mut x125: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x124, &mut x125, x123, x34, x111); let mut x126: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x126, x104, (0x0 as u64), x35); let mut x127: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x127, x104, (0x0 as u64), x36); let mut x128: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x128, x104, (0x0 as u64), x37); let mut x129: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x129, x104, (0x0 as u64), x38); let mut x130: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x130, x104, (0x0 as u64), x39); let mut x131: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x131, x104, (0x0 as u64), x40); let mut x132: u64 = 0; let mut x133: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x132, &mut x133, 0x0, x98, x126); let mut x134: u64 = 0; let mut x135: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x134, &mut x135, x133, x99, x127); let mut x136: u64 = 0; let mut x137: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x136, &mut x137, x135, x100, x128); let mut x138: u64 = 0; let mut x139: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x138, &mut x139, x137, x101, x129); let mut x140: u64 = 0; let mut x141: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x140, &mut x141, x139, x102, x130); let mut x142: u64 = 0; let mut x143: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x142, &mut x143, x141, x103, x131); let mut x144: u64 = 0; let mut x145: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x144, &mut x145, 0x0, x132, 0xecec196accc52973); let mut x146: u64 = 0; let mut x147: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x146, &mut x147, x145, x134, 0x581a0db248b0a77a); let mut x148: u64 = 0; let mut x149: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x148, &mut x149, x147, x136, 0xc7634d81f4372ddf); let mut x150: u64 = 0; let mut x151: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x150, &mut x151, x149, x138, 0xffffffffffffffff); let mut x152: u64 = 0; let mut x153: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x152, &mut x153, x151, x140, 0xffffffffffffffff); let mut x154: u64 = 0; let mut x155: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x154, &mut x155, x153, x142, 0xffffffffffffffff); let mut x156: u64 = 0; let mut x157: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_subborrowx_u64(&mut x156, &mut x157, x155, (x143 as u64), (0x0 as u64)); let mut x158: u64 = 0; let mut x159: fiat_p384_scalar_u1 = 0; fiat_p384_scalar_addcarryx_u64(&mut x158, &mut x159, 0x0, x6, (0x1 as u64)); let x160: u64 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff)); let x161: u64 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff)); let x162: u64 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff)); let x163: u64 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff)); let x164: u64 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff)); let x165: u64 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff)); let x166: u64 = ((x124 & 0x8000000000000000) | (x124 >> 1)); let mut x167: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x167, x66, x53, x41); let mut x168: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x168, x66, x55, x43); let mut x169: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x169, x66, x57, x45); let mut x170: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x170, x66, x59, x47); let mut x171: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x171, x66, x61, x49); let mut x172: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x172, x66, x63, x51); let mut x173: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x173, x157, x144, x132); let mut x174: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x174, x157, x146, x134); let mut x175: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x175, x157, x148, x136); let mut x176: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x176, x157, x150, x138); let mut x177: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x177, x157, x152, x140); let mut x178: u64 = 0; fiat_p384_scalar_cmovznz_u64(&mut x178, x157, x154, x142); *out1 = x158; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out3[0] = x160; out3[1] = x161; out3[2] = x162; out3[3] = x163; out3[4] = x164; out3[5] = x165; out3[6] = x166; out4[0] = x167; out4[1] = x168; out4[2] = x169; out4[3] = x170; out4[4] = x171; out4[5] = x172; out5[0] = x173; out5[1] = x174; out5[2] = x175; out5[3] = x176; out5[4] = x177; out5[5] = x178; } /// The function fiat_p384_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p384_scalar_divstep_precomp(out1: &mut [u64; 6]) { out1[0] = 0x49589ae0e6045b6a; out1[1] = 0x3c9a5352870040ed; out1[2] = 0xdacb097e977dc242; out1[3] = 0xb5ab30a6d1ecbe36; out1[4] = 0x97d7a1081f959973; out1[5] = 0x2ba012f8d27192bc; } fiat-crypto-0.2.2/src/p434_64.rs000064400000000000000000005535671046102023000142530ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline p434 64 '2^216 * 3^137 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: p434 //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0x2341f271773446cfc5fd681c520567bc65c783158aea3fdc1767ae2ffffffffffffffffffffffffffffffffffffffffffffffffffffff (from "2^216 * 3^137 - 1") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) + (z[6] << 0x180) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) + (z[6] << 0x180) in //! if x1 & (2^448-1) < 2^447 then x1 & (2^448-1) else (x1 & (2^448-1)) - 2^448 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p434_u1 = u8; pub type fiat_p434_i1 = i8; pub type fiat_p434_u2 = u8; pub type fiat_p434_i2 = i8; /** The type fiat_p434_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p434_montgomery_domain_field_element(pub [u64; 7]); impl core::ops::Index for fiat_p434_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p434_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p434_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_p434_non_montgomery_domain_field_element(pub [u64; 7]); impl core::ops::Index for fiat_p434_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p434_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p434_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p434_addcarryx_u64(out1: &mut u64, out2: &mut fiat_p434_u1, arg1: fiat_p434_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_p434_u1 = ((x1 >> 64) as fiat_p434_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p434_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p434_subborrowx_u64(out1: &mut u64, out2: &mut fiat_p434_u1, arg1: fiat_p434_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_p434_i1 = ((x1 >> 64) as fiat_p434_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p434_i2) - (x2 as fiat_p434_i2)) as fiat_p434_u1); } /// The function fiat_p434_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p434_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_p434_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p434_cmovznz_u64(out1: &mut u64, arg1: fiat_p434_u1, arg2: u64, arg3: u64) { let x1: fiat_p434_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p434_i2) - (x1 as fiat_p434_i2)) as fiat_p434_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p434_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_mul(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element, arg2: &fiat_p434_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[6]); let x7: u64 = (arg1[0]); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p434_mulx_u64(&mut x8, &mut x9, x7, (arg2[6])); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p434_mulx_u64(&mut x10, &mut x11, x7, (arg2[5])); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p434_mulx_u64(&mut x12, &mut x13, x7, (arg2[4])); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p434_mulx_u64(&mut x14, &mut x15, x7, (arg2[3])); let mut x16: u64 = 0; let mut x17: u64 = 0; fiat_p434_mulx_u64(&mut x16, &mut x17, x7, (arg2[2])); let mut x18: u64 = 0; let mut x19: u64 = 0; fiat_p434_mulx_u64(&mut x18, &mut x19, x7, (arg2[1])); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p434_mulx_u64(&mut x20, &mut x21, x7, (arg2[0])); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x19, x16); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x17, x14); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, x27, x15, x12); let mut x30: u64 = 0; let mut x31: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x30, &mut x31, x29, x13, x10); let mut x32: u64 = 0; let mut x33: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x32, &mut x33, x31, x11, x8); let x34: u64 = ((x33 as u64) + x9); let mut x35: u64 = 0; let mut x36: u64 = 0; fiat_p434_mulx_u64(&mut x35, &mut x36, x20, 0x2341f27177344); let mut x37: u64 = 0; let mut x38: u64 = 0; fiat_p434_mulx_u64(&mut x37, &mut x38, x20, 0x6cfc5fd681c52056); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p434_mulx_u64(&mut x39, &mut x40, x20, 0x7bc65c783158aea3); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p434_mulx_u64(&mut x41, &mut x42, x20, 0xfdc1767ae2ffffff); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p434_mulx_u64(&mut x43, &mut x44, x20, 0xffffffffffffffff); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p434_mulx_u64(&mut x45, &mut x46, x20, 0xffffffffffffffff); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p434_mulx_u64(&mut x47, &mut x48, x20, 0xffffffffffffffff); let mut x49: u64 = 0; let mut x50: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x49, &mut x50, 0x0, x48, x45); let mut x51: u64 = 0; let mut x52: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x51, &mut x52, x50, x46, x43); let mut x53: u64 = 0; let mut x54: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x53, &mut x54, x52, x44, x41); let mut x55: u64 = 0; let mut x56: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x55, &mut x56, x54, x42, x39); let mut x57: u64 = 0; let mut x58: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x57, &mut x58, x56, x40, x37); let mut x59: u64 = 0; let mut x60: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x59, &mut x60, x58, x38, x35); let x61: u64 = ((x60 as u64) + x36); let mut x62: u64 = 0; let mut x63: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x62, &mut x63, 0x0, x20, x47); let mut x64: u64 = 0; let mut x65: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x64, &mut x65, x63, x22, x49); let mut x66: u64 = 0; let mut x67: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x66, &mut x67, x65, x24, x51); let mut x68: u64 = 0; let mut x69: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x68, &mut x69, x67, x26, x53); let mut x70: u64 = 0; let mut x71: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x70, &mut x71, x69, x28, x55); let mut x72: u64 = 0; let mut x73: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x72, &mut x73, x71, x30, x57); let mut x74: u64 = 0; let mut x75: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x74, &mut x75, x73, x32, x59); let mut x76: u64 = 0; let mut x77: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x76, &mut x77, x75, x34, x61); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_p434_mulx_u64(&mut x78, &mut x79, x1, (arg2[6])); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p434_mulx_u64(&mut x80, &mut x81, x1, (arg2[5])); let mut x82: u64 = 0; let mut x83: u64 = 0; fiat_p434_mulx_u64(&mut x82, &mut x83, x1, (arg2[4])); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p434_mulx_u64(&mut x84, &mut x85, x1, (arg2[3])); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p434_mulx_u64(&mut x86, &mut x87, x1, (arg2[2])); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_p434_mulx_u64(&mut x88, &mut x89, x1, (arg2[1])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_p434_mulx_u64(&mut x90, &mut x91, x1, (arg2[0])); let mut x92: u64 = 0; let mut x93: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x92, &mut x93, 0x0, x91, x88); let mut x94: u64 = 0; let mut x95: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x94, &mut x95, x93, x89, x86); let mut x96: u64 = 0; let mut x97: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x96, &mut x97, x95, x87, x84); let mut x98: u64 = 0; let mut x99: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x98, &mut x99, x97, x85, x82); let mut x100: u64 = 0; let mut x101: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x100, &mut x101, x99, x83, x80); let mut x102: u64 = 0; let mut x103: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x102, &mut x103, x101, x81, x78); let x104: u64 = ((x103 as u64) + x79); let mut x105: u64 = 0; let mut x106: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x105, &mut x106, 0x0, x64, x90); let mut x107: u64 = 0; let mut x108: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x107, &mut x108, x106, x66, x92); let mut x109: u64 = 0; let mut x110: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x109, &mut x110, x108, x68, x94); let mut x111: u64 = 0; let mut x112: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x111, &mut x112, x110, x70, x96); let mut x113: u64 = 0; let mut x114: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x113, &mut x114, x112, x72, x98); let mut x115: u64 = 0; let mut x116: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x115, &mut x116, x114, x74, x100); let mut x117: u64 = 0; let mut x118: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x117, &mut x118, x116, x76, x102); let mut x119: u64 = 0; let mut x120: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x119, &mut x120, x118, (x77 as u64), x104); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p434_mulx_u64(&mut x121, &mut x122, x105, 0x2341f27177344); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p434_mulx_u64(&mut x123, &mut x124, x105, 0x6cfc5fd681c52056); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_p434_mulx_u64(&mut x125, &mut x126, x105, 0x7bc65c783158aea3); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p434_mulx_u64(&mut x127, &mut x128, x105, 0xfdc1767ae2ffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p434_mulx_u64(&mut x129, &mut x130, x105, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p434_mulx_u64(&mut x131, &mut x132, x105, 0xffffffffffffffff); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p434_mulx_u64(&mut x133, &mut x134, x105, 0xffffffffffffffff); let mut x135: u64 = 0; let mut x136: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let mut x141: u64 = 0; let mut x142: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x141, &mut x142, x140, x128, x125); let mut x143: u64 = 0; let mut x144: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x143, &mut x144, x142, x126, x123); let mut x145: u64 = 0; let mut x146: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x145, &mut x146, x144, x124, x121); let x147: u64 = ((x146 as u64) + x122); let mut x148: u64 = 0; let mut x149: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x148, &mut x149, 0x0, x105, x133); let mut x150: u64 = 0; let mut x151: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x150, &mut x151, x149, x107, x135); let mut x152: u64 = 0; let mut x153: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x152, &mut x153, x151, x109, x137); let mut x154: u64 = 0; let mut x155: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x154, &mut x155, x153, x111, x139); let mut x156: u64 = 0; let mut x157: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x156, &mut x157, x155, x113, x141); let mut x158: u64 = 0; let mut x159: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x158, &mut x159, x157, x115, x143); let mut x160: u64 = 0; let mut x161: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x160, &mut x161, x159, x117, x145); let mut x162: u64 = 0; let mut x163: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x162, &mut x163, x161, x119, x147); let x164: u64 = ((x163 as u64) + (x120 as u64)); let mut x165: u64 = 0; let mut x166: u64 = 0; fiat_p434_mulx_u64(&mut x165, &mut x166, x2, (arg2[6])); let mut x167: u64 = 0; let mut x168: u64 = 0; fiat_p434_mulx_u64(&mut x167, &mut x168, x2, (arg2[5])); let mut x169: u64 = 0; let mut x170: u64 = 0; fiat_p434_mulx_u64(&mut x169, &mut x170, x2, (arg2[4])); let mut x171: u64 = 0; let mut x172: u64 = 0; fiat_p434_mulx_u64(&mut x171, &mut x172, x2, (arg2[3])); let mut x173: u64 = 0; let mut x174: u64 = 0; fiat_p434_mulx_u64(&mut x173, &mut x174, x2, (arg2[2])); let mut x175: u64 = 0; let mut x176: u64 = 0; fiat_p434_mulx_u64(&mut x175, &mut x176, x2, (arg2[1])); let mut x177: u64 = 0; let mut x178: u64 = 0; fiat_p434_mulx_u64(&mut x177, &mut x178, x2, (arg2[0])); let mut x179: u64 = 0; let mut x180: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x179, &mut x180, 0x0, x178, x175); let mut x181: u64 = 0; let mut x182: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x181, &mut x182, x180, x176, x173); let mut x183: u64 = 0; let mut x184: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x183, &mut x184, x182, x174, x171); let mut x185: u64 = 0; let mut x186: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x185, &mut x186, x184, x172, x169); let mut x187: u64 = 0; let mut x188: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x187, &mut x188, x186, x170, x167); let mut x189: u64 = 0; let mut x190: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x189, &mut x190, x188, x168, x165); let x191: u64 = ((x190 as u64) + x166); let mut x192: u64 = 0; let mut x193: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x192, &mut x193, 0x0, x150, x177); let mut x194: u64 = 0; let mut x195: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x194, &mut x195, x193, x152, x179); let mut x196: u64 = 0; let mut x197: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x196, &mut x197, x195, x154, x181); let mut x198: u64 = 0; let mut x199: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x198, &mut x199, x197, x156, x183); let mut x200: u64 = 0; let mut x201: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x200, &mut x201, x199, x158, x185); let mut x202: u64 = 0; let mut x203: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x202, &mut x203, x201, x160, x187); let mut x204: u64 = 0; let mut x205: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x204, &mut x205, x203, x162, x189); let mut x206: u64 = 0; let mut x207: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x206, &mut x207, x205, x164, x191); let mut x208: u64 = 0; let mut x209: u64 = 0; fiat_p434_mulx_u64(&mut x208, &mut x209, x192, 0x2341f27177344); let mut x210: u64 = 0; let mut x211: u64 = 0; fiat_p434_mulx_u64(&mut x210, &mut x211, x192, 0x6cfc5fd681c52056); let mut x212: u64 = 0; let mut x213: u64 = 0; fiat_p434_mulx_u64(&mut x212, &mut x213, x192, 0x7bc65c783158aea3); let mut x214: u64 = 0; let mut x215: u64 = 0; fiat_p434_mulx_u64(&mut x214, &mut x215, x192, 0xfdc1767ae2ffffff); let mut x216: u64 = 0; let mut x217: u64 = 0; fiat_p434_mulx_u64(&mut x216, &mut x217, x192, 0xffffffffffffffff); let mut x218: u64 = 0; let mut x219: u64 = 0; fiat_p434_mulx_u64(&mut x218, &mut x219, x192, 0xffffffffffffffff); let mut x220: u64 = 0; let mut x221: u64 = 0; fiat_p434_mulx_u64(&mut x220, &mut x221, x192, 0xffffffffffffffff); let mut x222: u64 = 0; let mut x223: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x222, &mut x223, 0x0, x221, x218); let mut x224: u64 = 0; let mut x225: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x224, &mut x225, x223, x219, x216); let mut x226: u64 = 0; let mut x227: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x226, &mut x227, x225, x217, x214); let mut x228: u64 = 0; let mut x229: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x228, &mut x229, x227, x215, x212); let mut x230: u64 = 0; let mut x231: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x230, &mut x231, x229, x213, x210); let mut x232: u64 = 0; let mut x233: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x232, &mut x233, x231, x211, x208); let x234: u64 = ((x233 as u64) + x209); let mut x235: u64 = 0; let mut x236: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x235, &mut x236, 0x0, x192, x220); let mut x237: u64 = 0; let mut x238: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x237, &mut x238, x236, x194, x222); let mut x239: u64 = 0; let mut x240: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x239, &mut x240, x238, x196, x224); let mut x241: u64 = 0; let mut x242: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x241, &mut x242, x240, x198, x226); let mut x243: u64 = 0; let mut x244: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x243, &mut x244, x242, x200, x228); let mut x245: u64 = 0; let mut x246: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x245, &mut x246, x244, x202, x230); let mut x247: u64 = 0; let mut x248: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x247, &mut x248, x246, x204, x232); let mut x249: u64 = 0; let mut x250: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x249, &mut x250, x248, x206, x234); let x251: u64 = ((x250 as u64) + (x207 as u64)); let mut x252: u64 = 0; let mut x253: u64 = 0; fiat_p434_mulx_u64(&mut x252, &mut x253, x3, (arg2[6])); let mut x254: u64 = 0; let mut x255: u64 = 0; fiat_p434_mulx_u64(&mut x254, &mut x255, x3, (arg2[5])); let mut x256: u64 = 0; let mut x257: u64 = 0; fiat_p434_mulx_u64(&mut x256, &mut x257, x3, (arg2[4])); let mut x258: u64 = 0; let mut x259: u64 = 0; fiat_p434_mulx_u64(&mut x258, &mut x259, x3, (arg2[3])); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p434_mulx_u64(&mut x260, &mut x261, x3, (arg2[2])); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p434_mulx_u64(&mut x262, &mut x263, x3, (arg2[1])); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p434_mulx_u64(&mut x264, &mut x265, x3, (arg2[0])); let mut x266: u64 = 0; let mut x267: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x266, &mut x267, 0x0, x265, x262); let mut x268: u64 = 0; let mut x269: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x268, &mut x269, x267, x263, x260); let mut x270: u64 = 0; let mut x271: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x270, &mut x271, x269, x261, x258); let mut x272: u64 = 0; let mut x273: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x272, &mut x273, x271, x259, x256); let mut x274: u64 = 0; let mut x275: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x274, &mut x275, x273, x257, x254); let mut x276: u64 = 0; let mut x277: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x276, &mut x277, x275, x255, x252); let x278: u64 = ((x277 as u64) + x253); let mut x279: u64 = 0; let mut x280: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x279, &mut x280, 0x0, x237, x264); let mut x281: u64 = 0; let mut x282: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x281, &mut x282, x280, x239, x266); let mut x283: u64 = 0; let mut x284: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x283, &mut x284, x282, x241, x268); let mut x285: u64 = 0; let mut x286: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x285, &mut x286, x284, x243, x270); let mut x287: u64 = 0; let mut x288: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x287, &mut x288, x286, x245, x272); let mut x289: u64 = 0; let mut x290: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x289, &mut x290, x288, x247, x274); let mut x291: u64 = 0; let mut x292: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x291, &mut x292, x290, x249, x276); let mut x293: u64 = 0; let mut x294: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x293, &mut x294, x292, x251, x278); let mut x295: u64 = 0; let mut x296: u64 = 0; fiat_p434_mulx_u64(&mut x295, &mut x296, x279, 0x2341f27177344); let mut x297: u64 = 0; let mut x298: u64 = 0; fiat_p434_mulx_u64(&mut x297, &mut x298, x279, 0x6cfc5fd681c52056); let mut x299: u64 = 0; let mut x300: u64 = 0; fiat_p434_mulx_u64(&mut x299, &mut x300, x279, 0x7bc65c783158aea3); let mut x301: u64 = 0; let mut x302: u64 = 0; fiat_p434_mulx_u64(&mut x301, &mut x302, x279, 0xfdc1767ae2ffffff); let mut x303: u64 = 0; let mut x304: u64 = 0; fiat_p434_mulx_u64(&mut x303, &mut x304, x279, 0xffffffffffffffff); let mut x305: u64 = 0; let mut x306: u64 = 0; fiat_p434_mulx_u64(&mut x305, &mut x306, x279, 0xffffffffffffffff); let mut x307: u64 = 0; let mut x308: u64 = 0; fiat_p434_mulx_u64(&mut x307, &mut x308, x279, 0xffffffffffffffff); let mut x309: u64 = 0; let mut x310: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u64 = 0; let mut x312: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x311, &mut x312, x310, x306, x303); let mut x313: u64 = 0; let mut x314: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x313, &mut x314, x312, x304, x301); let mut x315: u64 = 0; let mut x316: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x315, &mut x316, x314, x302, x299); let mut x317: u64 = 0; let mut x318: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x317, &mut x318, x316, x300, x297); let mut x319: u64 = 0; let mut x320: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x319, &mut x320, x318, x298, x295); let x321: u64 = ((x320 as u64) + x296); let mut x322: u64 = 0; let mut x323: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x322, &mut x323, 0x0, x279, x307); let mut x324: u64 = 0; let mut x325: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x324, &mut x325, x323, x281, x309); let mut x326: u64 = 0; let mut x327: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x326, &mut x327, x325, x283, x311); let mut x328: u64 = 0; let mut x329: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x328, &mut x329, x327, x285, x313); let mut x330: u64 = 0; let mut x331: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x330, &mut x331, x329, x287, x315); let mut x332: u64 = 0; let mut x333: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x332, &mut x333, x331, x289, x317); let mut x334: u64 = 0; let mut x335: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x334, &mut x335, x333, x291, x319); let mut x336: u64 = 0; let mut x337: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x336, &mut x337, x335, x293, x321); let x338: u64 = ((x337 as u64) + (x294 as u64)); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p434_mulx_u64(&mut x339, &mut x340, x4, (arg2[6])); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p434_mulx_u64(&mut x341, &mut x342, x4, (arg2[5])); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p434_mulx_u64(&mut x343, &mut x344, x4, (arg2[4])); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p434_mulx_u64(&mut x345, &mut x346, x4, (arg2[3])); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p434_mulx_u64(&mut x347, &mut x348, x4, (arg2[2])); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p434_mulx_u64(&mut x349, &mut x350, x4, (arg2[1])); let mut x351: u64 = 0; let mut x352: u64 = 0; fiat_p434_mulx_u64(&mut x351, &mut x352, x4, (arg2[0])); let mut x353: u64 = 0; let mut x354: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x353, &mut x354, 0x0, x352, x349); let mut x355: u64 = 0; let mut x356: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x355, &mut x356, x354, x350, x347); let mut x357: u64 = 0; let mut x358: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x357, &mut x358, x356, x348, x345); let mut x359: u64 = 0; let mut x360: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x359, &mut x360, x358, x346, x343); let mut x361: u64 = 0; let mut x362: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x361, &mut x362, x360, x344, x341); let mut x363: u64 = 0; let mut x364: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x363, &mut x364, x362, x342, x339); let x365: u64 = ((x364 as u64) + x340); let mut x366: u64 = 0; let mut x367: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x366, &mut x367, 0x0, x324, x351); let mut x368: u64 = 0; let mut x369: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x368, &mut x369, x367, x326, x353); let mut x370: u64 = 0; let mut x371: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x370, &mut x371, x369, x328, x355); let mut x372: u64 = 0; let mut x373: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x372, &mut x373, x371, x330, x357); let mut x374: u64 = 0; let mut x375: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x374, &mut x375, x373, x332, x359); let mut x376: u64 = 0; let mut x377: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x376, &mut x377, x375, x334, x361); let mut x378: u64 = 0; let mut x379: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x378, &mut x379, x377, x336, x363); let mut x380: u64 = 0; let mut x381: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x380, &mut x381, x379, x338, x365); let mut x382: u64 = 0; let mut x383: u64 = 0; fiat_p434_mulx_u64(&mut x382, &mut x383, x366, 0x2341f27177344); let mut x384: u64 = 0; let mut x385: u64 = 0; fiat_p434_mulx_u64(&mut x384, &mut x385, x366, 0x6cfc5fd681c52056); let mut x386: u64 = 0; let mut x387: u64 = 0; fiat_p434_mulx_u64(&mut x386, &mut x387, x366, 0x7bc65c783158aea3); let mut x388: u64 = 0; let mut x389: u64 = 0; fiat_p434_mulx_u64(&mut x388, &mut x389, x366, 0xfdc1767ae2ffffff); let mut x390: u64 = 0; let mut x391: u64 = 0; fiat_p434_mulx_u64(&mut x390, &mut x391, x366, 0xffffffffffffffff); let mut x392: u64 = 0; let mut x393: u64 = 0; fiat_p434_mulx_u64(&mut x392, &mut x393, x366, 0xffffffffffffffff); let mut x394: u64 = 0; let mut x395: u64 = 0; fiat_p434_mulx_u64(&mut x394, &mut x395, x366, 0xffffffffffffffff); let mut x396: u64 = 0; let mut x397: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x396, &mut x397, 0x0, x395, x392); let mut x398: u64 = 0; let mut x399: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x398, &mut x399, x397, x393, x390); let mut x400: u64 = 0; let mut x401: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x400, &mut x401, x399, x391, x388); let mut x402: u64 = 0; let mut x403: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x402, &mut x403, x401, x389, x386); let mut x404: u64 = 0; let mut x405: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x404, &mut x405, x403, x387, x384); let mut x406: u64 = 0; let mut x407: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x406, &mut x407, x405, x385, x382); let x408: u64 = ((x407 as u64) + x383); let mut x409: u64 = 0; let mut x410: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x409, &mut x410, 0x0, x366, x394); let mut x411: u64 = 0; let mut x412: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x411, &mut x412, x410, x368, x396); let mut x413: u64 = 0; let mut x414: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x413, &mut x414, x412, x370, x398); let mut x415: u64 = 0; let mut x416: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x415, &mut x416, x414, x372, x400); let mut x417: u64 = 0; let mut x418: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x417, &mut x418, x416, x374, x402); let mut x419: u64 = 0; let mut x420: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x419, &mut x420, x418, x376, x404); let mut x421: u64 = 0; let mut x422: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x421, &mut x422, x420, x378, x406); let mut x423: u64 = 0; let mut x424: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x423, &mut x424, x422, x380, x408); let x425: u64 = ((x424 as u64) + (x381 as u64)); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p434_mulx_u64(&mut x426, &mut x427, x5, (arg2[6])); let mut x428: u64 = 0; let mut x429: u64 = 0; fiat_p434_mulx_u64(&mut x428, &mut x429, x5, (arg2[5])); let mut x430: u64 = 0; let mut x431: u64 = 0; fiat_p434_mulx_u64(&mut x430, &mut x431, x5, (arg2[4])); let mut x432: u64 = 0; let mut x433: u64 = 0; fiat_p434_mulx_u64(&mut x432, &mut x433, x5, (arg2[3])); let mut x434: u64 = 0; let mut x435: u64 = 0; fiat_p434_mulx_u64(&mut x434, &mut x435, x5, (arg2[2])); let mut x436: u64 = 0; let mut x437: u64 = 0; fiat_p434_mulx_u64(&mut x436, &mut x437, x5, (arg2[1])); let mut x438: u64 = 0; let mut x439: u64 = 0; fiat_p434_mulx_u64(&mut x438, &mut x439, x5, (arg2[0])); let mut x440: u64 = 0; let mut x441: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x440, &mut x441, 0x0, x439, x436); let mut x442: u64 = 0; let mut x443: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x442, &mut x443, x441, x437, x434); let mut x444: u64 = 0; let mut x445: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x444, &mut x445, x443, x435, x432); let mut x446: u64 = 0; let mut x447: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x446, &mut x447, x445, x433, x430); let mut x448: u64 = 0; let mut x449: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x448, &mut x449, x447, x431, x428); let mut x450: u64 = 0; let mut x451: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x450, &mut x451, x449, x429, x426); let x452: u64 = ((x451 as u64) + x427); let mut x453: u64 = 0; let mut x454: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x453, &mut x454, 0x0, x411, x438); let mut x455: u64 = 0; let mut x456: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x455, &mut x456, x454, x413, x440); let mut x457: u64 = 0; let mut x458: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x457, &mut x458, x456, x415, x442); let mut x459: u64 = 0; let mut x460: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x459, &mut x460, x458, x417, x444); let mut x461: u64 = 0; let mut x462: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x461, &mut x462, x460, x419, x446); let mut x463: u64 = 0; let mut x464: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x463, &mut x464, x462, x421, x448); let mut x465: u64 = 0; let mut x466: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x465, &mut x466, x464, x423, x450); let mut x467: u64 = 0; let mut x468: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x467, &mut x468, x466, x425, x452); let mut x469: u64 = 0; let mut x470: u64 = 0; fiat_p434_mulx_u64(&mut x469, &mut x470, x453, 0x2341f27177344); let mut x471: u64 = 0; let mut x472: u64 = 0; fiat_p434_mulx_u64(&mut x471, &mut x472, x453, 0x6cfc5fd681c52056); let mut x473: u64 = 0; let mut x474: u64 = 0; fiat_p434_mulx_u64(&mut x473, &mut x474, x453, 0x7bc65c783158aea3); let mut x475: u64 = 0; let mut x476: u64 = 0; fiat_p434_mulx_u64(&mut x475, &mut x476, x453, 0xfdc1767ae2ffffff); let mut x477: u64 = 0; let mut x478: u64 = 0; fiat_p434_mulx_u64(&mut x477, &mut x478, x453, 0xffffffffffffffff); let mut x479: u64 = 0; let mut x480: u64 = 0; fiat_p434_mulx_u64(&mut x479, &mut x480, x453, 0xffffffffffffffff); let mut x481: u64 = 0; let mut x482: u64 = 0; fiat_p434_mulx_u64(&mut x481, &mut x482, x453, 0xffffffffffffffff); let mut x483: u64 = 0; let mut x484: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x483, &mut x484, 0x0, x482, x479); let mut x485: u64 = 0; let mut x486: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x485, &mut x486, x484, x480, x477); let mut x487: u64 = 0; let mut x488: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x487, &mut x488, x486, x478, x475); let mut x489: u64 = 0; let mut x490: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x489, &mut x490, x488, x476, x473); let mut x491: u64 = 0; let mut x492: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x491, &mut x492, x490, x474, x471); let mut x493: u64 = 0; let mut x494: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x493, &mut x494, x492, x472, x469); let x495: u64 = ((x494 as u64) + x470); let mut x496: u64 = 0; let mut x497: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x496, &mut x497, 0x0, x453, x481); let mut x498: u64 = 0; let mut x499: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x498, &mut x499, x497, x455, x483); let mut x500: u64 = 0; let mut x501: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x500, &mut x501, x499, x457, x485); let mut x502: u64 = 0; let mut x503: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x502, &mut x503, x501, x459, x487); let mut x504: u64 = 0; let mut x505: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x504, &mut x505, x503, x461, x489); let mut x506: u64 = 0; let mut x507: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x506, &mut x507, x505, x463, x491); let mut x508: u64 = 0; let mut x509: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x508, &mut x509, x507, x465, x493); let mut x510: u64 = 0; let mut x511: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x510, &mut x511, x509, x467, x495); let x512: u64 = ((x511 as u64) + (x468 as u64)); let mut x513: u64 = 0; let mut x514: u64 = 0; fiat_p434_mulx_u64(&mut x513, &mut x514, x6, (arg2[6])); let mut x515: u64 = 0; let mut x516: u64 = 0; fiat_p434_mulx_u64(&mut x515, &mut x516, x6, (arg2[5])); let mut x517: u64 = 0; let mut x518: u64 = 0; fiat_p434_mulx_u64(&mut x517, &mut x518, x6, (arg2[4])); let mut x519: u64 = 0; let mut x520: u64 = 0; fiat_p434_mulx_u64(&mut x519, &mut x520, x6, (arg2[3])); let mut x521: u64 = 0; let mut x522: u64 = 0; fiat_p434_mulx_u64(&mut x521, &mut x522, x6, (arg2[2])); let mut x523: u64 = 0; let mut x524: u64 = 0; fiat_p434_mulx_u64(&mut x523, &mut x524, x6, (arg2[1])); let mut x525: u64 = 0; let mut x526: u64 = 0; fiat_p434_mulx_u64(&mut x525, &mut x526, x6, (arg2[0])); let mut x527: u64 = 0; let mut x528: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x527, &mut x528, 0x0, x526, x523); let mut x529: u64 = 0; let mut x530: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x529, &mut x530, x528, x524, x521); let mut x531: u64 = 0; let mut x532: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x531, &mut x532, x530, x522, x519); let mut x533: u64 = 0; let mut x534: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x533, &mut x534, x532, x520, x517); let mut x535: u64 = 0; let mut x536: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x535, &mut x536, x534, x518, x515); let mut x537: u64 = 0; let mut x538: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x537, &mut x538, x536, x516, x513); let x539: u64 = ((x538 as u64) + x514); let mut x540: u64 = 0; let mut x541: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x540, &mut x541, 0x0, x498, x525); let mut x542: u64 = 0; let mut x543: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x542, &mut x543, x541, x500, x527); let mut x544: u64 = 0; let mut x545: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x544, &mut x545, x543, x502, x529); let mut x546: u64 = 0; let mut x547: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x546, &mut x547, x545, x504, x531); let mut x548: u64 = 0; let mut x549: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x548, &mut x549, x547, x506, x533); let mut x550: u64 = 0; let mut x551: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x550, &mut x551, x549, x508, x535); let mut x552: u64 = 0; let mut x553: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x552, &mut x553, x551, x510, x537); let mut x554: u64 = 0; let mut x555: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x554, &mut x555, x553, x512, x539); let mut x556: u64 = 0; let mut x557: u64 = 0; fiat_p434_mulx_u64(&mut x556, &mut x557, x540, 0x2341f27177344); let mut x558: u64 = 0; let mut x559: u64 = 0; fiat_p434_mulx_u64(&mut x558, &mut x559, x540, 0x6cfc5fd681c52056); let mut x560: u64 = 0; let mut x561: u64 = 0; fiat_p434_mulx_u64(&mut x560, &mut x561, x540, 0x7bc65c783158aea3); let mut x562: u64 = 0; let mut x563: u64 = 0; fiat_p434_mulx_u64(&mut x562, &mut x563, x540, 0xfdc1767ae2ffffff); let mut x564: u64 = 0; let mut x565: u64 = 0; fiat_p434_mulx_u64(&mut x564, &mut x565, x540, 0xffffffffffffffff); let mut x566: u64 = 0; let mut x567: u64 = 0; fiat_p434_mulx_u64(&mut x566, &mut x567, x540, 0xffffffffffffffff); let mut x568: u64 = 0; let mut x569: u64 = 0; fiat_p434_mulx_u64(&mut x568, &mut x569, x540, 0xffffffffffffffff); let mut x570: u64 = 0; let mut x571: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x570, &mut x571, 0x0, x569, x566); let mut x572: u64 = 0; let mut x573: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x572, &mut x573, x571, x567, x564); let mut x574: u64 = 0; let mut x575: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x574, &mut x575, x573, x565, x562); let mut x576: u64 = 0; let mut x577: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x576, &mut x577, x575, x563, x560); let mut x578: u64 = 0; let mut x579: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x578, &mut x579, x577, x561, x558); let mut x580: u64 = 0; let mut x581: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x580, &mut x581, x579, x559, x556); let x582: u64 = ((x581 as u64) + x557); let mut x583: u64 = 0; let mut x584: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x583, &mut x584, 0x0, x540, x568); let mut x585: u64 = 0; let mut x586: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x585, &mut x586, x584, x542, x570); let mut x587: u64 = 0; let mut x588: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x587, &mut x588, x586, x544, x572); let mut x589: u64 = 0; let mut x590: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x589, &mut x590, x588, x546, x574); let mut x591: u64 = 0; let mut x592: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x591, &mut x592, x590, x548, x576); let mut x593: u64 = 0; let mut x594: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x593, &mut x594, x592, x550, x578); let mut x595: u64 = 0; let mut x596: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x595, &mut x596, x594, x552, x580); let mut x597: u64 = 0; let mut x598: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x597, &mut x598, x596, x554, x582); let x599: u64 = ((x598 as u64) + (x555 as u64)); let mut x600: u64 = 0; let mut x601: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x600, &mut x601, 0x0, x585, 0xffffffffffffffff); let mut x602: u64 = 0; let mut x603: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x602, &mut x603, x601, x587, 0xffffffffffffffff); let mut x604: u64 = 0; let mut x605: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x604, &mut x605, x603, x589, 0xffffffffffffffff); let mut x606: u64 = 0; let mut x607: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x606, &mut x607, x605, x591, 0xfdc1767ae2ffffff); let mut x608: u64 = 0; let mut x609: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x608, &mut x609, x607, x593, 0x7bc65c783158aea3); let mut x610: u64 = 0; let mut x611: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x610, &mut x611, x609, x595, 0x6cfc5fd681c52056); let mut x612: u64 = 0; let mut x613: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x612, &mut x613, x611, x597, 0x2341f27177344); let mut x614: u64 = 0; let mut x615: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x614, &mut x615, x613, x599, (0x0 as u64)); let mut x616: u64 = 0; fiat_p434_cmovznz_u64(&mut x616, x615, x600, x585); let mut x617: u64 = 0; fiat_p434_cmovznz_u64(&mut x617, x615, x602, x587); let mut x618: u64 = 0; fiat_p434_cmovznz_u64(&mut x618, x615, x604, x589); let mut x619: u64 = 0; fiat_p434_cmovznz_u64(&mut x619, x615, x606, x591); let mut x620: u64 = 0; fiat_p434_cmovznz_u64(&mut x620, x615, x608, x593); let mut x621: u64 = 0; fiat_p434_cmovznz_u64(&mut x621, x615, x610, x595); let mut x622: u64 = 0; fiat_p434_cmovznz_u64(&mut x622, x615, x612, x597); out1[0] = x616; out1[1] = x617; out1[2] = x618; out1[3] = x619; out1[4] = x620; out1[5] = x621; out1[6] = x622; } /// The function fiat_p434_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_square(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[6]); let x7: u64 = (arg1[0]); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p434_mulx_u64(&mut x8, &mut x9, x7, (arg1[6])); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p434_mulx_u64(&mut x10, &mut x11, x7, (arg1[5])); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p434_mulx_u64(&mut x12, &mut x13, x7, (arg1[4])); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p434_mulx_u64(&mut x14, &mut x15, x7, (arg1[3])); let mut x16: u64 = 0; let mut x17: u64 = 0; fiat_p434_mulx_u64(&mut x16, &mut x17, x7, (arg1[2])); let mut x18: u64 = 0; let mut x19: u64 = 0; fiat_p434_mulx_u64(&mut x18, &mut x19, x7, (arg1[1])); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p434_mulx_u64(&mut x20, &mut x21, x7, (arg1[0])); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x19, x16); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x17, x14); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, x27, x15, x12); let mut x30: u64 = 0; let mut x31: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x30, &mut x31, x29, x13, x10); let mut x32: u64 = 0; let mut x33: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x32, &mut x33, x31, x11, x8); let x34: u64 = ((x33 as u64) + x9); let mut x35: u64 = 0; let mut x36: u64 = 0; fiat_p434_mulx_u64(&mut x35, &mut x36, x20, 0x2341f27177344); let mut x37: u64 = 0; let mut x38: u64 = 0; fiat_p434_mulx_u64(&mut x37, &mut x38, x20, 0x6cfc5fd681c52056); let mut x39: u64 = 0; let mut x40: u64 = 0; fiat_p434_mulx_u64(&mut x39, &mut x40, x20, 0x7bc65c783158aea3); let mut x41: u64 = 0; let mut x42: u64 = 0; fiat_p434_mulx_u64(&mut x41, &mut x42, x20, 0xfdc1767ae2ffffff); let mut x43: u64 = 0; let mut x44: u64 = 0; fiat_p434_mulx_u64(&mut x43, &mut x44, x20, 0xffffffffffffffff); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_p434_mulx_u64(&mut x45, &mut x46, x20, 0xffffffffffffffff); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_p434_mulx_u64(&mut x47, &mut x48, x20, 0xffffffffffffffff); let mut x49: u64 = 0; let mut x50: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x49, &mut x50, 0x0, x48, x45); let mut x51: u64 = 0; let mut x52: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x51, &mut x52, x50, x46, x43); let mut x53: u64 = 0; let mut x54: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x53, &mut x54, x52, x44, x41); let mut x55: u64 = 0; let mut x56: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x55, &mut x56, x54, x42, x39); let mut x57: u64 = 0; let mut x58: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x57, &mut x58, x56, x40, x37); let mut x59: u64 = 0; let mut x60: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x59, &mut x60, x58, x38, x35); let x61: u64 = ((x60 as u64) + x36); let mut x62: u64 = 0; let mut x63: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x62, &mut x63, 0x0, x20, x47); let mut x64: u64 = 0; let mut x65: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x64, &mut x65, x63, x22, x49); let mut x66: u64 = 0; let mut x67: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x66, &mut x67, x65, x24, x51); let mut x68: u64 = 0; let mut x69: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x68, &mut x69, x67, x26, x53); let mut x70: u64 = 0; let mut x71: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x70, &mut x71, x69, x28, x55); let mut x72: u64 = 0; let mut x73: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x72, &mut x73, x71, x30, x57); let mut x74: u64 = 0; let mut x75: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x74, &mut x75, x73, x32, x59); let mut x76: u64 = 0; let mut x77: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x76, &mut x77, x75, x34, x61); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_p434_mulx_u64(&mut x78, &mut x79, x1, (arg1[6])); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p434_mulx_u64(&mut x80, &mut x81, x1, (arg1[5])); let mut x82: u64 = 0; let mut x83: u64 = 0; fiat_p434_mulx_u64(&mut x82, &mut x83, x1, (arg1[4])); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p434_mulx_u64(&mut x84, &mut x85, x1, (arg1[3])); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p434_mulx_u64(&mut x86, &mut x87, x1, (arg1[2])); let mut x88: u64 = 0; let mut x89: u64 = 0; fiat_p434_mulx_u64(&mut x88, &mut x89, x1, (arg1[1])); let mut x90: u64 = 0; let mut x91: u64 = 0; fiat_p434_mulx_u64(&mut x90, &mut x91, x1, (arg1[0])); let mut x92: u64 = 0; let mut x93: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x92, &mut x93, 0x0, x91, x88); let mut x94: u64 = 0; let mut x95: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x94, &mut x95, x93, x89, x86); let mut x96: u64 = 0; let mut x97: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x96, &mut x97, x95, x87, x84); let mut x98: u64 = 0; let mut x99: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x98, &mut x99, x97, x85, x82); let mut x100: u64 = 0; let mut x101: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x100, &mut x101, x99, x83, x80); let mut x102: u64 = 0; let mut x103: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x102, &mut x103, x101, x81, x78); let x104: u64 = ((x103 as u64) + x79); let mut x105: u64 = 0; let mut x106: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x105, &mut x106, 0x0, x64, x90); let mut x107: u64 = 0; let mut x108: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x107, &mut x108, x106, x66, x92); let mut x109: u64 = 0; let mut x110: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x109, &mut x110, x108, x68, x94); let mut x111: u64 = 0; let mut x112: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x111, &mut x112, x110, x70, x96); let mut x113: u64 = 0; let mut x114: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x113, &mut x114, x112, x72, x98); let mut x115: u64 = 0; let mut x116: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x115, &mut x116, x114, x74, x100); let mut x117: u64 = 0; let mut x118: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x117, &mut x118, x116, x76, x102); let mut x119: u64 = 0; let mut x120: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x119, &mut x120, x118, (x77 as u64), x104); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_p434_mulx_u64(&mut x121, &mut x122, x105, 0x2341f27177344); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_p434_mulx_u64(&mut x123, &mut x124, x105, 0x6cfc5fd681c52056); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_p434_mulx_u64(&mut x125, &mut x126, x105, 0x7bc65c783158aea3); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_p434_mulx_u64(&mut x127, &mut x128, x105, 0xfdc1767ae2ffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_p434_mulx_u64(&mut x129, &mut x130, x105, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_p434_mulx_u64(&mut x131, &mut x132, x105, 0xffffffffffffffff); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_p434_mulx_u64(&mut x133, &mut x134, x105, 0xffffffffffffffff); let mut x135: u64 = 0; let mut x136: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let mut x141: u64 = 0; let mut x142: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x141, &mut x142, x140, x128, x125); let mut x143: u64 = 0; let mut x144: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x143, &mut x144, x142, x126, x123); let mut x145: u64 = 0; let mut x146: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x145, &mut x146, x144, x124, x121); let x147: u64 = ((x146 as u64) + x122); let mut x148: u64 = 0; let mut x149: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x148, &mut x149, 0x0, x105, x133); let mut x150: u64 = 0; let mut x151: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x150, &mut x151, x149, x107, x135); let mut x152: u64 = 0; let mut x153: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x152, &mut x153, x151, x109, x137); let mut x154: u64 = 0; let mut x155: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x154, &mut x155, x153, x111, x139); let mut x156: u64 = 0; let mut x157: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x156, &mut x157, x155, x113, x141); let mut x158: u64 = 0; let mut x159: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x158, &mut x159, x157, x115, x143); let mut x160: u64 = 0; let mut x161: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x160, &mut x161, x159, x117, x145); let mut x162: u64 = 0; let mut x163: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x162, &mut x163, x161, x119, x147); let x164: u64 = ((x163 as u64) + (x120 as u64)); let mut x165: u64 = 0; let mut x166: u64 = 0; fiat_p434_mulx_u64(&mut x165, &mut x166, x2, (arg1[6])); let mut x167: u64 = 0; let mut x168: u64 = 0; fiat_p434_mulx_u64(&mut x167, &mut x168, x2, (arg1[5])); let mut x169: u64 = 0; let mut x170: u64 = 0; fiat_p434_mulx_u64(&mut x169, &mut x170, x2, (arg1[4])); let mut x171: u64 = 0; let mut x172: u64 = 0; fiat_p434_mulx_u64(&mut x171, &mut x172, x2, (arg1[3])); let mut x173: u64 = 0; let mut x174: u64 = 0; fiat_p434_mulx_u64(&mut x173, &mut x174, x2, (arg1[2])); let mut x175: u64 = 0; let mut x176: u64 = 0; fiat_p434_mulx_u64(&mut x175, &mut x176, x2, (arg1[1])); let mut x177: u64 = 0; let mut x178: u64 = 0; fiat_p434_mulx_u64(&mut x177, &mut x178, x2, (arg1[0])); let mut x179: u64 = 0; let mut x180: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x179, &mut x180, 0x0, x178, x175); let mut x181: u64 = 0; let mut x182: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x181, &mut x182, x180, x176, x173); let mut x183: u64 = 0; let mut x184: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x183, &mut x184, x182, x174, x171); let mut x185: u64 = 0; let mut x186: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x185, &mut x186, x184, x172, x169); let mut x187: u64 = 0; let mut x188: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x187, &mut x188, x186, x170, x167); let mut x189: u64 = 0; let mut x190: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x189, &mut x190, x188, x168, x165); let x191: u64 = ((x190 as u64) + x166); let mut x192: u64 = 0; let mut x193: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x192, &mut x193, 0x0, x150, x177); let mut x194: u64 = 0; let mut x195: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x194, &mut x195, x193, x152, x179); let mut x196: u64 = 0; let mut x197: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x196, &mut x197, x195, x154, x181); let mut x198: u64 = 0; let mut x199: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x198, &mut x199, x197, x156, x183); let mut x200: u64 = 0; let mut x201: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x200, &mut x201, x199, x158, x185); let mut x202: u64 = 0; let mut x203: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x202, &mut x203, x201, x160, x187); let mut x204: u64 = 0; let mut x205: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x204, &mut x205, x203, x162, x189); let mut x206: u64 = 0; let mut x207: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x206, &mut x207, x205, x164, x191); let mut x208: u64 = 0; let mut x209: u64 = 0; fiat_p434_mulx_u64(&mut x208, &mut x209, x192, 0x2341f27177344); let mut x210: u64 = 0; let mut x211: u64 = 0; fiat_p434_mulx_u64(&mut x210, &mut x211, x192, 0x6cfc5fd681c52056); let mut x212: u64 = 0; let mut x213: u64 = 0; fiat_p434_mulx_u64(&mut x212, &mut x213, x192, 0x7bc65c783158aea3); let mut x214: u64 = 0; let mut x215: u64 = 0; fiat_p434_mulx_u64(&mut x214, &mut x215, x192, 0xfdc1767ae2ffffff); let mut x216: u64 = 0; let mut x217: u64 = 0; fiat_p434_mulx_u64(&mut x216, &mut x217, x192, 0xffffffffffffffff); let mut x218: u64 = 0; let mut x219: u64 = 0; fiat_p434_mulx_u64(&mut x218, &mut x219, x192, 0xffffffffffffffff); let mut x220: u64 = 0; let mut x221: u64 = 0; fiat_p434_mulx_u64(&mut x220, &mut x221, x192, 0xffffffffffffffff); let mut x222: u64 = 0; let mut x223: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x222, &mut x223, 0x0, x221, x218); let mut x224: u64 = 0; let mut x225: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x224, &mut x225, x223, x219, x216); let mut x226: u64 = 0; let mut x227: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x226, &mut x227, x225, x217, x214); let mut x228: u64 = 0; let mut x229: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x228, &mut x229, x227, x215, x212); let mut x230: u64 = 0; let mut x231: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x230, &mut x231, x229, x213, x210); let mut x232: u64 = 0; let mut x233: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x232, &mut x233, x231, x211, x208); let x234: u64 = ((x233 as u64) + x209); let mut x235: u64 = 0; let mut x236: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x235, &mut x236, 0x0, x192, x220); let mut x237: u64 = 0; let mut x238: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x237, &mut x238, x236, x194, x222); let mut x239: u64 = 0; let mut x240: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x239, &mut x240, x238, x196, x224); let mut x241: u64 = 0; let mut x242: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x241, &mut x242, x240, x198, x226); let mut x243: u64 = 0; let mut x244: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x243, &mut x244, x242, x200, x228); let mut x245: u64 = 0; let mut x246: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x245, &mut x246, x244, x202, x230); let mut x247: u64 = 0; let mut x248: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x247, &mut x248, x246, x204, x232); let mut x249: u64 = 0; let mut x250: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x249, &mut x250, x248, x206, x234); let x251: u64 = ((x250 as u64) + (x207 as u64)); let mut x252: u64 = 0; let mut x253: u64 = 0; fiat_p434_mulx_u64(&mut x252, &mut x253, x3, (arg1[6])); let mut x254: u64 = 0; let mut x255: u64 = 0; fiat_p434_mulx_u64(&mut x254, &mut x255, x3, (arg1[5])); let mut x256: u64 = 0; let mut x257: u64 = 0; fiat_p434_mulx_u64(&mut x256, &mut x257, x3, (arg1[4])); let mut x258: u64 = 0; let mut x259: u64 = 0; fiat_p434_mulx_u64(&mut x258, &mut x259, x3, (arg1[3])); let mut x260: u64 = 0; let mut x261: u64 = 0; fiat_p434_mulx_u64(&mut x260, &mut x261, x3, (arg1[2])); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p434_mulx_u64(&mut x262, &mut x263, x3, (arg1[1])); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p434_mulx_u64(&mut x264, &mut x265, x3, (arg1[0])); let mut x266: u64 = 0; let mut x267: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x266, &mut x267, 0x0, x265, x262); let mut x268: u64 = 0; let mut x269: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x268, &mut x269, x267, x263, x260); let mut x270: u64 = 0; let mut x271: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x270, &mut x271, x269, x261, x258); let mut x272: u64 = 0; let mut x273: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x272, &mut x273, x271, x259, x256); let mut x274: u64 = 0; let mut x275: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x274, &mut x275, x273, x257, x254); let mut x276: u64 = 0; let mut x277: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x276, &mut x277, x275, x255, x252); let x278: u64 = ((x277 as u64) + x253); let mut x279: u64 = 0; let mut x280: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x279, &mut x280, 0x0, x237, x264); let mut x281: u64 = 0; let mut x282: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x281, &mut x282, x280, x239, x266); let mut x283: u64 = 0; let mut x284: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x283, &mut x284, x282, x241, x268); let mut x285: u64 = 0; let mut x286: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x285, &mut x286, x284, x243, x270); let mut x287: u64 = 0; let mut x288: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x287, &mut x288, x286, x245, x272); let mut x289: u64 = 0; let mut x290: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x289, &mut x290, x288, x247, x274); let mut x291: u64 = 0; let mut x292: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x291, &mut x292, x290, x249, x276); let mut x293: u64 = 0; let mut x294: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x293, &mut x294, x292, x251, x278); let mut x295: u64 = 0; let mut x296: u64 = 0; fiat_p434_mulx_u64(&mut x295, &mut x296, x279, 0x2341f27177344); let mut x297: u64 = 0; let mut x298: u64 = 0; fiat_p434_mulx_u64(&mut x297, &mut x298, x279, 0x6cfc5fd681c52056); let mut x299: u64 = 0; let mut x300: u64 = 0; fiat_p434_mulx_u64(&mut x299, &mut x300, x279, 0x7bc65c783158aea3); let mut x301: u64 = 0; let mut x302: u64 = 0; fiat_p434_mulx_u64(&mut x301, &mut x302, x279, 0xfdc1767ae2ffffff); let mut x303: u64 = 0; let mut x304: u64 = 0; fiat_p434_mulx_u64(&mut x303, &mut x304, x279, 0xffffffffffffffff); let mut x305: u64 = 0; let mut x306: u64 = 0; fiat_p434_mulx_u64(&mut x305, &mut x306, x279, 0xffffffffffffffff); let mut x307: u64 = 0; let mut x308: u64 = 0; fiat_p434_mulx_u64(&mut x307, &mut x308, x279, 0xffffffffffffffff); let mut x309: u64 = 0; let mut x310: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u64 = 0; let mut x312: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x311, &mut x312, x310, x306, x303); let mut x313: u64 = 0; let mut x314: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x313, &mut x314, x312, x304, x301); let mut x315: u64 = 0; let mut x316: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x315, &mut x316, x314, x302, x299); let mut x317: u64 = 0; let mut x318: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x317, &mut x318, x316, x300, x297); let mut x319: u64 = 0; let mut x320: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x319, &mut x320, x318, x298, x295); let x321: u64 = ((x320 as u64) + x296); let mut x322: u64 = 0; let mut x323: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x322, &mut x323, 0x0, x279, x307); let mut x324: u64 = 0; let mut x325: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x324, &mut x325, x323, x281, x309); let mut x326: u64 = 0; let mut x327: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x326, &mut x327, x325, x283, x311); let mut x328: u64 = 0; let mut x329: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x328, &mut x329, x327, x285, x313); let mut x330: u64 = 0; let mut x331: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x330, &mut x331, x329, x287, x315); let mut x332: u64 = 0; let mut x333: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x332, &mut x333, x331, x289, x317); let mut x334: u64 = 0; let mut x335: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x334, &mut x335, x333, x291, x319); let mut x336: u64 = 0; let mut x337: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x336, &mut x337, x335, x293, x321); let x338: u64 = ((x337 as u64) + (x294 as u64)); let mut x339: u64 = 0; let mut x340: u64 = 0; fiat_p434_mulx_u64(&mut x339, &mut x340, x4, (arg1[6])); let mut x341: u64 = 0; let mut x342: u64 = 0; fiat_p434_mulx_u64(&mut x341, &mut x342, x4, (arg1[5])); let mut x343: u64 = 0; let mut x344: u64 = 0; fiat_p434_mulx_u64(&mut x343, &mut x344, x4, (arg1[4])); let mut x345: u64 = 0; let mut x346: u64 = 0; fiat_p434_mulx_u64(&mut x345, &mut x346, x4, (arg1[3])); let mut x347: u64 = 0; let mut x348: u64 = 0; fiat_p434_mulx_u64(&mut x347, &mut x348, x4, (arg1[2])); let mut x349: u64 = 0; let mut x350: u64 = 0; fiat_p434_mulx_u64(&mut x349, &mut x350, x4, (arg1[1])); let mut x351: u64 = 0; let mut x352: u64 = 0; fiat_p434_mulx_u64(&mut x351, &mut x352, x4, (arg1[0])); let mut x353: u64 = 0; let mut x354: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x353, &mut x354, 0x0, x352, x349); let mut x355: u64 = 0; let mut x356: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x355, &mut x356, x354, x350, x347); let mut x357: u64 = 0; let mut x358: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x357, &mut x358, x356, x348, x345); let mut x359: u64 = 0; let mut x360: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x359, &mut x360, x358, x346, x343); let mut x361: u64 = 0; let mut x362: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x361, &mut x362, x360, x344, x341); let mut x363: u64 = 0; let mut x364: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x363, &mut x364, x362, x342, x339); let x365: u64 = ((x364 as u64) + x340); let mut x366: u64 = 0; let mut x367: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x366, &mut x367, 0x0, x324, x351); let mut x368: u64 = 0; let mut x369: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x368, &mut x369, x367, x326, x353); let mut x370: u64 = 0; let mut x371: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x370, &mut x371, x369, x328, x355); let mut x372: u64 = 0; let mut x373: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x372, &mut x373, x371, x330, x357); let mut x374: u64 = 0; let mut x375: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x374, &mut x375, x373, x332, x359); let mut x376: u64 = 0; let mut x377: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x376, &mut x377, x375, x334, x361); let mut x378: u64 = 0; let mut x379: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x378, &mut x379, x377, x336, x363); let mut x380: u64 = 0; let mut x381: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x380, &mut x381, x379, x338, x365); let mut x382: u64 = 0; let mut x383: u64 = 0; fiat_p434_mulx_u64(&mut x382, &mut x383, x366, 0x2341f27177344); let mut x384: u64 = 0; let mut x385: u64 = 0; fiat_p434_mulx_u64(&mut x384, &mut x385, x366, 0x6cfc5fd681c52056); let mut x386: u64 = 0; let mut x387: u64 = 0; fiat_p434_mulx_u64(&mut x386, &mut x387, x366, 0x7bc65c783158aea3); let mut x388: u64 = 0; let mut x389: u64 = 0; fiat_p434_mulx_u64(&mut x388, &mut x389, x366, 0xfdc1767ae2ffffff); let mut x390: u64 = 0; let mut x391: u64 = 0; fiat_p434_mulx_u64(&mut x390, &mut x391, x366, 0xffffffffffffffff); let mut x392: u64 = 0; let mut x393: u64 = 0; fiat_p434_mulx_u64(&mut x392, &mut x393, x366, 0xffffffffffffffff); let mut x394: u64 = 0; let mut x395: u64 = 0; fiat_p434_mulx_u64(&mut x394, &mut x395, x366, 0xffffffffffffffff); let mut x396: u64 = 0; let mut x397: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x396, &mut x397, 0x0, x395, x392); let mut x398: u64 = 0; let mut x399: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x398, &mut x399, x397, x393, x390); let mut x400: u64 = 0; let mut x401: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x400, &mut x401, x399, x391, x388); let mut x402: u64 = 0; let mut x403: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x402, &mut x403, x401, x389, x386); let mut x404: u64 = 0; let mut x405: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x404, &mut x405, x403, x387, x384); let mut x406: u64 = 0; let mut x407: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x406, &mut x407, x405, x385, x382); let x408: u64 = ((x407 as u64) + x383); let mut x409: u64 = 0; let mut x410: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x409, &mut x410, 0x0, x366, x394); let mut x411: u64 = 0; let mut x412: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x411, &mut x412, x410, x368, x396); let mut x413: u64 = 0; let mut x414: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x413, &mut x414, x412, x370, x398); let mut x415: u64 = 0; let mut x416: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x415, &mut x416, x414, x372, x400); let mut x417: u64 = 0; let mut x418: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x417, &mut x418, x416, x374, x402); let mut x419: u64 = 0; let mut x420: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x419, &mut x420, x418, x376, x404); let mut x421: u64 = 0; let mut x422: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x421, &mut x422, x420, x378, x406); let mut x423: u64 = 0; let mut x424: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x423, &mut x424, x422, x380, x408); let x425: u64 = ((x424 as u64) + (x381 as u64)); let mut x426: u64 = 0; let mut x427: u64 = 0; fiat_p434_mulx_u64(&mut x426, &mut x427, x5, (arg1[6])); let mut x428: u64 = 0; let mut x429: u64 = 0; fiat_p434_mulx_u64(&mut x428, &mut x429, x5, (arg1[5])); let mut x430: u64 = 0; let mut x431: u64 = 0; fiat_p434_mulx_u64(&mut x430, &mut x431, x5, (arg1[4])); let mut x432: u64 = 0; let mut x433: u64 = 0; fiat_p434_mulx_u64(&mut x432, &mut x433, x5, (arg1[3])); let mut x434: u64 = 0; let mut x435: u64 = 0; fiat_p434_mulx_u64(&mut x434, &mut x435, x5, (arg1[2])); let mut x436: u64 = 0; let mut x437: u64 = 0; fiat_p434_mulx_u64(&mut x436, &mut x437, x5, (arg1[1])); let mut x438: u64 = 0; let mut x439: u64 = 0; fiat_p434_mulx_u64(&mut x438, &mut x439, x5, (arg1[0])); let mut x440: u64 = 0; let mut x441: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x440, &mut x441, 0x0, x439, x436); let mut x442: u64 = 0; let mut x443: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x442, &mut x443, x441, x437, x434); let mut x444: u64 = 0; let mut x445: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x444, &mut x445, x443, x435, x432); let mut x446: u64 = 0; let mut x447: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x446, &mut x447, x445, x433, x430); let mut x448: u64 = 0; let mut x449: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x448, &mut x449, x447, x431, x428); let mut x450: u64 = 0; let mut x451: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x450, &mut x451, x449, x429, x426); let x452: u64 = ((x451 as u64) + x427); let mut x453: u64 = 0; let mut x454: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x453, &mut x454, 0x0, x411, x438); let mut x455: u64 = 0; let mut x456: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x455, &mut x456, x454, x413, x440); let mut x457: u64 = 0; let mut x458: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x457, &mut x458, x456, x415, x442); let mut x459: u64 = 0; let mut x460: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x459, &mut x460, x458, x417, x444); let mut x461: u64 = 0; let mut x462: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x461, &mut x462, x460, x419, x446); let mut x463: u64 = 0; let mut x464: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x463, &mut x464, x462, x421, x448); let mut x465: u64 = 0; let mut x466: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x465, &mut x466, x464, x423, x450); let mut x467: u64 = 0; let mut x468: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x467, &mut x468, x466, x425, x452); let mut x469: u64 = 0; let mut x470: u64 = 0; fiat_p434_mulx_u64(&mut x469, &mut x470, x453, 0x2341f27177344); let mut x471: u64 = 0; let mut x472: u64 = 0; fiat_p434_mulx_u64(&mut x471, &mut x472, x453, 0x6cfc5fd681c52056); let mut x473: u64 = 0; let mut x474: u64 = 0; fiat_p434_mulx_u64(&mut x473, &mut x474, x453, 0x7bc65c783158aea3); let mut x475: u64 = 0; let mut x476: u64 = 0; fiat_p434_mulx_u64(&mut x475, &mut x476, x453, 0xfdc1767ae2ffffff); let mut x477: u64 = 0; let mut x478: u64 = 0; fiat_p434_mulx_u64(&mut x477, &mut x478, x453, 0xffffffffffffffff); let mut x479: u64 = 0; let mut x480: u64 = 0; fiat_p434_mulx_u64(&mut x479, &mut x480, x453, 0xffffffffffffffff); let mut x481: u64 = 0; let mut x482: u64 = 0; fiat_p434_mulx_u64(&mut x481, &mut x482, x453, 0xffffffffffffffff); let mut x483: u64 = 0; let mut x484: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x483, &mut x484, 0x0, x482, x479); let mut x485: u64 = 0; let mut x486: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x485, &mut x486, x484, x480, x477); let mut x487: u64 = 0; let mut x488: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x487, &mut x488, x486, x478, x475); let mut x489: u64 = 0; let mut x490: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x489, &mut x490, x488, x476, x473); let mut x491: u64 = 0; let mut x492: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x491, &mut x492, x490, x474, x471); let mut x493: u64 = 0; let mut x494: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x493, &mut x494, x492, x472, x469); let x495: u64 = ((x494 as u64) + x470); let mut x496: u64 = 0; let mut x497: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x496, &mut x497, 0x0, x453, x481); let mut x498: u64 = 0; let mut x499: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x498, &mut x499, x497, x455, x483); let mut x500: u64 = 0; let mut x501: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x500, &mut x501, x499, x457, x485); let mut x502: u64 = 0; let mut x503: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x502, &mut x503, x501, x459, x487); let mut x504: u64 = 0; let mut x505: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x504, &mut x505, x503, x461, x489); let mut x506: u64 = 0; let mut x507: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x506, &mut x507, x505, x463, x491); let mut x508: u64 = 0; let mut x509: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x508, &mut x509, x507, x465, x493); let mut x510: u64 = 0; let mut x511: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x510, &mut x511, x509, x467, x495); let x512: u64 = ((x511 as u64) + (x468 as u64)); let mut x513: u64 = 0; let mut x514: u64 = 0; fiat_p434_mulx_u64(&mut x513, &mut x514, x6, (arg1[6])); let mut x515: u64 = 0; let mut x516: u64 = 0; fiat_p434_mulx_u64(&mut x515, &mut x516, x6, (arg1[5])); let mut x517: u64 = 0; let mut x518: u64 = 0; fiat_p434_mulx_u64(&mut x517, &mut x518, x6, (arg1[4])); let mut x519: u64 = 0; let mut x520: u64 = 0; fiat_p434_mulx_u64(&mut x519, &mut x520, x6, (arg1[3])); let mut x521: u64 = 0; let mut x522: u64 = 0; fiat_p434_mulx_u64(&mut x521, &mut x522, x6, (arg1[2])); let mut x523: u64 = 0; let mut x524: u64 = 0; fiat_p434_mulx_u64(&mut x523, &mut x524, x6, (arg1[1])); let mut x525: u64 = 0; let mut x526: u64 = 0; fiat_p434_mulx_u64(&mut x525, &mut x526, x6, (arg1[0])); let mut x527: u64 = 0; let mut x528: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x527, &mut x528, 0x0, x526, x523); let mut x529: u64 = 0; let mut x530: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x529, &mut x530, x528, x524, x521); let mut x531: u64 = 0; let mut x532: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x531, &mut x532, x530, x522, x519); let mut x533: u64 = 0; let mut x534: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x533, &mut x534, x532, x520, x517); let mut x535: u64 = 0; let mut x536: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x535, &mut x536, x534, x518, x515); let mut x537: u64 = 0; let mut x538: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x537, &mut x538, x536, x516, x513); let x539: u64 = ((x538 as u64) + x514); let mut x540: u64 = 0; let mut x541: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x540, &mut x541, 0x0, x498, x525); let mut x542: u64 = 0; let mut x543: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x542, &mut x543, x541, x500, x527); let mut x544: u64 = 0; let mut x545: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x544, &mut x545, x543, x502, x529); let mut x546: u64 = 0; let mut x547: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x546, &mut x547, x545, x504, x531); let mut x548: u64 = 0; let mut x549: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x548, &mut x549, x547, x506, x533); let mut x550: u64 = 0; let mut x551: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x550, &mut x551, x549, x508, x535); let mut x552: u64 = 0; let mut x553: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x552, &mut x553, x551, x510, x537); let mut x554: u64 = 0; let mut x555: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x554, &mut x555, x553, x512, x539); let mut x556: u64 = 0; let mut x557: u64 = 0; fiat_p434_mulx_u64(&mut x556, &mut x557, x540, 0x2341f27177344); let mut x558: u64 = 0; let mut x559: u64 = 0; fiat_p434_mulx_u64(&mut x558, &mut x559, x540, 0x6cfc5fd681c52056); let mut x560: u64 = 0; let mut x561: u64 = 0; fiat_p434_mulx_u64(&mut x560, &mut x561, x540, 0x7bc65c783158aea3); let mut x562: u64 = 0; let mut x563: u64 = 0; fiat_p434_mulx_u64(&mut x562, &mut x563, x540, 0xfdc1767ae2ffffff); let mut x564: u64 = 0; let mut x565: u64 = 0; fiat_p434_mulx_u64(&mut x564, &mut x565, x540, 0xffffffffffffffff); let mut x566: u64 = 0; let mut x567: u64 = 0; fiat_p434_mulx_u64(&mut x566, &mut x567, x540, 0xffffffffffffffff); let mut x568: u64 = 0; let mut x569: u64 = 0; fiat_p434_mulx_u64(&mut x568, &mut x569, x540, 0xffffffffffffffff); let mut x570: u64 = 0; let mut x571: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x570, &mut x571, 0x0, x569, x566); let mut x572: u64 = 0; let mut x573: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x572, &mut x573, x571, x567, x564); let mut x574: u64 = 0; let mut x575: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x574, &mut x575, x573, x565, x562); let mut x576: u64 = 0; let mut x577: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x576, &mut x577, x575, x563, x560); let mut x578: u64 = 0; let mut x579: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x578, &mut x579, x577, x561, x558); let mut x580: u64 = 0; let mut x581: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x580, &mut x581, x579, x559, x556); let x582: u64 = ((x581 as u64) + x557); let mut x583: u64 = 0; let mut x584: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x583, &mut x584, 0x0, x540, x568); let mut x585: u64 = 0; let mut x586: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x585, &mut x586, x584, x542, x570); let mut x587: u64 = 0; let mut x588: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x587, &mut x588, x586, x544, x572); let mut x589: u64 = 0; let mut x590: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x589, &mut x590, x588, x546, x574); let mut x591: u64 = 0; let mut x592: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x591, &mut x592, x590, x548, x576); let mut x593: u64 = 0; let mut x594: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x593, &mut x594, x592, x550, x578); let mut x595: u64 = 0; let mut x596: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x595, &mut x596, x594, x552, x580); let mut x597: u64 = 0; let mut x598: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x597, &mut x598, x596, x554, x582); let x599: u64 = ((x598 as u64) + (x555 as u64)); let mut x600: u64 = 0; let mut x601: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x600, &mut x601, 0x0, x585, 0xffffffffffffffff); let mut x602: u64 = 0; let mut x603: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x602, &mut x603, x601, x587, 0xffffffffffffffff); let mut x604: u64 = 0; let mut x605: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x604, &mut x605, x603, x589, 0xffffffffffffffff); let mut x606: u64 = 0; let mut x607: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x606, &mut x607, x605, x591, 0xfdc1767ae2ffffff); let mut x608: u64 = 0; let mut x609: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x608, &mut x609, x607, x593, 0x7bc65c783158aea3); let mut x610: u64 = 0; let mut x611: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x610, &mut x611, x609, x595, 0x6cfc5fd681c52056); let mut x612: u64 = 0; let mut x613: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x612, &mut x613, x611, x597, 0x2341f27177344); let mut x614: u64 = 0; let mut x615: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x614, &mut x615, x613, x599, (0x0 as u64)); let mut x616: u64 = 0; fiat_p434_cmovznz_u64(&mut x616, x615, x600, x585); let mut x617: u64 = 0; fiat_p434_cmovznz_u64(&mut x617, x615, x602, x587); let mut x618: u64 = 0; fiat_p434_cmovznz_u64(&mut x618, x615, x604, x589); let mut x619: u64 = 0; fiat_p434_cmovznz_u64(&mut x619, x615, x606, x591); let mut x620: u64 = 0; fiat_p434_cmovznz_u64(&mut x620, x615, x608, x593); let mut x621: u64 = 0; fiat_p434_cmovznz_u64(&mut x621, x615, x610, x595); let mut x622: u64 = 0; fiat_p434_cmovznz_u64(&mut x622, x615, x612, x597); out1[0] = x616; out1[1] = x617; out1[2] = x618; out1[3] = x619; out1[4] = x620; out1[5] = x621; out1[6] = x622; } /// The function fiat_p434_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_add(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element, arg2: &fiat_p434_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; let mut x14: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u64 = 0; let mut x16: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x15, &mut x16, 0x0, x1, 0xffffffffffffffff); let mut x17: u64 = 0; let mut x18: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x17, &mut x18, x16, x3, 0xffffffffffffffff); let mut x19: u64 = 0; let mut x20: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x19, &mut x20, x18, x5, 0xffffffffffffffff); let mut x21: u64 = 0; let mut x22: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x21, &mut x22, x20, x7, 0xfdc1767ae2ffffff); let mut x23: u64 = 0; let mut x24: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x23, &mut x24, x22, x9, 0x7bc65c783158aea3); let mut x25: u64 = 0; let mut x26: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x25, &mut x26, x24, x11, 0x6cfc5fd681c52056); let mut x27: u64 = 0; let mut x28: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x27, &mut x28, x26, x13, 0x2341f27177344); let mut x29: u64 = 0; let mut x30: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x29, &mut x30, x28, (x14 as u64), (0x0 as u64)); let mut x31: u64 = 0; fiat_p434_cmovznz_u64(&mut x31, x30, x15, x1); let mut x32: u64 = 0; fiat_p434_cmovznz_u64(&mut x32, x30, x17, x3); let mut x33: u64 = 0; fiat_p434_cmovznz_u64(&mut x33, x30, x19, x5); let mut x34: u64 = 0; fiat_p434_cmovznz_u64(&mut x34, x30, x21, x7); let mut x35: u64 = 0; fiat_p434_cmovznz_u64(&mut x35, x30, x23, x9); let mut x36: u64 = 0; fiat_p434_cmovznz_u64(&mut x36, x30, x25, x11); let mut x37: u64 = 0; fiat_p434_cmovznz_u64(&mut x37, x30, x27, x13); out1[0] = x31; out1[1] = x32; out1[2] = x33; out1[3] = x34; out1[4] = x35; out1[5] = x36; out1[6] = x37; } /// The function fiat_p434_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_sub(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element, arg2: &fiat_p434_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u64 = 0; let mut x12: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u64 = 0; let mut x14: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u64 = 0; fiat_p434_cmovznz_u64(&mut x15, x14, (0x0 as u64), 0xffffffffffffffff); let mut x16: u64 = 0; let mut x17: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x16, &mut x17, 0x0, x1, x15); let mut x18: u64 = 0; let mut x19: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x18, &mut x19, x17, x3, x15); let mut x20: u64 = 0; let mut x21: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x20, &mut x21, x19, x5, x15); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, x21, x7, (x15 & 0xfdc1767ae2ffffff)); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x9, (x15 & 0x7bc65c783158aea3)); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x11, (x15 & 0x6cfc5fd681c52056)); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, x27, x13, (x15 & 0x2341f27177344)); out1[0] = x16; out1[1] = x18; out1[2] = x20; out1[3] = x22; out1[4] = x24; out1[5] = x26; out1[6] = x28; } /// The function fiat_p434_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_opp(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; let mut x10: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x9, &mut x10, x8, (0x0 as u64), (arg1[4])); let mut x11: u64 = 0; let mut x12: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x11, &mut x12, x10, (0x0 as u64), (arg1[5])); let mut x13: u64 = 0; let mut x14: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x13, &mut x14, x12, (0x0 as u64), (arg1[6])); let mut x15: u64 = 0; fiat_p434_cmovznz_u64(&mut x15, x14, (0x0 as u64), 0xffffffffffffffff); let mut x16: u64 = 0; let mut x17: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x16, &mut x17, 0x0, x1, x15); let mut x18: u64 = 0; let mut x19: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x18, &mut x19, x17, x3, x15); let mut x20: u64 = 0; let mut x21: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x20, &mut x21, x19, x5, x15); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, x21, x7, (x15 & 0xfdc1767ae2ffffff)); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x9, (x15 & 0x7bc65c783158aea3)); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x11, (x15 & 0x6cfc5fd681c52056)); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, x27, x13, (x15 & 0x2341f27177344)); out1[0] = x16; out1[1] = x18; out1[2] = x20; out1[3] = x22; out1[4] = x24; out1[5] = x26; out1[6] = x28; } /// The function fiat_p434_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^7) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_from_montgomery(out1: &mut fiat_p434_non_montgomery_domain_field_element, arg1: &fiat_p434_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_p434_mulx_u64(&mut x2, &mut x3, x1, 0x2341f27177344); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_p434_mulx_u64(&mut x4, &mut x5, x1, 0x6cfc5fd681c52056); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_p434_mulx_u64(&mut x6, &mut x7, x1, 0x7bc65c783158aea3); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p434_mulx_u64(&mut x8, &mut x9, x1, 0xfdc1767ae2ffffff); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p434_mulx_u64(&mut x10, &mut x11, x1, 0xffffffffffffffff); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p434_mulx_u64(&mut x12, &mut x13, x1, 0xffffffffffffffff); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p434_mulx_u64(&mut x14, &mut x15, x1, 0xffffffffffffffff); let mut x16: u64 = 0; let mut x17: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x16, &mut x17, 0x0, x15, x12); let mut x18: u64 = 0; let mut x19: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x18, &mut x19, x17, x13, x10); let mut x20: u64 = 0; let mut x21: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x20, &mut x21, x19, x11, x8); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, x21, x9, x6); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x7, x4); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x5, x2); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, 0x0, x1, x14); let mut x30: u64 = 0; let mut x31: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x30, &mut x31, x29, (0x0 as u64), x16); let mut x32: u64 = 0; let mut x33: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x32, &mut x33, x31, (0x0 as u64), x18); let mut x34: u64 = 0; let mut x35: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x34, &mut x35, x33, (0x0 as u64), x20); let mut x36: u64 = 0; let mut x37: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x36, &mut x37, x35, (0x0 as u64), x22); let mut x38: u64 = 0; let mut x39: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x38, &mut x39, x37, (0x0 as u64), x24); let mut x40: u64 = 0; let mut x41: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x40, &mut x41, x39, (0x0 as u64), x26); let mut x42: u64 = 0; let mut x43: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x42, &mut x43, 0x0, x30, (arg1[1])); let mut x44: u64 = 0; let mut x45: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x44, &mut x45, x43, x32, (0x0 as u64)); let mut x46: u64 = 0; let mut x47: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x46, &mut x47, x45, x34, (0x0 as u64)); let mut x48: u64 = 0; let mut x49: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x48, &mut x49, x47, x36, (0x0 as u64)); let mut x50: u64 = 0; let mut x51: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x50, &mut x51, x49, x38, (0x0 as u64)); let mut x52: u64 = 0; let mut x53: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x52, &mut x53, x51, x40, (0x0 as u64)); let mut x54: u64 = 0; let mut x55: u64 = 0; fiat_p434_mulx_u64(&mut x54, &mut x55, x42, 0x2341f27177344); let mut x56: u64 = 0; let mut x57: u64 = 0; fiat_p434_mulx_u64(&mut x56, &mut x57, x42, 0x6cfc5fd681c52056); let mut x58: u64 = 0; let mut x59: u64 = 0; fiat_p434_mulx_u64(&mut x58, &mut x59, x42, 0x7bc65c783158aea3); let mut x60: u64 = 0; let mut x61: u64 = 0; fiat_p434_mulx_u64(&mut x60, &mut x61, x42, 0xfdc1767ae2ffffff); let mut x62: u64 = 0; let mut x63: u64 = 0; fiat_p434_mulx_u64(&mut x62, &mut x63, x42, 0xffffffffffffffff); let mut x64: u64 = 0; let mut x65: u64 = 0; fiat_p434_mulx_u64(&mut x64, &mut x65, x42, 0xffffffffffffffff); let mut x66: u64 = 0; let mut x67: u64 = 0; fiat_p434_mulx_u64(&mut x66, &mut x67, x42, 0xffffffffffffffff); let mut x68: u64 = 0; let mut x69: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x68, &mut x69, 0x0, x67, x64); let mut x70: u64 = 0; let mut x71: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x70, &mut x71, x69, x65, x62); let mut x72: u64 = 0; let mut x73: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x72, &mut x73, x71, x63, x60); let mut x74: u64 = 0; let mut x75: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x74, &mut x75, x73, x61, x58); let mut x76: u64 = 0; let mut x77: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x76, &mut x77, x75, x59, x56); let mut x78: u64 = 0; let mut x79: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x78, &mut x79, x77, x57, x54); let mut x80: u64 = 0; let mut x81: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x80, &mut x81, 0x0, x42, x66); let mut x82: u64 = 0; let mut x83: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x82, &mut x83, x81, x44, x68); let mut x84: u64 = 0; let mut x85: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x84, &mut x85, x83, x46, x70); let mut x86: u64 = 0; let mut x87: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x86, &mut x87, x85, x48, x72); let mut x88: u64 = 0; let mut x89: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x88, &mut x89, x87, x50, x74); let mut x90: u64 = 0; let mut x91: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x90, &mut x91, x89, x52, x76); let mut x92: u64 = 0; let mut x93: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x92, &mut x93, x91, ((x53 as u64) + ((x41 as u64) + ((x27 as u64) + x3))), x78); let mut x94: u64 = 0; let mut x95: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x94, &mut x95, 0x0, x82, (arg1[2])); let mut x96: u64 = 0; let mut x97: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x96, &mut x97, x95, x84, (0x0 as u64)); let mut x98: u64 = 0; let mut x99: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x98, &mut x99, x97, x86, (0x0 as u64)); let mut x100: u64 = 0; let mut x101: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x100, &mut x101, x99, x88, (0x0 as u64)); let mut x102: u64 = 0; let mut x103: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x102, &mut x103, x101, x90, (0x0 as u64)); let mut x104: u64 = 0; let mut x105: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x104, &mut x105, x103, x92, (0x0 as u64)); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_p434_mulx_u64(&mut x106, &mut x107, x94, 0x2341f27177344); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_p434_mulx_u64(&mut x108, &mut x109, x94, 0x6cfc5fd681c52056); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_p434_mulx_u64(&mut x110, &mut x111, x94, 0x7bc65c783158aea3); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_p434_mulx_u64(&mut x112, &mut x113, x94, 0xfdc1767ae2ffffff); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p434_mulx_u64(&mut x114, &mut x115, x94, 0xffffffffffffffff); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p434_mulx_u64(&mut x116, &mut x117, x94, 0xffffffffffffffff); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p434_mulx_u64(&mut x118, &mut x119, x94, 0xffffffffffffffff); let mut x120: u64 = 0; let mut x121: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x120, &mut x121, 0x0, x119, x116); let mut x122: u64 = 0; let mut x123: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x122, &mut x123, x121, x117, x114); let mut x124: u64 = 0; let mut x125: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x124, &mut x125, x123, x115, x112); let mut x126: u64 = 0; let mut x127: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x126, &mut x127, x125, x113, x110); let mut x128: u64 = 0; let mut x129: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x128, &mut x129, x127, x111, x108); let mut x130: u64 = 0; let mut x131: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x130, &mut x131, x129, x109, x106); let mut x132: u64 = 0; let mut x133: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x132, &mut x133, 0x0, x94, x118); let mut x134: u64 = 0; let mut x135: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x134, &mut x135, x133, x96, x120); let mut x136: u64 = 0; let mut x137: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x136, &mut x137, x135, x98, x122); let mut x138: u64 = 0; let mut x139: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x138, &mut x139, x137, x100, x124); let mut x140: u64 = 0; let mut x141: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x140, &mut x141, x139, x102, x126); let mut x142: u64 = 0; let mut x143: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x142, &mut x143, x141, x104, x128); let mut x144: u64 = 0; let mut x145: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x144, &mut x145, x143, ((x105 as u64) + ((x93 as u64) + ((x79 as u64) + x55))), x130); let mut x146: u64 = 0; let mut x147: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x146, &mut x147, 0x0, x134, (arg1[3])); let mut x148: u64 = 0; let mut x149: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x148, &mut x149, x147, x136, (0x0 as u64)); let mut x150: u64 = 0; let mut x151: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x150, &mut x151, x149, x138, (0x0 as u64)); let mut x152: u64 = 0; let mut x153: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x152, &mut x153, x151, x140, (0x0 as u64)); let mut x154: u64 = 0; let mut x155: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x154, &mut x155, x153, x142, (0x0 as u64)); let mut x156: u64 = 0; let mut x157: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x156, &mut x157, x155, x144, (0x0 as u64)); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p434_mulx_u64(&mut x158, &mut x159, x146, 0x2341f27177344); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_p434_mulx_u64(&mut x160, &mut x161, x146, 0x6cfc5fd681c52056); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_p434_mulx_u64(&mut x162, &mut x163, x146, 0x7bc65c783158aea3); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_p434_mulx_u64(&mut x164, &mut x165, x146, 0xfdc1767ae2ffffff); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_p434_mulx_u64(&mut x166, &mut x167, x146, 0xffffffffffffffff); let mut x168: u64 = 0; let mut x169: u64 = 0; fiat_p434_mulx_u64(&mut x168, &mut x169, x146, 0xffffffffffffffff); let mut x170: u64 = 0; let mut x171: u64 = 0; fiat_p434_mulx_u64(&mut x170, &mut x171, x146, 0xffffffffffffffff); let mut x172: u64 = 0; let mut x173: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x172, &mut x173, 0x0, x171, x168); let mut x174: u64 = 0; let mut x175: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x174, &mut x175, x173, x169, x166); let mut x176: u64 = 0; let mut x177: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x176, &mut x177, x175, x167, x164); let mut x178: u64 = 0; let mut x179: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x178, &mut x179, x177, x165, x162); let mut x180: u64 = 0; let mut x181: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x180, &mut x181, x179, x163, x160); let mut x182: u64 = 0; let mut x183: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x182, &mut x183, x181, x161, x158); let mut x184: u64 = 0; let mut x185: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x184, &mut x185, 0x0, x146, x170); let mut x186: u64 = 0; let mut x187: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x186, &mut x187, x185, x148, x172); let mut x188: u64 = 0; let mut x189: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x188, &mut x189, x187, x150, x174); let mut x190: u64 = 0; let mut x191: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x190, &mut x191, x189, x152, x176); let mut x192: u64 = 0; let mut x193: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x192, &mut x193, x191, x154, x178); let mut x194: u64 = 0; let mut x195: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x194, &mut x195, x193, x156, x180); let mut x196: u64 = 0; let mut x197: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x196, &mut x197, x195, ((x157 as u64) + ((x145 as u64) + ((x131 as u64) + x107))), x182); let mut x198: u64 = 0; let mut x199: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x198, &mut x199, 0x0, x186, (arg1[4])); let mut x200: u64 = 0; let mut x201: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x200, &mut x201, x199, x188, (0x0 as u64)); let mut x202: u64 = 0; let mut x203: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x202, &mut x203, x201, x190, (0x0 as u64)); let mut x204: u64 = 0; let mut x205: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x204, &mut x205, x203, x192, (0x0 as u64)); let mut x206: u64 = 0; let mut x207: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x206, &mut x207, x205, x194, (0x0 as u64)); let mut x208: u64 = 0; let mut x209: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x208, &mut x209, x207, x196, (0x0 as u64)); let mut x210: u64 = 0; let mut x211: u64 = 0; fiat_p434_mulx_u64(&mut x210, &mut x211, x198, 0x2341f27177344); let mut x212: u64 = 0; let mut x213: u64 = 0; fiat_p434_mulx_u64(&mut x212, &mut x213, x198, 0x6cfc5fd681c52056); let mut x214: u64 = 0; let mut x215: u64 = 0; fiat_p434_mulx_u64(&mut x214, &mut x215, x198, 0x7bc65c783158aea3); let mut x216: u64 = 0; let mut x217: u64 = 0; fiat_p434_mulx_u64(&mut x216, &mut x217, x198, 0xfdc1767ae2ffffff); let mut x218: u64 = 0; let mut x219: u64 = 0; fiat_p434_mulx_u64(&mut x218, &mut x219, x198, 0xffffffffffffffff); let mut x220: u64 = 0; let mut x221: u64 = 0; fiat_p434_mulx_u64(&mut x220, &mut x221, x198, 0xffffffffffffffff); let mut x222: u64 = 0; let mut x223: u64 = 0; fiat_p434_mulx_u64(&mut x222, &mut x223, x198, 0xffffffffffffffff); let mut x224: u64 = 0; let mut x225: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x224, &mut x225, 0x0, x223, x220); let mut x226: u64 = 0; let mut x227: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x226, &mut x227, x225, x221, x218); let mut x228: u64 = 0; let mut x229: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x228, &mut x229, x227, x219, x216); let mut x230: u64 = 0; let mut x231: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x230, &mut x231, x229, x217, x214); let mut x232: u64 = 0; let mut x233: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x232, &mut x233, x231, x215, x212); let mut x234: u64 = 0; let mut x235: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x234, &mut x235, x233, x213, x210); let mut x236: u64 = 0; let mut x237: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x236, &mut x237, 0x0, x198, x222); let mut x238: u64 = 0; let mut x239: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x238, &mut x239, x237, x200, x224); let mut x240: u64 = 0; let mut x241: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x240, &mut x241, x239, x202, x226); let mut x242: u64 = 0; let mut x243: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x242, &mut x243, x241, x204, x228); let mut x244: u64 = 0; let mut x245: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x244, &mut x245, x243, x206, x230); let mut x246: u64 = 0; let mut x247: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x246, &mut x247, x245, x208, x232); let mut x248: u64 = 0; let mut x249: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x248, &mut x249, x247, ((x209 as u64) + ((x197 as u64) + ((x183 as u64) + x159))), x234); let mut x250: u64 = 0; let mut x251: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x250, &mut x251, 0x0, x238, (arg1[5])); let mut x252: u64 = 0; let mut x253: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x252, &mut x253, x251, x240, (0x0 as u64)); let mut x254: u64 = 0; let mut x255: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x254, &mut x255, x253, x242, (0x0 as u64)); let mut x256: u64 = 0; let mut x257: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x256, &mut x257, x255, x244, (0x0 as u64)); let mut x258: u64 = 0; let mut x259: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x258, &mut x259, x257, x246, (0x0 as u64)); let mut x260: u64 = 0; let mut x261: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x260, &mut x261, x259, x248, (0x0 as u64)); let mut x262: u64 = 0; let mut x263: u64 = 0; fiat_p434_mulx_u64(&mut x262, &mut x263, x250, 0x2341f27177344); let mut x264: u64 = 0; let mut x265: u64 = 0; fiat_p434_mulx_u64(&mut x264, &mut x265, x250, 0x6cfc5fd681c52056); let mut x266: u64 = 0; let mut x267: u64 = 0; fiat_p434_mulx_u64(&mut x266, &mut x267, x250, 0x7bc65c783158aea3); let mut x268: u64 = 0; let mut x269: u64 = 0; fiat_p434_mulx_u64(&mut x268, &mut x269, x250, 0xfdc1767ae2ffffff); let mut x270: u64 = 0; let mut x271: u64 = 0; fiat_p434_mulx_u64(&mut x270, &mut x271, x250, 0xffffffffffffffff); let mut x272: u64 = 0; let mut x273: u64 = 0; fiat_p434_mulx_u64(&mut x272, &mut x273, x250, 0xffffffffffffffff); let mut x274: u64 = 0; let mut x275: u64 = 0; fiat_p434_mulx_u64(&mut x274, &mut x275, x250, 0xffffffffffffffff); let mut x276: u64 = 0; let mut x277: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x276, &mut x277, 0x0, x275, x272); let mut x278: u64 = 0; let mut x279: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x278, &mut x279, x277, x273, x270); let mut x280: u64 = 0; let mut x281: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x280, &mut x281, x279, x271, x268); let mut x282: u64 = 0; let mut x283: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x282, &mut x283, x281, x269, x266); let mut x284: u64 = 0; let mut x285: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x284, &mut x285, x283, x267, x264); let mut x286: u64 = 0; let mut x287: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x286, &mut x287, x285, x265, x262); let mut x288: u64 = 0; let mut x289: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x288, &mut x289, 0x0, x250, x274); let mut x290: u64 = 0; let mut x291: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x290, &mut x291, x289, x252, x276); let mut x292: u64 = 0; let mut x293: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x292, &mut x293, x291, x254, x278); let mut x294: u64 = 0; let mut x295: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x294, &mut x295, x293, x256, x280); let mut x296: u64 = 0; let mut x297: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x296, &mut x297, x295, x258, x282); let mut x298: u64 = 0; let mut x299: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x298, &mut x299, x297, x260, x284); let mut x300: u64 = 0; let mut x301: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x300, &mut x301, x299, ((x261 as u64) + ((x249 as u64) + ((x235 as u64) + x211))), x286); let mut x302: u64 = 0; let mut x303: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x302, &mut x303, 0x0, x290, (arg1[6])); let mut x304: u64 = 0; let mut x305: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x304, &mut x305, x303, x292, (0x0 as u64)); let mut x306: u64 = 0; let mut x307: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x306, &mut x307, x305, x294, (0x0 as u64)); let mut x308: u64 = 0; let mut x309: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x308, &mut x309, x307, x296, (0x0 as u64)); let mut x310: u64 = 0; let mut x311: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x310, &mut x311, x309, x298, (0x0 as u64)); let mut x312: u64 = 0; let mut x313: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x312, &mut x313, x311, x300, (0x0 as u64)); let mut x314: u64 = 0; let mut x315: u64 = 0; fiat_p434_mulx_u64(&mut x314, &mut x315, x302, 0x2341f27177344); let mut x316: u64 = 0; let mut x317: u64 = 0; fiat_p434_mulx_u64(&mut x316, &mut x317, x302, 0x6cfc5fd681c52056); let mut x318: u64 = 0; let mut x319: u64 = 0; fiat_p434_mulx_u64(&mut x318, &mut x319, x302, 0x7bc65c783158aea3); let mut x320: u64 = 0; let mut x321: u64 = 0; fiat_p434_mulx_u64(&mut x320, &mut x321, x302, 0xfdc1767ae2ffffff); let mut x322: u64 = 0; let mut x323: u64 = 0; fiat_p434_mulx_u64(&mut x322, &mut x323, x302, 0xffffffffffffffff); let mut x324: u64 = 0; let mut x325: u64 = 0; fiat_p434_mulx_u64(&mut x324, &mut x325, x302, 0xffffffffffffffff); let mut x326: u64 = 0; let mut x327: u64 = 0; fiat_p434_mulx_u64(&mut x326, &mut x327, x302, 0xffffffffffffffff); let mut x328: u64 = 0; let mut x329: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x328, &mut x329, 0x0, x327, x324); let mut x330: u64 = 0; let mut x331: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x330, &mut x331, x329, x325, x322); let mut x332: u64 = 0; let mut x333: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x332, &mut x333, x331, x323, x320); let mut x334: u64 = 0; let mut x335: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x334, &mut x335, x333, x321, x318); let mut x336: u64 = 0; let mut x337: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x336, &mut x337, x335, x319, x316); let mut x338: u64 = 0; let mut x339: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x338, &mut x339, x337, x317, x314); let mut x340: u64 = 0; let mut x341: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x340, &mut x341, 0x0, x302, x326); let mut x342: u64 = 0; let mut x343: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x342, &mut x343, x341, x304, x328); let mut x344: u64 = 0; let mut x345: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x344, &mut x345, x343, x306, x330); let mut x346: u64 = 0; let mut x347: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x346, &mut x347, x345, x308, x332); let mut x348: u64 = 0; let mut x349: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x348, &mut x349, x347, x310, x334); let mut x350: u64 = 0; let mut x351: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x350, &mut x351, x349, x312, x336); let mut x352: u64 = 0; let mut x353: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x352, &mut x353, x351, ((x313 as u64) + ((x301 as u64) + ((x287 as u64) + x263))), x338); let x354: u64 = ((x353 as u64) + ((x339 as u64) + x315)); let mut x355: u64 = 0; let mut x356: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x355, &mut x356, 0x0, x342, 0xffffffffffffffff); let mut x357: u64 = 0; let mut x358: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x357, &mut x358, x356, x344, 0xffffffffffffffff); let mut x359: u64 = 0; let mut x360: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x359, &mut x360, x358, x346, 0xffffffffffffffff); let mut x361: u64 = 0; let mut x362: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x361, &mut x362, x360, x348, 0xfdc1767ae2ffffff); let mut x363: u64 = 0; let mut x364: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x363, &mut x364, x362, x350, 0x7bc65c783158aea3); let mut x365: u64 = 0; let mut x366: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x365, &mut x366, x364, x352, 0x6cfc5fd681c52056); let mut x367: u64 = 0; let mut x368: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x367, &mut x368, x366, x354, 0x2341f27177344); let mut x369: u64 = 0; let mut x370: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x369, &mut x370, x368, (0x0 as u64), (0x0 as u64)); let mut x371: u64 = 0; fiat_p434_cmovznz_u64(&mut x371, x370, x355, x342); let mut x372: u64 = 0; fiat_p434_cmovznz_u64(&mut x372, x370, x357, x344); let mut x373: u64 = 0; fiat_p434_cmovznz_u64(&mut x373, x370, x359, x346); let mut x374: u64 = 0; fiat_p434_cmovznz_u64(&mut x374, x370, x361, x348); let mut x375: u64 = 0; fiat_p434_cmovznz_u64(&mut x375, x370, x363, x350); let mut x376: u64 = 0; fiat_p434_cmovznz_u64(&mut x376, x370, x365, x352); let mut x377: u64 = 0; fiat_p434_cmovznz_u64(&mut x377, x370, x367, x354); out1[0] = x371; out1[1] = x372; out1[2] = x373; out1[3] = x374; out1[4] = x375; out1[5] = x376; out1[6] = x377; } /// The function fiat_p434_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_to_montgomery(out1: &mut fiat_p434_montgomery_domain_field_element, arg1: &fiat_p434_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[4]); let x5: u64 = (arg1[5]); let x6: u64 = (arg1[6]); let x7: u64 = (arg1[0]); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_p434_mulx_u64(&mut x8, &mut x9, x7, 0x25a89bcdd12a); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_p434_mulx_u64(&mut x10, &mut x11, x7, 0x69e16a61c7686d9a); let mut x12: u64 = 0; let mut x13: u64 = 0; fiat_p434_mulx_u64(&mut x12, &mut x13, x7, 0xabcd92bf2dde347e); let mut x14: u64 = 0; let mut x15: u64 = 0; fiat_p434_mulx_u64(&mut x14, &mut x15, x7, 0x175cc6af8d6c7c0b); let mut x16: u64 = 0; let mut x17: u64 = 0; fiat_p434_mulx_u64(&mut x16, &mut x17, x7, 0xab27973f8311688d); let mut x18: u64 = 0; let mut x19: u64 = 0; fiat_p434_mulx_u64(&mut x18, &mut x19, x7, 0xacec7367768798c2); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_p434_mulx_u64(&mut x20, &mut x21, x7, 0x28e55b65dcd69b30); let mut x22: u64 = 0; let mut x23: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x22, &mut x23, 0x0, x21, x18); let mut x24: u64 = 0; let mut x25: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x24, &mut x25, x23, x19, x16); let mut x26: u64 = 0; let mut x27: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x26, &mut x27, x25, x17, x14); let mut x28: u64 = 0; let mut x29: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x28, &mut x29, x27, x15, x12); let mut x30: u64 = 0; let mut x31: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x30, &mut x31, x29, x13, x10); let mut x32: u64 = 0; let mut x33: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x32, &mut x33, x31, x11, x8); let mut x34: u64 = 0; let mut x35: u64 = 0; fiat_p434_mulx_u64(&mut x34, &mut x35, x20, 0x2341f27177344); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_p434_mulx_u64(&mut x36, &mut x37, x20, 0x6cfc5fd681c52056); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_p434_mulx_u64(&mut x38, &mut x39, x20, 0x7bc65c783158aea3); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_p434_mulx_u64(&mut x40, &mut x41, x20, 0xfdc1767ae2ffffff); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_p434_mulx_u64(&mut x42, &mut x43, x20, 0xffffffffffffffff); let mut x44: u64 = 0; let mut x45: u64 = 0; fiat_p434_mulx_u64(&mut x44, &mut x45, x20, 0xffffffffffffffff); let mut x46: u64 = 0; let mut x47: u64 = 0; fiat_p434_mulx_u64(&mut x46, &mut x47, x20, 0xffffffffffffffff); let mut x48: u64 = 0; let mut x49: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x48, &mut x49, 0x0, x47, x44); let mut x50: u64 = 0; let mut x51: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x50, &mut x51, x49, x45, x42); let mut x52: u64 = 0; let mut x53: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x52, &mut x53, x51, x43, x40); let mut x54: u64 = 0; let mut x55: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x54, &mut x55, x53, x41, x38); let mut x56: u64 = 0; let mut x57: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x56, &mut x57, x55, x39, x36); let mut x58: u64 = 0; let mut x59: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x58, &mut x59, x57, x37, x34); let mut x60: u64 = 0; let mut x61: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x60, &mut x61, 0x0, x20, x46); let mut x62: u64 = 0; let mut x63: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x62, &mut x63, x61, x22, x48); let mut x64: u64 = 0; let mut x65: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x64, &mut x65, x63, x24, x50); let mut x66: u64 = 0; let mut x67: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x66, &mut x67, x65, x26, x52); let mut x68: u64 = 0; let mut x69: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x68, &mut x69, x67, x28, x54); let mut x70: u64 = 0; let mut x71: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x70, &mut x71, x69, x30, x56); let mut x72: u64 = 0; let mut x73: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x72, &mut x73, x71, x32, x58); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_p434_mulx_u64(&mut x74, &mut x75, x1, 0x25a89bcdd12a); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_p434_mulx_u64(&mut x76, &mut x77, x1, 0x69e16a61c7686d9a); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_p434_mulx_u64(&mut x78, &mut x79, x1, 0xabcd92bf2dde347e); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_p434_mulx_u64(&mut x80, &mut x81, x1, 0x175cc6af8d6c7c0b); let mut x82: u64 = 0; let mut x83: u64 = 0; fiat_p434_mulx_u64(&mut x82, &mut x83, x1, 0xab27973f8311688d); let mut x84: u64 = 0; let mut x85: u64 = 0; fiat_p434_mulx_u64(&mut x84, &mut x85, x1, 0xacec7367768798c2); let mut x86: u64 = 0; let mut x87: u64 = 0; fiat_p434_mulx_u64(&mut x86, &mut x87, x1, 0x28e55b65dcd69b30); let mut x88: u64 = 0; let mut x89: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x88, &mut x89, 0x0, x87, x84); let mut x90: u64 = 0; let mut x91: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x90, &mut x91, x89, x85, x82); let mut x92: u64 = 0; let mut x93: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x92, &mut x93, x91, x83, x80); let mut x94: u64 = 0; let mut x95: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x94, &mut x95, x93, x81, x78); let mut x96: u64 = 0; let mut x97: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x96, &mut x97, x95, x79, x76); let mut x98: u64 = 0; let mut x99: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x98, &mut x99, x97, x77, x74); let mut x100: u64 = 0; let mut x101: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x100, &mut x101, 0x0, x62, x86); let mut x102: u64 = 0; let mut x103: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x102, &mut x103, x101, x64, x88); let mut x104: u64 = 0; let mut x105: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x104, &mut x105, x103, x66, x90); let mut x106: u64 = 0; let mut x107: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x106, &mut x107, x105, x68, x92); let mut x108: u64 = 0; let mut x109: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x108, &mut x109, x107, x70, x94); let mut x110: u64 = 0; let mut x111: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x110, &mut x111, x109, x72, x96); let mut x112: u64 = 0; let mut x113: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x112, &mut x113, x111, (((x73 as u64) + ((x33 as u64) + x9)) + ((x59 as u64) + x35)), x98); let mut x114: u64 = 0; let mut x115: u64 = 0; fiat_p434_mulx_u64(&mut x114, &mut x115, x100, 0x2341f27177344); let mut x116: u64 = 0; let mut x117: u64 = 0; fiat_p434_mulx_u64(&mut x116, &mut x117, x100, 0x6cfc5fd681c52056); let mut x118: u64 = 0; let mut x119: u64 = 0; fiat_p434_mulx_u64(&mut x118, &mut x119, x100, 0x7bc65c783158aea3); let mut x120: u64 = 0; let mut x121: u64 = 0; fiat_p434_mulx_u64(&mut x120, &mut x121, x100, 0xfdc1767ae2ffffff); let mut x122: u64 = 0; let mut x123: u64 = 0; fiat_p434_mulx_u64(&mut x122, &mut x123, x100, 0xffffffffffffffff); let mut x124: u64 = 0; let mut x125: u64 = 0; fiat_p434_mulx_u64(&mut x124, &mut x125, x100, 0xffffffffffffffff); let mut x126: u64 = 0; let mut x127: u64 = 0; fiat_p434_mulx_u64(&mut x126, &mut x127, x100, 0xffffffffffffffff); let mut x128: u64 = 0; let mut x129: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x128, &mut x129, 0x0, x127, x124); let mut x130: u64 = 0; let mut x131: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x130, &mut x131, x129, x125, x122); let mut x132: u64 = 0; let mut x133: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x132, &mut x133, x131, x123, x120); let mut x134: u64 = 0; let mut x135: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x134, &mut x135, x133, x121, x118); let mut x136: u64 = 0; let mut x137: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x136, &mut x137, x135, x119, x116); let mut x138: u64 = 0; let mut x139: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x138, &mut x139, x137, x117, x114); let mut x140: u64 = 0; let mut x141: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x140, &mut x141, 0x0, x100, x126); let mut x142: u64 = 0; let mut x143: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x142, &mut x143, x141, x102, x128); let mut x144: u64 = 0; let mut x145: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x144, &mut x145, x143, x104, x130); let mut x146: u64 = 0; let mut x147: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x146, &mut x147, x145, x106, x132); let mut x148: u64 = 0; let mut x149: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x148, &mut x149, x147, x108, x134); let mut x150: u64 = 0; let mut x151: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x150, &mut x151, x149, x110, x136); let mut x152: u64 = 0; let mut x153: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x152, &mut x153, x151, x112, x138); let mut x154: u64 = 0; let mut x155: u64 = 0; fiat_p434_mulx_u64(&mut x154, &mut x155, x2, 0x25a89bcdd12a); let mut x156: u64 = 0; let mut x157: u64 = 0; fiat_p434_mulx_u64(&mut x156, &mut x157, x2, 0x69e16a61c7686d9a); let mut x158: u64 = 0; let mut x159: u64 = 0; fiat_p434_mulx_u64(&mut x158, &mut x159, x2, 0xabcd92bf2dde347e); let mut x160: u64 = 0; let mut x161: u64 = 0; fiat_p434_mulx_u64(&mut x160, &mut x161, x2, 0x175cc6af8d6c7c0b); let mut x162: u64 = 0; let mut x163: u64 = 0; fiat_p434_mulx_u64(&mut x162, &mut x163, x2, 0xab27973f8311688d); let mut x164: u64 = 0; let mut x165: u64 = 0; fiat_p434_mulx_u64(&mut x164, &mut x165, x2, 0xacec7367768798c2); let mut x166: u64 = 0; let mut x167: u64 = 0; fiat_p434_mulx_u64(&mut x166, &mut x167, x2, 0x28e55b65dcd69b30); let mut x168: u64 = 0; let mut x169: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x168, &mut x169, 0x0, x167, x164); let mut x170: u64 = 0; let mut x171: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x170, &mut x171, x169, x165, x162); let mut x172: u64 = 0; let mut x173: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x172, &mut x173, x171, x163, x160); let mut x174: u64 = 0; let mut x175: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x174, &mut x175, x173, x161, x158); let mut x176: u64 = 0; let mut x177: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x176, &mut x177, x175, x159, x156); let mut x178: u64 = 0; let mut x179: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x178, &mut x179, x177, x157, x154); let mut x180: u64 = 0; let mut x181: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x180, &mut x181, 0x0, x142, x166); let mut x182: u64 = 0; let mut x183: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x182, &mut x183, x181, x144, x168); let mut x184: u64 = 0; let mut x185: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x184, &mut x185, x183, x146, x170); let mut x186: u64 = 0; let mut x187: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x186, &mut x187, x185, x148, x172); let mut x188: u64 = 0; let mut x189: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x188, &mut x189, x187, x150, x174); let mut x190: u64 = 0; let mut x191: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x190, &mut x191, x189, x152, x176); let mut x192: u64 = 0; let mut x193: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x192, &mut x193, x191, (((x153 as u64) + ((x113 as u64) + ((x99 as u64) + x75))) + ((x139 as u64) + x115)), x178); let mut x194: u64 = 0; let mut x195: u64 = 0; fiat_p434_mulx_u64(&mut x194, &mut x195, x180, 0x2341f27177344); let mut x196: u64 = 0; let mut x197: u64 = 0; fiat_p434_mulx_u64(&mut x196, &mut x197, x180, 0x6cfc5fd681c52056); let mut x198: u64 = 0; let mut x199: u64 = 0; fiat_p434_mulx_u64(&mut x198, &mut x199, x180, 0x7bc65c783158aea3); let mut x200: u64 = 0; let mut x201: u64 = 0; fiat_p434_mulx_u64(&mut x200, &mut x201, x180, 0xfdc1767ae2ffffff); let mut x202: u64 = 0; let mut x203: u64 = 0; fiat_p434_mulx_u64(&mut x202, &mut x203, x180, 0xffffffffffffffff); let mut x204: u64 = 0; let mut x205: u64 = 0; fiat_p434_mulx_u64(&mut x204, &mut x205, x180, 0xffffffffffffffff); let mut x206: u64 = 0; let mut x207: u64 = 0; fiat_p434_mulx_u64(&mut x206, &mut x207, x180, 0xffffffffffffffff); let mut x208: u64 = 0; let mut x209: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x208, &mut x209, 0x0, x207, x204); let mut x210: u64 = 0; let mut x211: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x210, &mut x211, x209, x205, x202); let mut x212: u64 = 0; let mut x213: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x212, &mut x213, x211, x203, x200); let mut x214: u64 = 0; let mut x215: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x214, &mut x215, x213, x201, x198); let mut x216: u64 = 0; let mut x217: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x216, &mut x217, x215, x199, x196); let mut x218: u64 = 0; let mut x219: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x218, &mut x219, x217, x197, x194); let mut x220: u64 = 0; let mut x221: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x220, &mut x221, 0x0, x180, x206); let mut x222: u64 = 0; let mut x223: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x222, &mut x223, x221, x182, x208); let mut x224: u64 = 0; let mut x225: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x224, &mut x225, x223, x184, x210); let mut x226: u64 = 0; let mut x227: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x226, &mut x227, x225, x186, x212); let mut x228: u64 = 0; let mut x229: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x228, &mut x229, x227, x188, x214); let mut x230: u64 = 0; let mut x231: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x230, &mut x231, x229, x190, x216); let mut x232: u64 = 0; let mut x233: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x232, &mut x233, x231, x192, x218); let mut x234: u64 = 0; let mut x235: u64 = 0; fiat_p434_mulx_u64(&mut x234, &mut x235, x3, 0x25a89bcdd12a); let mut x236: u64 = 0; let mut x237: u64 = 0; fiat_p434_mulx_u64(&mut x236, &mut x237, x3, 0x69e16a61c7686d9a); let mut x238: u64 = 0; let mut x239: u64 = 0; fiat_p434_mulx_u64(&mut x238, &mut x239, x3, 0xabcd92bf2dde347e); let mut x240: u64 = 0; let mut x241: u64 = 0; fiat_p434_mulx_u64(&mut x240, &mut x241, x3, 0x175cc6af8d6c7c0b); let mut x242: u64 = 0; let mut x243: u64 = 0; fiat_p434_mulx_u64(&mut x242, &mut x243, x3, 0xab27973f8311688d); let mut x244: u64 = 0; let mut x245: u64 = 0; fiat_p434_mulx_u64(&mut x244, &mut x245, x3, 0xacec7367768798c2); let mut x246: u64 = 0; let mut x247: u64 = 0; fiat_p434_mulx_u64(&mut x246, &mut x247, x3, 0x28e55b65dcd69b30); let mut x248: u64 = 0; let mut x249: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x248, &mut x249, 0x0, x247, x244); let mut x250: u64 = 0; let mut x251: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x250, &mut x251, x249, x245, x242); let mut x252: u64 = 0; let mut x253: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x252, &mut x253, x251, x243, x240); let mut x254: u64 = 0; let mut x255: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x254, &mut x255, x253, x241, x238); let mut x256: u64 = 0; let mut x257: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x256, &mut x257, x255, x239, x236); let mut x258: u64 = 0; let mut x259: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x258, &mut x259, x257, x237, x234); let mut x260: u64 = 0; let mut x261: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x260, &mut x261, 0x0, x222, x246); let mut x262: u64 = 0; let mut x263: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x262, &mut x263, x261, x224, x248); let mut x264: u64 = 0; let mut x265: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x264, &mut x265, x263, x226, x250); let mut x266: u64 = 0; let mut x267: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x266, &mut x267, x265, x228, x252); let mut x268: u64 = 0; let mut x269: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x268, &mut x269, x267, x230, x254); let mut x270: u64 = 0; let mut x271: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x270, &mut x271, x269, x232, x256); let mut x272: u64 = 0; let mut x273: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x272, &mut x273, x271, (((x233 as u64) + ((x193 as u64) + ((x179 as u64) + x155))) + ((x219 as u64) + x195)), x258); let mut x274: u64 = 0; let mut x275: u64 = 0; fiat_p434_mulx_u64(&mut x274, &mut x275, x260, 0x2341f27177344); let mut x276: u64 = 0; let mut x277: u64 = 0; fiat_p434_mulx_u64(&mut x276, &mut x277, x260, 0x6cfc5fd681c52056); let mut x278: u64 = 0; let mut x279: u64 = 0; fiat_p434_mulx_u64(&mut x278, &mut x279, x260, 0x7bc65c783158aea3); let mut x280: u64 = 0; let mut x281: u64 = 0; fiat_p434_mulx_u64(&mut x280, &mut x281, x260, 0xfdc1767ae2ffffff); let mut x282: u64 = 0; let mut x283: u64 = 0; fiat_p434_mulx_u64(&mut x282, &mut x283, x260, 0xffffffffffffffff); let mut x284: u64 = 0; let mut x285: u64 = 0; fiat_p434_mulx_u64(&mut x284, &mut x285, x260, 0xffffffffffffffff); let mut x286: u64 = 0; let mut x287: u64 = 0; fiat_p434_mulx_u64(&mut x286, &mut x287, x260, 0xffffffffffffffff); let mut x288: u64 = 0; let mut x289: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x288, &mut x289, 0x0, x287, x284); let mut x290: u64 = 0; let mut x291: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x290, &mut x291, x289, x285, x282); let mut x292: u64 = 0; let mut x293: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x292, &mut x293, x291, x283, x280); let mut x294: u64 = 0; let mut x295: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x294, &mut x295, x293, x281, x278); let mut x296: u64 = 0; let mut x297: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x296, &mut x297, x295, x279, x276); let mut x298: u64 = 0; let mut x299: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x298, &mut x299, x297, x277, x274); let mut x300: u64 = 0; let mut x301: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x300, &mut x301, 0x0, x260, x286); let mut x302: u64 = 0; let mut x303: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x302, &mut x303, x301, x262, x288); let mut x304: u64 = 0; let mut x305: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x304, &mut x305, x303, x264, x290); let mut x306: u64 = 0; let mut x307: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x306, &mut x307, x305, x266, x292); let mut x308: u64 = 0; let mut x309: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x308, &mut x309, x307, x268, x294); let mut x310: u64 = 0; let mut x311: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x310, &mut x311, x309, x270, x296); let mut x312: u64 = 0; let mut x313: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x312, &mut x313, x311, x272, x298); let mut x314: u64 = 0; let mut x315: u64 = 0; fiat_p434_mulx_u64(&mut x314, &mut x315, x4, 0x25a89bcdd12a); let mut x316: u64 = 0; let mut x317: u64 = 0; fiat_p434_mulx_u64(&mut x316, &mut x317, x4, 0x69e16a61c7686d9a); let mut x318: u64 = 0; let mut x319: u64 = 0; fiat_p434_mulx_u64(&mut x318, &mut x319, x4, 0xabcd92bf2dde347e); let mut x320: u64 = 0; let mut x321: u64 = 0; fiat_p434_mulx_u64(&mut x320, &mut x321, x4, 0x175cc6af8d6c7c0b); let mut x322: u64 = 0; let mut x323: u64 = 0; fiat_p434_mulx_u64(&mut x322, &mut x323, x4, 0xab27973f8311688d); let mut x324: u64 = 0; let mut x325: u64 = 0; fiat_p434_mulx_u64(&mut x324, &mut x325, x4, 0xacec7367768798c2); let mut x326: u64 = 0; let mut x327: u64 = 0; fiat_p434_mulx_u64(&mut x326, &mut x327, x4, 0x28e55b65dcd69b30); let mut x328: u64 = 0; let mut x329: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x328, &mut x329, 0x0, x327, x324); let mut x330: u64 = 0; let mut x331: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x330, &mut x331, x329, x325, x322); let mut x332: u64 = 0; let mut x333: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x332, &mut x333, x331, x323, x320); let mut x334: u64 = 0; let mut x335: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x334, &mut x335, x333, x321, x318); let mut x336: u64 = 0; let mut x337: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x336, &mut x337, x335, x319, x316); let mut x338: u64 = 0; let mut x339: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x338, &mut x339, x337, x317, x314); let mut x340: u64 = 0; let mut x341: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x340, &mut x341, 0x0, x302, x326); let mut x342: u64 = 0; let mut x343: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x342, &mut x343, x341, x304, x328); let mut x344: u64 = 0; let mut x345: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x344, &mut x345, x343, x306, x330); let mut x346: u64 = 0; let mut x347: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x346, &mut x347, x345, x308, x332); let mut x348: u64 = 0; let mut x349: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x348, &mut x349, x347, x310, x334); let mut x350: u64 = 0; let mut x351: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x350, &mut x351, x349, x312, x336); let mut x352: u64 = 0; let mut x353: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x352, &mut x353, x351, (((x313 as u64) + ((x273 as u64) + ((x259 as u64) + x235))) + ((x299 as u64) + x275)), x338); let mut x354: u64 = 0; let mut x355: u64 = 0; fiat_p434_mulx_u64(&mut x354, &mut x355, x340, 0x2341f27177344); let mut x356: u64 = 0; let mut x357: u64 = 0; fiat_p434_mulx_u64(&mut x356, &mut x357, x340, 0x6cfc5fd681c52056); let mut x358: u64 = 0; let mut x359: u64 = 0; fiat_p434_mulx_u64(&mut x358, &mut x359, x340, 0x7bc65c783158aea3); let mut x360: u64 = 0; let mut x361: u64 = 0; fiat_p434_mulx_u64(&mut x360, &mut x361, x340, 0xfdc1767ae2ffffff); let mut x362: u64 = 0; let mut x363: u64 = 0; fiat_p434_mulx_u64(&mut x362, &mut x363, x340, 0xffffffffffffffff); let mut x364: u64 = 0; let mut x365: u64 = 0; fiat_p434_mulx_u64(&mut x364, &mut x365, x340, 0xffffffffffffffff); let mut x366: u64 = 0; let mut x367: u64 = 0; fiat_p434_mulx_u64(&mut x366, &mut x367, x340, 0xffffffffffffffff); let mut x368: u64 = 0; let mut x369: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x368, &mut x369, 0x0, x367, x364); let mut x370: u64 = 0; let mut x371: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x370, &mut x371, x369, x365, x362); let mut x372: u64 = 0; let mut x373: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x372, &mut x373, x371, x363, x360); let mut x374: u64 = 0; let mut x375: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x374, &mut x375, x373, x361, x358); let mut x376: u64 = 0; let mut x377: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x376, &mut x377, x375, x359, x356); let mut x378: u64 = 0; let mut x379: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x378, &mut x379, x377, x357, x354); let mut x380: u64 = 0; let mut x381: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x380, &mut x381, 0x0, x340, x366); let mut x382: u64 = 0; let mut x383: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x382, &mut x383, x381, x342, x368); let mut x384: u64 = 0; let mut x385: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x384, &mut x385, x383, x344, x370); let mut x386: u64 = 0; let mut x387: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x386, &mut x387, x385, x346, x372); let mut x388: u64 = 0; let mut x389: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x388, &mut x389, x387, x348, x374); let mut x390: u64 = 0; let mut x391: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x390, &mut x391, x389, x350, x376); let mut x392: u64 = 0; let mut x393: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x392, &mut x393, x391, x352, x378); let mut x394: u64 = 0; let mut x395: u64 = 0; fiat_p434_mulx_u64(&mut x394, &mut x395, x5, 0x25a89bcdd12a); let mut x396: u64 = 0; let mut x397: u64 = 0; fiat_p434_mulx_u64(&mut x396, &mut x397, x5, 0x69e16a61c7686d9a); let mut x398: u64 = 0; let mut x399: u64 = 0; fiat_p434_mulx_u64(&mut x398, &mut x399, x5, 0xabcd92bf2dde347e); let mut x400: u64 = 0; let mut x401: u64 = 0; fiat_p434_mulx_u64(&mut x400, &mut x401, x5, 0x175cc6af8d6c7c0b); let mut x402: u64 = 0; let mut x403: u64 = 0; fiat_p434_mulx_u64(&mut x402, &mut x403, x5, 0xab27973f8311688d); let mut x404: u64 = 0; let mut x405: u64 = 0; fiat_p434_mulx_u64(&mut x404, &mut x405, x5, 0xacec7367768798c2); let mut x406: u64 = 0; let mut x407: u64 = 0; fiat_p434_mulx_u64(&mut x406, &mut x407, x5, 0x28e55b65dcd69b30); let mut x408: u64 = 0; let mut x409: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x408, &mut x409, 0x0, x407, x404); let mut x410: u64 = 0; let mut x411: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x410, &mut x411, x409, x405, x402); let mut x412: u64 = 0; let mut x413: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x412, &mut x413, x411, x403, x400); let mut x414: u64 = 0; let mut x415: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x414, &mut x415, x413, x401, x398); let mut x416: u64 = 0; let mut x417: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x416, &mut x417, x415, x399, x396); let mut x418: u64 = 0; let mut x419: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x418, &mut x419, x417, x397, x394); let mut x420: u64 = 0; let mut x421: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x420, &mut x421, 0x0, x382, x406); let mut x422: u64 = 0; let mut x423: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x422, &mut x423, x421, x384, x408); let mut x424: u64 = 0; let mut x425: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x424, &mut x425, x423, x386, x410); let mut x426: u64 = 0; let mut x427: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x426, &mut x427, x425, x388, x412); let mut x428: u64 = 0; let mut x429: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x428, &mut x429, x427, x390, x414); let mut x430: u64 = 0; let mut x431: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x430, &mut x431, x429, x392, x416); let mut x432: u64 = 0; let mut x433: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x432, &mut x433, x431, (((x393 as u64) + ((x353 as u64) + ((x339 as u64) + x315))) + ((x379 as u64) + x355)), x418); let mut x434: u64 = 0; let mut x435: u64 = 0; fiat_p434_mulx_u64(&mut x434, &mut x435, x420, 0x2341f27177344); let mut x436: u64 = 0; let mut x437: u64 = 0; fiat_p434_mulx_u64(&mut x436, &mut x437, x420, 0x6cfc5fd681c52056); let mut x438: u64 = 0; let mut x439: u64 = 0; fiat_p434_mulx_u64(&mut x438, &mut x439, x420, 0x7bc65c783158aea3); let mut x440: u64 = 0; let mut x441: u64 = 0; fiat_p434_mulx_u64(&mut x440, &mut x441, x420, 0xfdc1767ae2ffffff); let mut x442: u64 = 0; let mut x443: u64 = 0; fiat_p434_mulx_u64(&mut x442, &mut x443, x420, 0xffffffffffffffff); let mut x444: u64 = 0; let mut x445: u64 = 0; fiat_p434_mulx_u64(&mut x444, &mut x445, x420, 0xffffffffffffffff); let mut x446: u64 = 0; let mut x447: u64 = 0; fiat_p434_mulx_u64(&mut x446, &mut x447, x420, 0xffffffffffffffff); let mut x448: u64 = 0; let mut x449: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x448, &mut x449, 0x0, x447, x444); let mut x450: u64 = 0; let mut x451: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x450, &mut x451, x449, x445, x442); let mut x452: u64 = 0; let mut x453: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x452, &mut x453, x451, x443, x440); let mut x454: u64 = 0; let mut x455: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x454, &mut x455, x453, x441, x438); let mut x456: u64 = 0; let mut x457: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x456, &mut x457, x455, x439, x436); let mut x458: u64 = 0; let mut x459: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x458, &mut x459, x457, x437, x434); let mut x460: u64 = 0; let mut x461: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x460, &mut x461, 0x0, x420, x446); let mut x462: u64 = 0; let mut x463: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x462, &mut x463, x461, x422, x448); let mut x464: u64 = 0; let mut x465: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x464, &mut x465, x463, x424, x450); let mut x466: u64 = 0; let mut x467: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x466, &mut x467, x465, x426, x452); let mut x468: u64 = 0; let mut x469: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x468, &mut x469, x467, x428, x454); let mut x470: u64 = 0; let mut x471: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x470, &mut x471, x469, x430, x456); let mut x472: u64 = 0; let mut x473: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x472, &mut x473, x471, x432, x458); let mut x474: u64 = 0; let mut x475: u64 = 0; fiat_p434_mulx_u64(&mut x474, &mut x475, x6, 0x25a89bcdd12a); let mut x476: u64 = 0; let mut x477: u64 = 0; fiat_p434_mulx_u64(&mut x476, &mut x477, x6, 0x69e16a61c7686d9a); let mut x478: u64 = 0; let mut x479: u64 = 0; fiat_p434_mulx_u64(&mut x478, &mut x479, x6, 0xabcd92bf2dde347e); let mut x480: u64 = 0; let mut x481: u64 = 0; fiat_p434_mulx_u64(&mut x480, &mut x481, x6, 0x175cc6af8d6c7c0b); let mut x482: u64 = 0; let mut x483: u64 = 0; fiat_p434_mulx_u64(&mut x482, &mut x483, x6, 0xab27973f8311688d); let mut x484: u64 = 0; let mut x485: u64 = 0; fiat_p434_mulx_u64(&mut x484, &mut x485, x6, 0xacec7367768798c2); let mut x486: u64 = 0; let mut x487: u64 = 0; fiat_p434_mulx_u64(&mut x486, &mut x487, x6, 0x28e55b65dcd69b30); let mut x488: u64 = 0; let mut x489: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x488, &mut x489, 0x0, x487, x484); let mut x490: u64 = 0; let mut x491: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x490, &mut x491, x489, x485, x482); let mut x492: u64 = 0; let mut x493: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x492, &mut x493, x491, x483, x480); let mut x494: u64 = 0; let mut x495: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x494, &mut x495, x493, x481, x478); let mut x496: u64 = 0; let mut x497: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x496, &mut x497, x495, x479, x476); let mut x498: u64 = 0; let mut x499: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x498, &mut x499, x497, x477, x474); let mut x500: u64 = 0; let mut x501: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x500, &mut x501, 0x0, x462, x486); let mut x502: u64 = 0; let mut x503: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x502, &mut x503, x501, x464, x488); let mut x504: u64 = 0; let mut x505: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x504, &mut x505, x503, x466, x490); let mut x506: u64 = 0; let mut x507: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x506, &mut x507, x505, x468, x492); let mut x508: u64 = 0; let mut x509: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x508, &mut x509, x507, x470, x494); let mut x510: u64 = 0; let mut x511: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x510, &mut x511, x509, x472, x496); let mut x512: u64 = 0; let mut x513: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x512, &mut x513, x511, (((x473 as u64) + ((x433 as u64) + ((x419 as u64) + x395))) + ((x459 as u64) + x435)), x498); let mut x514: u64 = 0; let mut x515: u64 = 0; fiat_p434_mulx_u64(&mut x514, &mut x515, x500, 0x2341f27177344); let mut x516: u64 = 0; let mut x517: u64 = 0; fiat_p434_mulx_u64(&mut x516, &mut x517, x500, 0x6cfc5fd681c52056); let mut x518: u64 = 0; let mut x519: u64 = 0; fiat_p434_mulx_u64(&mut x518, &mut x519, x500, 0x7bc65c783158aea3); let mut x520: u64 = 0; let mut x521: u64 = 0; fiat_p434_mulx_u64(&mut x520, &mut x521, x500, 0xfdc1767ae2ffffff); let mut x522: u64 = 0; let mut x523: u64 = 0; fiat_p434_mulx_u64(&mut x522, &mut x523, x500, 0xffffffffffffffff); let mut x524: u64 = 0; let mut x525: u64 = 0; fiat_p434_mulx_u64(&mut x524, &mut x525, x500, 0xffffffffffffffff); let mut x526: u64 = 0; let mut x527: u64 = 0; fiat_p434_mulx_u64(&mut x526, &mut x527, x500, 0xffffffffffffffff); let mut x528: u64 = 0; let mut x529: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x528, &mut x529, 0x0, x527, x524); let mut x530: u64 = 0; let mut x531: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x530, &mut x531, x529, x525, x522); let mut x532: u64 = 0; let mut x533: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x532, &mut x533, x531, x523, x520); let mut x534: u64 = 0; let mut x535: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x534, &mut x535, x533, x521, x518); let mut x536: u64 = 0; let mut x537: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x536, &mut x537, x535, x519, x516); let mut x538: u64 = 0; let mut x539: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x538, &mut x539, x537, x517, x514); let mut x540: u64 = 0; let mut x541: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x540, &mut x541, 0x0, x500, x526); let mut x542: u64 = 0; let mut x543: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x542, &mut x543, x541, x502, x528); let mut x544: u64 = 0; let mut x545: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x544, &mut x545, x543, x504, x530); let mut x546: u64 = 0; let mut x547: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x546, &mut x547, x545, x506, x532); let mut x548: u64 = 0; let mut x549: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x548, &mut x549, x547, x508, x534); let mut x550: u64 = 0; let mut x551: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x550, &mut x551, x549, x510, x536); let mut x552: u64 = 0; let mut x553: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x552, &mut x553, x551, x512, x538); let x554: u64 = (((x553 as u64) + ((x513 as u64) + ((x499 as u64) + x475))) + ((x539 as u64) + x515)); let mut x555: u64 = 0; let mut x556: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x555, &mut x556, 0x0, x542, 0xffffffffffffffff); let mut x557: u64 = 0; let mut x558: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x557, &mut x558, x556, x544, 0xffffffffffffffff); let mut x559: u64 = 0; let mut x560: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x559, &mut x560, x558, x546, 0xffffffffffffffff); let mut x561: u64 = 0; let mut x562: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x561, &mut x562, x560, x548, 0xfdc1767ae2ffffff); let mut x563: u64 = 0; let mut x564: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x563, &mut x564, x562, x550, 0x7bc65c783158aea3); let mut x565: u64 = 0; let mut x566: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x565, &mut x566, x564, x552, 0x6cfc5fd681c52056); let mut x567: u64 = 0; let mut x568: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x567, &mut x568, x566, x554, 0x2341f27177344); let mut x569: u64 = 0; let mut x570: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x569, &mut x570, x568, (0x0 as u64), (0x0 as u64)); let mut x571: u64 = 0; fiat_p434_cmovznz_u64(&mut x571, x570, x555, x542); let mut x572: u64 = 0; fiat_p434_cmovznz_u64(&mut x572, x570, x557, x544); let mut x573: u64 = 0; fiat_p434_cmovznz_u64(&mut x573, x570, x559, x546); let mut x574: u64 = 0; fiat_p434_cmovznz_u64(&mut x574, x570, x561, x548); let mut x575: u64 = 0; fiat_p434_cmovznz_u64(&mut x575, x570, x563, x550); let mut x576: u64 = 0; fiat_p434_cmovznz_u64(&mut x576, x570, x565, x552); let mut x577: u64 = 0; fiat_p434_cmovznz_u64(&mut x577, x570, x567, x554); out1[0] = x571; out1[1] = x572; out1[2] = x573; out1[3] = x574; out1[4] = x575; out1[5] = x576; out1[6] = x577; } /// The function fiat_p434_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p434_nonzero(out1: &mut u64, arg1: &[u64; 7]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); *out1 = x1; } /// The function fiat_p434_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p434_selectznz(out1: &mut [u64; 7], arg1: fiat_p434_u1, arg2: &[u64; 7], arg3: &[u64; 7]) { let mut x1: u64 = 0; fiat_p434_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p434_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p434_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p434_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_p434_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u64 = 0; fiat_p434_cmovznz_u64(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u64 = 0; fiat_p434_cmovznz_u64(&mut x7, arg1, (arg2[6]), (arg3[6])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; } /// The function fiat_p434_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..54] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3ffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] #[inline] pub fn fiat_p434_to_bytes(out1: &mut [u8; 55], arg1: &[u64; 7]) { let x1: u64 = (arg1[6]); let x2: u64 = (arg1[5]); let x3: u64 = (arg1[4]); let x4: u64 = (arg1[3]); let x5: u64 = (arg1[2]); let x6: u64 = (arg1[1]); let x7: u64 = (arg1[0]); let x8: u8 = ((x7 & (0xff as u64)) as u8); let x9: u64 = (x7 >> 8); let x10: u8 = ((x9 & (0xff as u64)) as u8); let x11: u64 = (x9 >> 8); let x12: u8 = ((x11 & (0xff as u64)) as u8); let x13: u64 = (x11 >> 8); let x14: u8 = ((x13 & (0xff as u64)) as u8); let x15: u64 = (x13 >> 8); let x16: u8 = ((x15 & (0xff as u64)) as u8); let x17: u64 = (x15 >> 8); let x18: u8 = ((x17 & (0xff as u64)) as u8); let x19: u64 = (x17 >> 8); let x20: u8 = ((x19 & (0xff as u64)) as u8); let x21: u8 = ((x19 >> 8) as u8); let x22: u8 = ((x6 & (0xff as u64)) as u8); let x23: u64 = (x6 >> 8); let x24: u8 = ((x23 & (0xff as u64)) as u8); let x25: u64 = (x23 >> 8); let x26: u8 = ((x25 & (0xff as u64)) as u8); let x27: u64 = (x25 >> 8); let x28: u8 = ((x27 & (0xff as u64)) as u8); let x29: u64 = (x27 >> 8); let x30: u8 = ((x29 & (0xff as u64)) as u8); let x31: u64 = (x29 >> 8); let x32: u8 = ((x31 & (0xff as u64)) as u8); let x33: u64 = (x31 >> 8); let x34: u8 = ((x33 & (0xff as u64)) as u8); let x35: u8 = ((x33 >> 8) as u8); let x36: u8 = ((x5 & (0xff as u64)) as u8); let x37: u64 = (x5 >> 8); let x38: u8 = ((x37 & (0xff as u64)) as u8); let x39: u64 = (x37 >> 8); let x40: u8 = ((x39 & (0xff as u64)) as u8); let x41: u64 = (x39 >> 8); let x42: u8 = ((x41 & (0xff as u64)) as u8); let x43: u64 = (x41 >> 8); let x44: u8 = ((x43 & (0xff as u64)) as u8); let x45: u64 = (x43 >> 8); let x46: u8 = ((x45 & (0xff as u64)) as u8); let x47: u64 = (x45 >> 8); let x48: u8 = ((x47 & (0xff as u64)) as u8); let x49: u8 = ((x47 >> 8) as u8); let x50: u8 = ((x4 & (0xff as u64)) as u8); let x51: u64 = (x4 >> 8); let x52: u8 = ((x51 & (0xff as u64)) as u8); let x53: u64 = (x51 >> 8); let x54: u8 = ((x53 & (0xff as u64)) as u8); let x55: u64 = (x53 >> 8); let x56: u8 = ((x55 & (0xff as u64)) as u8); let x57: u64 = (x55 >> 8); let x58: u8 = ((x57 & (0xff as u64)) as u8); let x59: u64 = (x57 >> 8); let x60: u8 = ((x59 & (0xff as u64)) as u8); let x61: u64 = (x59 >> 8); let x62: u8 = ((x61 & (0xff as u64)) as u8); let x63: u8 = ((x61 >> 8) as u8); let x64: u8 = ((x3 & (0xff as u64)) as u8); let x65: u64 = (x3 >> 8); let x66: u8 = ((x65 & (0xff as u64)) as u8); let x67: u64 = (x65 >> 8); let x68: u8 = ((x67 & (0xff as u64)) as u8); let x69: u64 = (x67 >> 8); let x70: u8 = ((x69 & (0xff as u64)) as u8); let x71: u64 = (x69 >> 8); let x72: u8 = ((x71 & (0xff as u64)) as u8); let x73: u64 = (x71 >> 8); let x74: u8 = ((x73 & (0xff as u64)) as u8); let x75: u64 = (x73 >> 8); let x76: u8 = ((x75 & (0xff as u64)) as u8); let x77: u8 = ((x75 >> 8) as u8); let x78: u8 = ((x2 & (0xff as u64)) as u8); let x79: u64 = (x2 >> 8); let x80: u8 = ((x79 & (0xff as u64)) as u8); let x81: u64 = (x79 >> 8); let x82: u8 = ((x81 & (0xff as u64)) as u8); let x83: u64 = (x81 >> 8); let x84: u8 = ((x83 & (0xff as u64)) as u8); let x85: u64 = (x83 >> 8); let x86: u8 = ((x85 & (0xff as u64)) as u8); let x87: u64 = (x85 >> 8); let x88: u8 = ((x87 & (0xff as u64)) as u8); let x89: u64 = (x87 >> 8); let x90: u8 = ((x89 & (0xff as u64)) as u8); let x91: u8 = ((x89 >> 8) as u8); let x92: u8 = ((x1 & (0xff as u64)) as u8); let x93: u64 = (x1 >> 8); let x94: u8 = ((x93 & (0xff as u64)) as u8); let x95: u64 = (x93 >> 8); let x96: u8 = ((x95 & (0xff as u64)) as u8); let x97: u64 = (x95 >> 8); let x98: u8 = ((x97 & (0xff as u64)) as u8); let x99: u64 = (x97 >> 8); let x100: u8 = ((x99 & (0xff as u64)) as u8); let x101: u64 = (x99 >> 8); let x102: u8 = ((x101 & (0xff as u64)) as u8); let x103: u8 = ((x101 >> 8) as u8); out1[0] = x8; out1[1] = x10; out1[2] = x12; out1[3] = x14; out1[4] = x16; out1[5] = x18; out1[6] = x20; out1[7] = x21; out1[8] = x22; out1[9] = x24; out1[10] = x26; out1[11] = x28; out1[12] = x30; out1[13] = x32; out1[14] = x34; out1[15] = x35; out1[16] = x36; out1[17] = x38; out1[18] = x40; out1[19] = x42; out1[20] = x44; out1[21] = x46; out1[22] = x48; out1[23] = x49; out1[24] = x50; out1[25] = x52; out1[26] = x54; out1[27] = x56; out1[28] = x58; out1[29] = x60; out1[30] = x62; out1[31] = x63; out1[32] = x64; out1[33] = x66; out1[34] = x68; out1[35] = x70; out1[36] = x72; out1[37] = x74; out1[38] = x76; out1[39] = x77; out1[40] = x78; out1[41] = x80; out1[42] = x82; out1[43] = x84; out1[44] = x86; out1[45] = x88; out1[46] = x90; out1[47] = x91; out1[48] = x92; out1[49] = x94; out1[50] = x96; out1[51] = x98; out1[52] = x100; out1[53] = x102; out1[54] = x103; } /// The function fiat_p434_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3ffffffffffff]] #[inline] pub fn fiat_p434_from_bytes(out1: &mut [u64; 7], arg1: &[u8; 55]) { let x1: u64 = (((arg1[54]) as u64) << 48); let x2: u64 = (((arg1[53]) as u64) << 40); let x3: u64 = (((arg1[52]) as u64) << 32); let x4: u64 = (((arg1[51]) as u64) << 24); let x5: u64 = (((arg1[50]) as u64) << 16); let x6: u64 = (((arg1[49]) as u64) << 8); let x7: u8 = (arg1[48]); let x8: u64 = (((arg1[47]) as u64) << 56); let x9: u64 = (((arg1[46]) as u64) << 48); let x10: u64 = (((arg1[45]) as u64) << 40); let x11: u64 = (((arg1[44]) as u64) << 32); let x12: u64 = (((arg1[43]) as u64) << 24); let x13: u64 = (((arg1[42]) as u64) << 16); let x14: u64 = (((arg1[41]) as u64) << 8); let x15: u8 = (arg1[40]); let x16: u64 = (((arg1[39]) as u64) << 56); let x17: u64 = (((arg1[38]) as u64) << 48); let x18: u64 = (((arg1[37]) as u64) << 40); let x19: u64 = (((arg1[36]) as u64) << 32); let x20: u64 = (((arg1[35]) as u64) << 24); let x21: u64 = (((arg1[34]) as u64) << 16); let x22: u64 = (((arg1[33]) as u64) << 8); let x23: u8 = (arg1[32]); let x24: u64 = (((arg1[31]) as u64) << 56); let x25: u64 = (((arg1[30]) as u64) << 48); let x26: u64 = (((arg1[29]) as u64) << 40); let x27: u64 = (((arg1[28]) as u64) << 32); let x28: u64 = (((arg1[27]) as u64) << 24); let x29: u64 = (((arg1[26]) as u64) << 16); let x30: u64 = (((arg1[25]) as u64) << 8); let x31: u8 = (arg1[24]); let x32: u64 = (((arg1[23]) as u64) << 56); let x33: u64 = (((arg1[22]) as u64) << 48); let x34: u64 = (((arg1[21]) as u64) << 40); let x35: u64 = (((arg1[20]) as u64) << 32); let x36: u64 = (((arg1[19]) as u64) << 24); let x37: u64 = (((arg1[18]) as u64) << 16); let x38: u64 = (((arg1[17]) as u64) << 8); let x39: u8 = (arg1[16]); let x40: u64 = (((arg1[15]) as u64) << 56); let x41: u64 = (((arg1[14]) as u64) << 48); let x42: u64 = (((arg1[13]) as u64) << 40); let x43: u64 = (((arg1[12]) as u64) << 32); let x44: u64 = (((arg1[11]) as u64) << 24); let x45: u64 = (((arg1[10]) as u64) << 16); let x46: u64 = (((arg1[9]) as u64) << 8); let x47: u8 = (arg1[8]); let x48: u64 = (((arg1[7]) as u64) << 56); let x49: u64 = (((arg1[6]) as u64) << 48); let x50: u64 = (((arg1[5]) as u64) << 40); let x51: u64 = (((arg1[4]) as u64) << 32); let x52: u64 = (((arg1[3]) as u64) << 24); let x53: u64 = (((arg1[2]) as u64) << 16); let x54: u64 = (((arg1[1]) as u64) << 8); let x55: u8 = (arg1[0]); let x56: u64 = (x54 + (x55 as u64)); let x57: u64 = (x53 + x56); let x58: u64 = (x52 + x57); let x59: u64 = (x51 + x58); let x60: u64 = (x50 + x59); let x61: u64 = (x49 + x60); let x62: u64 = (x48 + x61); let x63: u64 = (x46 + (x47 as u64)); let x64: u64 = (x45 + x63); let x65: u64 = (x44 + x64); let x66: u64 = (x43 + x65); let x67: u64 = (x42 + x66); let x68: u64 = (x41 + x67); let x69: u64 = (x40 + x68); let x70: u64 = (x38 + (x39 as u64)); let x71: u64 = (x37 + x70); let x72: u64 = (x36 + x71); let x73: u64 = (x35 + x72); let x74: u64 = (x34 + x73); let x75: u64 = (x33 + x74); let x76: u64 = (x32 + x75); let x77: u64 = (x30 + (x31 as u64)); let x78: u64 = (x29 + x77); let x79: u64 = (x28 + x78); let x80: u64 = (x27 + x79); let x81: u64 = (x26 + x80); let x82: u64 = (x25 + x81); let x83: u64 = (x24 + x82); let x84: u64 = (x22 + (x23 as u64)); let x85: u64 = (x21 + x84); let x86: u64 = (x20 + x85); let x87: u64 = (x19 + x86); let x88: u64 = (x18 + x87); let x89: u64 = (x17 + x88); let x90: u64 = (x16 + x89); let x91: u64 = (x14 + (x15 as u64)); let x92: u64 = (x13 + x91); let x93: u64 = (x12 + x92); let x94: u64 = (x11 + x93); let x95: u64 = (x10 + x94); let x96: u64 = (x9 + x95); let x97: u64 = (x8 + x96); let x98: u64 = (x6 + (x7 as u64)); let x99: u64 = (x5 + x98); let x100: u64 = (x4 + x99); let x101: u64 = (x3 + x100); let x102: u64 = (x2 + x101); let x103: u64 = (x1 + x102); out1[0] = x62; out1[1] = x69; out1[2] = x76; out1[3] = x83; out1[4] = x90; out1[5] = x97; out1[6] = x103; } /// The function fiat_p434_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_p434_set_one(out1: &mut fiat_p434_montgomery_domain_field_element) { out1[0] = 0x742c; out1[1] = (0x0 as u64); out1[2] = (0x0 as u64); out1[3] = 0xb90ff404fc000000; out1[4] = 0xd801a4fb559facd4; out1[5] = 0xe93254545f77410c; out1[6] = 0xeceea7bd2eda; } /// The function fiat_p434_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p434_msat(out1: &mut [u64; 8]) { out1[0] = 0xffffffffffffffff; out1[1] = 0xffffffffffffffff; out1[2] = 0xffffffffffffffff; out1[3] = 0xfdc1767ae2ffffff; out1[4] = 0x7bc65c783158aea3; out1[5] = 0x6cfc5fd681c52056; out1[6] = 0x2341f27177344; out1[7] = (0x0 as u64); } /// The function fiat_p434_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p434_divstep(out1: &mut u64, out2: &mut [u64; 8], out3: &mut [u64; 8], out4: &mut [u64; 7], out5: &mut [u64; 7], arg1: u64, arg2: &[u64; 8], arg3: &[u64; 8], arg4: &[u64; 7], arg5: &[u64; 7]) { let mut x1: u64 = 0; let mut x2: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_p434_u1 = (((x1 >> 63) as fiat_p434_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_p434_u1)); let mut x4: u64 = 0; let mut x5: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_p434_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_p434_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_p434_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_p434_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_p434_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_p434_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; fiat_p434_cmovznz_u64(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u64 = 0; fiat_p434_cmovznz_u64(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u64 = 0; fiat_p434_cmovznz_u64(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u64 = 0; let mut x16: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x15, &mut x16, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x17: u64 = 0; let mut x18: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x17, &mut x18, x16, (0x0 as u64), (!(arg2[1]))); let mut x19: u64 = 0; let mut x20: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x19, &mut x20, x18, (0x0 as u64), (!(arg2[2]))); let mut x21: u64 = 0; let mut x22: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x21, &mut x22, x20, (0x0 as u64), (!(arg2[3]))); let mut x23: u64 = 0; let mut x24: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x23, &mut x24, x22, (0x0 as u64), (!(arg2[4]))); let mut x25: u64 = 0; let mut x26: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x25, &mut x26, x24, (0x0 as u64), (!(arg2[5]))); let mut x27: u64 = 0; let mut x28: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x27, &mut x28, x26, (0x0 as u64), (!(arg2[6]))); let mut x29: u64 = 0; let mut x30: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x29, &mut x30, x28, (0x0 as u64), (!(arg2[7]))); let mut x31: u64 = 0; fiat_p434_cmovznz_u64(&mut x31, x3, (arg3[0]), x15); let mut x32: u64 = 0; fiat_p434_cmovznz_u64(&mut x32, x3, (arg3[1]), x17); let mut x33: u64 = 0; fiat_p434_cmovznz_u64(&mut x33, x3, (arg3[2]), x19); let mut x34: u64 = 0; fiat_p434_cmovznz_u64(&mut x34, x3, (arg3[3]), x21); let mut x35: u64 = 0; fiat_p434_cmovznz_u64(&mut x35, x3, (arg3[4]), x23); let mut x36: u64 = 0; fiat_p434_cmovznz_u64(&mut x36, x3, (arg3[5]), x25); let mut x37: u64 = 0; fiat_p434_cmovznz_u64(&mut x37, x3, (arg3[6]), x27); let mut x38: u64 = 0; fiat_p434_cmovznz_u64(&mut x38, x3, (arg3[7]), x29); let mut x39: u64 = 0; fiat_p434_cmovznz_u64(&mut x39, x3, (arg4[0]), (arg5[0])); let mut x40: u64 = 0; fiat_p434_cmovznz_u64(&mut x40, x3, (arg4[1]), (arg5[1])); let mut x41: u64 = 0; fiat_p434_cmovznz_u64(&mut x41, x3, (arg4[2]), (arg5[2])); let mut x42: u64 = 0; fiat_p434_cmovznz_u64(&mut x42, x3, (arg4[3]), (arg5[3])); let mut x43: u64 = 0; fiat_p434_cmovznz_u64(&mut x43, x3, (arg4[4]), (arg5[4])); let mut x44: u64 = 0; fiat_p434_cmovznz_u64(&mut x44, x3, (arg4[5]), (arg5[5])); let mut x45: u64 = 0; fiat_p434_cmovznz_u64(&mut x45, x3, (arg4[6]), (arg5[6])); let mut x46: u64 = 0; let mut x47: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x46, &mut x47, 0x0, x39, x39); let mut x48: u64 = 0; let mut x49: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x48, &mut x49, x47, x40, x40); let mut x50: u64 = 0; let mut x51: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x50, &mut x51, x49, x41, x41); let mut x52: u64 = 0; let mut x53: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x52, &mut x53, x51, x42, x42); let mut x54: u64 = 0; let mut x55: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x54, &mut x55, x53, x43, x43); let mut x56: u64 = 0; let mut x57: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x56, &mut x57, x55, x44, x44); let mut x58: u64 = 0; let mut x59: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x58, &mut x59, x57, x45, x45); let mut x60: u64 = 0; let mut x61: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x60, &mut x61, 0x0, x46, 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x62, &mut x63, x61, x48, 0xffffffffffffffff); let mut x64: u64 = 0; let mut x65: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x64, &mut x65, x63, x50, 0xffffffffffffffff); let mut x66: u64 = 0; let mut x67: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x66, &mut x67, x65, x52, 0xfdc1767ae2ffffff); let mut x68: u64 = 0; let mut x69: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x68, &mut x69, x67, x54, 0x7bc65c783158aea3); let mut x70: u64 = 0; let mut x71: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x70, &mut x71, x69, x56, 0x6cfc5fd681c52056); let mut x72: u64 = 0; let mut x73: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x72, &mut x73, x71, x58, 0x2341f27177344); let mut x74: u64 = 0; let mut x75: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x74, &mut x75, x73, (x59 as u64), (0x0 as u64)); let x76: u64 = (arg4[6]); let x77: u64 = (arg4[5]); let x78: u64 = (arg4[4]); let x79: u64 = (arg4[3]); let x80: u64 = (arg4[2]); let x81: u64 = (arg4[1]); let x82: u64 = (arg4[0]); let mut x83: u64 = 0; let mut x84: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x83, &mut x84, 0x0, (0x0 as u64), x82); let mut x85: u64 = 0; let mut x86: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x85, &mut x86, x84, (0x0 as u64), x81); let mut x87: u64 = 0; let mut x88: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x87, &mut x88, x86, (0x0 as u64), x80); let mut x89: u64 = 0; let mut x90: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x89, &mut x90, x88, (0x0 as u64), x79); let mut x91: u64 = 0; let mut x92: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x91, &mut x92, x90, (0x0 as u64), x78); let mut x93: u64 = 0; let mut x94: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x93, &mut x94, x92, (0x0 as u64), x77); let mut x95: u64 = 0; let mut x96: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x95, &mut x96, x94, (0x0 as u64), x76); let mut x97: u64 = 0; fiat_p434_cmovznz_u64(&mut x97, x96, (0x0 as u64), 0xffffffffffffffff); let mut x98: u64 = 0; let mut x99: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x98, &mut x99, 0x0, x83, x97); let mut x100: u64 = 0; let mut x101: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x100, &mut x101, x99, x85, x97); let mut x102: u64 = 0; let mut x103: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x102, &mut x103, x101, x87, x97); let mut x104: u64 = 0; let mut x105: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x104, &mut x105, x103, x89, (x97 & 0xfdc1767ae2ffffff)); let mut x106: u64 = 0; let mut x107: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x106, &mut x107, x105, x91, (x97 & 0x7bc65c783158aea3)); let mut x108: u64 = 0; let mut x109: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x108, &mut x109, x107, x93, (x97 & 0x6cfc5fd681c52056)); let mut x110: u64 = 0; let mut x111: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x110, &mut x111, x109, x95, (x97 & 0x2341f27177344)); let mut x112: u64 = 0; fiat_p434_cmovznz_u64(&mut x112, x3, (arg5[0]), x98); let mut x113: u64 = 0; fiat_p434_cmovznz_u64(&mut x113, x3, (arg5[1]), x100); let mut x114: u64 = 0; fiat_p434_cmovznz_u64(&mut x114, x3, (arg5[2]), x102); let mut x115: u64 = 0; fiat_p434_cmovznz_u64(&mut x115, x3, (arg5[3]), x104); let mut x116: u64 = 0; fiat_p434_cmovznz_u64(&mut x116, x3, (arg5[4]), x106); let mut x117: u64 = 0; fiat_p434_cmovznz_u64(&mut x117, x3, (arg5[5]), x108); let mut x118: u64 = 0; fiat_p434_cmovznz_u64(&mut x118, x3, (arg5[6]), x110); let x119: fiat_p434_u1 = ((x31 & (0x1 as u64)) as fiat_p434_u1); let mut x120: u64 = 0; fiat_p434_cmovznz_u64(&mut x120, x119, (0x0 as u64), x7); let mut x121: u64 = 0; fiat_p434_cmovznz_u64(&mut x121, x119, (0x0 as u64), x8); let mut x122: u64 = 0; fiat_p434_cmovznz_u64(&mut x122, x119, (0x0 as u64), x9); let mut x123: u64 = 0; fiat_p434_cmovznz_u64(&mut x123, x119, (0x0 as u64), x10); let mut x124: u64 = 0; fiat_p434_cmovznz_u64(&mut x124, x119, (0x0 as u64), x11); let mut x125: u64 = 0; fiat_p434_cmovznz_u64(&mut x125, x119, (0x0 as u64), x12); let mut x126: u64 = 0; fiat_p434_cmovznz_u64(&mut x126, x119, (0x0 as u64), x13); let mut x127: u64 = 0; fiat_p434_cmovznz_u64(&mut x127, x119, (0x0 as u64), x14); let mut x128: u64 = 0; let mut x129: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x128, &mut x129, 0x0, x31, x120); let mut x130: u64 = 0; let mut x131: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x130, &mut x131, x129, x32, x121); let mut x132: u64 = 0; let mut x133: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x132, &mut x133, x131, x33, x122); let mut x134: u64 = 0; let mut x135: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x134, &mut x135, x133, x34, x123); let mut x136: u64 = 0; let mut x137: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x136, &mut x137, x135, x35, x124); let mut x138: u64 = 0; let mut x139: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x138, &mut x139, x137, x36, x125); let mut x140: u64 = 0; let mut x141: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x140, &mut x141, x139, x37, x126); let mut x142: u64 = 0; let mut x143: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x142, &mut x143, x141, x38, x127); let mut x144: u64 = 0; fiat_p434_cmovznz_u64(&mut x144, x119, (0x0 as u64), x39); let mut x145: u64 = 0; fiat_p434_cmovznz_u64(&mut x145, x119, (0x0 as u64), x40); let mut x146: u64 = 0; fiat_p434_cmovznz_u64(&mut x146, x119, (0x0 as u64), x41); let mut x147: u64 = 0; fiat_p434_cmovznz_u64(&mut x147, x119, (0x0 as u64), x42); let mut x148: u64 = 0; fiat_p434_cmovznz_u64(&mut x148, x119, (0x0 as u64), x43); let mut x149: u64 = 0; fiat_p434_cmovznz_u64(&mut x149, x119, (0x0 as u64), x44); let mut x150: u64 = 0; fiat_p434_cmovznz_u64(&mut x150, x119, (0x0 as u64), x45); let mut x151: u64 = 0; let mut x152: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x151, &mut x152, 0x0, x112, x144); let mut x153: u64 = 0; let mut x154: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x153, &mut x154, x152, x113, x145); let mut x155: u64 = 0; let mut x156: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x155, &mut x156, x154, x114, x146); let mut x157: u64 = 0; let mut x158: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x157, &mut x158, x156, x115, x147); let mut x159: u64 = 0; let mut x160: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x159, &mut x160, x158, x116, x148); let mut x161: u64 = 0; let mut x162: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x161, &mut x162, x160, x117, x149); let mut x163: u64 = 0; let mut x164: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x163, &mut x164, x162, x118, x150); let mut x165: u64 = 0; let mut x166: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x165, &mut x166, 0x0, x151, 0xffffffffffffffff); let mut x167: u64 = 0; let mut x168: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x167, &mut x168, x166, x153, 0xffffffffffffffff); let mut x169: u64 = 0; let mut x170: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x169, &mut x170, x168, x155, 0xffffffffffffffff); let mut x171: u64 = 0; let mut x172: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x171, &mut x172, x170, x157, 0xfdc1767ae2ffffff); let mut x173: u64 = 0; let mut x174: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x173, &mut x174, x172, x159, 0x7bc65c783158aea3); let mut x175: u64 = 0; let mut x176: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x175, &mut x176, x174, x161, 0x6cfc5fd681c52056); let mut x177: u64 = 0; let mut x178: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x177, &mut x178, x176, x163, 0x2341f27177344); let mut x179: u64 = 0; let mut x180: fiat_p434_u1 = 0; fiat_p434_subborrowx_u64(&mut x179, &mut x180, x178, (x164 as u64), (0x0 as u64)); let mut x181: u64 = 0; let mut x182: fiat_p434_u1 = 0; fiat_p434_addcarryx_u64(&mut x181, &mut x182, 0x0, x6, (0x1 as u64)); let x183: u64 = ((x128 >> 1) | ((x130 << 63) & 0xffffffffffffffff)); let x184: u64 = ((x130 >> 1) | ((x132 << 63) & 0xffffffffffffffff)); let x185: u64 = ((x132 >> 1) | ((x134 << 63) & 0xffffffffffffffff)); let x186: u64 = ((x134 >> 1) | ((x136 << 63) & 0xffffffffffffffff)); let x187: u64 = ((x136 >> 1) | ((x138 << 63) & 0xffffffffffffffff)); let x188: u64 = ((x138 >> 1) | ((x140 << 63) & 0xffffffffffffffff)); let x189: u64 = ((x140 >> 1) | ((x142 << 63) & 0xffffffffffffffff)); let x190: u64 = ((x142 & 0x8000000000000000) | (x142 >> 1)); let mut x191: u64 = 0; fiat_p434_cmovznz_u64(&mut x191, x75, x60, x46); let mut x192: u64 = 0; fiat_p434_cmovznz_u64(&mut x192, x75, x62, x48); let mut x193: u64 = 0; fiat_p434_cmovznz_u64(&mut x193, x75, x64, x50); let mut x194: u64 = 0; fiat_p434_cmovznz_u64(&mut x194, x75, x66, x52); let mut x195: u64 = 0; fiat_p434_cmovznz_u64(&mut x195, x75, x68, x54); let mut x196: u64 = 0; fiat_p434_cmovznz_u64(&mut x196, x75, x70, x56); let mut x197: u64 = 0; fiat_p434_cmovznz_u64(&mut x197, x75, x72, x58); let mut x198: u64 = 0; fiat_p434_cmovznz_u64(&mut x198, x180, x165, x151); let mut x199: u64 = 0; fiat_p434_cmovznz_u64(&mut x199, x180, x167, x153); let mut x200: u64 = 0; fiat_p434_cmovznz_u64(&mut x200, x180, x169, x155); let mut x201: u64 = 0; fiat_p434_cmovznz_u64(&mut x201, x180, x171, x157); let mut x202: u64 = 0; fiat_p434_cmovznz_u64(&mut x202, x180, x173, x159); let mut x203: u64 = 0; fiat_p434_cmovznz_u64(&mut x203, x180, x175, x161); let mut x204: u64 = 0; fiat_p434_cmovznz_u64(&mut x204, x180, x177, x163); *out1 = x181; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out3[0] = x183; out3[1] = x184; out3[2] = x185; out3[3] = x186; out3[4] = x187; out3[5] = x188; out3[6] = x189; out3[7] = x190; out4[0] = x191; out4[1] = x192; out4[2] = x193; out4[3] = x194; out4[4] = x195; out4[5] = x196; out4[6] = x197; out5[0] = x198; out5[1] = x199; out5[2] = x200; out5[3] = x201; out5[4] = x202; out5[5] = x203; out5[6] = x204; } /// The function fiat_p434_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p434_divstep_precomp(out1: &mut [u64; 7]) { out1[0] = 0x9f9776e27e1a2b72; out1[1] = 0x28b59f067e2393d0; out1[2] = 0xcf316ce1572add54; out1[3] = 0x312c8965f9032c2f; out1[4] = 0x9d9cab29ad90d34c; out1[5] = 0x6e1ddae1d9609ae1; out1[6] = 0x6df82285eec6; } fiat-crypto-0.2.2/src/p448_solinas_32.rs000064400000000000000000002450021046102023000157610ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline p448 32 16 '2^448 - 2^224 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: p448 //! machine_wordsize = 32 (from "32") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 16 (from "16") //! s-c = 2^448 - [(2^224, 1), (1, 1)] (from "2^448 - 2^224 - 1") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [7, 15, 8, 0, 9, 1, 10, 2, 11, 3, 12, 4, 13, 5, 14, 6, 15, 7, 8, 0] //! eval z = z[0] + (z[1] << 28) + (z[2] << 56) + (z[3] << 84) + (z[4] << 112) + (z[5] << 140) + (z[6] << 168) + (z[7] << 196) + (z[8] << 224) + (z[9] << 252) + (z[10] << 0x118) + (z[11] << 0x134) + (z[12] << 0x150) + (z[13] << 0x16c) + (z[14] << 0x188) + (z[15] << 0x1a4) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) //! balance = [0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffc, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p448_u1 = u8; pub type fiat_p448_i1 = i8; pub type fiat_p448_u2 = u8; pub type fiat_p448_i2 = i8; /** The type fiat_p448_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] */ #[derive(Clone, Copy)] pub struct fiat_p448_loose_field_element(pub [u32; 16]); impl core::ops::Index for fiat_p448_loose_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p448_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p448_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] */ #[derive(Clone, Copy)] pub struct fiat_p448_tight_field_element(pub [u32; 16]); impl core::ops::Index for fiat_p448_tight_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p448_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p448_addcarryx_u28 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^28 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^28⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffff] /// arg3: [0x0 ~> 0xfffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p448_addcarryx_u28(out1: &mut u32, out2: &mut fiat_p448_u1, arg1: fiat_p448_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0xfffffff); let x3: fiat_p448_u1 = ((x1 >> 28) as fiat_p448_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p448_subborrowx_u28 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^28 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^28⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffff] /// arg3: [0x0 ~> 0xfffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p448_subborrowx_u28(out1: &mut u32, out2: &mut fiat_p448_u1, arg1: fiat_p448_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_p448_i1 = ((x1 >> 28) as fiat_p448_i1); let x3: u32 = (((x1 as i64) & (0xfffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p448_i2) - (x2 as fiat_p448_i2)) as fiat_p448_u1); } /// The function fiat_p448_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p448_cmovznz_u32(out1: &mut u32, arg1: fiat_p448_u1, arg2: u32, arg3: u32) { let x1: fiat_p448_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p448_i2) - (x1 as fiat_p448_i2)) as fiat_p448_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p448_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_p448_carry_mul(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element, arg2: &fiat_p448_loose_field_element) { let x1: u64 = (((arg1[15]) as u64) * ((arg2[15]) as u64)); let x2: u64 = (((arg1[15]) as u64) * ((arg2[14]) as u64)); let x3: u64 = (((arg1[15]) as u64) * ((arg2[13]) as u64)); let x4: u64 = (((arg1[15]) as u64) * ((arg2[12]) as u64)); let x5: u64 = (((arg1[15]) as u64) * ((arg2[11]) as u64)); let x6: u64 = (((arg1[15]) as u64) * ((arg2[10]) as u64)); let x7: u64 = (((arg1[15]) as u64) * ((arg2[9]) as u64)); let x8: u64 = (((arg1[14]) as u64) * ((arg2[15]) as u64)); let x9: u64 = (((arg1[14]) as u64) * ((arg2[14]) as u64)); let x10: u64 = (((arg1[14]) as u64) * ((arg2[13]) as u64)); let x11: u64 = (((arg1[14]) as u64) * ((arg2[12]) as u64)); let x12: u64 = (((arg1[14]) as u64) * ((arg2[11]) as u64)); let x13: u64 = (((arg1[14]) as u64) * ((arg2[10]) as u64)); let x14: u64 = (((arg1[13]) as u64) * ((arg2[15]) as u64)); let x15: u64 = (((arg1[13]) as u64) * ((arg2[14]) as u64)); let x16: u64 = (((arg1[13]) as u64) * ((arg2[13]) as u64)); let x17: u64 = (((arg1[13]) as u64) * ((arg2[12]) as u64)); let x18: u64 = (((arg1[13]) as u64) * ((arg2[11]) as u64)); let x19: u64 = (((arg1[12]) as u64) * ((arg2[15]) as u64)); let x20: u64 = (((arg1[12]) as u64) * ((arg2[14]) as u64)); let x21: u64 = (((arg1[12]) as u64) * ((arg2[13]) as u64)); let x22: u64 = (((arg1[12]) as u64) * ((arg2[12]) as u64)); let x23: u64 = (((arg1[11]) as u64) * ((arg2[15]) as u64)); let x24: u64 = (((arg1[11]) as u64) * ((arg2[14]) as u64)); let x25: u64 = (((arg1[11]) as u64) * ((arg2[13]) as u64)); let x26: u64 = (((arg1[10]) as u64) * ((arg2[15]) as u64)); let x27: u64 = (((arg1[10]) as u64) * ((arg2[14]) as u64)); let x28: u64 = (((arg1[9]) as u64) * ((arg2[15]) as u64)); let x29: u64 = (((arg1[15]) as u64) * ((arg2[15]) as u64)); let x30: u64 = (((arg1[15]) as u64) * ((arg2[14]) as u64)); let x31: u64 = (((arg1[15]) as u64) * ((arg2[13]) as u64)); let x32: u64 = (((arg1[15]) as u64) * ((arg2[12]) as u64)); let x33: u64 = (((arg1[15]) as u64) * ((arg2[11]) as u64)); let x34: u64 = (((arg1[15]) as u64) * ((arg2[10]) as u64)); let x35: u64 = (((arg1[15]) as u64) * ((arg2[9]) as u64)); let x36: u64 = (((arg1[14]) as u64) * ((arg2[15]) as u64)); let x37: u64 = (((arg1[14]) as u64) * ((arg2[14]) as u64)); let x38: u64 = (((arg1[14]) as u64) * ((arg2[13]) as u64)); let x39: u64 = (((arg1[14]) as u64) * ((arg2[12]) as u64)); let x40: u64 = (((arg1[14]) as u64) * ((arg2[11]) as u64)); let x41: u64 = (((arg1[14]) as u64) * ((arg2[10]) as u64)); let x42: u64 = (((arg1[13]) as u64) * ((arg2[15]) as u64)); let x43: u64 = (((arg1[13]) as u64) * ((arg2[14]) as u64)); let x44: u64 = (((arg1[13]) as u64) * ((arg2[13]) as u64)); let x45: u64 = (((arg1[13]) as u64) * ((arg2[12]) as u64)); let x46: u64 = (((arg1[13]) as u64) * ((arg2[11]) as u64)); let x47: u64 = (((arg1[12]) as u64) * ((arg2[15]) as u64)); let x48: u64 = (((arg1[12]) as u64) * ((arg2[14]) as u64)); let x49: u64 = (((arg1[12]) as u64) * ((arg2[13]) as u64)); let x50: u64 = (((arg1[12]) as u64) * ((arg2[12]) as u64)); let x51: u64 = (((arg1[11]) as u64) * ((arg2[15]) as u64)); let x52: u64 = (((arg1[11]) as u64) * ((arg2[14]) as u64)); let x53: u64 = (((arg1[11]) as u64) * ((arg2[13]) as u64)); let x54: u64 = (((arg1[10]) as u64) * ((arg2[15]) as u64)); let x55: u64 = (((arg1[10]) as u64) * ((arg2[14]) as u64)); let x56: u64 = (((arg1[9]) as u64) * ((arg2[15]) as u64)); let x57: u64 = (((arg1[15]) as u64) * ((arg2[15]) as u64)); let x58: u64 = (((arg1[15]) as u64) * ((arg2[14]) as u64)); let x59: u64 = (((arg1[15]) as u64) * ((arg2[13]) as u64)); let x60: u64 = (((arg1[15]) as u64) * ((arg2[12]) as u64)); let x61: u64 = (((arg1[15]) as u64) * ((arg2[11]) as u64)); let x62: u64 = (((arg1[15]) as u64) * ((arg2[10]) as u64)); let x63: u64 = (((arg1[15]) as u64) * ((arg2[9]) as u64)); let x64: u64 = (((arg1[15]) as u64) * ((arg2[8]) as u64)); let x65: u64 = (((arg1[15]) as u64) * ((arg2[7]) as u64)); let x66: u64 = (((arg1[15]) as u64) * ((arg2[6]) as u64)); let x67: u64 = (((arg1[15]) as u64) * ((arg2[5]) as u64)); let x68: u64 = (((arg1[15]) as u64) * ((arg2[4]) as u64)); let x69: u64 = (((arg1[15]) as u64) * ((arg2[3]) as u64)); let x70: u64 = (((arg1[15]) as u64) * ((arg2[2]) as u64)); let x71: u64 = (((arg1[15]) as u64) * ((arg2[1]) as u64)); let x72: u64 = (((arg1[14]) as u64) * ((arg2[15]) as u64)); let x73: u64 = (((arg1[14]) as u64) * ((arg2[14]) as u64)); let x74: u64 = (((arg1[14]) as u64) * ((arg2[13]) as u64)); let x75: u64 = (((arg1[14]) as u64) * ((arg2[12]) as u64)); let x76: u64 = (((arg1[14]) as u64) * ((arg2[11]) as u64)); let x77: u64 = (((arg1[14]) as u64) * ((arg2[10]) as u64)); let x78: u64 = (((arg1[14]) as u64) * ((arg2[9]) as u64)); let x79: u64 = (((arg1[14]) as u64) * ((arg2[8]) as u64)); let x80: u64 = (((arg1[14]) as u64) * ((arg2[7]) as u64)); let x81: u64 = (((arg1[14]) as u64) * ((arg2[6]) as u64)); let x82: u64 = (((arg1[14]) as u64) * ((arg2[5]) as u64)); let x83: u64 = (((arg1[14]) as u64) * ((arg2[4]) as u64)); let x84: u64 = (((arg1[14]) as u64) * ((arg2[3]) as u64)); let x85: u64 = (((arg1[14]) as u64) * ((arg2[2]) as u64)); let x86: u64 = (((arg1[13]) as u64) * ((arg2[15]) as u64)); let x87: u64 = (((arg1[13]) as u64) * ((arg2[14]) as u64)); let x88: u64 = (((arg1[13]) as u64) * ((arg2[13]) as u64)); let x89: u64 = (((arg1[13]) as u64) * ((arg2[12]) as u64)); let x90: u64 = (((arg1[13]) as u64) * ((arg2[11]) as u64)); let x91: u64 = (((arg1[13]) as u64) * ((arg2[10]) as u64)); let x92: u64 = (((arg1[13]) as u64) * ((arg2[9]) as u64)); let x93: u64 = (((arg1[13]) as u64) * ((arg2[8]) as u64)); let x94: u64 = (((arg1[13]) as u64) * ((arg2[7]) as u64)); let x95: u64 = (((arg1[13]) as u64) * ((arg2[6]) as u64)); let x96: u64 = (((arg1[13]) as u64) * ((arg2[5]) as u64)); let x97: u64 = (((arg1[13]) as u64) * ((arg2[4]) as u64)); let x98: u64 = (((arg1[13]) as u64) * ((arg2[3]) as u64)); let x99: u64 = (((arg1[12]) as u64) * ((arg2[15]) as u64)); let x100: u64 = (((arg1[12]) as u64) * ((arg2[14]) as u64)); let x101: u64 = (((arg1[12]) as u64) * ((arg2[13]) as u64)); let x102: u64 = (((arg1[12]) as u64) * ((arg2[12]) as u64)); let x103: u64 = (((arg1[12]) as u64) * ((arg2[11]) as u64)); let x104: u64 = (((arg1[12]) as u64) * ((arg2[10]) as u64)); let x105: u64 = (((arg1[12]) as u64) * ((arg2[9]) as u64)); let x106: u64 = (((arg1[12]) as u64) * ((arg2[8]) as u64)); let x107: u64 = (((arg1[12]) as u64) * ((arg2[7]) as u64)); let x108: u64 = (((arg1[12]) as u64) * ((arg2[6]) as u64)); let x109: u64 = (((arg1[12]) as u64) * ((arg2[5]) as u64)); let x110: u64 = (((arg1[12]) as u64) * ((arg2[4]) as u64)); let x111: u64 = (((arg1[11]) as u64) * ((arg2[15]) as u64)); let x112: u64 = (((arg1[11]) as u64) * ((arg2[14]) as u64)); let x113: u64 = (((arg1[11]) as u64) * ((arg2[13]) as u64)); let x114: u64 = (((arg1[11]) as u64) * ((arg2[12]) as u64)); let x115: u64 = (((arg1[11]) as u64) * ((arg2[11]) as u64)); let x116: u64 = (((arg1[11]) as u64) * ((arg2[10]) as u64)); let x117: u64 = (((arg1[11]) as u64) * ((arg2[9]) as u64)); let x118: u64 = (((arg1[11]) as u64) * ((arg2[8]) as u64)); let x119: u64 = (((arg1[11]) as u64) * ((arg2[7]) as u64)); let x120: u64 = (((arg1[11]) as u64) * ((arg2[6]) as u64)); let x121: u64 = (((arg1[11]) as u64) * ((arg2[5]) as u64)); let x122: u64 = (((arg1[10]) as u64) * ((arg2[15]) as u64)); let x123: u64 = (((arg1[10]) as u64) * ((arg2[14]) as u64)); let x124: u64 = (((arg1[10]) as u64) * ((arg2[13]) as u64)); let x125: u64 = (((arg1[10]) as u64) * ((arg2[12]) as u64)); let x126: u64 = (((arg1[10]) as u64) * ((arg2[11]) as u64)); let x127: u64 = (((arg1[10]) as u64) * ((arg2[10]) as u64)); let x128: u64 = (((arg1[10]) as u64) * ((arg2[9]) as u64)); let x129: u64 = (((arg1[10]) as u64) * ((arg2[8]) as u64)); let x130: u64 = (((arg1[10]) as u64) * ((arg2[7]) as u64)); let x131: u64 = (((arg1[10]) as u64) * ((arg2[6]) as u64)); let x132: u64 = (((arg1[9]) as u64) * ((arg2[15]) as u64)); let x133: u64 = (((arg1[9]) as u64) * ((arg2[14]) as u64)); let x134: u64 = (((arg1[9]) as u64) * ((arg2[13]) as u64)); let x135: u64 = (((arg1[9]) as u64) * ((arg2[12]) as u64)); let x136: u64 = (((arg1[9]) as u64) * ((arg2[11]) as u64)); let x137: u64 = (((arg1[9]) as u64) * ((arg2[10]) as u64)); let x138: u64 = (((arg1[9]) as u64) * ((arg2[9]) as u64)); let x139: u64 = (((arg1[9]) as u64) * ((arg2[8]) as u64)); let x140: u64 = (((arg1[9]) as u64) * ((arg2[7]) as u64)); let x141: u64 = (((arg1[8]) as u64) * ((arg2[15]) as u64)); let x142: u64 = (((arg1[8]) as u64) * ((arg2[14]) as u64)); let x143: u64 = (((arg1[8]) as u64) * ((arg2[13]) as u64)); let x144: u64 = (((arg1[8]) as u64) * ((arg2[12]) as u64)); let x145: u64 = (((arg1[8]) as u64) * ((arg2[11]) as u64)); let x146: u64 = (((arg1[8]) as u64) * ((arg2[10]) as u64)); let x147: u64 = (((arg1[8]) as u64) * ((arg2[9]) as u64)); let x148: u64 = (((arg1[8]) as u64) * ((arg2[8]) as u64)); let x149: u64 = (((arg1[7]) as u64) * ((arg2[15]) as u64)); let x150: u64 = (((arg1[7]) as u64) * ((arg2[14]) as u64)); let x151: u64 = (((arg1[7]) as u64) * ((arg2[13]) as u64)); let x152: u64 = (((arg1[7]) as u64) * ((arg2[12]) as u64)); let x153: u64 = (((arg1[7]) as u64) * ((arg2[11]) as u64)); let x154: u64 = (((arg1[7]) as u64) * ((arg2[10]) as u64)); let x155: u64 = (((arg1[7]) as u64) * ((arg2[9]) as u64)); let x156: u64 = (((arg1[6]) as u64) * ((arg2[15]) as u64)); let x157: u64 = (((arg1[6]) as u64) * ((arg2[14]) as u64)); let x158: u64 = (((arg1[6]) as u64) * ((arg2[13]) as u64)); let x159: u64 = (((arg1[6]) as u64) * ((arg2[12]) as u64)); let x160: u64 = (((arg1[6]) as u64) * ((arg2[11]) as u64)); let x161: u64 = (((arg1[6]) as u64) * ((arg2[10]) as u64)); let x162: u64 = (((arg1[5]) as u64) * ((arg2[15]) as u64)); let x163: u64 = (((arg1[5]) as u64) * ((arg2[14]) as u64)); let x164: u64 = (((arg1[5]) as u64) * ((arg2[13]) as u64)); let x165: u64 = (((arg1[5]) as u64) * ((arg2[12]) as u64)); let x166: u64 = (((arg1[5]) as u64) * ((arg2[11]) as u64)); let x167: u64 = (((arg1[4]) as u64) * ((arg2[15]) as u64)); let x168: u64 = (((arg1[4]) as u64) * ((arg2[14]) as u64)); let x169: u64 = (((arg1[4]) as u64) * ((arg2[13]) as u64)); let x170: u64 = (((arg1[4]) as u64) * ((arg2[12]) as u64)); let x171: u64 = (((arg1[3]) as u64) * ((arg2[15]) as u64)); let x172: u64 = (((arg1[3]) as u64) * ((arg2[14]) as u64)); let x173: u64 = (((arg1[3]) as u64) * ((arg2[13]) as u64)); let x174: u64 = (((arg1[2]) as u64) * ((arg2[15]) as u64)); let x175: u64 = (((arg1[2]) as u64) * ((arg2[14]) as u64)); let x176: u64 = (((arg1[1]) as u64) * ((arg2[15]) as u64)); let x177: u64 = (((arg1[15]) as u64) * ((arg2[8]) as u64)); let x178: u64 = (((arg1[15]) as u64) * ((arg2[7]) as u64)); let x179: u64 = (((arg1[15]) as u64) * ((arg2[6]) as u64)); let x180: u64 = (((arg1[15]) as u64) * ((arg2[5]) as u64)); let x181: u64 = (((arg1[15]) as u64) * ((arg2[4]) as u64)); let x182: u64 = (((arg1[15]) as u64) * ((arg2[3]) as u64)); let x183: u64 = (((arg1[15]) as u64) * ((arg2[2]) as u64)); let x184: u64 = (((arg1[15]) as u64) * ((arg2[1]) as u64)); let x185: u64 = (((arg1[14]) as u64) * ((arg2[9]) as u64)); let x186: u64 = (((arg1[14]) as u64) * ((arg2[8]) as u64)); let x187: u64 = (((arg1[14]) as u64) * ((arg2[7]) as u64)); let x188: u64 = (((arg1[14]) as u64) * ((arg2[6]) as u64)); let x189: u64 = (((arg1[14]) as u64) * ((arg2[5]) as u64)); let x190: u64 = (((arg1[14]) as u64) * ((arg2[4]) as u64)); let x191: u64 = (((arg1[14]) as u64) * ((arg2[3]) as u64)); let x192: u64 = (((arg1[14]) as u64) * ((arg2[2]) as u64)); let x193: u64 = (((arg1[13]) as u64) * ((arg2[10]) as u64)); let x194: u64 = (((arg1[13]) as u64) * ((arg2[9]) as u64)); let x195: u64 = (((arg1[13]) as u64) * ((arg2[8]) as u64)); let x196: u64 = (((arg1[13]) as u64) * ((arg2[7]) as u64)); let x197: u64 = (((arg1[13]) as u64) * ((arg2[6]) as u64)); let x198: u64 = (((arg1[13]) as u64) * ((arg2[5]) as u64)); let x199: u64 = (((arg1[13]) as u64) * ((arg2[4]) as u64)); let x200: u64 = (((arg1[13]) as u64) * ((arg2[3]) as u64)); let x201: u64 = (((arg1[12]) as u64) * ((arg2[11]) as u64)); let x202: u64 = (((arg1[12]) as u64) * ((arg2[10]) as u64)); let x203: u64 = (((arg1[12]) as u64) * ((arg2[9]) as u64)); let x204: u64 = (((arg1[12]) as u64) * ((arg2[8]) as u64)); let x205: u64 = (((arg1[12]) as u64) * ((arg2[7]) as u64)); let x206: u64 = (((arg1[12]) as u64) * ((arg2[6]) as u64)); let x207: u64 = (((arg1[12]) as u64) * ((arg2[5]) as u64)); let x208: u64 = (((arg1[12]) as u64) * ((arg2[4]) as u64)); let x209: u64 = (((arg1[11]) as u64) * ((arg2[12]) as u64)); let x210: u64 = (((arg1[11]) as u64) * ((arg2[11]) as u64)); let x211: u64 = (((arg1[11]) as u64) * ((arg2[10]) as u64)); let x212: u64 = (((arg1[11]) as u64) * ((arg2[9]) as u64)); let x213: u64 = (((arg1[11]) as u64) * ((arg2[8]) as u64)); let x214: u64 = (((arg1[11]) as u64) * ((arg2[7]) as u64)); let x215: u64 = (((arg1[11]) as u64) * ((arg2[6]) as u64)); let x216: u64 = (((arg1[11]) as u64) * ((arg2[5]) as u64)); let x217: u64 = (((arg1[10]) as u64) * ((arg2[13]) as u64)); let x218: u64 = (((arg1[10]) as u64) * ((arg2[12]) as u64)); let x219: u64 = (((arg1[10]) as u64) * ((arg2[11]) as u64)); let x220: u64 = (((arg1[10]) as u64) * ((arg2[10]) as u64)); let x221: u64 = (((arg1[10]) as u64) * ((arg2[9]) as u64)); let x222: u64 = (((arg1[10]) as u64) * ((arg2[8]) as u64)); let x223: u64 = (((arg1[10]) as u64) * ((arg2[7]) as u64)); let x224: u64 = (((arg1[10]) as u64) * ((arg2[6]) as u64)); let x225: u64 = (((arg1[9]) as u64) * ((arg2[14]) as u64)); let x226: u64 = (((arg1[9]) as u64) * ((arg2[13]) as u64)); let x227: u64 = (((arg1[9]) as u64) * ((arg2[12]) as u64)); let x228: u64 = (((arg1[9]) as u64) * ((arg2[11]) as u64)); let x229: u64 = (((arg1[9]) as u64) * ((arg2[10]) as u64)); let x230: u64 = (((arg1[9]) as u64) * ((arg2[9]) as u64)); let x231: u64 = (((arg1[9]) as u64) * ((arg2[8]) as u64)); let x232: u64 = (((arg1[9]) as u64) * ((arg2[7]) as u64)); let x233: u64 = (((arg1[8]) as u64) * ((arg2[15]) as u64)); let x234: u64 = (((arg1[8]) as u64) * ((arg2[14]) as u64)); let x235: u64 = (((arg1[8]) as u64) * ((arg2[13]) as u64)); let x236: u64 = (((arg1[8]) as u64) * ((arg2[12]) as u64)); let x237: u64 = (((arg1[8]) as u64) * ((arg2[11]) as u64)); let x238: u64 = (((arg1[8]) as u64) * ((arg2[10]) as u64)); let x239: u64 = (((arg1[8]) as u64) * ((arg2[9]) as u64)); let x240: u64 = (((arg1[8]) as u64) * ((arg2[8]) as u64)); let x241: u64 = (((arg1[7]) as u64) * ((arg2[15]) as u64)); let x242: u64 = (((arg1[7]) as u64) * ((arg2[14]) as u64)); let x243: u64 = (((arg1[7]) as u64) * ((arg2[13]) as u64)); let x244: u64 = (((arg1[7]) as u64) * ((arg2[12]) as u64)); let x245: u64 = (((arg1[7]) as u64) * ((arg2[11]) as u64)); let x246: u64 = (((arg1[7]) as u64) * ((arg2[10]) as u64)); let x247: u64 = (((arg1[7]) as u64) * ((arg2[9]) as u64)); let x248: u64 = (((arg1[6]) as u64) * ((arg2[15]) as u64)); let x249: u64 = (((arg1[6]) as u64) * ((arg2[14]) as u64)); let x250: u64 = (((arg1[6]) as u64) * ((arg2[13]) as u64)); let x251: u64 = (((arg1[6]) as u64) * ((arg2[12]) as u64)); let x252: u64 = (((arg1[6]) as u64) * ((arg2[11]) as u64)); let x253: u64 = (((arg1[6]) as u64) * ((arg2[10]) as u64)); let x254: u64 = (((arg1[5]) as u64) * ((arg2[15]) as u64)); let x255: u64 = (((arg1[5]) as u64) * ((arg2[14]) as u64)); let x256: u64 = (((arg1[5]) as u64) * ((arg2[13]) as u64)); let x257: u64 = (((arg1[5]) as u64) * ((arg2[12]) as u64)); let x258: u64 = (((arg1[5]) as u64) * ((arg2[11]) as u64)); let x259: u64 = (((arg1[4]) as u64) * ((arg2[15]) as u64)); let x260: u64 = (((arg1[4]) as u64) * ((arg2[14]) as u64)); let x261: u64 = (((arg1[4]) as u64) * ((arg2[13]) as u64)); let x262: u64 = (((arg1[4]) as u64) * ((arg2[12]) as u64)); let x263: u64 = (((arg1[3]) as u64) * ((arg2[15]) as u64)); let x264: u64 = (((arg1[3]) as u64) * ((arg2[14]) as u64)); let x265: u64 = (((arg1[3]) as u64) * ((arg2[13]) as u64)); let x266: u64 = (((arg1[2]) as u64) * ((arg2[15]) as u64)); let x267: u64 = (((arg1[2]) as u64) * ((arg2[14]) as u64)); let x268: u64 = (((arg1[1]) as u64) * ((arg2[15]) as u64)); let x269: u64 = (((arg1[15]) as u64) * ((arg2[0]) as u64)); let x270: u64 = (((arg1[14]) as u64) * ((arg2[1]) as u64)); let x271: u64 = (((arg1[14]) as u64) * ((arg2[0]) as u64)); let x272: u64 = (((arg1[13]) as u64) * ((arg2[2]) as u64)); let x273: u64 = (((arg1[13]) as u64) * ((arg2[1]) as u64)); let x274: u64 = (((arg1[13]) as u64) * ((arg2[0]) as u64)); let x275: u64 = (((arg1[12]) as u64) * ((arg2[3]) as u64)); let x276: u64 = (((arg1[12]) as u64) * ((arg2[2]) as u64)); let x277: u64 = (((arg1[12]) as u64) * ((arg2[1]) as u64)); let x278: u64 = (((arg1[12]) as u64) * ((arg2[0]) as u64)); let x279: u64 = (((arg1[11]) as u64) * ((arg2[4]) as u64)); let x280: u64 = (((arg1[11]) as u64) * ((arg2[3]) as u64)); let x281: u64 = (((arg1[11]) as u64) * ((arg2[2]) as u64)); let x282: u64 = (((arg1[11]) as u64) * ((arg2[1]) as u64)); let x283: u64 = (((arg1[11]) as u64) * ((arg2[0]) as u64)); let x284: u64 = (((arg1[10]) as u64) * ((arg2[5]) as u64)); let x285: u64 = (((arg1[10]) as u64) * ((arg2[4]) as u64)); let x286: u64 = (((arg1[10]) as u64) * ((arg2[3]) as u64)); let x287: u64 = (((arg1[10]) as u64) * ((arg2[2]) as u64)); let x288: u64 = (((arg1[10]) as u64) * ((arg2[1]) as u64)); let x289: u64 = (((arg1[10]) as u64) * ((arg2[0]) as u64)); let x290: u64 = (((arg1[9]) as u64) * ((arg2[6]) as u64)); let x291: u64 = (((arg1[9]) as u64) * ((arg2[5]) as u64)); let x292: u64 = (((arg1[9]) as u64) * ((arg2[4]) as u64)); let x293: u64 = (((arg1[9]) as u64) * ((arg2[3]) as u64)); let x294: u64 = (((arg1[9]) as u64) * ((arg2[2]) as u64)); let x295: u64 = (((arg1[9]) as u64) * ((arg2[1]) as u64)); let x296: u64 = (((arg1[9]) as u64) * ((arg2[0]) as u64)); let x297: u64 = (((arg1[8]) as u64) * ((arg2[7]) as u64)); let x298: u64 = (((arg1[8]) as u64) * ((arg2[6]) as u64)); let x299: u64 = (((arg1[8]) as u64) * ((arg2[5]) as u64)); let x300: u64 = (((arg1[8]) as u64) * ((arg2[4]) as u64)); let x301: u64 = (((arg1[8]) as u64) * ((arg2[3]) as u64)); let x302: u64 = (((arg1[8]) as u64) * ((arg2[2]) as u64)); let x303: u64 = (((arg1[8]) as u64) * ((arg2[1]) as u64)); let x304: u64 = (((arg1[8]) as u64) * ((arg2[0]) as u64)); let x305: u64 = (((arg1[7]) as u64) * ((arg2[8]) as u64)); let x306: u64 = (((arg1[7]) as u64) * ((arg2[7]) as u64)); let x307: u64 = (((arg1[7]) as u64) * ((arg2[6]) as u64)); let x308: u64 = (((arg1[7]) as u64) * ((arg2[5]) as u64)); let x309: u64 = (((arg1[7]) as u64) * ((arg2[4]) as u64)); let x310: u64 = (((arg1[7]) as u64) * ((arg2[3]) as u64)); let x311: u64 = (((arg1[7]) as u64) * ((arg2[2]) as u64)); let x312: u64 = (((arg1[7]) as u64) * ((arg2[1]) as u64)); let x313: u64 = (((arg1[7]) as u64) * ((arg2[0]) as u64)); let x314: u64 = (((arg1[6]) as u64) * ((arg2[9]) as u64)); let x315: u64 = (((arg1[6]) as u64) * ((arg2[8]) as u64)); let x316: u64 = (((arg1[6]) as u64) * ((arg2[7]) as u64)); let x317: u64 = (((arg1[6]) as u64) * ((arg2[6]) as u64)); let x318: u64 = (((arg1[6]) as u64) * ((arg2[5]) as u64)); let x319: u64 = (((arg1[6]) as u64) * ((arg2[4]) as u64)); let x320: u64 = (((arg1[6]) as u64) * ((arg2[3]) as u64)); let x321: u64 = (((arg1[6]) as u64) * ((arg2[2]) as u64)); let x322: u64 = (((arg1[6]) as u64) * ((arg2[1]) as u64)); let x323: u64 = (((arg1[6]) as u64) * ((arg2[0]) as u64)); let x324: u64 = (((arg1[5]) as u64) * ((arg2[10]) as u64)); let x325: u64 = (((arg1[5]) as u64) * ((arg2[9]) as u64)); let x326: u64 = (((arg1[5]) as u64) * ((arg2[8]) as u64)); let x327: u64 = (((arg1[5]) as u64) * ((arg2[7]) as u64)); let x328: u64 = (((arg1[5]) as u64) * ((arg2[6]) as u64)); let x329: u64 = (((arg1[5]) as u64) * ((arg2[5]) as u64)); let x330: u64 = (((arg1[5]) as u64) * ((arg2[4]) as u64)); let x331: u64 = (((arg1[5]) as u64) * ((arg2[3]) as u64)); let x332: u64 = (((arg1[5]) as u64) * ((arg2[2]) as u64)); let x333: u64 = (((arg1[5]) as u64) * ((arg2[1]) as u64)); let x334: u64 = (((arg1[5]) as u64) * ((arg2[0]) as u64)); let x335: u64 = (((arg1[4]) as u64) * ((arg2[11]) as u64)); let x336: u64 = (((arg1[4]) as u64) * ((arg2[10]) as u64)); let x337: u64 = (((arg1[4]) as u64) * ((arg2[9]) as u64)); let x338: u64 = (((arg1[4]) as u64) * ((arg2[8]) as u64)); let x339: u64 = (((arg1[4]) as u64) * ((arg2[7]) as u64)); let x340: u64 = (((arg1[4]) as u64) * ((arg2[6]) as u64)); let x341: u64 = (((arg1[4]) as u64) * ((arg2[5]) as u64)); let x342: u64 = (((arg1[4]) as u64) * ((arg2[4]) as u64)); let x343: u64 = (((arg1[4]) as u64) * ((arg2[3]) as u64)); let x344: u64 = (((arg1[4]) as u64) * ((arg2[2]) as u64)); let x345: u64 = (((arg1[4]) as u64) * ((arg2[1]) as u64)); let x346: u64 = (((arg1[4]) as u64) * ((arg2[0]) as u64)); let x347: u64 = (((arg1[3]) as u64) * ((arg2[12]) as u64)); let x348: u64 = (((arg1[3]) as u64) * ((arg2[11]) as u64)); let x349: u64 = (((arg1[3]) as u64) * ((arg2[10]) as u64)); let x350: u64 = (((arg1[3]) as u64) * ((arg2[9]) as u64)); let x351: u64 = (((arg1[3]) as u64) * ((arg2[8]) as u64)); let x352: u64 = (((arg1[3]) as u64) * ((arg2[7]) as u64)); let x353: u64 = (((arg1[3]) as u64) * ((arg2[6]) as u64)); let x354: u64 = (((arg1[3]) as u64) * ((arg2[5]) as u64)); let x355: u64 = (((arg1[3]) as u64) * ((arg2[4]) as u64)); let x356: u64 = (((arg1[3]) as u64) * ((arg2[3]) as u64)); let x357: u64 = (((arg1[3]) as u64) * ((arg2[2]) as u64)); let x358: u64 = (((arg1[3]) as u64) * ((arg2[1]) as u64)); let x359: u64 = (((arg1[3]) as u64) * ((arg2[0]) as u64)); let x360: u64 = (((arg1[2]) as u64) * ((arg2[13]) as u64)); let x361: u64 = (((arg1[2]) as u64) * ((arg2[12]) as u64)); let x362: u64 = (((arg1[2]) as u64) * ((arg2[11]) as u64)); let x363: u64 = (((arg1[2]) as u64) * ((arg2[10]) as u64)); let x364: u64 = (((arg1[2]) as u64) * ((arg2[9]) as u64)); let x365: u64 = (((arg1[2]) as u64) * ((arg2[8]) as u64)); let x366: u64 = (((arg1[2]) as u64) * ((arg2[7]) as u64)); let x367: u64 = (((arg1[2]) as u64) * ((arg2[6]) as u64)); let x368: u64 = (((arg1[2]) as u64) * ((arg2[5]) as u64)); let x369: u64 = (((arg1[2]) as u64) * ((arg2[4]) as u64)); let x370: u64 = (((arg1[2]) as u64) * ((arg2[3]) as u64)); let x371: u64 = (((arg1[2]) as u64) * ((arg2[2]) as u64)); let x372: u64 = (((arg1[2]) as u64) * ((arg2[1]) as u64)); let x373: u64 = (((arg1[2]) as u64) * ((arg2[0]) as u64)); let x374: u64 = (((arg1[1]) as u64) * ((arg2[14]) as u64)); let x375: u64 = (((arg1[1]) as u64) * ((arg2[13]) as u64)); let x376: u64 = (((arg1[1]) as u64) * ((arg2[12]) as u64)); let x377: u64 = (((arg1[1]) as u64) * ((arg2[11]) as u64)); let x378: u64 = (((arg1[1]) as u64) * ((arg2[10]) as u64)); let x379: u64 = (((arg1[1]) as u64) * ((arg2[9]) as u64)); let x380: u64 = (((arg1[1]) as u64) * ((arg2[8]) as u64)); let x381: u64 = (((arg1[1]) as u64) * ((arg2[7]) as u64)); let x382: u64 = (((arg1[1]) as u64) * ((arg2[6]) as u64)); let x383: u64 = (((arg1[1]) as u64) * ((arg2[5]) as u64)); let x384: u64 = (((arg1[1]) as u64) * ((arg2[4]) as u64)); let x385: u64 = (((arg1[1]) as u64) * ((arg2[3]) as u64)); let x386: u64 = (((arg1[1]) as u64) * ((arg2[2]) as u64)); let x387: u64 = (((arg1[1]) as u64) * ((arg2[1]) as u64)); let x388: u64 = (((arg1[1]) as u64) * ((arg2[0]) as u64)); let x389: u64 = (((arg1[0]) as u64) * ((arg2[15]) as u64)); let x390: u64 = (((arg1[0]) as u64) * ((arg2[14]) as u64)); let x391: u64 = (((arg1[0]) as u64) * ((arg2[13]) as u64)); let x392: u64 = (((arg1[0]) as u64) * ((arg2[12]) as u64)); let x393: u64 = (((arg1[0]) as u64) * ((arg2[11]) as u64)); let x394: u64 = (((arg1[0]) as u64) * ((arg2[10]) as u64)); let x395: u64 = (((arg1[0]) as u64) * ((arg2[9]) as u64)); let x396: u64 = (((arg1[0]) as u64) * ((arg2[8]) as u64)); let x397: u64 = (((arg1[0]) as u64) * ((arg2[7]) as u64)); let x398: u64 = (((arg1[0]) as u64) * ((arg2[6]) as u64)); let x399: u64 = (((arg1[0]) as u64) * ((arg2[5]) as u64)); let x400: u64 = (((arg1[0]) as u64) * ((arg2[4]) as u64)); let x401: u64 = (((arg1[0]) as u64) * ((arg2[3]) as u64)); let x402: u64 = (((arg1[0]) as u64) * ((arg2[2]) as u64)); let x403: u64 = (((arg1[0]) as u64) * ((arg2[1]) as u64)); let x404: u64 = (((arg1[0]) as u64) * ((arg2[0]) as u64)); let x405: u64 = (x397 + (x382 + (x368 + (x355 + (x343 + (x332 + (x322 + (x313 + (x141 + (x133 + (x124 + (x114 + (x103 + (x91 + (x78 + x64))))))))))))))); let x406: u64 = (x405 >> 28); let x407: u32 = ((x405 & (0xfffffff as u64)) as u32); let x408: u64 = (x389 + (x374 + (x360 + (x347 + (x335 + (x324 + (x314 + (x305 + (x297 + (x290 + (x284 + (x279 + (x275 + (x272 + (x270 + (x269 + (x233 + (x225 + (x217 + (x209 + (x201 + (x193 + (x185 + x177))))))))))))))))))))))); let x409: u64 = (x390 + (x375 + (x361 + (x348 + (x336 + (x325 + (x315 + (x306 + (x298 + (x291 + (x285 + (x280 + (x276 + (x273 + (x271 + (x241 + (x234 + (x226 + (x218 + (x210 + (x202 + (x194 + (x186 + (x178 + (x57 + x29))))))))))))))))))))))))); let x410: u64 = (x391 + (x376 + (x362 + (x349 + (x337 + (x326 + (x316 + (x307 + (x299 + (x292 + (x286 + (x281 + (x277 + (x274 + (x248 + (x242 + (x235 + (x227 + (x219 + (x211 + (x203 + (x195 + (x187 + (x179 + (x72 + (x58 + (x36 + x30))))))))))))))))))))))))))); let x411: u128 = ((x392 as u128) + ((x377 as u128) + ((x363 + (x350 + (x338 + (x327 + (x317 + (x308 + (x300 + (x293 + (x287 + (x282 + (x278 + (x254 + (x249 + (x243 + (x236 + (x228 + (x220 + (x212 + (x204 + (x196 + (x188 + (x180 + (x86 + (x73 + (x59 + (x42 + (x37 + x31))))))))))))))))))))))))))) as u128))); let x412: u128 = ((x393 as u128) + ((x378 as u128) + ((x364 as u128) + ((x351 as u128) + ((x339 + (x328 + (x318 + (x309 + (x301 + (x294 + (x288 + (x283 + (x259 + (x255 + (x250 + (x244 + (x237 + (x229 + (x221 + (x213 + (x205 + (x197 + (x189 + (x181 + (x99 + (x87 + (x74 + (x60 + (x47 + (x43 + (x38 + x32))))))))))))))))))))))))))) as u128))))); let x413: u128 = ((x394 as u128) + ((x379 as u128) + ((x365 as u128) + ((x352 as u128) + ((x340 as u128) + ((x329 as u128) + ((x319 + (x310 + (x302 + (x295 + (x289 + (x263 + (x260 + (x256 + (x251 + (x245 + (x238 + (x230 + (x222 + (x214 + (x206 + (x198 + (x190 + (x182 + (x111 + (x100 + (x88 + (x75 + (x61 + (x51 + (x48 + (x44 + (x39 + x33))))))))))))))))))))))))))) as u128))))))); let x414: u128 = ((x395 as u128) + ((x380 as u128) + ((x366 as u128) + ((x353 as u128) + ((x341 as u128) + ((x330 as u128) + ((x320 as u128) + ((x311 as u128) + ((x303 + (x296 + (x266 + (x264 + (x261 + (x257 + (x252 + (x246 + (x239 + (x231 + (x223 + (x215 + (x207 + (x199 + (x191 + (x183 + (x122 + (x112 + (x101 + (x89 + (x76 + (x62 + (x54 + (x52 + (x49 + (x45 + (x40 + x34))))))))))))))))))))))))))) as u128))))))))); let x415: u128 = ((x396 as u128) + ((x381 as u128) + ((x367 as u128) + ((x354 as u128) + ((x342 as u128) + ((x331 as u128) + ((x321 as u128) + ((x312 as u128) + ((x304 as u128) + ((x268 as u128) + ((x267 + (x265 + (x262 + (x258 + (x253 + (x247 + (x240 + (x232 + (x224 + (x216 + (x208 + (x200 + (x192 + (x184 + (x132 + (x123 + (x113 + (x102 + (x90 + (x77 + (x63 + (x56 + (x55 + (x53 + (x50 + (x46 + (x41 + x35))))))))))))))))))))))))))) as u128))))))))))); let x416: u64 = (x398 + (x383 + (x369 + (x356 + (x344 + (x333 + (x323 + (x149 + (x142 + (x134 + (x125 + (x115 + (x104 + (x92 + (x79 + (x65 + x1)))))))))))))))); let x417: u64 = (x399 + (x384 + (x370 + (x357 + (x345 + (x334 + (x156 + (x150 + (x143 + (x135 + (x126 + (x116 + (x105 + (x93 + (x80 + (x66 + (x8 + x2))))))))))))))))); let x418: u64 = (x400 + (x385 + (x371 + (x358 + (x346 + (x162 + (x157 + (x151 + (x144 + (x136 + (x127 + (x117 + (x106 + (x94 + (x81 + (x67 + (x14 + (x9 + x3)))))))))))))))))); let x419: u64 = (x401 + (x386 + (x372 + (x359 + (x167 + (x163 + (x158 + (x152 + (x145 + (x137 + (x128 + (x118 + (x107 + (x95 + (x82 + (x68 + (x19 + (x15 + (x10 + x4))))))))))))))))))); let x420: u64 = (x402 + (x387 + (x373 + (x171 + (x168 + (x164 + (x159 + (x153 + (x146 + (x138 + (x129 + (x119 + (x108 + (x96 + (x83 + (x69 + (x23 + (x20 + (x16 + (x11 + x5)))))))))))))))))))); let x421: u64 = (x403 + (x388 + (x174 + (x172 + (x169 + (x165 + (x160 + (x154 + (x147 + (x139 + (x130 + (x120 + (x109 + (x97 + (x84 + (x70 + (x26 + (x24 + (x21 + (x17 + (x12 + x6))))))))))))))))))))); let x422: u64 = (x404 + (x176 + (x175 + (x173 + (x170 + (x166 + (x161 + (x155 + (x148 + (x140 + (x131 + (x121 + (x110 + (x98 + (x85 + (x71 + (x28 + (x27 + (x25 + (x22 + (x18 + (x13 + x7)))))))))))))))))))))); let x423: u128 = ((x406 as u128) + x415); let x424: u64 = (x408 >> 28); let x425: u32 = ((x408 & (0xfffffff as u64)) as u32); let x426: u128 = (x423 + (x424 as u128)); let x427: u64 = ((x426 >> 28) as u64); let x428: u32 = ((x426 & (0xfffffff as u128)) as u32); let x429: u64 = (x422 + x424); let x430: u128 = ((x427 as u128) + x414); let x431: u64 = (x429 >> 28); let x432: u32 = ((x429 & (0xfffffff as u64)) as u32); let x433: u64 = (x431 + x421); let x434: u64 = ((x430 >> 28) as u64); let x435: u32 = ((x430 & (0xfffffff as u128)) as u32); let x436: u128 = ((x434 as u128) + x413); let x437: u64 = (x433 >> 28); let x438: u32 = ((x433 & (0xfffffff as u64)) as u32); let x439: u64 = (x437 + x420); let x440: u64 = ((x436 >> 28) as u64); let x441: u32 = ((x436 & (0xfffffff as u128)) as u32); let x442: u128 = ((x440 as u128) + x412); let x443: u64 = (x439 >> 28); let x444: u32 = ((x439 & (0xfffffff as u64)) as u32); let x445: u64 = (x443 + x419); let x446: u64 = ((x442 >> 28) as u64); let x447: u32 = ((x442 & (0xfffffff as u128)) as u32); let x448: u128 = ((x446 as u128) + x411); let x449: u64 = (x445 >> 28); let x450: u32 = ((x445 & (0xfffffff as u64)) as u32); let x451: u64 = (x449 + x418); let x452: u64 = ((x448 >> 28) as u64); let x453: u32 = ((x448 & (0xfffffff as u128)) as u32); let x454: u64 = (x452 + x410); let x455: u64 = (x451 >> 28); let x456: u32 = ((x451 & (0xfffffff as u64)) as u32); let x457: u64 = (x455 + x417); let x458: u64 = (x454 >> 28); let x459: u32 = ((x454 & (0xfffffff as u64)) as u32); let x460: u64 = (x458 + x409); let x461: u64 = (x457 >> 28); let x462: u32 = ((x457 & (0xfffffff as u64)) as u32); let x463: u64 = (x461 + x416); let x464: u64 = (x460 >> 28); let x465: u32 = ((x460 & (0xfffffff as u64)) as u32); let x466: u64 = (x464 + (x425 as u64)); let x467: u64 = (x463 >> 28); let x468: u32 = ((x463 & (0xfffffff as u64)) as u32); let x469: u64 = (x467 + (x407 as u64)); let x470: u32 = ((x466 >> 28) as u32); let x471: u32 = ((x466 & (0xfffffff as u64)) as u32); let x472: u32 = ((x469 >> 28) as u32); let x473: u32 = ((x469 & (0xfffffff as u64)) as u32); let x474: u32 = (x428 + x470); let x475: u32 = (x432 + x470); let x476: u32 = (x472 + x474); let x477: fiat_p448_u1 = ((x476 >> 28) as fiat_p448_u1); let x478: u32 = (x476 & 0xfffffff); let x479: u32 = ((x477 as u32) + x435); let x480: fiat_p448_u1 = ((x475 >> 28) as fiat_p448_u1); let x481: u32 = (x475 & 0xfffffff); let x482: u32 = ((x480 as u32) + x438); out1[0] = x481; out1[1] = x482; out1[2] = x444; out1[3] = x450; out1[4] = x456; out1[5] = x462; out1[6] = x468; out1[7] = x473; out1[8] = x478; out1[9] = x479; out1[10] = x441; out1[11] = x447; out1[12] = x453; out1[13] = x459; out1[14] = x465; out1[15] = x471; } /// The function fiat_p448_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_p448_carry_square(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element) { let x1: u32 = (arg1[15]); let x2: u32 = (arg1[15]); let x3: u32 = (x1 * 0x2); let x4: u32 = (x2 * 0x2); let x5: u32 = ((arg1[15]) * 0x2); let x6: u32 = (arg1[14]); let x7: u32 = (arg1[14]); let x8: u32 = (x6 * 0x2); let x9: u32 = (x7 * 0x2); let x10: u32 = ((arg1[14]) * 0x2); let x11: u32 = (arg1[13]); let x12: u32 = (arg1[13]); let x13: u32 = (x11 * 0x2); let x14: u32 = (x12 * 0x2); let x15: u32 = ((arg1[13]) * 0x2); let x16: u32 = (arg1[12]); let x17: u32 = (arg1[12]); let x18: u32 = (x16 * 0x2); let x19: u32 = (x17 * 0x2); let x20: u32 = ((arg1[12]) * 0x2); let x21: u32 = (arg1[11]); let x22: u32 = (arg1[11]); let x23: u32 = (x21 * 0x2); let x24: u32 = (x22 * 0x2); let x25: u32 = ((arg1[11]) * 0x2); let x26: u32 = (arg1[10]); let x27: u32 = (arg1[10]); let x28: u32 = (x26 * 0x2); let x29: u32 = (x27 * 0x2); let x30: u32 = ((arg1[10]) * 0x2); let x31: u32 = (arg1[9]); let x32: u32 = (arg1[9]); let x33: u32 = (x31 * 0x2); let x34: u32 = (x32 * 0x2); let x35: u32 = ((arg1[9]) * 0x2); let x36: u32 = (arg1[8]); let x37: u32 = (arg1[8]); let x38: u32 = ((arg1[8]) * 0x2); let x39: u32 = ((arg1[7]) * 0x2); let x40: u32 = ((arg1[6]) * 0x2); let x41: u32 = ((arg1[5]) * 0x2); let x42: u32 = ((arg1[4]) * 0x2); let x43: u32 = ((arg1[3]) * 0x2); let x44: u32 = ((arg1[2]) * 0x2); let x45: u32 = ((arg1[1]) * 0x2); let x46: u64 = (((arg1[15]) as u64) * (x1 as u64)); let x47: u64 = (((arg1[14]) as u64) * (x3 as u64)); let x48: u64 = (((arg1[14]) as u64) * (x6 as u64)); let x49: u64 = (((arg1[13]) as u64) * (x3 as u64)); let x50: u64 = (((arg1[13]) as u64) * (x8 as u64)); let x51: u64 = (((arg1[13]) as u64) * (x11 as u64)); let x52: u64 = (((arg1[12]) as u64) * (x3 as u64)); let x53: u64 = (((arg1[12]) as u64) * (x8 as u64)); let x54: u64 = (((arg1[12]) as u64) * (x13 as u64)); let x55: u64 = (((arg1[12]) as u64) * (x16 as u64)); let x56: u64 = (((arg1[11]) as u64) * (x3 as u64)); let x57: u64 = (((arg1[11]) as u64) * (x8 as u64)); let x58: u64 = (((arg1[11]) as u64) * (x13 as u64)); let x59: u64 = (((arg1[10]) as u64) * (x3 as u64)); let x60: u64 = (((arg1[10]) as u64) * (x8 as u64)); let x61: u64 = (((arg1[9]) as u64) * (x3 as u64)); let x62: u64 = (((arg1[15]) as u64) * (x1 as u64)); let x63: u64 = (((arg1[14]) as u64) * (x3 as u64)); let x64: u64 = (((arg1[14]) as u64) * (x6 as u64)); let x65: u64 = (((arg1[13]) as u64) * (x3 as u64)); let x66: u64 = (((arg1[13]) as u64) * (x8 as u64)); let x67: u64 = (((arg1[13]) as u64) * (x11 as u64)); let x68: u64 = (((arg1[12]) as u64) * (x3 as u64)); let x69: u64 = (((arg1[12]) as u64) * (x8 as u64)); let x70: u64 = (((arg1[12]) as u64) * (x13 as u64)); let x71: u64 = (((arg1[12]) as u64) * (x16 as u64)); let x72: u64 = (((arg1[11]) as u64) * (x3 as u64)); let x73: u64 = (((arg1[11]) as u64) * (x8 as u64)); let x74: u64 = (((arg1[11]) as u64) * (x13 as u64)); let x75: u64 = (((arg1[10]) as u64) * (x3 as u64)); let x76: u64 = (((arg1[10]) as u64) * (x8 as u64)); let x77: u64 = (((arg1[9]) as u64) * (x3 as u64)); let x78: u64 = (((arg1[15]) as u64) * (x2 as u64)); let x79: u64 = (((arg1[14]) as u64) * (x4 as u64)); let x80: u64 = (((arg1[14]) as u64) * (x7 as u64)); let x81: u64 = (((arg1[13]) as u64) * (x4 as u64)); let x82: u64 = (((arg1[13]) as u64) * (x9 as u64)); let x83: u64 = (((arg1[13]) as u64) * (x12 as u64)); let x84: u64 = (((arg1[12]) as u64) * (x4 as u64)); let x85: u64 = (((arg1[12]) as u64) * (x9 as u64)); let x86: u64 = (((arg1[12]) as u64) * (x14 as u64)); let x87: u64 = (((arg1[12]) as u64) * (x17 as u64)); let x88: u64 = (((arg1[11]) as u64) * (x4 as u64)); let x89: u64 = (((arg1[11]) as u64) * (x9 as u64)); let x90: u64 = (((arg1[11]) as u64) * (x14 as u64)); let x91: u64 = (((arg1[11]) as u64) * (x19 as u64)); let x92: u64 = (((arg1[11]) as u64) * (x18 as u64)); let x93: u64 = (((arg1[11]) as u64) * (x22 as u64)); let x94: u64 = (((arg1[11]) as u64) * (x21 as u64)); let x95: u64 = (((arg1[10]) as u64) * (x4 as u64)); let x96: u64 = (((arg1[10]) as u64) * (x9 as u64)); let x97: u64 = (((arg1[10]) as u64) * (x14 as u64)); let x98: u64 = (((arg1[10]) as u64) * (x13 as u64)); let x99: u64 = (((arg1[10]) as u64) * (x19 as u64)); let x100: u64 = (((arg1[10]) as u64) * (x18 as u64)); let x101: u64 = (((arg1[10]) as u64) * (x24 as u64)); let x102: u64 = (((arg1[10]) as u64) * (x23 as u64)); let x103: u64 = (((arg1[10]) as u64) * (x27 as u64)); let x104: u64 = (((arg1[10]) as u64) * (x26 as u64)); let x105: u64 = (((arg1[9]) as u64) * (x4 as u64)); let x106: u64 = (((arg1[9]) as u64) * (x9 as u64)); let x107: u64 = (((arg1[9]) as u64) * (x8 as u64)); let x108: u64 = (((arg1[9]) as u64) * (x14 as u64)); let x109: u64 = (((arg1[9]) as u64) * (x13 as u64)); let x110: u64 = (((arg1[9]) as u64) * (x19 as u64)); let x111: u64 = (((arg1[9]) as u64) * (x18 as u64)); let x112: u64 = (((arg1[9]) as u64) * (x24 as u64)); let x113: u64 = (((arg1[9]) as u64) * (x23 as u64)); let x114: u64 = (((arg1[9]) as u64) * (x29 as u64)); let x115: u64 = (((arg1[9]) as u64) * (x28 as u64)); let x116: u64 = (((arg1[9]) as u64) * (x32 as u64)); let x117: u64 = (((arg1[9]) as u64) * (x31 as u64)); let x118: u64 = (((arg1[8]) as u64) * (x4 as u64)); let x119: u64 = (((arg1[8]) as u64) * (x3 as u64)); let x120: u64 = (((arg1[8]) as u64) * (x9 as u64)); let x121: u64 = (((arg1[8]) as u64) * (x8 as u64)); let x122: u64 = (((arg1[8]) as u64) * (x14 as u64)); let x123: u64 = (((arg1[8]) as u64) * (x13 as u64)); let x124: u64 = (((arg1[8]) as u64) * (x19 as u64)); let x125: u64 = (((arg1[8]) as u64) * (x18 as u64)); let x126: u64 = (((arg1[8]) as u64) * (x24 as u64)); let x127: u64 = (((arg1[8]) as u64) * (x23 as u64)); let x128: u64 = (((arg1[8]) as u64) * (x29 as u64)); let x129: u64 = (((arg1[8]) as u64) * (x28 as u64)); let x130: u64 = (((arg1[8]) as u64) * (x34 as u64)); let x131: u64 = (((arg1[8]) as u64) * (x33 as u64)); let x132: u64 = (((arg1[8]) as u64) * (x37 as u64)); let x133: u64 = (((arg1[8]) as u64) * (x36 as u64)); let x134: u64 = (((arg1[7]) as u64) * (x4 as u64)); let x135: u64 = (((arg1[7]) as u64) * (x3 as u64)); let x136: u64 = (((arg1[7]) as u64) * (x9 as u64)); let x137: u64 = (((arg1[7]) as u64) * (x8 as u64)); let x138: u64 = (((arg1[7]) as u64) * (x14 as u64)); let x139: u64 = (((arg1[7]) as u64) * (x13 as u64)); let x140: u64 = (((arg1[7]) as u64) * (x19 as u64)); let x141: u64 = (((arg1[7]) as u64) * (x18 as u64)); let x142: u64 = (((arg1[7]) as u64) * (x24 as u64)); let x143: u64 = (((arg1[7]) as u64) * (x23 as u64)); let x144: u64 = (((arg1[7]) as u64) * (x29 as u64)); let x145: u64 = (((arg1[7]) as u64) * (x28 as u64)); let x146: u64 = (((arg1[7]) as u64) * (x34 as u64)); let x147: u64 = (((arg1[7]) as u64) * (x33 as u64)); let x148: u64 = (((arg1[7]) as u64) * (x38 as u64)); let x149: u64 = (((arg1[7]) as u64) * ((arg1[7]) as u64)); let x150: u64 = (((arg1[6]) as u64) * (x4 as u64)); let x151: u64 = (((arg1[6]) as u64) * (x3 as u64)); let x152: u64 = (((arg1[6]) as u64) * (x9 as u64)); let x153: u64 = (((arg1[6]) as u64) * (x8 as u64)); let x154: u64 = (((arg1[6]) as u64) * (x14 as u64)); let x155: u64 = (((arg1[6]) as u64) * (x13 as u64)); let x156: u64 = (((arg1[6]) as u64) * (x19 as u64)); let x157: u64 = (((arg1[6]) as u64) * (x18 as u64)); let x158: u64 = (((arg1[6]) as u64) * (x24 as u64)); let x159: u64 = (((arg1[6]) as u64) * (x23 as u64)); let x160: u64 = (((arg1[6]) as u64) * (x29 as u64)); let x161: u64 = (((arg1[6]) as u64) * (x28 as u64)); let x162: u64 = (((arg1[6]) as u64) * (x35 as u64)); let x163: u64 = (((arg1[6]) as u64) * (x38 as u64)); let x164: u64 = (((arg1[6]) as u64) * (x39 as u64)); let x165: u64 = (((arg1[6]) as u64) * ((arg1[6]) as u64)); let x166: u64 = (((arg1[5]) as u64) * (x4 as u64)); let x167: u64 = (((arg1[5]) as u64) * (x3 as u64)); let x168: u64 = (((arg1[5]) as u64) * (x9 as u64)); let x169: u64 = (((arg1[5]) as u64) * (x8 as u64)); let x170: u64 = (((arg1[5]) as u64) * (x14 as u64)); let x171: u64 = (((arg1[5]) as u64) * (x13 as u64)); let x172: u64 = (((arg1[5]) as u64) * (x19 as u64)); let x173: u64 = (((arg1[5]) as u64) * (x18 as u64)); let x174: u64 = (((arg1[5]) as u64) * (x24 as u64)); let x175: u64 = (((arg1[5]) as u64) * (x23 as u64)); let x176: u64 = (((arg1[5]) as u64) * (x30 as u64)); let x177: u64 = (((arg1[5]) as u64) * (x35 as u64)); let x178: u64 = (((arg1[5]) as u64) * (x38 as u64)); let x179: u64 = (((arg1[5]) as u64) * (x39 as u64)); let x180: u64 = (((arg1[5]) as u64) * (x40 as u64)); let x181: u64 = (((arg1[5]) as u64) * ((arg1[5]) as u64)); let x182: u64 = (((arg1[4]) as u64) * (x4 as u64)); let x183: u64 = (((arg1[4]) as u64) * (x3 as u64)); let x184: u64 = (((arg1[4]) as u64) * (x9 as u64)); let x185: u64 = (((arg1[4]) as u64) * (x8 as u64)); let x186: u64 = (((arg1[4]) as u64) * (x14 as u64)); let x187: u64 = (((arg1[4]) as u64) * (x13 as u64)); let x188: u64 = (((arg1[4]) as u64) * (x19 as u64)); let x189: u64 = (((arg1[4]) as u64) * (x18 as u64)); let x190: u64 = (((arg1[4]) as u64) * (x25 as u64)); let x191: u64 = (((arg1[4]) as u64) * (x30 as u64)); let x192: u64 = (((arg1[4]) as u64) * (x35 as u64)); let x193: u64 = (((arg1[4]) as u64) * (x38 as u64)); let x194: u64 = (((arg1[4]) as u64) * (x39 as u64)); let x195: u64 = (((arg1[4]) as u64) * (x40 as u64)); let x196: u64 = (((arg1[4]) as u64) * (x41 as u64)); let x197: u64 = (((arg1[4]) as u64) * ((arg1[4]) as u64)); let x198: u64 = (((arg1[3]) as u64) * (x4 as u64)); let x199: u64 = (((arg1[3]) as u64) * (x3 as u64)); let x200: u64 = (((arg1[3]) as u64) * (x9 as u64)); let x201: u64 = (((arg1[3]) as u64) * (x8 as u64)); let x202: u64 = (((arg1[3]) as u64) * (x14 as u64)); let x203: u64 = (((arg1[3]) as u64) * (x13 as u64)); let x204: u64 = (((arg1[3]) as u64) * (x20 as u64)); let x205: u64 = (((arg1[3]) as u64) * (x25 as u64)); let x206: u64 = (((arg1[3]) as u64) * (x30 as u64)); let x207: u64 = (((arg1[3]) as u64) * (x35 as u64)); let x208: u64 = (((arg1[3]) as u64) * (x38 as u64)); let x209: u64 = (((arg1[3]) as u64) * (x39 as u64)); let x210: u64 = (((arg1[3]) as u64) * (x40 as u64)); let x211: u64 = (((arg1[3]) as u64) * (x41 as u64)); let x212: u64 = (((arg1[3]) as u64) * (x42 as u64)); let x213: u64 = (((arg1[3]) as u64) * ((arg1[3]) as u64)); let x214: u64 = (((arg1[2]) as u64) * (x4 as u64)); let x215: u64 = (((arg1[2]) as u64) * (x3 as u64)); let x216: u64 = (((arg1[2]) as u64) * (x9 as u64)); let x217: u64 = (((arg1[2]) as u64) * (x8 as u64)); let x218: u64 = (((arg1[2]) as u64) * (x15 as u64)); let x219: u64 = (((arg1[2]) as u64) * (x20 as u64)); let x220: u64 = (((arg1[2]) as u64) * (x25 as u64)); let x221: u64 = (((arg1[2]) as u64) * (x30 as u64)); let x222: u64 = (((arg1[2]) as u64) * (x35 as u64)); let x223: u64 = (((arg1[2]) as u64) * (x38 as u64)); let x224: u64 = (((arg1[2]) as u64) * (x39 as u64)); let x225: u64 = (((arg1[2]) as u64) * (x40 as u64)); let x226: u64 = (((arg1[2]) as u64) * (x41 as u64)); let x227: u64 = (((arg1[2]) as u64) * (x42 as u64)); let x228: u64 = (((arg1[2]) as u64) * (x43 as u64)); let x229: u64 = (((arg1[2]) as u64) * ((arg1[2]) as u64)); let x230: u64 = (((arg1[1]) as u64) * (x4 as u64)); let x231: u64 = (((arg1[1]) as u64) * (x3 as u64)); let x232: u64 = (((arg1[1]) as u64) * (x10 as u64)); let x233: u64 = (((arg1[1]) as u64) * (x15 as u64)); let x234: u64 = (((arg1[1]) as u64) * (x20 as u64)); let x235: u64 = (((arg1[1]) as u64) * (x25 as u64)); let x236: u64 = (((arg1[1]) as u64) * (x30 as u64)); let x237: u64 = (((arg1[1]) as u64) * (x35 as u64)); let x238: u64 = (((arg1[1]) as u64) * (x38 as u64)); let x239: u64 = (((arg1[1]) as u64) * (x39 as u64)); let x240: u64 = (((arg1[1]) as u64) * (x40 as u64)); let x241: u64 = (((arg1[1]) as u64) * (x41 as u64)); let x242: u64 = (((arg1[1]) as u64) * (x42 as u64)); let x243: u64 = (((arg1[1]) as u64) * (x43 as u64)); let x244: u64 = (((arg1[1]) as u64) * (x44 as u64)); let x245: u64 = (((arg1[1]) as u64) * ((arg1[1]) as u64)); let x246: u64 = (((arg1[0]) as u64) * (x5 as u64)); let x247: u64 = (((arg1[0]) as u64) * (x10 as u64)); let x248: u64 = (((arg1[0]) as u64) * (x15 as u64)); let x249: u64 = (((arg1[0]) as u64) * (x20 as u64)); let x250: u64 = (((arg1[0]) as u64) * (x25 as u64)); let x251: u64 = (((arg1[0]) as u64) * (x30 as u64)); let x252: u64 = (((arg1[0]) as u64) * (x35 as u64)); let x253: u64 = (((arg1[0]) as u64) * (x38 as u64)); let x254: u64 = (((arg1[0]) as u64) * (x39 as u64)); let x255: u64 = (((arg1[0]) as u64) * (x40 as u64)); let x256: u64 = (((arg1[0]) as u64) * (x41 as u64)); let x257: u64 = (((arg1[0]) as u64) * (x42 as u64)); let x258: u64 = (((arg1[0]) as u64) * (x43 as u64)); let x259: u64 = (((arg1[0]) as u64) * (x44 as u64)); let x260: u64 = (((arg1[0]) as u64) * (x45 as u64)); let x261: u64 = (((arg1[0]) as u64) * ((arg1[0]) as u64)); let x262: u64 = (x254 + (x240 + (x226 + (x212 + (x118 + (x106 + (x97 + x91))))))); let x263: u64 = (x262 >> 28); let x264: u32 = ((x262 & (0xfffffff as u64)) as u32); let x265: u64 = (x246 + (x232 + (x218 + (x204 + (x190 + (x176 + (x162 + (x148 + (x119 + (x107 + (x98 + x92))))))))))); let x266: u64 = (x247 + (x233 + (x219 + (x205 + (x191 + (x177 + (x163 + (x149 + (x135 + (x121 + (x109 + (x100 + (x94 + (x78 + x62)))))))))))))); let x267: u64 = (x248 + (x234 + (x220 + (x206 + (x192 + (x178 + (x164 + (x151 + (x137 + (x123 + (x111 + (x102 + (x79 + x63))))))))))))); let x268: u128 = ((x249 as u128) + ((x235 + (x221 + (x207 + (x193 + (x179 + (x167 + (x165 + (x153 + (x139 + (x125 + (x113 + (x104 + (x81 + (x80 + (x65 + x64))))))))))))))) as u128)); let x269: u128 = ((x250 as u128) + ((x236 as u128) + ((x222 + (x208 + (x194 + (x183 + (x180 + (x169 + (x155 + (x141 + (x127 + (x115 + (x84 + (x82 + (x68 + x66))))))))))))) as u128))); let x270: u128 = ((x251 as u128) + ((x237 as u128) + ((x223 as u128) + ((x209 + (x199 + (x195 + (x185 + (x181 + (x171 + (x157 + (x143 + (x129 + (x117 + (x88 + (x85 + (x83 + (x72 + (x69 + x67))))))))))))))) as u128)))); let x271: u128 = ((x252 as u128) + ((x238 as u128) + ((x224 as u128) + ((x215 as u128) + ((x210 + (x201 + (x196 + (x187 + (x173 + (x159 + (x145 + (x131 + (x95 + (x89 + (x86 + (x75 + (x73 + x70))))))))))))) as u128))))); let x272: u128 = ((x253 as u128) + ((x239 as u128) + ((x231 as u128) + ((x225 as u128) + ((x217 as u128) + ((x211 + (x203 + (x197 + (x189 + (x175 + (x161 + (x147 + (x133 + (x105 + (x96 + (x90 + (x87 + (x77 + (x76 + (x74 + x71))))))))))))))) as u128)))))); let x273: u64 = (x255 + (x241 + (x227 + (x213 + (x134 + (x120 + (x108 + (x99 + (x93 + x46))))))))); let x274: u64 = (x256 + (x242 + (x228 + (x150 + (x136 + (x122 + (x110 + (x101 + x47)))))))); let x275: u64 = (x257 + (x243 + (x229 + (x166 + (x152 + (x138 + (x124 + (x112 + (x103 + (x49 + x48)))))))))); let x276: u64 = (x258 + (x244 + (x182 + (x168 + (x154 + (x140 + (x126 + (x114 + (x52 + x50))))))))); let x277: u64 = (x259 + (x245 + (x198 + (x184 + (x170 + (x156 + (x142 + (x128 + (x116 + (x56 + (x53 + x51))))))))))); let x278: u64 = (x260 + (x214 + (x200 + (x186 + (x172 + (x158 + (x144 + (x130 + (x59 + (x57 + x54)))))))))); let x279: u64 = (x261 + (x230 + (x216 + (x202 + (x188 + (x174 + (x160 + (x146 + (x132 + (x61 + (x60 + (x58 + x55)))))))))))); let x280: u128 = ((x263 as u128) + x272); let x281: u64 = (x265 >> 28); let x282: u32 = ((x265 & (0xfffffff as u64)) as u32); let x283: u128 = (x280 + (x281 as u128)); let x284: u64 = ((x283 >> 28) as u64); let x285: u32 = ((x283 & (0xfffffff as u128)) as u32); let x286: u64 = (x279 + x281); let x287: u128 = ((x284 as u128) + x271); let x288: u64 = (x286 >> 28); let x289: u32 = ((x286 & (0xfffffff as u64)) as u32); let x290: u64 = (x288 + x278); let x291: u64 = ((x287 >> 28) as u64); let x292: u32 = ((x287 & (0xfffffff as u128)) as u32); let x293: u128 = ((x291 as u128) + x270); let x294: u64 = (x290 >> 28); let x295: u32 = ((x290 & (0xfffffff as u64)) as u32); let x296: u64 = (x294 + x277); let x297: u64 = ((x293 >> 28) as u64); let x298: u32 = ((x293 & (0xfffffff as u128)) as u32); let x299: u128 = ((x297 as u128) + x269); let x300: u64 = (x296 >> 28); let x301: u32 = ((x296 & (0xfffffff as u64)) as u32); let x302: u64 = (x300 + x276); let x303: u64 = ((x299 >> 28) as u64); let x304: u32 = ((x299 & (0xfffffff as u128)) as u32); let x305: u128 = ((x303 as u128) + x268); let x306: u64 = (x302 >> 28); let x307: u32 = ((x302 & (0xfffffff as u64)) as u32); let x308: u64 = (x306 + x275); let x309: u64 = ((x305 >> 28) as u64); let x310: u32 = ((x305 & (0xfffffff as u128)) as u32); let x311: u64 = (x309 + x267); let x312: u64 = (x308 >> 28); let x313: u32 = ((x308 & (0xfffffff as u64)) as u32); let x314: u64 = (x312 + x274); let x315: u64 = (x311 >> 28); let x316: u32 = ((x311 & (0xfffffff as u64)) as u32); let x317: u64 = (x315 + x266); let x318: u64 = (x314 >> 28); let x319: u32 = ((x314 & (0xfffffff as u64)) as u32); let x320: u64 = (x318 + x273); let x321: u64 = (x317 >> 28); let x322: u32 = ((x317 & (0xfffffff as u64)) as u32); let x323: u64 = (x321 + (x282 as u64)); let x324: u64 = (x320 >> 28); let x325: u32 = ((x320 & (0xfffffff as u64)) as u32); let x326: u64 = (x324 + (x264 as u64)); let x327: u32 = ((x323 >> 28) as u32); let x328: u32 = ((x323 & (0xfffffff as u64)) as u32); let x329: u32 = ((x326 >> 28) as u32); let x330: u32 = ((x326 & (0xfffffff as u64)) as u32); let x331: u32 = (x285 + x327); let x332: u32 = (x289 + x327); let x333: u32 = (x329 + x331); let x334: fiat_p448_u1 = ((x333 >> 28) as fiat_p448_u1); let x335: u32 = (x333 & 0xfffffff); let x336: u32 = ((x334 as u32) + x292); let x337: fiat_p448_u1 = ((x332 >> 28) as fiat_p448_u1); let x338: u32 = (x332 & 0xfffffff); let x339: u32 = ((x337 as u32) + x295); out1[0] = x338; out1[1] = x339; out1[2] = x301; out1[3] = x307; out1[4] = x313; out1[5] = x319; out1[6] = x325; out1[7] = x330; out1[8] = x335; out1[9] = x336; out1[10] = x298; out1[11] = x304; out1[12] = x310; out1[13] = x316; out1[14] = x322; out1[15] = x328; } /// The function fiat_p448_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_p448_carry(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[15]); let x3: u32 = (x2 >> 28); let x4: u32 = (((x1 >> 28) + (arg1[8])) + x3); let x5: u32 = ((arg1[0]) + x3); let x6: u32 = ((x4 >> 28) + (arg1[9])); let x7: u32 = ((x5 >> 28) + (arg1[1])); let x8: u32 = ((x6 >> 28) + (arg1[10])); let x9: u32 = ((x7 >> 28) + (arg1[2])); let x10: u32 = ((x8 >> 28) + (arg1[11])); let x11: u32 = ((x9 >> 28) + (arg1[3])); let x12: u32 = ((x10 >> 28) + (arg1[12])); let x13: u32 = ((x11 >> 28) + (arg1[4])); let x14: u32 = ((x12 >> 28) + (arg1[13])); let x15: u32 = ((x13 >> 28) + (arg1[5])); let x16: u32 = ((x14 >> 28) + (arg1[14])); let x17: u32 = ((x15 >> 28) + (arg1[6])); let x18: u32 = ((x16 >> 28) + (x2 & 0xfffffff)); let x19: u32 = ((x17 >> 28) + (x1 & 0xfffffff)); let x20: fiat_p448_u1 = ((x18 >> 28) as fiat_p448_u1); let x21: u32 = ((x5 & 0xfffffff) + (x20 as u32)); let x22: u32 = ((((x19 >> 28) as fiat_p448_u1) as u32) + ((x4 & 0xfffffff) + (x20 as u32))); let x23: u32 = (x21 & 0xfffffff); let x24: u32 = ((((x21 >> 28) as fiat_p448_u1) as u32) + (x7 & 0xfffffff)); let x25: u32 = (x9 & 0xfffffff); let x26: u32 = (x11 & 0xfffffff); let x27: u32 = (x13 & 0xfffffff); let x28: u32 = (x15 & 0xfffffff); let x29: u32 = (x17 & 0xfffffff); let x30: u32 = (x19 & 0xfffffff); let x31: u32 = (x22 & 0xfffffff); let x32: u32 = ((((x22 >> 28) as fiat_p448_u1) as u32) + (x6 & 0xfffffff)); let x33: u32 = (x8 & 0xfffffff); let x34: u32 = (x10 & 0xfffffff); let x35: u32 = (x12 & 0xfffffff); let x36: u32 = (x14 & 0xfffffff); let x37: u32 = (x16 & 0xfffffff); let x38: u32 = (x18 & 0xfffffff); out1[0] = x23; out1[1] = x24; out1[2] = x25; out1[3] = x26; out1[4] = x27; out1[5] = x28; out1[6] = x29; out1[7] = x30; out1[8] = x31; out1[9] = x32; out1[10] = x33; out1[11] = x34; out1[12] = x35; out1[13] = x36; out1[14] = x37; out1[15] = x38; } /// The function fiat_p448_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_p448_add(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element, arg2: &fiat_p448_tight_field_element) { let x1: u32 = ((arg1[0]) + (arg2[0])); let x2: u32 = ((arg1[1]) + (arg2[1])); let x3: u32 = ((arg1[2]) + (arg2[2])); let x4: u32 = ((arg1[3]) + (arg2[3])); let x5: u32 = ((arg1[4]) + (arg2[4])); let x6: u32 = ((arg1[5]) + (arg2[5])); let x7: u32 = ((arg1[6]) + (arg2[6])); let x8: u32 = ((arg1[7]) + (arg2[7])); let x9: u32 = ((arg1[8]) + (arg2[8])); let x10: u32 = ((arg1[9]) + (arg2[9])); let x11: u32 = ((arg1[10]) + (arg2[10])); let x12: u32 = ((arg1[11]) + (arg2[11])); let x13: u32 = ((arg1[12]) + (arg2[12])); let x14: u32 = ((arg1[13]) + (arg2[13])); let x15: u32 = ((arg1[14]) + (arg2[14])); let x16: u32 = ((arg1[15]) + (arg2[15])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; } /// The function fiat_p448_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_p448_sub(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element, arg2: &fiat_p448_tight_field_element) { let x1: u32 = ((0x1ffffffe + (arg1[0])) - (arg2[0])); let x2: u32 = ((0x1ffffffe + (arg1[1])) - (arg2[1])); let x3: u32 = ((0x1ffffffe + (arg1[2])) - (arg2[2])); let x4: u32 = ((0x1ffffffe + (arg1[3])) - (arg2[3])); let x5: u32 = ((0x1ffffffe + (arg1[4])) - (arg2[4])); let x6: u32 = ((0x1ffffffe + (arg1[5])) - (arg2[5])); let x7: u32 = ((0x1ffffffe + (arg1[6])) - (arg2[6])); let x8: u32 = ((0x1ffffffe + (arg1[7])) - (arg2[7])); let x9: u32 = ((0x1ffffffc + (arg1[8])) - (arg2[8])); let x10: u32 = ((0x1ffffffe + (arg1[9])) - (arg2[9])); let x11: u32 = ((0x1ffffffe + (arg1[10])) - (arg2[10])); let x12: u32 = ((0x1ffffffe + (arg1[11])) - (arg2[11])); let x13: u32 = ((0x1ffffffe + (arg1[12])) - (arg2[12])); let x14: u32 = ((0x1ffffffe + (arg1[13])) - (arg2[13])); let x15: u32 = ((0x1ffffffe + (arg1[14])) - (arg2[14])); let x16: u32 = ((0x1ffffffe + (arg1[15])) - (arg2[15])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; } /// The function fiat_p448_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_p448_opp(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element) { let x1: u32 = (0x1ffffffe - (arg1[0])); let x2: u32 = (0x1ffffffe - (arg1[1])); let x3: u32 = (0x1ffffffe - (arg1[2])); let x4: u32 = (0x1ffffffe - (arg1[3])); let x5: u32 = (0x1ffffffe - (arg1[4])); let x6: u32 = (0x1ffffffe - (arg1[5])); let x7: u32 = (0x1ffffffe - (arg1[6])); let x8: u32 = (0x1ffffffe - (arg1[7])); let x9: u32 = (0x1ffffffc - (arg1[8])); let x10: u32 = (0x1ffffffe - (arg1[9])); let x11: u32 = (0x1ffffffe - (arg1[10])); let x12: u32 = (0x1ffffffe - (arg1[11])); let x13: u32 = (0x1ffffffe - (arg1[12])); let x14: u32 = (0x1ffffffe - (arg1[13])); let x15: u32 = (0x1ffffffe - (arg1[14])); let x16: u32 = (0x1ffffffe - (arg1[15])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; } /// The function fiat_p448_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p448_selectznz(out1: &mut [u32; 16], arg1: fiat_p448_u1, arg2: &[u32; 16], arg3: &[u32; 16]) { let mut x1: u32 = 0; fiat_p448_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p448_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p448_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p448_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p448_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p448_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p448_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p448_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u32 = 0; fiat_p448_cmovznz_u32(&mut x9, arg1, (arg2[8]), (arg3[8])); let mut x10: u32 = 0; fiat_p448_cmovznz_u32(&mut x10, arg1, (arg2[9]), (arg3[9])); let mut x11: u32 = 0; fiat_p448_cmovznz_u32(&mut x11, arg1, (arg2[10]), (arg3[10])); let mut x12: u32 = 0; fiat_p448_cmovznz_u32(&mut x12, arg1, (arg2[11]), (arg3[11])); let mut x13: u32 = 0; fiat_p448_cmovznz_u32(&mut x13, arg1, (arg2[12]), (arg3[12])); let mut x14: u32 = 0; fiat_p448_cmovznz_u32(&mut x14, arg1, (arg2[13]), (arg3[13])); let mut x15: u32 = 0; fiat_p448_cmovznz_u32(&mut x15, arg1, (arg2[14]), (arg3[14])); let mut x16: u32 = 0; fiat_p448_cmovznz_u32(&mut x16, arg1, (arg2[15]), (arg3[15])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; } /// The function fiat_p448_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..55] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p448_to_bytes(out1: &mut [u8; 56], arg1: &fiat_p448_tight_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x1, &mut x2, 0x0, (arg1[0]), 0xfffffff); let mut x3: u32 = 0; let mut x4: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x3, &mut x4, x2, (arg1[1]), 0xfffffff); let mut x5: u32 = 0; let mut x6: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x5, &mut x6, x4, (arg1[2]), 0xfffffff); let mut x7: u32 = 0; let mut x8: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x7, &mut x8, x6, (arg1[3]), 0xfffffff); let mut x9: u32 = 0; let mut x10: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x9, &mut x10, x8, (arg1[4]), 0xfffffff); let mut x11: u32 = 0; let mut x12: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x11, &mut x12, x10, (arg1[5]), 0xfffffff); let mut x13: u32 = 0; let mut x14: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x13, &mut x14, x12, (arg1[6]), 0xfffffff); let mut x15: u32 = 0; let mut x16: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x15, &mut x16, x14, (arg1[7]), 0xfffffff); let mut x17: u32 = 0; let mut x18: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x17, &mut x18, x16, (arg1[8]), 0xffffffe); let mut x19: u32 = 0; let mut x20: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x19, &mut x20, x18, (arg1[9]), 0xfffffff); let mut x21: u32 = 0; let mut x22: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x21, &mut x22, x20, (arg1[10]), 0xfffffff); let mut x23: u32 = 0; let mut x24: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x23, &mut x24, x22, (arg1[11]), 0xfffffff); let mut x25: u32 = 0; let mut x26: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x25, &mut x26, x24, (arg1[12]), 0xfffffff); let mut x27: u32 = 0; let mut x28: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x27, &mut x28, x26, (arg1[13]), 0xfffffff); let mut x29: u32 = 0; let mut x30: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x29, &mut x30, x28, (arg1[14]), 0xfffffff); let mut x31: u32 = 0; let mut x32: fiat_p448_u1 = 0; fiat_p448_subborrowx_u28(&mut x31, &mut x32, x30, (arg1[15]), 0xfffffff); let mut x33: u32 = 0; fiat_p448_cmovznz_u32(&mut x33, x32, (0x0 as u32), 0xffffffff); let mut x34: u32 = 0; let mut x35: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x34, &mut x35, 0x0, x1, (x33 & 0xfffffff)); let mut x36: u32 = 0; let mut x37: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x36, &mut x37, x35, x3, (x33 & 0xfffffff)); let mut x38: u32 = 0; let mut x39: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x38, &mut x39, x37, x5, (x33 & 0xfffffff)); let mut x40: u32 = 0; let mut x41: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x40, &mut x41, x39, x7, (x33 & 0xfffffff)); let mut x42: u32 = 0; let mut x43: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x42, &mut x43, x41, x9, (x33 & 0xfffffff)); let mut x44: u32 = 0; let mut x45: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x44, &mut x45, x43, x11, (x33 & 0xfffffff)); let mut x46: u32 = 0; let mut x47: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x46, &mut x47, x45, x13, (x33 & 0xfffffff)); let mut x48: u32 = 0; let mut x49: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x48, &mut x49, x47, x15, (x33 & 0xfffffff)); let mut x50: u32 = 0; let mut x51: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x50, &mut x51, x49, x17, (x33 & 0xffffffe)); let mut x52: u32 = 0; let mut x53: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x52, &mut x53, x51, x19, (x33 & 0xfffffff)); let mut x54: u32 = 0; let mut x55: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x54, &mut x55, x53, x21, (x33 & 0xfffffff)); let mut x56: u32 = 0; let mut x57: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x56, &mut x57, x55, x23, (x33 & 0xfffffff)); let mut x58: u32 = 0; let mut x59: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x58, &mut x59, x57, x25, (x33 & 0xfffffff)); let mut x60: u32 = 0; let mut x61: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x60, &mut x61, x59, x27, (x33 & 0xfffffff)); let mut x62: u32 = 0; let mut x63: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x62, &mut x63, x61, x29, (x33 & 0xfffffff)); let mut x64: u32 = 0; let mut x65: fiat_p448_u1 = 0; fiat_p448_addcarryx_u28(&mut x64, &mut x65, x63, x31, (x33 & 0xfffffff)); let x66: u32 = (x64 << 4); let x67: u32 = (x60 << 4); let x68: u32 = (x56 << 4); let x69: u32 = (x52 << 4); let x70: u32 = (x48 << 4); let x71: u32 = (x44 << 4); let x72: u32 = (x40 << 4); let x73: u32 = (x36 << 4); let x74: u8 = ((x34 & (0xff as u32)) as u8); let x75: u32 = (x34 >> 8); let x76: u8 = ((x75 & (0xff as u32)) as u8); let x77: u32 = (x75 >> 8); let x78: u8 = ((x77 & (0xff as u32)) as u8); let x79: u8 = ((x77 >> 8) as u8); let x80: u32 = (x73 + (x79 as u32)); let x81: u8 = ((x80 & (0xff as u32)) as u8); let x82: u32 = (x80 >> 8); let x83: u8 = ((x82 & (0xff as u32)) as u8); let x84: u32 = (x82 >> 8); let x85: u8 = ((x84 & (0xff as u32)) as u8); let x86: u8 = ((x84 >> 8) as u8); let x87: u8 = ((x38 & (0xff as u32)) as u8); let x88: u32 = (x38 >> 8); let x89: u8 = ((x88 & (0xff as u32)) as u8); let x90: u32 = (x88 >> 8); let x91: u8 = ((x90 & (0xff as u32)) as u8); let x92: u8 = ((x90 >> 8) as u8); let x93: u32 = (x72 + (x92 as u32)); let x94: u8 = ((x93 & (0xff as u32)) as u8); let x95: u32 = (x93 >> 8); let x96: u8 = ((x95 & (0xff as u32)) as u8); let x97: u32 = (x95 >> 8); let x98: u8 = ((x97 & (0xff as u32)) as u8); let x99: u8 = ((x97 >> 8) as u8); let x100: u8 = ((x42 & (0xff as u32)) as u8); let x101: u32 = (x42 >> 8); let x102: u8 = ((x101 & (0xff as u32)) as u8); let x103: u32 = (x101 >> 8); let x104: u8 = ((x103 & (0xff as u32)) as u8); let x105: u8 = ((x103 >> 8) as u8); let x106: u32 = (x71 + (x105 as u32)); let x107: u8 = ((x106 & (0xff as u32)) as u8); let x108: u32 = (x106 >> 8); let x109: u8 = ((x108 & (0xff as u32)) as u8); let x110: u32 = (x108 >> 8); let x111: u8 = ((x110 & (0xff as u32)) as u8); let x112: u8 = ((x110 >> 8) as u8); let x113: u8 = ((x46 & (0xff as u32)) as u8); let x114: u32 = (x46 >> 8); let x115: u8 = ((x114 & (0xff as u32)) as u8); let x116: u32 = (x114 >> 8); let x117: u8 = ((x116 & (0xff as u32)) as u8); let x118: u8 = ((x116 >> 8) as u8); let x119: u32 = (x70 + (x118 as u32)); let x120: u8 = ((x119 & (0xff as u32)) as u8); let x121: u32 = (x119 >> 8); let x122: u8 = ((x121 & (0xff as u32)) as u8); let x123: u32 = (x121 >> 8); let x124: u8 = ((x123 & (0xff as u32)) as u8); let x125: u8 = ((x123 >> 8) as u8); let x126: u8 = ((x50 & (0xff as u32)) as u8); let x127: u32 = (x50 >> 8); let x128: u8 = ((x127 & (0xff as u32)) as u8); let x129: u32 = (x127 >> 8); let x130: u8 = ((x129 & (0xff as u32)) as u8); let x131: u8 = ((x129 >> 8) as u8); let x132: u32 = (x69 + (x131 as u32)); let x133: u8 = ((x132 & (0xff as u32)) as u8); let x134: u32 = (x132 >> 8); let x135: u8 = ((x134 & (0xff as u32)) as u8); let x136: u32 = (x134 >> 8); let x137: u8 = ((x136 & (0xff as u32)) as u8); let x138: u8 = ((x136 >> 8) as u8); let x139: u8 = ((x54 & (0xff as u32)) as u8); let x140: u32 = (x54 >> 8); let x141: u8 = ((x140 & (0xff as u32)) as u8); let x142: u32 = (x140 >> 8); let x143: u8 = ((x142 & (0xff as u32)) as u8); let x144: u8 = ((x142 >> 8) as u8); let x145: u32 = (x68 + (x144 as u32)); let x146: u8 = ((x145 & (0xff as u32)) as u8); let x147: u32 = (x145 >> 8); let x148: u8 = ((x147 & (0xff as u32)) as u8); let x149: u32 = (x147 >> 8); let x150: u8 = ((x149 & (0xff as u32)) as u8); let x151: u8 = ((x149 >> 8) as u8); let x152: u8 = ((x58 & (0xff as u32)) as u8); let x153: u32 = (x58 >> 8); let x154: u8 = ((x153 & (0xff as u32)) as u8); let x155: u32 = (x153 >> 8); let x156: u8 = ((x155 & (0xff as u32)) as u8); let x157: u8 = ((x155 >> 8) as u8); let x158: u32 = (x67 + (x157 as u32)); let x159: u8 = ((x158 & (0xff as u32)) as u8); let x160: u32 = (x158 >> 8); let x161: u8 = ((x160 & (0xff as u32)) as u8); let x162: u32 = (x160 >> 8); let x163: u8 = ((x162 & (0xff as u32)) as u8); let x164: u8 = ((x162 >> 8) as u8); let x165: u8 = ((x62 & (0xff as u32)) as u8); let x166: u32 = (x62 >> 8); let x167: u8 = ((x166 & (0xff as u32)) as u8); let x168: u32 = (x166 >> 8); let x169: u8 = ((x168 & (0xff as u32)) as u8); let x170: u8 = ((x168 >> 8) as u8); let x171: u32 = (x66 + (x170 as u32)); let x172: u8 = ((x171 & (0xff as u32)) as u8); let x173: u32 = (x171 >> 8); let x174: u8 = ((x173 & (0xff as u32)) as u8); let x175: u32 = (x173 >> 8); let x176: u8 = ((x175 & (0xff as u32)) as u8); let x177: u8 = ((x175 >> 8) as u8); out1[0] = x74; out1[1] = x76; out1[2] = x78; out1[3] = x81; out1[4] = x83; out1[5] = x85; out1[6] = x86; out1[7] = x87; out1[8] = x89; out1[9] = x91; out1[10] = x94; out1[11] = x96; out1[12] = x98; out1[13] = x99; out1[14] = x100; out1[15] = x102; out1[16] = x104; out1[17] = x107; out1[18] = x109; out1[19] = x111; out1[20] = x112; out1[21] = x113; out1[22] = x115; out1[23] = x117; out1[24] = x120; out1[25] = x122; out1[26] = x124; out1[27] = x125; out1[28] = x126; out1[29] = x128; out1[30] = x130; out1[31] = x133; out1[32] = x135; out1[33] = x137; out1[34] = x138; out1[35] = x139; out1[36] = x141; out1[37] = x143; out1[38] = x146; out1[39] = x148; out1[40] = x150; out1[41] = x151; out1[42] = x152; out1[43] = x154; out1[44] = x156; out1[45] = x159; out1[46] = x161; out1[47] = x163; out1[48] = x164; out1[49] = x165; out1[50] = x167; out1[51] = x169; out1[52] = x172; out1[53] = x174; out1[54] = x176; out1[55] = x177; } /// The function fiat_p448_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p448_from_bytes(out1: &mut fiat_p448_tight_field_element, arg1: &[u8; 56]) { let x1: u32 = (((arg1[55]) as u32) << 20); let x2: u32 = (((arg1[54]) as u32) << 12); let x3: u32 = (((arg1[53]) as u32) << 4); let x4: u32 = (((arg1[52]) as u32) << 24); let x5: u32 = (((arg1[51]) as u32) << 16); let x6: u32 = (((arg1[50]) as u32) << 8); let x7: u8 = (arg1[49]); let x8: u32 = (((arg1[48]) as u32) << 20); let x9: u32 = (((arg1[47]) as u32) << 12); let x10: u32 = (((arg1[46]) as u32) << 4); let x11: u32 = (((arg1[45]) as u32) << 24); let x12: u32 = (((arg1[44]) as u32) << 16); let x13: u32 = (((arg1[43]) as u32) << 8); let x14: u8 = (arg1[42]); let x15: u32 = (((arg1[41]) as u32) << 20); let x16: u32 = (((arg1[40]) as u32) << 12); let x17: u32 = (((arg1[39]) as u32) << 4); let x18: u32 = (((arg1[38]) as u32) << 24); let x19: u32 = (((arg1[37]) as u32) << 16); let x20: u32 = (((arg1[36]) as u32) << 8); let x21: u8 = (arg1[35]); let x22: u32 = (((arg1[34]) as u32) << 20); let x23: u32 = (((arg1[33]) as u32) << 12); let x24: u32 = (((arg1[32]) as u32) << 4); let x25: u32 = (((arg1[31]) as u32) << 24); let x26: u32 = (((arg1[30]) as u32) << 16); let x27: u32 = (((arg1[29]) as u32) << 8); let x28: u8 = (arg1[28]); let x29: u32 = (((arg1[27]) as u32) << 20); let x30: u32 = (((arg1[26]) as u32) << 12); let x31: u32 = (((arg1[25]) as u32) << 4); let x32: u32 = (((arg1[24]) as u32) << 24); let x33: u32 = (((arg1[23]) as u32) << 16); let x34: u32 = (((arg1[22]) as u32) << 8); let x35: u8 = (arg1[21]); let x36: u32 = (((arg1[20]) as u32) << 20); let x37: u32 = (((arg1[19]) as u32) << 12); let x38: u32 = (((arg1[18]) as u32) << 4); let x39: u32 = (((arg1[17]) as u32) << 24); let x40: u32 = (((arg1[16]) as u32) << 16); let x41: u32 = (((arg1[15]) as u32) << 8); let x42: u8 = (arg1[14]); let x43: u32 = (((arg1[13]) as u32) << 20); let x44: u32 = (((arg1[12]) as u32) << 12); let x45: u32 = (((arg1[11]) as u32) << 4); let x46: u32 = (((arg1[10]) as u32) << 24); let x47: u32 = (((arg1[9]) as u32) << 16); let x48: u32 = (((arg1[8]) as u32) << 8); let x49: u8 = (arg1[7]); let x50: u32 = (((arg1[6]) as u32) << 20); let x51: u32 = (((arg1[5]) as u32) << 12); let x52: u32 = (((arg1[4]) as u32) << 4); let x53: u32 = (((arg1[3]) as u32) << 24); let x54: u32 = (((arg1[2]) as u32) << 16); let x55: u32 = (((arg1[1]) as u32) << 8); let x56: u8 = (arg1[0]); let x57: u32 = (x55 + (x56 as u32)); let x58: u32 = (x54 + x57); let x59: u32 = (x53 + x58); let x60: u32 = (x59 & 0xfffffff); let x61: u8 = ((x59 >> 28) as u8); let x62: u32 = (x52 + (x61 as u32)); let x63: u32 = (x51 + x62); let x64: u32 = (x50 + x63); let x65: u32 = (x48 + (x49 as u32)); let x66: u32 = (x47 + x65); let x67: u32 = (x46 + x66); let x68: u32 = (x67 & 0xfffffff); let x69: u8 = ((x67 >> 28) as u8); let x70: u32 = (x45 + (x69 as u32)); let x71: u32 = (x44 + x70); let x72: u32 = (x43 + x71); let x73: u32 = (x41 + (x42 as u32)); let x74: u32 = (x40 + x73); let x75: u32 = (x39 + x74); let x76: u32 = (x75 & 0xfffffff); let x77: u8 = ((x75 >> 28) as u8); let x78: u32 = (x38 + (x77 as u32)); let x79: u32 = (x37 + x78); let x80: u32 = (x36 + x79); let x81: u32 = (x34 + (x35 as u32)); let x82: u32 = (x33 + x81); let x83: u32 = (x32 + x82); let x84: u32 = (x83 & 0xfffffff); let x85: u8 = ((x83 >> 28) as u8); let x86: u32 = (x31 + (x85 as u32)); let x87: u32 = (x30 + x86); let x88: u32 = (x29 + x87); let x89: u32 = (x27 + (x28 as u32)); let x90: u32 = (x26 + x89); let x91: u32 = (x25 + x90); let x92: u32 = (x91 & 0xfffffff); let x93: u8 = ((x91 >> 28) as u8); let x94: u32 = (x24 + (x93 as u32)); let x95: u32 = (x23 + x94); let x96: u32 = (x22 + x95); let x97: u32 = (x20 + (x21 as u32)); let x98: u32 = (x19 + x97); let x99: u32 = (x18 + x98); let x100: u32 = (x99 & 0xfffffff); let x101: u8 = ((x99 >> 28) as u8); let x102: u32 = (x17 + (x101 as u32)); let x103: u32 = (x16 + x102); let x104: u32 = (x15 + x103); let x105: u32 = (x13 + (x14 as u32)); let x106: u32 = (x12 + x105); let x107: u32 = (x11 + x106); let x108: u32 = (x107 & 0xfffffff); let x109: u8 = ((x107 >> 28) as u8); let x110: u32 = (x10 + (x109 as u32)); let x111: u32 = (x9 + x110); let x112: u32 = (x8 + x111); let x113: u32 = (x6 + (x7 as u32)); let x114: u32 = (x5 + x113); let x115: u32 = (x4 + x114); let x116: u32 = (x115 & 0xfffffff); let x117: u8 = ((x115 >> 28) as u8); let x118: u32 = (x3 + (x117 as u32)); let x119: u32 = (x2 + x118); let x120: u32 = (x1 + x119); out1[0] = x60; out1[1] = x64; out1[2] = x68; out1[3] = x72; out1[4] = x76; out1[5] = x80; out1[6] = x84; out1[7] = x88; out1[8] = x92; out1[9] = x96; out1[10] = x100; out1[11] = x104; out1[12] = x108; out1[13] = x112; out1[14] = x116; out1[15] = x120; } /// The function fiat_p448_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_p448_relax(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = (arg1[1]); let x3: u32 = (arg1[2]); let x4: u32 = (arg1[3]); let x5: u32 = (arg1[4]); let x6: u32 = (arg1[5]); let x7: u32 = (arg1[6]); let x8: u32 = (arg1[7]); let x9: u32 = (arg1[8]); let x10: u32 = (arg1[9]); let x11: u32 = (arg1[10]); let x12: u32 = (arg1[11]); let x13: u32 = (arg1[12]); let x14: u32 = (arg1[13]); let x15: u32 = (arg1[14]); let x16: u32 = (arg1[15]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; } fiat-crypto-0.2.2/src/p448_solinas_64.rs000064400000000000000000001210471046102023000157700ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline p448 64 8 '2^448 - 2^224 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: p448 //! machine_wordsize = 64 (from "64") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 8 (from "8") //! s-c = 2^448 - [(2^224, 1), (1, 1)] (from "2^448 - 2^224 - 1") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [3, 7, 4, 0, 5, 1, 6, 2, 7, 3, 4, 0] //! eval z = z[0] + (z[1] << 56) + (z[2] << 112) + (z[3] << 168) + (z[4] << 224) + (z[5] << 0x118) + (z[6] << 0x150) + (z[7] << 0x188) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) //! balance = [0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffc, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p448_u1 = u8; pub type fiat_p448_i1 = i8; pub type fiat_p448_u2 = u8; pub type fiat_p448_i2 = i8; /** The type fiat_p448_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_p448_loose_field_element(pub [u64; 8]); impl core::ops::Index for fiat_p448_loose_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p448_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p448_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_p448_tight_field_element(pub [u64; 8]); impl core::ops::Index for fiat_p448_tight_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p448_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p448_addcarryx_u56 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^56 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^56⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p448_addcarryx_u56(out1: &mut u64, out2: &mut fiat_p448_u1, arg1: fiat_p448_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0xffffffffffffff); let x3: fiat_p448_u1 = ((x1 >> 56) as fiat_p448_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p448_subborrowx_u56 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^56 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^56⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p448_subborrowx_u56(out1: &mut u64, out2: &mut fiat_p448_u1, arg1: fiat_p448_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_p448_i1 = ((x1 >> 56) as fiat_p448_i1); let x3: u64 = (((x1 as i128) & (0xffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p448_i2) - (x2 as fiat_p448_i2)) as fiat_p448_u1); } /// The function fiat_p448_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p448_cmovznz_u64(out1: &mut u64, arg1: fiat_p448_u1, arg2: u64, arg3: u64) { let x1: fiat_p448_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p448_i2) - (x1 as fiat_p448_i2)) as fiat_p448_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p448_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_p448_carry_mul(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element, arg2: &fiat_p448_loose_field_element) { let x1: u128 = (((arg1[7]) as u128) * ((arg2[7]) as u128)); let x2: u128 = (((arg1[7]) as u128) * ((arg2[6]) as u128)); let x3: u128 = (((arg1[7]) as u128) * ((arg2[5]) as u128)); let x4: u128 = (((arg1[6]) as u128) * ((arg2[7]) as u128)); let x5: u128 = (((arg1[6]) as u128) * ((arg2[6]) as u128)); let x6: u128 = (((arg1[5]) as u128) * ((arg2[7]) as u128)); let x7: u128 = (((arg1[7]) as u128) * ((arg2[7]) as u128)); let x8: u128 = (((arg1[7]) as u128) * ((arg2[6]) as u128)); let x9: u128 = (((arg1[7]) as u128) * ((arg2[5]) as u128)); let x10: u128 = (((arg1[6]) as u128) * ((arg2[7]) as u128)); let x11: u128 = (((arg1[6]) as u128) * ((arg2[6]) as u128)); let x12: u128 = (((arg1[5]) as u128) * ((arg2[7]) as u128)); let x13: u128 = (((arg1[7]) as u128) * ((arg2[7]) as u128)); let x14: u128 = (((arg1[7]) as u128) * ((arg2[6]) as u128)); let x15: u128 = (((arg1[7]) as u128) * ((arg2[5]) as u128)); let x16: u128 = (((arg1[7]) as u128) * ((arg2[4]) as u128)); let x17: u128 = (((arg1[7]) as u128) * ((arg2[3]) as u128)); let x18: u128 = (((arg1[7]) as u128) * ((arg2[2]) as u128)); let x19: u128 = (((arg1[7]) as u128) * ((arg2[1]) as u128)); let x20: u128 = (((arg1[6]) as u128) * ((arg2[7]) as u128)); let x21: u128 = (((arg1[6]) as u128) * ((arg2[6]) as u128)); let x22: u128 = (((arg1[6]) as u128) * ((arg2[5]) as u128)); let x23: u128 = (((arg1[6]) as u128) * ((arg2[4]) as u128)); let x24: u128 = (((arg1[6]) as u128) * ((arg2[3]) as u128)); let x25: u128 = (((arg1[6]) as u128) * ((arg2[2]) as u128)); let x26: u128 = (((arg1[5]) as u128) * ((arg2[7]) as u128)); let x27: u128 = (((arg1[5]) as u128) * ((arg2[6]) as u128)); let x28: u128 = (((arg1[5]) as u128) * ((arg2[5]) as u128)); let x29: u128 = (((arg1[5]) as u128) * ((arg2[4]) as u128)); let x30: u128 = (((arg1[5]) as u128) * ((arg2[3]) as u128)); let x31: u128 = (((arg1[4]) as u128) * ((arg2[7]) as u128)); let x32: u128 = (((arg1[4]) as u128) * ((arg2[6]) as u128)); let x33: u128 = (((arg1[4]) as u128) * ((arg2[5]) as u128)); let x34: u128 = (((arg1[4]) as u128) * ((arg2[4]) as u128)); let x35: u128 = (((arg1[3]) as u128) * ((arg2[7]) as u128)); let x36: u128 = (((arg1[3]) as u128) * ((arg2[6]) as u128)); let x37: u128 = (((arg1[3]) as u128) * ((arg2[5]) as u128)); let x38: u128 = (((arg1[2]) as u128) * ((arg2[7]) as u128)); let x39: u128 = (((arg1[2]) as u128) * ((arg2[6]) as u128)); let x40: u128 = (((arg1[1]) as u128) * ((arg2[7]) as u128)); let x41: u128 = (((arg1[7]) as u128) * ((arg2[4]) as u128)); let x42: u128 = (((arg1[7]) as u128) * ((arg2[3]) as u128)); let x43: u128 = (((arg1[7]) as u128) * ((arg2[2]) as u128)); let x44: u128 = (((arg1[7]) as u128) * ((arg2[1]) as u128)); let x45: u128 = (((arg1[6]) as u128) * ((arg2[5]) as u128)); let x46: u128 = (((arg1[6]) as u128) * ((arg2[4]) as u128)); let x47: u128 = (((arg1[6]) as u128) * ((arg2[3]) as u128)); let x48: u128 = (((arg1[6]) as u128) * ((arg2[2]) as u128)); let x49: u128 = (((arg1[5]) as u128) * ((arg2[6]) as u128)); let x50: u128 = (((arg1[5]) as u128) * ((arg2[5]) as u128)); let x51: u128 = (((arg1[5]) as u128) * ((arg2[4]) as u128)); let x52: u128 = (((arg1[5]) as u128) * ((arg2[3]) as u128)); let x53: u128 = (((arg1[4]) as u128) * ((arg2[7]) as u128)); let x54: u128 = (((arg1[4]) as u128) * ((arg2[6]) as u128)); let x55: u128 = (((arg1[4]) as u128) * ((arg2[5]) as u128)); let x56: u128 = (((arg1[4]) as u128) * ((arg2[4]) as u128)); let x57: u128 = (((arg1[3]) as u128) * ((arg2[7]) as u128)); let x58: u128 = (((arg1[3]) as u128) * ((arg2[6]) as u128)); let x59: u128 = (((arg1[3]) as u128) * ((arg2[5]) as u128)); let x60: u128 = (((arg1[2]) as u128) * ((arg2[7]) as u128)); let x61: u128 = (((arg1[2]) as u128) * ((arg2[6]) as u128)); let x62: u128 = (((arg1[1]) as u128) * ((arg2[7]) as u128)); let x63: u128 = (((arg1[7]) as u128) * ((arg2[0]) as u128)); let x64: u128 = (((arg1[6]) as u128) * ((arg2[1]) as u128)); let x65: u128 = (((arg1[6]) as u128) * ((arg2[0]) as u128)); let x66: u128 = (((arg1[5]) as u128) * ((arg2[2]) as u128)); let x67: u128 = (((arg1[5]) as u128) * ((arg2[1]) as u128)); let x68: u128 = (((arg1[5]) as u128) * ((arg2[0]) as u128)); let x69: u128 = (((arg1[4]) as u128) * ((arg2[3]) as u128)); let x70: u128 = (((arg1[4]) as u128) * ((arg2[2]) as u128)); let x71: u128 = (((arg1[4]) as u128) * ((arg2[1]) as u128)); let x72: u128 = (((arg1[4]) as u128) * ((arg2[0]) as u128)); let x73: u128 = (((arg1[3]) as u128) * ((arg2[4]) as u128)); let x74: u128 = (((arg1[3]) as u128) * ((arg2[3]) as u128)); let x75: u128 = (((arg1[3]) as u128) * ((arg2[2]) as u128)); let x76: u128 = (((arg1[3]) as u128) * ((arg2[1]) as u128)); let x77: u128 = (((arg1[3]) as u128) * ((arg2[0]) as u128)); let x78: u128 = (((arg1[2]) as u128) * ((arg2[5]) as u128)); let x79: u128 = (((arg1[2]) as u128) * ((arg2[4]) as u128)); let x80: u128 = (((arg1[2]) as u128) * ((arg2[3]) as u128)); let x81: u128 = (((arg1[2]) as u128) * ((arg2[2]) as u128)); let x82: u128 = (((arg1[2]) as u128) * ((arg2[1]) as u128)); let x83: u128 = (((arg1[2]) as u128) * ((arg2[0]) as u128)); let x84: u128 = (((arg1[1]) as u128) * ((arg2[6]) as u128)); let x85: u128 = (((arg1[1]) as u128) * ((arg2[5]) as u128)); let x86: u128 = (((arg1[1]) as u128) * ((arg2[4]) as u128)); let x87: u128 = (((arg1[1]) as u128) * ((arg2[3]) as u128)); let x88: u128 = (((arg1[1]) as u128) * ((arg2[2]) as u128)); let x89: u128 = (((arg1[1]) as u128) * ((arg2[1]) as u128)); let x90: u128 = (((arg1[1]) as u128) * ((arg2[0]) as u128)); let x91: u128 = (((arg1[0]) as u128) * ((arg2[7]) as u128)); let x92: u128 = (((arg1[0]) as u128) * ((arg2[6]) as u128)); let x93: u128 = (((arg1[0]) as u128) * ((arg2[5]) as u128)); let x94: u128 = (((arg1[0]) as u128) * ((arg2[4]) as u128)); let x95: u128 = (((arg1[0]) as u128) * ((arg2[3]) as u128)); let x96: u128 = (((arg1[0]) as u128) * ((arg2[2]) as u128)); let x97: u128 = (((arg1[0]) as u128) * ((arg2[1]) as u128)); let x98: u128 = (((arg1[0]) as u128) * ((arg2[0]) as u128)); let x99: u128 = (x95 + (x88 + (x82 + (x77 + (x31 + (x27 + (x22 + x16))))))); let x100: u64 = ((x99 >> 56) as u64); let x101: u64 = ((x99 & (0xffffffffffffff as u128)) as u64); let x102: u128 = (x91 + (x84 + (x78 + (x73 + (x69 + (x66 + (x64 + (x63 + (x53 + (x49 + (x45 + x41))))))))))); let x103: u128 = (x92 + (x85 + (x79 + (x74 + (x70 + (x67 + (x65 + (x57 + (x54 + (x50 + (x46 + (x42 + (x13 + x7))))))))))))); let x104: u128 = (x93 + (x86 + (x80 + (x75 + (x71 + (x68 + (x60 + (x58 + (x55 + (x51 + (x47 + (x43 + (x20 + (x14 + (x10 + x8))))))))))))))); let x105: u128 = (x94 + (x87 + (x81 + (x76 + (x72 + (x62 + (x61 + (x59 + (x56 + (x52 + (x48 + (x44 + (x26 + (x21 + (x15 + (x12 + (x11 + x9))))))))))))))))); let x106: u128 = (x96 + (x89 + (x83 + (x35 + (x32 + (x28 + (x23 + (x17 + x1)))))))); let x107: u128 = (x97 + (x90 + (x38 + (x36 + (x33 + (x29 + (x24 + (x18 + (x4 + x2))))))))); let x108: u128 = (x98 + (x40 + (x39 + (x37 + (x34 + (x30 + (x25 + (x19 + (x6 + (x5 + x3)))))))))); let x109: u128 = ((x100 as u128) + x105); let x110: u64 = ((x102 >> 56) as u64); let x111: u64 = ((x102 & (0xffffffffffffff as u128)) as u64); let x112: u128 = (x109 + (x110 as u128)); let x113: u64 = ((x112 >> 56) as u64); let x114: u64 = ((x112 & (0xffffffffffffff as u128)) as u64); let x115: u128 = (x108 + (x110 as u128)); let x116: u128 = ((x113 as u128) + x104); let x117: u64 = ((x115 >> 56) as u64); let x118: u64 = ((x115 & (0xffffffffffffff as u128)) as u64); let x119: u128 = ((x117 as u128) + x107); let x120: u64 = ((x116 >> 56) as u64); let x121: u64 = ((x116 & (0xffffffffffffff as u128)) as u64); let x122: u128 = ((x120 as u128) + x103); let x123: u64 = ((x119 >> 56) as u64); let x124: u64 = ((x119 & (0xffffffffffffff as u128)) as u64); let x125: u128 = ((x123 as u128) + x106); let x126: u64 = ((x122 >> 56) as u64); let x127: u64 = ((x122 & (0xffffffffffffff as u128)) as u64); let x128: u64 = (x126 + x111); let x129: u64 = ((x125 >> 56) as u64); let x130: u64 = ((x125 & (0xffffffffffffff as u128)) as u64); let x131: u64 = (x129 + x101); let x132: u64 = (x128 >> 56); let x133: u64 = (x128 & 0xffffffffffffff); let x134: u64 = (x131 >> 56); let x135: u64 = (x131 & 0xffffffffffffff); let x136: u64 = (x114 + x132); let x137: u64 = (x118 + x132); let x138: u64 = (x134 + x136); let x139: fiat_p448_u1 = ((x138 >> 56) as fiat_p448_u1); let x140: u64 = (x138 & 0xffffffffffffff); let x141: u64 = ((x139 as u64) + x121); let x142: fiat_p448_u1 = ((x137 >> 56) as fiat_p448_u1); let x143: u64 = (x137 & 0xffffffffffffff); let x144: u64 = ((x142 as u64) + x124); out1[0] = x143; out1[1] = x144; out1[2] = x130; out1[3] = x135; out1[4] = x140; out1[5] = x141; out1[6] = x127; out1[7] = x133; } /// The function fiat_p448_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_p448_carry_square(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element) { let x1: u64 = (arg1[7]); let x2: u64 = (arg1[7]); let x3: u64 = (x1 * 0x2); let x4: u64 = (x2 * 0x2); let x5: u64 = ((arg1[7]) * 0x2); let x6: u64 = (arg1[6]); let x7: u64 = (arg1[6]); let x8: u64 = (x6 * 0x2); let x9: u64 = (x7 * 0x2); let x10: u64 = ((arg1[6]) * 0x2); let x11: u64 = (arg1[5]); let x12: u64 = (arg1[5]); let x13: u64 = (x11 * 0x2); let x14: u64 = (x12 * 0x2); let x15: u64 = ((arg1[5]) * 0x2); let x16: u64 = (arg1[4]); let x17: u64 = (arg1[4]); let x18: u64 = ((arg1[4]) * 0x2); let x19: u64 = ((arg1[3]) * 0x2); let x20: u64 = ((arg1[2]) * 0x2); let x21: u64 = ((arg1[1]) * 0x2); let x22: u128 = (((arg1[7]) as u128) * (x1 as u128)); let x23: u128 = (((arg1[6]) as u128) * (x3 as u128)); let x24: u128 = (((arg1[6]) as u128) * (x6 as u128)); let x25: u128 = (((arg1[5]) as u128) * (x3 as u128)); let x26: u128 = (((arg1[7]) as u128) * (x1 as u128)); let x27: u128 = (((arg1[6]) as u128) * (x3 as u128)); let x28: u128 = (((arg1[6]) as u128) * (x6 as u128)); let x29: u128 = (((arg1[5]) as u128) * (x3 as u128)); let x30: u128 = (((arg1[7]) as u128) * (x2 as u128)); let x31: u128 = (((arg1[6]) as u128) * (x4 as u128)); let x32: u128 = (((arg1[6]) as u128) * (x7 as u128)); let x33: u128 = (((arg1[5]) as u128) * (x4 as u128)); let x34: u128 = (((arg1[5]) as u128) * (x9 as u128)); let x35: u128 = (((arg1[5]) as u128) * (x8 as u128)); let x36: u128 = (((arg1[5]) as u128) * (x12 as u128)); let x37: u128 = (((arg1[5]) as u128) * (x11 as u128)); let x38: u128 = (((arg1[4]) as u128) * (x4 as u128)); let x39: u128 = (((arg1[4]) as u128) * (x3 as u128)); let x40: u128 = (((arg1[4]) as u128) * (x9 as u128)); let x41: u128 = (((arg1[4]) as u128) * (x8 as u128)); let x42: u128 = (((arg1[4]) as u128) * (x14 as u128)); let x43: u128 = (((arg1[4]) as u128) * (x13 as u128)); let x44: u128 = (((arg1[4]) as u128) * (x17 as u128)); let x45: u128 = (((arg1[4]) as u128) * (x16 as u128)); let x46: u128 = (((arg1[3]) as u128) * (x4 as u128)); let x47: u128 = (((arg1[3]) as u128) * (x3 as u128)); let x48: u128 = (((arg1[3]) as u128) * (x9 as u128)); let x49: u128 = (((arg1[3]) as u128) * (x8 as u128)); let x50: u128 = (((arg1[3]) as u128) * (x14 as u128)); let x51: u128 = (((arg1[3]) as u128) * (x13 as u128)); let x52: u128 = (((arg1[3]) as u128) * (x18 as u128)); let x53: u128 = (((arg1[3]) as u128) * ((arg1[3]) as u128)); let x54: u128 = (((arg1[2]) as u128) * (x4 as u128)); let x55: u128 = (((arg1[2]) as u128) * (x3 as u128)); let x56: u128 = (((arg1[2]) as u128) * (x9 as u128)); let x57: u128 = (((arg1[2]) as u128) * (x8 as u128)); let x58: u128 = (((arg1[2]) as u128) * (x15 as u128)); let x59: u128 = (((arg1[2]) as u128) * (x18 as u128)); let x60: u128 = (((arg1[2]) as u128) * (x19 as u128)); let x61: u128 = (((arg1[2]) as u128) * ((arg1[2]) as u128)); let x62: u128 = (((arg1[1]) as u128) * (x4 as u128)); let x63: u128 = (((arg1[1]) as u128) * (x3 as u128)); let x64: u128 = (((arg1[1]) as u128) * (x10 as u128)); let x65: u128 = (((arg1[1]) as u128) * (x15 as u128)); let x66: u128 = (((arg1[1]) as u128) * (x18 as u128)); let x67: u128 = (((arg1[1]) as u128) * (x19 as u128)); let x68: u128 = (((arg1[1]) as u128) * (x20 as u128)); let x69: u128 = (((arg1[1]) as u128) * ((arg1[1]) as u128)); let x70: u128 = (((arg1[0]) as u128) * (x5 as u128)); let x71: u128 = (((arg1[0]) as u128) * (x10 as u128)); let x72: u128 = (((arg1[0]) as u128) * (x15 as u128)); let x73: u128 = (((arg1[0]) as u128) * (x18 as u128)); let x74: u128 = (((arg1[0]) as u128) * (x19 as u128)); let x75: u128 = (((arg1[0]) as u128) * (x20 as u128)); let x76: u128 = (((arg1[0]) as u128) * (x21 as u128)); let x77: u128 = (((arg1[0]) as u128) * ((arg1[0]) as u128)); let x78: u128 = (x74 + (x68 + (x38 + x34))); let x79: u64 = ((x78 >> 56) as u64); let x80: u64 = ((x78 & (0xffffffffffffff as u128)) as u64); let x81: u128 = (x70 + (x64 + (x58 + (x52 + (x39 + x35))))); let x82: u128 = (x71 + (x65 + (x59 + (x53 + (x47 + (x41 + (x37 + (x30 + x26)))))))); let x83: u128 = (x72 + (x66 + (x60 + (x55 + (x49 + (x43 + (x31 + x27))))))); let x84: u128 = (x73 + (x67 + (x63 + (x61 + (x57 + (x51 + (x45 + (x33 + (x32 + (x29 + x28)))))))))); let x85: u128 = (x75 + (x69 + (x46 + (x40 + (x36 + x22))))); let x86: u128 = (x76 + (x54 + (x48 + (x42 + x23)))); let x87: u128 = (x77 + (x62 + (x56 + (x50 + (x44 + (x25 + x24)))))); let x88: u128 = ((x79 as u128) + x84); let x89: u64 = ((x81 >> 56) as u64); let x90: u64 = ((x81 & (0xffffffffffffff as u128)) as u64); let x91: u128 = (x88 + (x89 as u128)); let x92: u64 = ((x91 >> 56) as u64); let x93: u64 = ((x91 & (0xffffffffffffff as u128)) as u64); let x94: u128 = (x87 + (x89 as u128)); let x95: u128 = ((x92 as u128) + x83); let x96: u64 = ((x94 >> 56) as u64); let x97: u64 = ((x94 & (0xffffffffffffff as u128)) as u64); let x98: u128 = ((x96 as u128) + x86); let x99: u64 = ((x95 >> 56) as u64); let x100: u64 = ((x95 & (0xffffffffffffff as u128)) as u64); let x101: u128 = ((x99 as u128) + x82); let x102: u64 = ((x98 >> 56) as u64); let x103: u64 = ((x98 & (0xffffffffffffff as u128)) as u64); let x104: u128 = ((x102 as u128) + x85); let x105: u64 = ((x101 >> 56) as u64); let x106: u64 = ((x101 & (0xffffffffffffff as u128)) as u64); let x107: u64 = (x105 + x90); let x108: u64 = ((x104 >> 56) as u64); let x109: u64 = ((x104 & (0xffffffffffffff as u128)) as u64); let x110: u64 = (x108 + x80); let x111: u64 = (x107 >> 56); let x112: u64 = (x107 & 0xffffffffffffff); let x113: u64 = (x110 >> 56); let x114: u64 = (x110 & 0xffffffffffffff); let x115: u64 = (x93 + x111); let x116: u64 = (x97 + x111); let x117: u64 = (x113 + x115); let x118: fiat_p448_u1 = ((x117 >> 56) as fiat_p448_u1); let x119: u64 = (x117 & 0xffffffffffffff); let x120: u64 = ((x118 as u64) + x100); let x121: fiat_p448_u1 = ((x116 >> 56) as fiat_p448_u1); let x122: u64 = (x116 & 0xffffffffffffff); let x123: u64 = ((x121 as u64) + x103); out1[0] = x122; out1[1] = x123; out1[2] = x109; out1[3] = x114; out1[4] = x119; out1[5] = x120; out1[6] = x106; out1[7] = x112; } /// The function fiat_p448_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_p448_carry(out1: &mut fiat_p448_tight_field_element, arg1: &fiat_p448_loose_field_element) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[7]); let x3: u64 = (x2 >> 56); let x4: u64 = (((x1 >> 56) + (arg1[4])) + x3); let x5: u64 = ((arg1[0]) + x3); let x6: u64 = ((x4 >> 56) + (arg1[5])); let x7: u64 = ((x5 >> 56) + (arg1[1])); let x8: u64 = ((x6 >> 56) + (arg1[6])); let x9: u64 = ((x7 >> 56) + (arg1[2])); let x10: u64 = ((x8 >> 56) + (x2 & 0xffffffffffffff)); let x11: u64 = ((x9 >> 56) + (x1 & 0xffffffffffffff)); let x12: fiat_p448_u1 = ((x10 >> 56) as fiat_p448_u1); let x13: u64 = ((x5 & 0xffffffffffffff) + (x12 as u64)); let x14: u64 = ((((x11 >> 56) as fiat_p448_u1) as u64) + ((x4 & 0xffffffffffffff) + (x12 as u64))); let x15: u64 = (x13 & 0xffffffffffffff); let x16: u64 = ((((x13 >> 56) as fiat_p448_u1) as u64) + (x7 & 0xffffffffffffff)); let x17: u64 = (x9 & 0xffffffffffffff); let x18: u64 = (x11 & 0xffffffffffffff); let x19: u64 = (x14 & 0xffffffffffffff); let x20: u64 = ((((x14 >> 56) as fiat_p448_u1) as u64) + (x6 & 0xffffffffffffff)); let x21: u64 = (x8 & 0xffffffffffffff); let x22: u64 = (x10 & 0xffffffffffffff); out1[0] = x15; out1[1] = x16; out1[2] = x17; out1[3] = x18; out1[4] = x19; out1[5] = x20; out1[6] = x21; out1[7] = x22; } /// The function fiat_p448_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_p448_add(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element, arg2: &fiat_p448_tight_field_element) { let x1: u64 = ((arg1[0]) + (arg2[0])); let x2: u64 = ((arg1[1]) + (arg2[1])); let x3: u64 = ((arg1[2]) + (arg2[2])); let x4: u64 = ((arg1[3]) + (arg2[3])); let x5: u64 = ((arg1[4]) + (arg2[4])); let x6: u64 = ((arg1[5]) + (arg2[5])); let x7: u64 = ((arg1[6]) + (arg2[6])); let x8: u64 = ((arg1[7]) + (arg2[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p448_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_p448_sub(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element, arg2: &fiat_p448_tight_field_element) { let x1: u64 = ((0x1fffffffffffffe + (arg1[0])) - (arg2[0])); let x2: u64 = ((0x1fffffffffffffe + (arg1[1])) - (arg2[1])); let x3: u64 = ((0x1fffffffffffffe + (arg1[2])) - (arg2[2])); let x4: u64 = ((0x1fffffffffffffe + (arg1[3])) - (arg2[3])); let x5: u64 = ((0x1fffffffffffffc + (arg1[4])) - (arg2[4])); let x6: u64 = ((0x1fffffffffffffe + (arg1[5])) - (arg2[5])); let x7: u64 = ((0x1fffffffffffffe + (arg1[6])) - (arg2[6])); let x8: u64 = ((0x1fffffffffffffe + (arg1[7])) - (arg2[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p448_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_p448_opp(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element) { let x1: u64 = (0x1fffffffffffffe - (arg1[0])); let x2: u64 = (0x1fffffffffffffe - (arg1[1])); let x3: u64 = (0x1fffffffffffffe - (arg1[2])); let x4: u64 = (0x1fffffffffffffe - (arg1[3])); let x5: u64 = (0x1fffffffffffffc - (arg1[4])); let x6: u64 = (0x1fffffffffffffe - (arg1[5])); let x7: u64 = (0x1fffffffffffffe - (arg1[6])); let x8: u64 = (0x1fffffffffffffe - (arg1[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p448_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p448_selectznz(out1: &mut [u64; 8], arg1: fiat_p448_u1, arg2: &[u64; 8], arg3: &[u64; 8]) { let mut x1: u64 = 0; fiat_p448_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p448_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p448_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p448_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_p448_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u64 = 0; fiat_p448_cmovznz_u64(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u64 = 0; fiat_p448_cmovznz_u64(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u64 = 0; fiat_p448_cmovznz_u64(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_p448_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..55] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p448_to_bytes(out1: &mut [u8; 56], arg1: &fiat_p448_tight_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x1, &mut x2, 0x0, (arg1[0]), 0xffffffffffffff); let mut x3: u64 = 0; let mut x4: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x3, &mut x4, x2, (arg1[1]), 0xffffffffffffff); let mut x5: u64 = 0; let mut x6: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x5, &mut x6, x4, (arg1[2]), 0xffffffffffffff); let mut x7: u64 = 0; let mut x8: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x7, &mut x8, x6, (arg1[3]), 0xffffffffffffff); let mut x9: u64 = 0; let mut x10: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x9, &mut x10, x8, (arg1[4]), 0xfffffffffffffe); let mut x11: u64 = 0; let mut x12: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x11, &mut x12, x10, (arg1[5]), 0xffffffffffffff); let mut x13: u64 = 0; let mut x14: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x13, &mut x14, x12, (arg1[6]), 0xffffffffffffff); let mut x15: u64 = 0; let mut x16: fiat_p448_u1 = 0; fiat_p448_subborrowx_u56(&mut x15, &mut x16, x14, (arg1[7]), 0xffffffffffffff); let mut x17: u64 = 0; fiat_p448_cmovznz_u64(&mut x17, x16, (0x0 as u64), 0xffffffffffffffff); let mut x18: u64 = 0; let mut x19: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x18, &mut x19, 0x0, x1, (x17 & 0xffffffffffffff)); let mut x20: u64 = 0; let mut x21: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x20, &mut x21, x19, x3, (x17 & 0xffffffffffffff)); let mut x22: u64 = 0; let mut x23: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x22, &mut x23, x21, x5, (x17 & 0xffffffffffffff)); let mut x24: u64 = 0; let mut x25: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x24, &mut x25, x23, x7, (x17 & 0xffffffffffffff)); let mut x26: u64 = 0; let mut x27: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x26, &mut x27, x25, x9, (x17 & 0xfffffffffffffe)); let mut x28: u64 = 0; let mut x29: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x28, &mut x29, x27, x11, (x17 & 0xffffffffffffff)); let mut x30: u64 = 0; let mut x31: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x30, &mut x31, x29, x13, (x17 & 0xffffffffffffff)); let mut x32: u64 = 0; let mut x33: fiat_p448_u1 = 0; fiat_p448_addcarryx_u56(&mut x32, &mut x33, x31, x15, (x17 & 0xffffffffffffff)); let x34: u8 = ((x18 & (0xff as u64)) as u8); let x35: u64 = (x18 >> 8); let x36: u8 = ((x35 & (0xff as u64)) as u8); let x37: u64 = (x35 >> 8); let x38: u8 = ((x37 & (0xff as u64)) as u8); let x39: u64 = (x37 >> 8); let x40: u8 = ((x39 & (0xff as u64)) as u8); let x41: u64 = (x39 >> 8); let x42: u8 = ((x41 & (0xff as u64)) as u8); let x43: u64 = (x41 >> 8); let x44: u8 = ((x43 & (0xff as u64)) as u8); let x45: u8 = ((x43 >> 8) as u8); let x46: u8 = ((x20 & (0xff as u64)) as u8); let x47: u64 = (x20 >> 8); let x48: u8 = ((x47 & (0xff as u64)) as u8); let x49: u64 = (x47 >> 8); let x50: u8 = ((x49 & (0xff as u64)) as u8); let x51: u64 = (x49 >> 8); let x52: u8 = ((x51 & (0xff as u64)) as u8); let x53: u64 = (x51 >> 8); let x54: u8 = ((x53 & (0xff as u64)) as u8); let x55: u64 = (x53 >> 8); let x56: u8 = ((x55 & (0xff as u64)) as u8); let x57: u8 = ((x55 >> 8) as u8); let x58: u8 = ((x22 & (0xff as u64)) as u8); let x59: u64 = (x22 >> 8); let x60: u8 = ((x59 & (0xff as u64)) as u8); let x61: u64 = (x59 >> 8); let x62: u8 = ((x61 & (0xff as u64)) as u8); let x63: u64 = (x61 >> 8); let x64: u8 = ((x63 & (0xff as u64)) as u8); let x65: u64 = (x63 >> 8); let x66: u8 = ((x65 & (0xff as u64)) as u8); let x67: u64 = (x65 >> 8); let x68: u8 = ((x67 & (0xff as u64)) as u8); let x69: u8 = ((x67 >> 8) as u8); let x70: u8 = ((x24 & (0xff as u64)) as u8); let x71: u64 = (x24 >> 8); let x72: u8 = ((x71 & (0xff as u64)) as u8); let x73: u64 = (x71 >> 8); let x74: u8 = ((x73 & (0xff as u64)) as u8); let x75: u64 = (x73 >> 8); let x76: u8 = ((x75 & (0xff as u64)) as u8); let x77: u64 = (x75 >> 8); let x78: u8 = ((x77 & (0xff as u64)) as u8); let x79: u64 = (x77 >> 8); let x80: u8 = ((x79 & (0xff as u64)) as u8); let x81: u8 = ((x79 >> 8) as u8); let x82: u8 = ((x26 & (0xff as u64)) as u8); let x83: u64 = (x26 >> 8); let x84: u8 = ((x83 & (0xff as u64)) as u8); let x85: u64 = (x83 >> 8); let x86: u8 = ((x85 & (0xff as u64)) as u8); let x87: u64 = (x85 >> 8); let x88: u8 = ((x87 & (0xff as u64)) as u8); let x89: u64 = (x87 >> 8); let x90: u8 = ((x89 & (0xff as u64)) as u8); let x91: u64 = (x89 >> 8); let x92: u8 = ((x91 & (0xff as u64)) as u8); let x93: u8 = ((x91 >> 8) as u8); let x94: u8 = ((x28 & (0xff as u64)) as u8); let x95: u64 = (x28 >> 8); let x96: u8 = ((x95 & (0xff as u64)) as u8); let x97: u64 = (x95 >> 8); let x98: u8 = ((x97 & (0xff as u64)) as u8); let x99: u64 = (x97 >> 8); let x100: u8 = ((x99 & (0xff as u64)) as u8); let x101: u64 = (x99 >> 8); let x102: u8 = ((x101 & (0xff as u64)) as u8); let x103: u64 = (x101 >> 8); let x104: u8 = ((x103 & (0xff as u64)) as u8); let x105: u8 = ((x103 >> 8) as u8); let x106: u8 = ((x30 & (0xff as u64)) as u8); let x107: u64 = (x30 >> 8); let x108: u8 = ((x107 & (0xff as u64)) as u8); let x109: u64 = (x107 >> 8); let x110: u8 = ((x109 & (0xff as u64)) as u8); let x111: u64 = (x109 >> 8); let x112: u8 = ((x111 & (0xff as u64)) as u8); let x113: u64 = (x111 >> 8); let x114: u8 = ((x113 & (0xff as u64)) as u8); let x115: u64 = (x113 >> 8); let x116: u8 = ((x115 & (0xff as u64)) as u8); let x117: u8 = ((x115 >> 8) as u8); let x118: u8 = ((x32 & (0xff as u64)) as u8); let x119: u64 = (x32 >> 8); let x120: u8 = ((x119 & (0xff as u64)) as u8); let x121: u64 = (x119 >> 8); let x122: u8 = ((x121 & (0xff as u64)) as u8); let x123: u64 = (x121 >> 8); let x124: u8 = ((x123 & (0xff as u64)) as u8); let x125: u64 = (x123 >> 8); let x126: u8 = ((x125 & (0xff as u64)) as u8); let x127: u64 = (x125 >> 8); let x128: u8 = ((x127 & (0xff as u64)) as u8); let x129: u8 = ((x127 >> 8) as u8); out1[0] = x34; out1[1] = x36; out1[2] = x38; out1[3] = x40; out1[4] = x42; out1[5] = x44; out1[6] = x45; out1[7] = x46; out1[8] = x48; out1[9] = x50; out1[10] = x52; out1[11] = x54; out1[12] = x56; out1[13] = x57; out1[14] = x58; out1[15] = x60; out1[16] = x62; out1[17] = x64; out1[18] = x66; out1[19] = x68; out1[20] = x69; out1[21] = x70; out1[22] = x72; out1[23] = x74; out1[24] = x76; out1[25] = x78; out1[26] = x80; out1[27] = x81; out1[28] = x82; out1[29] = x84; out1[30] = x86; out1[31] = x88; out1[32] = x90; out1[33] = x92; out1[34] = x93; out1[35] = x94; out1[36] = x96; out1[37] = x98; out1[38] = x100; out1[39] = x102; out1[40] = x104; out1[41] = x105; out1[42] = x106; out1[43] = x108; out1[44] = x110; out1[45] = x112; out1[46] = x114; out1[47] = x116; out1[48] = x117; out1[49] = x118; out1[50] = x120; out1[51] = x122; out1[52] = x124; out1[53] = x126; out1[54] = x128; out1[55] = x129; } /// The function fiat_p448_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_p448_from_bytes(out1: &mut fiat_p448_tight_field_element, arg1: &[u8; 56]) { let x1: u64 = (((arg1[55]) as u64) << 48); let x2: u64 = (((arg1[54]) as u64) << 40); let x3: u64 = (((arg1[53]) as u64) << 32); let x4: u64 = (((arg1[52]) as u64) << 24); let x5: u64 = (((arg1[51]) as u64) << 16); let x6: u64 = (((arg1[50]) as u64) << 8); let x7: u8 = (arg1[49]); let x8: u64 = (((arg1[48]) as u64) << 48); let x9: u64 = (((arg1[47]) as u64) << 40); let x10: u64 = (((arg1[46]) as u64) << 32); let x11: u64 = (((arg1[45]) as u64) << 24); let x12: u64 = (((arg1[44]) as u64) << 16); let x13: u64 = (((arg1[43]) as u64) << 8); let x14: u8 = (arg1[42]); let x15: u64 = (((arg1[41]) as u64) << 48); let x16: u64 = (((arg1[40]) as u64) << 40); let x17: u64 = (((arg1[39]) as u64) << 32); let x18: u64 = (((arg1[38]) as u64) << 24); let x19: u64 = (((arg1[37]) as u64) << 16); let x20: u64 = (((arg1[36]) as u64) << 8); let x21: u8 = (arg1[35]); let x22: u64 = (((arg1[34]) as u64) << 48); let x23: u64 = (((arg1[33]) as u64) << 40); let x24: u64 = (((arg1[32]) as u64) << 32); let x25: u64 = (((arg1[31]) as u64) << 24); let x26: u64 = (((arg1[30]) as u64) << 16); let x27: u64 = (((arg1[29]) as u64) << 8); let x28: u8 = (arg1[28]); let x29: u64 = (((arg1[27]) as u64) << 48); let x30: u64 = (((arg1[26]) as u64) << 40); let x31: u64 = (((arg1[25]) as u64) << 32); let x32: u64 = (((arg1[24]) as u64) << 24); let x33: u64 = (((arg1[23]) as u64) << 16); let x34: u64 = (((arg1[22]) as u64) << 8); let x35: u8 = (arg1[21]); let x36: u64 = (((arg1[20]) as u64) << 48); let x37: u64 = (((arg1[19]) as u64) << 40); let x38: u64 = (((arg1[18]) as u64) << 32); let x39: u64 = (((arg1[17]) as u64) << 24); let x40: u64 = (((arg1[16]) as u64) << 16); let x41: u64 = (((arg1[15]) as u64) << 8); let x42: u8 = (arg1[14]); let x43: u64 = (((arg1[13]) as u64) << 48); let x44: u64 = (((arg1[12]) as u64) << 40); let x45: u64 = (((arg1[11]) as u64) << 32); let x46: u64 = (((arg1[10]) as u64) << 24); let x47: u64 = (((arg1[9]) as u64) << 16); let x48: u64 = (((arg1[8]) as u64) << 8); let x49: u8 = (arg1[7]); let x50: u64 = (((arg1[6]) as u64) << 48); let x51: u64 = (((arg1[5]) as u64) << 40); let x52: u64 = (((arg1[4]) as u64) << 32); let x53: u64 = (((arg1[3]) as u64) << 24); let x54: u64 = (((arg1[2]) as u64) << 16); let x55: u64 = (((arg1[1]) as u64) << 8); let x56: u8 = (arg1[0]); let x57: u64 = (x55 + (x56 as u64)); let x58: u64 = (x54 + x57); let x59: u64 = (x53 + x58); let x60: u64 = (x52 + x59); let x61: u64 = (x51 + x60); let x62: u64 = (x50 + x61); let x63: u64 = (x48 + (x49 as u64)); let x64: u64 = (x47 + x63); let x65: u64 = (x46 + x64); let x66: u64 = (x45 + x65); let x67: u64 = (x44 + x66); let x68: u64 = (x43 + x67); let x69: u64 = (x41 + (x42 as u64)); let x70: u64 = (x40 + x69); let x71: u64 = (x39 + x70); let x72: u64 = (x38 + x71); let x73: u64 = (x37 + x72); let x74: u64 = (x36 + x73); let x75: u64 = (x34 + (x35 as u64)); let x76: u64 = (x33 + x75); let x77: u64 = (x32 + x76); let x78: u64 = (x31 + x77); let x79: u64 = (x30 + x78); let x80: u64 = (x29 + x79); let x81: u64 = (x27 + (x28 as u64)); let x82: u64 = (x26 + x81); let x83: u64 = (x25 + x82); let x84: u64 = (x24 + x83); let x85: u64 = (x23 + x84); let x86: u64 = (x22 + x85); let x87: u64 = (x20 + (x21 as u64)); let x88: u64 = (x19 + x87); let x89: u64 = (x18 + x88); let x90: u64 = (x17 + x89); let x91: u64 = (x16 + x90); let x92: u64 = (x15 + x91); let x93: u64 = (x13 + (x14 as u64)); let x94: u64 = (x12 + x93); let x95: u64 = (x11 + x94); let x96: u64 = (x10 + x95); let x97: u64 = (x9 + x96); let x98: u64 = (x8 + x97); let x99: u64 = (x6 + (x7 as u64)); let x100: u64 = (x5 + x99); let x101: u64 = (x4 + x100); let x102: u64 = (x3 + x101); let x103: u64 = (x2 + x102); let x104: u64 = (x1 + x103); out1[0] = x62; out1[1] = x68; out1[2] = x74; out1[3] = x80; out1[4] = x86; out1[5] = x92; out1[6] = x98; out1[7] = x104; } /// The function fiat_p448_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_p448_relax(out1: &mut fiat_p448_loose_field_element, arg1: &fiat_p448_tight_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = (arg1[1]); let x3: u64 = (arg1[2]); let x4: u64 = (arg1[3]); let x5: u64 = (arg1[4]); let x6: u64 = (arg1[5]); let x7: u64 = (arg1[6]); let x8: u64 = (arg1[7]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } fiat-crypto-0.2.2/src/p521_32.rs000064400000000000000000002565341046102023000142350ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline p521 32 '(auto)' '2^521 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: p521 //! machine_wordsize = 32 (from "32") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 19 (from "(auto)") //! s-c = 2^521 - [(1, 1)] (from "2^521 - 1") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 0, 1] //! eval z = z[0] + (z[1] << 28) + (z[2] << 55) + (z[3] << 83) + (z[4] << 110) + (z[5] << 138) + (z[6] << 165) + (z[7] << 192) + (z[8] << 220) + (z[9] << 247) + (z[10] << 0x113) + (z[11] << 0x12e) + (z[12] << 0x14a) + (z[13] << 0x165) + (z[14] << 0x180) + (z[15] << 0x19c) + (z[16] << 0x1b7) + (z[17] << 0x1d3) + (z[18] << 0x1ee) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) //! balance = [0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0x1ffffffe, 0xffffffe, 0xffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p521_u1 = u8; pub type fiat_p521_i1 = i8; pub type fiat_p521_u2 = u8; pub type fiat_p521_i2 = i8; /** The type fiat_p521_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x30000000], [0x0 ~> 0x18000000], [0x0 ~> 0x18000000]] */ #[derive(Clone, Copy)] pub struct fiat_p521_loose_field_element(pub [u32; 19]); impl core::ops::Index for fiat_p521_loose_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p521_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p521_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x10000000], [0x0 ~> 0x8000000], [0x0 ~> 0x8000000]] */ #[derive(Clone, Copy)] pub struct fiat_p521_tight_field_element(pub [u32; 19]); impl core::ops::Index for fiat_p521_tight_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p521_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p521_addcarryx_u28 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^28 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^28⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffff] /// arg3: [0x0 ~> 0xfffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_addcarryx_u28(out1: &mut u32, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0xfffffff); let x3: fiat_p521_u1 = ((x1 >> 28) as fiat_p521_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p521_subborrowx_u28 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^28 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^28⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffff] /// arg3: [0x0 ~> 0xfffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_subborrowx_u28(out1: &mut u32, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_p521_i1 = ((x1 >> 28) as fiat_p521_i1); let x3: u32 = (((x1 as i64) & (0xfffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p521_i2) - (x2 as fiat_p521_i2)) as fiat_p521_u1); } /// The function fiat_p521_addcarryx_u27 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^27 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^27⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffff] /// arg3: [0x0 ~> 0x7ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_addcarryx_u27(out1: &mut u32, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0x7ffffff); let x3: fiat_p521_u1 = ((x1 >> 27) as fiat_p521_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p521_subborrowx_u27 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^27 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^27⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffff] /// arg3: [0x0 ~> 0x7ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_subborrowx_u27(out1: &mut u32, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_p521_i1 = ((x1 >> 27) as fiat_p521_i1); let x3: u32 = (((x1 as i64) & (0x7ffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_p521_i2) - (x2 as fiat_p521_i2)) as fiat_p521_u1); } /// The function fiat_p521_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_p521_cmovznz_u32(out1: &mut u32, arg1: fiat_p521_u1, arg2: u32, arg3: u32) { let x1: fiat_p521_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_p521_i2) - (x1 as fiat_p521_i2)) as fiat_p521_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p521_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_p521_carry_mul(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element, arg2: &fiat_p521_loose_field_element) { let x1: u64 = (((arg1[18]) as u64) * ((arg2[18]) as u64)); let x2: u64 = (((arg1[18]) as u64) * (((arg2[17]) * 0x2) as u64)); let x3: u64 = (((arg1[18]) as u64) * ((arg2[16]) as u64)); let x4: u64 = (((arg1[18]) as u64) * (((arg2[15]) * 0x2) as u64)); let x5: u64 = (((arg1[18]) as u64) * ((arg2[14]) as u64)); let x6: u64 = (((arg1[18]) as u64) * ((arg2[13]) as u64)); let x7: u64 = (((arg1[18]) as u64) * (((arg2[12]) * 0x2) as u64)); let x8: u64 = (((arg1[18]) as u64) * ((arg2[11]) as u64)); let x9: u64 = (((arg1[18]) as u64) * (((arg2[10]) * 0x2) as u64)); let x10: u64 = (((arg1[18]) as u64) * ((arg2[9]) as u64)); let x11: u64 = (((arg1[18]) as u64) * (((arg2[8]) * 0x2) as u64)); let x12: u64 = (((arg1[18]) as u64) * ((arg2[7]) as u64)); let x13: u64 = (((arg1[18]) as u64) * ((arg2[6]) as u64)); let x14: u64 = (((arg1[18]) as u64) * (((arg2[5]) * 0x2) as u64)); let x15: u64 = (((arg1[18]) as u64) * ((arg2[4]) as u64)); let x16: u64 = (((arg1[18]) as u64) * (((arg2[3]) * 0x2) as u64)); let x17: u64 = (((arg1[18]) as u64) * ((arg2[2]) as u64)); let x18: u64 = (((arg1[18]) as u64) * (((arg2[1]) * 0x2) as u64)); let x19: u64 = (((arg1[17]) as u64) * (((arg2[18]) * 0x2) as u64)); let x20: u64 = (((arg1[17]) as u64) * (((arg2[17]) * 0x2) as u64)); let x21: u64 = (((arg1[17]) as u64) * (((arg2[16]) * 0x2) as u64)); let x22: u64 = (((arg1[17]) as u64) * (((arg2[15]) * 0x2) as u64)); let x23: u64 = (((arg1[17]) as u64) * ((arg2[14]) as u64)); let x24: u64 = (((arg1[17]) as u64) * (((arg2[13]) * 0x2) as u64)); let x25: u64 = (((arg1[17]) as u64) * (((arg2[12]) * 0x2) as u64)); let x26: u64 = (((arg1[17]) as u64) * (((arg2[11]) * 0x2) as u64)); let x27: u64 = (((arg1[17]) as u64) * (((arg2[10]) * 0x2) as u64)); let x28: u64 = (((arg1[17]) as u64) * (((arg2[9]) * 0x2) as u64)); let x29: u64 = (((arg1[17]) as u64) * (((arg2[8]) * 0x2) as u64)); let x30: u64 = (((arg1[17]) as u64) * ((arg2[7]) as u64)); let x31: u64 = (((arg1[17]) as u64) * (((arg2[6]) * 0x2) as u64)); let x32: u64 = (((arg1[17]) as u64) * (((arg2[5]) * 0x2) as u64)); let x33: u64 = (((arg1[17]) as u64) * (((arg2[4]) * 0x2) as u64)); let x34: u64 = (((arg1[17]) as u64) * (((arg2[3]) * 0x2) as u64)); let x35: u64 = (((arg1[17]) as u64) * (((arg2[2]) * 0x2) as u64)); let x36: u64 = (((arg1[16]) as u64) * ((arg2[18]) as u64)); let x37: u64 = (((arg1[16]) as u64) * (((arg2[17]) * 0x2) as u64)); let x38: u64 = (((arg1[16]) as u64) * ((arg2[16]) as u64)); let x39: u64 = (((arg1[16]) as u64) * ((arg2[15]) as u64)); let x40: u64 = (((arg1[16]) as u64) * ((arg2[14]) as u64)); let x41: u64 = (((arg1[16]) as u64) * ((arg2[13]) as u64)); let x42: u64 = (((arg1[16]) as u64) * (((arg2[12]) * 0x2) as u64)); let x43: u64 = (((arg1[16]) as u64) * ((arg2[11]) as u64)); let x44: u64 = (((arg1[16]) as u64) * (((arg2[10]) * 0x2) as u64)); let x45: u64 = (((arg1[16]) as u64) * ((arg2[9]) as u64)); let x46: u64 = (((arg1[16]) as u64) * ((arg2[8]) as u64)); let x47: u64 = (((arg1[16]) as u64) * ((arg2[7]) as u64)); let x48: u64 = (((arg1[16]) as u64) * ((arg2[6]) as u64)); let x49: u64 = (((arg1[16]) as u64) * (((arg2[5]) * 0x2) as u64)); let x50: u64 = (((arg1[16]) as u64) * ((arg2[4]) as u64)); let x51: u64 = (((arg1[16]) as u64) * (((arg2[3]) * 0x2) as u64)); let x52: u64 = (((arg1[15]) as u64) * (((arg2[18]) * 0x2) as u64)); let x53: u64 = (((arg1[15]) as u64) * (((arg2[17]) * 0x2) as u64)); let x54: u64 = (((arg1[15]) as u64) * ((arg2[16]) as u64)); let x55: u64 = (((arg1[15]) as u64) * (((arg2[15]) * 0x2) as u64)); let x56: u64 = (((arg1[15]) as u64) * ((arg2[14]) as u64)); let x57: u64 = (((arg1[15]) as u64) * (((arg2[13]) * 0x2) as u64)); let x58: u64 = (((arg1[15]) as u64) * (((arg2[12]) * 0x2) as u64)); let x59: u64 = (((arg1[15]) as u64) * (((arg2[11]) * 0x2) as u64)); let x60: u64 = (((arg1[15]) as u64) * (((arg2[10]) * 0x2) as u64)); let x61: u64 = (((arg1[15]) as u64) * ((arg2[9]) as u64)); let x62: u64 = (((arg1[15]) as u64) * (((arg2[8]) * 0x2) as u64)); let x63: u64 = (((arg1[15]) as u64) * ((arg2[7]) as u64)); let x64: u64 = (((arg1[15]) as u64) * (((arg2[6]) * 0x2) as u64)); let x65: u64 = (((arg1[15]) as u64) * (((arg2[5]) * 0x2) as u64)); let x66: u64 = (((arg1[15]) as u64) * (((arg2[4]) * 0x2) as u64)); let x67: u64 = (((arg1[14]) as u64) * ((arg2[18]) as u64)); let x68: u64 = (((arg1[14]) as u64) * ((arg2[17]) as u64)); let x69: u64 = (((arg1[14]) as u64) * ((arg2[16]) as u64)); let x70: u64 = (((arg1[14]) as u64) * ((arg2[15]) as u64)); let x71: u64 = (((arg1[14]) as u64) * ((arg2[14]) as u64)); let x72: u64 = (((arg1[14]) as u64) * ((arg2[13]) as u64)); let x73: u64 = (((arg1[14]) as u64) * (((arg2[12]) * 0x2) as u64)); let x74: u64 = (((arg1[14]) as u64) * ((arg2[11]) as u64)); let x75: u64 = (((arg1[14]) as u64) * ((arg2[10]) as u64)); let x76: u64 = (((arg1[14]) as u64) * ((arg2[9]) as u64)); let x77: u64 = (((arg1[14]) as u64) * ((arg2[8]) as u64)); let x78: u64 = (((arg1[14]) as u64) * ((arg2[7]) as u64)); let x79: u64 = (((arg1[14]) as u64) * ((arg2[6]) as u64)); let x80: u64 = (((arg1[14]) as u64) * (((arg2[5]) * 0x2) as u64)); let x81: u64 = (((arg1[13]) as u64) * ((arg2[18]) as u64)); let x82: u64 = (((arg1[13]) as u64) * (((arg2[17]) * 0x2) as u64)); let x83: u64 = (((arg1[13]) as u64) * ((arg2[16]) as u64)); let x84: u64 = (((arg1[13]) as u64) * (((arg2[15]) * 0x2) as u64)); let x85: u64 = (((arg1[13]) as u64) * ((arg2[14]) as u64)); let x86: u64 = (((arg1[13]) as u64) * (((arg2[13]) * 0x2) as u64)); let x87: u64 = (((arg1[13]) as u64) * (((arg2[12]) * 0x2) as u64)); let x88: u64 = (((arg1[13]) as u64) * ((arg2[11]) as u64)); let x89: u64 = (((arg1[13]) as u64) * (((arg2[10]) * 0x2) as u64)); let x90: u64 = (((arg1[13]) as u64) * ((arg2[9]) as u64)); let x91: u64 = (((arg1[13]) as u64) * (((arg2[8]) * 0x2) as u64)); let x92: u64 = (((arg1[13]) as u64) * ((arg2[7]) as u64)); let x93: u64 = (((arg1[13]) as u64) * (((arg2[6]) * 0x2) as u64)); let x94: u64 = (((arg1[12]) as u64) * (((arg2[18]) * 0x2) as u64)); let x95: u64 = (((arg1[12]) as u64) * (((arg2[17]) * 0x2) as u64)); let x96: u64 = (((arg1[12]) as u64) * (((arg2[16]) * 0x2) as u64)); let x97: u64 = (((arg1[12]) as u64) * (((arg2[15]) * 0x2) as u64)); let x98: u64 = (((arg1[12]) as u64) * (((arg2[14]) * 0x2) as u64)); let x99: u64 = (((arg1[12]) as u64) * (((arg2[13]) * 0x2) as u64)); let x100: u64 = (((arg1[12]) as u64) * (((arg2[12]) * 0x2) as u64)); let x101: u64 = (((arg1[12]) as u64) * (((arg2[11]) * 0x2) as u64)); let x102: u64 = (((arg1[12]) as u64) * (((arg2[10]) * 0x2) as u64)); let x103: u64 = (((arg1[12]) as u64) * (((arg2[9]) * 0x2) as u64)); let x104: u64 = (((arg1[12]) as u64) * (((arg2[8]) * 0x2) as u64)); let x105: u64 = (((arg1[12]) as u64) * (((arg2[7]) * 0x2) as u64)); let x106: u64 = (((arg1[11]) as u64) * ((arg2[18]) as u64)); let x107: u64 = (((arg1[11]) as u64) * (((arg2[17]) * 0x2) as u64)); let x108: u64 = (((arg1[11]) as u64) * ((arg2[16]) as u64)); let x109: u64 = (((arg1[11]) as u64) * (((arg2[15]) * 0x2) as u64)); let x110: u64 = (((arg1[11]) as u64) * ((arg2[14]) as u64)); let x111: u64 = (((arg1[11]) as u64) * ((arg2[13]) as u64)); let x112: u64 = (((arg1[11]) as u64) * (((arg2[12]) * 0x2) as u64)); let x113: u64 = (((arg1[11]) as u64) * ((arg2[11]) as u64)); let x114: u64 = (((arg1[11]) as u64) * (((arg2[10]) * 0x2) as u64)); let x115: u64 = (((arg1[11]) as u64) * ((arg2[9]) as u64)); let x116: u64 = (((arg1[11]) as u64) * (((arg2[8]) * 0x2) as u64)); let x117: u64 = (((arg1[10]) as u64) * (((arg2[18]) * 0x2) as u64)); let x118: u64 = (((arg1[10]) as u64) * (((arg2[17]) * 0x2) as u64)); let x119: u64 = (((arg1[10]) as u64) * (((arg2[16]) * 0x2) as u64)); let x120: u64 = (((arg1[10]) as u64) * (((arg2[15]) * 0x2) as u64)); let x121: u64 = (((arg1[10]) as u64) * ((arg2[14]) as u64)); let x122: u64 = (((arg1[10]) as u64) * (((arg2[13]) * 0x2) as u64)); let x123: u64 = (((arg1[10]) as u64) * (((arg2[12]) * 0x2) as u64)); let x124: u64 = (((arg1[10]) as u64) * (((arg2[11]) * 0x2) as u64)); let x125: u64 = (((arg1[10]) as u64) * (((arg2[10]) * 0x2) as u64)); let x126: u64 = (((arg1[10]) as u64) * (((arg2[9]) * 0x2) as u64)); let x127: u64 = (((arg1[9]) as u64) * ((arg2[18]) as u64)); let x128: u64 = (((arg1[9]) as u64) * (((arg2[17]) * 0x2) as u64)); let x129: u64 = (((arg1[9]) as u64) * ((arg2[16]) as u64)); let x130: u64 = (((arg1[9]) as u64) * ((arg2[15]) as u64)); let x131: u64 = (((arg1[9]) as u64) * ((arg2[14]) as u64)); let x132: u64 = (((arg1[9]) as u64) * ((arg2[13]) as u64)); let x133: u64 = (((arg1[9]) as u64) * (((arg2[12]) * 0x2) as u64)); let x134: u64 = (((arg1[9]) as u64) * ((arg2[11]) as u64)); let x135: u64 = (((arg1[9]) as u64) * (((arg2[10]) * 0x2) as u64)); let x136: u64 = (((arg1[8]) as u64) * (((arg2[18]) * 0x2) as u64)); let x137: u64 = (((arg1[8]) as u64) * (((arg2[17]) * 0x2) as u64)); let x138: u64 = (((arg1[8]) as u64) * ((arg2[16]) as u64)); let x139: u64 = (((arg1[8]) as u64) * (((arg2[15]) * 0x2) as u64)); let x140: u64 = (((arg1[8]) as u64) * ((arg2[14]) as u64)); let x141: u64 = (((arg1[8]) as u64) * (((arg2[13]) * 0x2) as u64)); let x142: u64 = (((arg1[8]) as u64) * (((arg2[12]) * 0x2) as u64)); let x143: u64 = (((arg1[8]) as u64) * (((arg2[11]) * 0x2) as u64)); let x144: u64 = (((arg1[7]) as u64) * ((arg2[18]) as u64)); let x145: u64 = (((arg1[7]) as u64) * ((arg2[17]) as u64)); let x146: u64 = (((arg1[7]) as u64) * ((arg2[16]) as u64)); let x147: u64 = (((arg1[7]) as u64) * ((arg2[15]) as u64)); let x148: u64 = (((arg1[7]) as u64) * ((arg2[14]) as u64)); let x149: u64 = (((arg1[7]) as u64) * ((arg2[13]) as u64)); let x150: u64 = (((arg1[7]) as u64) * (((arg2[12]) * 0x2) as u64)); let x151: u64 = (((arg1[6]) as u64) * ((arg2[18]) as u64)); let x152: u64 = (((arg1[6]) as u64) * (((arg2[17]) * 0x2) as u64)); let x153: u64 = (((arg1[6]) as u64) * ((arg2[16]) as u64)); let x154: u64 = (((arg1[6]) as u64) * (((arg2[15]) * 0x2) as u64)); let x155: u64 = (((arg1[6]) as u64) * ((arg2[14]) as u64)); let x156: u64 = (((arg1[6]) as u64) * (((arg2[13]) * 0x2) as u64)); let x157: u64 = (((arg1[5]) as u64) * (((arg2[18]) * 0x2) as u64)); let x158: u64 = (((arg1[5]) as u64) * (((arg2[17]) * 0x2) as u64)); let x159: u64 = (((arg1[5]) as u64) * (((arg2[16]) * 0x2) as u64)); let x160: u64 = (((arg1[5]) as u64) * (((arg2[15]) * 0x2) as u64)); let x161: u64 = (((arg1[5]) as u64) * (((arg2[14]) * 0x2) as u64)); let x162: u64 = (((arg1[4]) as u64) * ((arg2[18]) as u64)); let x163: u64 = (((arg1[4]) as u64) * (((arg2[17]) * 0x2) as u64)); let x164: u64 = (((arg1[4]) as u64) * ((arg2[16]) as u64)); let x165: u64 = (((arg1[4]) as u64) * (((arg2[15]) * 0x2) as u64)); let x166: u64 = (((arg1[3]) as u64) * (((arg2[18]) * 0x2) as u64)); let x167: u64 = (((arg1[3]) as u64) * (((arg2[17]) * 0x2) as u64)); let x168: u64 = (((arg1[3]) as u64) * (((arg2[16]) * 0x2) as u64)); let x169: u64 = (((arg1[2]) as u64) * ((arg2[18]) as u64)); let x170: u64 = (((arg1[2]) as u64) * (((arg2[17]) * 0x2) as u64)); let x171: u64 = (((arg1[1]) as u64) * (((arg2[18]) * 0x2) as u64)); let x172: u64 = (((arg1[18]) as u64) * ((arg2[0]) as u64)); let x173: u64 = (((arg1[17]) as u64) * (((arg2[1]) * 0x2) as u64)); let x174: u64 = (((arg1[17]) as u64) * ((arg2[0]) as u64)); let x175: u64 = (((arg1[16]) as u64) * ((arg2[2]) as u64)); let x176: u64 = (((arg1[16]) as u64) * ((arg2[1]) as u64)); let x177: u64 = (((arg1[16]) as u64) * ((arg2[0]) as u64)); let x178: u64 = (((arg1[15]) as u64) * (((arg2[3]) * 0x2) as u64)); let x179: u64 = (((arg1[15]) as u64) * ((arg2[2]) as u64)); let x180: u64 = (((arg1[15]) as u64) * (((arg2[1]) * 0x2) as u64)); let x181: u64 = (((arg1[15]) as u64) * ((arg2[0]) as u64)); let x182: u64 = (((arg1[14]) as u64) * ((arg2[4]) as u64)); let x183: u64 = (((arg1[14]) as u64) * ((arg2[3]) as u64)); let x184: u64 = (((arg1[14]) as u64) * ((arg2[2]) as u64)); let x185: u64 = (((arg1[14]) as u64) * ((arg2[1]) as u64)); let x186: u64 = (((arg1[14]) as u64) * ((arg2[0]) as u64)); let x187: u64 = (((arg1[13]) as u64) * (((arg2[5]) * 0x2) as u64)); let x188: u64 = (((arg1[13]) as u64) * ((arg2[4]) as u64)); let x189: u64 = (((arg1[13]) as u64) * (((arg2[3]) * 0x2) as u64)); let x190: u64 = (((arg1[13]) as u64) * ((arg2[2]) as u64)); let x191: u64 = (((arg1[13]) as u64) * (((arg2[1]) * 0x2) as u64)); let x192: u64 = (((arg1[13]) as u64) * ((arg2[0]) as u64)); let x193: u64 = (((arg1[12]) as u64) * (((arg2[6]) * 0x2) as u64)); let x194: u64 = (((arg1[12]) as u64) * (((arg2[5]) * 0x2) as u64)); let x195: u64 = (((arg1[12]) as u64) * (((arg2[4]) * 0x2) as u64)); let x196: u64 = (((arg1[12]) as u64) * (((arg2[3]) * 0x2) as u64)); let x197: u64 = (((arg1[12]) as u64) * (((arg2[2]) * 0x2) as u64)); let x198: u64 = (((arg1[12]) as u64) * (((arg2[1]) * 0x2) as u64)); let x199: u64 = (((arg1[12]) as u64) * ((arg2[0]) as u64)); let x200: u64 = (((arg1[11]) as u64) * ((arg2[7]) as u64)); let x201: u64 = (((arg1[11]) as u64) * ((arg2[6]) as u64)); let x202: u64 = (((arg1[11]) as u64) * (((arg2[5]) * 0x2) as u64)); let x203: u64 = (((arg1[11]) as u64) * ((arg2[4]) as u64)); let x204: u64 = (((arg1[11]) as u64) * (((arg2[3]) * 0x2) as u64)); let x205: u64 = (((arg1[11]) as u64) * ((arg2[2]) as u64)); let x206: u64 = (((arg1[11]) as u64) * ((arg2[1]) as u64)); let x207: u64 = (((arg1[11]) as u64) * ((arg2[0]) as u64)); let x208: u64 = (((arg1[10]) as u64) * (((arg2[8]) * 0x2) as u64)); let x209: u64 = (((arg1[10]) as u64) * ((arg2[7]) as u64)); let x210: u64 = (((arg1[10]) as u64) * (((arg2[6]) * 0x2) as u64)); let x211: u64 = (((arg1[10]) as u64) * (((arg2[5]) * 0x2) as u64)); let x212: u64 = (((arg1[10]) as u64) * (((arg2[4]) * 0x2) as u64)); let x213: u64 = (((arg1[10]) as u64) * (((arg2[3]) * 0x2) as u64)); let x214: u64 = (((arg1[10]) as u64) * ((arg2[2]) as u64)); let x215: u64 = (((arg1[10]) as u64) * (((arg2[1]) * 0x2) as u64)); let x216: u64 = (((arg1[10]) as u64) * ((arg2[0]) as u64)); let x217: u64 = (((arg1[9]) as u64) * ((arg2[9]) as u64)); let x218: u64 = (((arg1[9]) as u64) * ((arg2[8]) as u64)); let x219: u64 = (((arg1[9]) as u64) * ((arg2[7]) as u64)); let x220: u64 = (((arg1[9]) as u64) * ((arg2[6]) as u64)); let x221: u64 = (((arg1[9]) as u64) * (((arg2[5]) * 0x2) as u64)); let x222: u64 = (((arg1[9]) as u64) * ((arg2[4]) as u64)); let x223: u64 = (((arg1[9]) as u64) * ((arg2[3]) as u64)); let x224: u64 = (((arg1[9]) as u64) * ((arg2[2]) as u64)); let x225: u64 = (((arg1[9]) as u64) * ((arg2[1]) as u64)); let x226: u64 = (((arg1[9]) as u64) * ((arg2[0]) as u64)); let x227: u64 = (((arg1[8]) as u64) * (((arg2[10]) * 0x2) as u64)); let x228: u64 = (((arg1[8]) as u64) * ((arg2[9]) as u64)); let x229: u64 = (((arg1[8]) as u64) * (((arg2[8]) * 0x2) as u64)); let x230: u64 = (((arg1[8]) as u64) * ((arg2[7]) as u64)); let x231: u64 = (((arg1[8]) as u64) * (((arg2[6]) * 0x2) as u64)); let x232: u64 = (((arg1[8]) as u64) * (((arg2[5]) * 0x2) as u64)); let x233: u64 = (((arg1[8]) as u64) * ((arg2[4]) as u64)); let x234: u64 = (((arg1[8]) as u64) * (((arg2[3]) * 0x2) as u64)); let x235: u64 = (((arg1[8]) as u64) * ((arg2[2]) as u64)); let x236: u64 = (((arg1[8]) as u64) * (((arg2[1]) * 0x2) as u64)); let x237: u64 = (((arg1[8]) as u64) * ((arg2[0]) as u64)); let x238: u64 = (((arg1[7]) as u64) * ((arg2[11]) as u64)); let x239: u64 = (((arg1[7]) as u64) * ((arg2[10]) as u64)); let x240: u64 = (((arg1[7]) as u64) * ((arg2[9]) as u64)); let x241: u64 = (((arg1[7]) as u64) * ((arg2[8]) as u64)); let x242: u64 = (((arg1[7]) as u64) * ((arg2[7]) as u64)); let x243: u64 = (((arg1[7]) as u64) * ((arg2[6]) as u64)); let x244: u64 = (((arg1[7]) as u64) * ((arg2[5]) as u64)); let x245: u64 = (((arg1[7]) as u64) * ((arg2[4]) as u64)); let x246: u64 = (((arg1[7]) as u64) * ((arg2[3]) as u64)); let x247: u64 = (((arg1[7]) as u64) * ((arg2[2]) as u64)); let x248: u64 = (((arg1[7]) as u64) * ((arg2[1]) as u64)); let x249: u64 = (((arg1[7]) as u64) * ((arg2[0]) as u64)); let x250: u64 = (((arg1[6]) as u64) * (((arg2[12]) * 0x2) as u64)); let x251: u64 = (((arg1[6]) as u64) * ((arg2[11]) as u64)); let x252: u64 = (((arg1[6]) as u64) * (((arg2[10]) * 0x2) as u64)); let x253: u64 = (((arg1[6]) as u64) * ((arg2[9]) as u64)); let x254: u64 = (((arg1[6]) as u64) * (((arg2[8]) * 0x2) as u64)); let x255: u64 = (((arg1[6]) as u64) * ((arg2[7]) as u64)); let x256: u64 = (((arg1[6]) as u64) * ((arg2[6]) as u64)); let x257: u64 = (((arg1[6]) as u64) * (((arg2[5]) * 0x2) as u64)); let x258: u64 = (((arg1[6]) as u64) * ((arg2[4]) as u64)); let x259: u64 = (((arg1[6]) as u64) * (((arg2[3]) * 0x2) as u64)); let x260: u64 = (((arg1[6]) as u64) * ((arg2[2]) as u64)); let x261: u64 = (((arg1[6]) as u64) * (((arg2[1]) * 0x2) as u64)); let x262: u64 = (((arg1[6]) as u64) * ((arg2[0]) as u64)); let x263: u64 = (((arg1[5]) as u64) * (((arg2[13]) * 0x2) as u64)); let x264: u64 = (((arg1[5]) as u64) * (((arg2[12]) * 0x2) as u64)); let x265: u64 = (((arg1[5]) as u64) * (((arg2[11]) * 0x2) as u64)); let x266: u64 = (((arg1[5]) as u64) * (((arg2[10]) * 0x2) as u64)); let x267: u64 = (((arg1[5]) as u64) * (((arg2[9]) * 0x2) as u64)); let x268: u64 = (((arg1[5]) as u64) * (((arg2[8]) * 0x2) as u64)); let x269: u64 = (((arg1[5]) as u64) * ((arg2[7]) as u64)); let x270: u64 = (((arg1[5]) as u64) * (((arg2[6]) * 0x2) as u64)); let x271: u64 = (((arg1[5]) as u64) * (((arg2[5]) * 0x2) as u64)); let x272: u64 = (((arg1[5]) as u64) * (((arg2[4]) * 0x2) as u64)); let x273: u64 = (((arg1[5]) as u64) * (((arg2[3]) * 0x2) as u64)); let x274: u64 = (((arg1[5]) as u64) * (((arg2[2]) * 0x2) as u64)); let x275: u64 = (((arg1[5]) as u64) * (((arg2[1]) * 0x2) as u64)); let x276: u64 = (((arg1[5]) as u64) * ((arg2[0]) as u64)); let x277: u64 = (((arg1[4]) as u64) * ((arg2[14]) as u64)); let x278: u64 = (((arg1[4]) as u64) * ((arg2[13]) as u64)); let x279: u64 = (((arg1[4]) as u64) * (((arg2[12]) * 0x2) as u64)); let x280: u64 = (((arg1[4]) as u64) * ((arg2[11]) as u64)); let x281: u64 = (((arg1[4]) as u64) * (((arg2[10]) * 0x2) as u64)); let x282: u64 = (((arg1[4]) as u64) * ((arg2[9]) as u64)); let x283: u64 = (((arg1[4]) as u64) * ((arg2[8]) as u64)); let x284: u64 = (((arg1[4]) as u64) * ((arg2[7]) as u64)); let x285: u64 = (((arg1[4]) as u64) * ((arg2[6]) as u64)); let x286: u64 = (((arg1[4]) as u64) * (((arg2[5]) * 0x2) as u64)); let x287: u64 = (((arg1[4]) as u64) * ((arg2[4]) as u64)); let x288: u64 = (((arg1[4]) as u64) * (((arg2[3]) * 0x2) as u64)); let x289: u64 = (((arg1[4]) as u64) * ((arg2[2]) as u64)); let x290: u64 = (((arg1[4]) as u64) * ((arg2[1]) as u64)); let x291: u64 = (((arg1[4]) as u64) * ((arg2[0]) as u64)); let x292: u64 = (((arg1[3]) as u64) * (((arg2[15]) * 0x2) as u64)); let x293: u64 = (((arg1[3]) as u64) * ((arg2[14]) as u64)); let x294: u64 = (((arg1[3]) as u64) * (((arg2[13]) * 0x2) as u64)); let x295: u64 = (((arg1[3]) as u64) * (((arg2[12]) * 0x2) as u64)); let x296: u64 = (((arg1[3]) as u64) * (((arg2[11]) * 0x2) as u64)); let x297: u64 = (((arg1[3]) as u64) * (((arg2[10]) * 0x2) as u64)); let x298: u64 = (((arg1[3]) as u64) * ((arg2[9]) as u64)); let x299: u64 = (((arg1[3]) as u64) * (((arg2[8]) * 0x2) as u64)); let x300: u64 = (((arg1[3]) as u64) * ((arg2[7]) as u64)); let x301: u64 = (((arg1[3]) as u64) * (((arg2[6]) * 0x2) as u64)); let x302: u64 = (((arg1[3]) as u64) * (((arg2[5]) * 0x2) as u64)); let x303: u64 = (((arg1[3]) as u64) * (((arg2[4]) * 0x2) as u64)); let x304: u64 = (((arg1[3]) as u64) * (((arg2[3]) * 0x2) as u64)); let x305: u64 = (((arg1[3]) as u64) * ((arg2[2]) as u64)); let x306: u64 = (((arg1[3]) as u64) * (((arg2[1]) * 0x2) as u64)); let x307: u64 = (((arg1[3]) as u64) * ((arg2[0]) as u64)); let x308: u64 = (((arg1[2]) as u64) * ((arg2[16]) as u64)); let x309: u64 = (((arg1[2]) as u64) * ((arg2[15]) as u64)); let x310: u64 = (((arg1[2]) as u64) * ((arg2[14]) as u64)); let x311: u64 = (((arg1[2]) as u64) * ((arg2[13]) as u64)); let x312: u64 = (((arg1[2]) as u64) * (((arg2[12]) * 0x2) as u64)); let x313: u64 = (((arg1[2]) as u64) * ((arg2[11]) as u64)); let x314: u64 = (((arg1[2]) as u64) * ((arg2[10]) as u64)); let x315: u64 = (((arg1[2]) as u64) * ((arg2[9]) as u64)); let x316: u64 = (((arg1[2]) as u64) * ((arg2[8]) as u64)); let x317: u64 = (((arg1[2]) as u64) * ((arg2[7]) as u64)); let x318: u64 = (((arg1[2]) as u64) * ((arg2[6]) as u64)); let x319: u64 = (((arg1[2]) as u64) * (((arg2[5]) * 0x2) as u64)); let x320: u64 = (((arg1[2]) as u64) * ((arg2[4]) as u64)); let x321: u64 = (((arg1[2]) as u64) * ((arg2[3]) as u64)); let x322: u64 = (((arg1[2]) as u64) * ((arg2[2]) as u64)); let x323: u64 = (((arg1[2]) as u64) * ((arg2[1]) as u64)); let x324: u64 = (((arg1[2]) as u64) * ((arg2[0]) as u64)); let x325: u64 = (((arg1[1]) as u64) * (((arg2[17]) * 0x2) as u64)); let x326: u64 = (((arg1[1]) as u64) * ((arg2[16]) as u64)); let x327: u64 = (((arg1[1]) as u64) * (((arg2[15]) * 0x2) as u64)); let x328: u64 = (((arg1[1]) as u64) * ((arg2[14]) as u64)); let x329: u64 = (((arg1[1]) as u64) * (((arg2[13]) * 0x2) as u64)); let x330: u64 = (((arg1[1]) as u64) * (((arg2[12]) * 0x2) as u64)); let x331: u64 = (((arg1[1]) as u64) * ((arg2[11]) as u64)); let x332: u64 = (((arg1[1]) as u64) * (((arg2[10]) * 0x2) as u64)); let x333: u64 = (((arg1[1]) as u64) * ((arg2[9]) as u64)); let x334: u64 = (((arg1[1]) as u64) * (((arg2[8]) * 0x2) as u64)); let x335: u64 = (((arg1[1]) as u64) * ((arg2[7]) as u64)); let x336: u64 = (((arg1[1]) as u64) * (((arg2[6]) * 0x2) as u64)); let x337: u64 = (((arg1[1]) as u64) * (((arg2[5]) * 0x2) as u64)); let x338: u64 = (((arg1[1]) as u64) * ((arg2[4]) as u64)); let x339: u64 = (((arg1[1]) as u64) * (((arg2[3]) * 0x2) as u64)); let x340: u64 = (((arg1[1]) as u64) * ((arg2[2]) as u64)); let x341: u64 = (((arg1[1]) as u64) * (((arg2[1]) * 0x2) as u64)); let x342: u64 = (((arg1[1]) as u64) * ((arg2[0]) as u64)); let x343: u64 = (((arg1[0]) as u64) * ((arg2[18]) as u64)); let x344: u64 = (((arg1[0]) as u64) * ((arg2[17]) as u64)); let x345: u64 = (((arg1[0]) as u64) * ((arg2[16]) as u64)); let x346: u64 = (((arg1[0]) as u64) * ((arg2[15]) as u64)); let x347: u64 = (((arg1[0]) as u64) * ((arg2[14]) as u64)); let x348: u64 = (((arg1[0]) as u64) * ((arg2[13]) as u64)); let x349: u64 = (((arg1[0]) as u64) * ((arg2[12]) as u64)); let x350: u64 = (((arg1[0]) as u64) * ((arg2[11]) as u64)); let x351: u64 = (((arg1[0]) as u64) * ((arg2[10]) as u64)); let x352: u64 = (((arg1[0]) as u64) * ((arg2[9]) as u64)); let x353: u64 = (((arg1[0]) as u64) * ((arg2[8]) as u64)); let x354: u64 = (((arg1[0]) as u64) * ((arg2[7]) as u64)); let x355: u64 = (((arg1[0]) as u64) * ((arg2[6]) as u64)); let x356: u64 = (((arg1[0]) as u64) * ((arg2[5]) as u64)); let x357: u64 = (((arg1[0]) as u64) * ((arg2[4]) as u64)); let x358: u64 = (((arg1[0]) as u64) * ((arg2[3]) as u64)); let x359: u64 = (((arg1[0]) as u64) * ((arg2[2]) as u64)); let x360: u64 = (((arg1[0]) as u64) * ((arg2[1]) as u64)); let x361: u64 = (((arg1[0]) as u64) * ((arg2[0]) as u64)); let x362: u64 = (x361 + (x171 + (x170 + (x168 + (x165 + (x161 + (x156 + (x150 + (x143 + (x135 + (x126 + (x116 + (x105 + (x93 + (x80 + (x66 + (x51 + (x35 + x18)))))))))))))))))); let x363: u64 = (x362 >> 28); let x364: u32 = ((x362 & (0xfffffff as u64)) as u32); let x365: u64 = (x343 + (x325 + (x308 + (x292 + (x277 + (x263 + (x250 + (x238 + (x227 + (x217 + (x208 + (x200 + (x193 + (x187 + (x182 + (x178 + (x175 + (x173 + x172)))))))))))))))))); let x366: u64 = (x344 + (x326 + (x309 + (x293 + (x278 + (x264 + (x251 + (x239 + (x228 + (x218 + (x209 + (x201 + (x194 + (x188 + (x183 + (x179 + (x176 + (x174 + x1)))))))))))))))))); let x367: u64 = (x345 + (x327 + (x310 + (x294 + (x279 + (x265 + (x252 + (x240 + (x229 + (x219 + (x210 + (x202 + (x195 + (x189 + (x184 + (x180 + (x177 + (x19 + x2)))))))))))))))))); let x368: u64 = (x346 + (x328 + (x311 + (x295 + (x280 + (x266 + (x253 + (x241 + (x230 + (x220 + (x211 + (x203 + (x196 + (x190 + (x185 + (x181 + (x36 + (x20 + x3)))))))))))))))))); let x369: u64 = (x347 + (x329 + (x312 + (x296 + (x281 + (x267 + (x254 + (x242 + (x231 + (x221 + (x212 + (x204 + (x197 + (x191 + (x186 + (x52 + (x37 + (x21 + x4)))))))))))))))))); let x370: u64 = (x348 + (x330 + (x313 + (x297 + (x282 + (x268 + (x255 + (x243 + (x232 + (x222 + (x213 + (x205 + (x198 + (x192 + (x67 + (x53 + (x38 + (x22 + x5)))))))))))))))))); let x371: u64 = (x349 + (x331 + (x314 + (x298 + (x283 + (x269 + (x256 + (x244 + (x233 + (x223 + (x214 + (x206 + (x199 + (x81 + (x68 + (x54 + (x39 + (x23 + x6)))))))))))))))))); let x372: u64 = (x350 + (x332 + (x315 + (x299 + (x284 + (x270 + (x257 + (x245 + (x234 + (x224 + (x215 + (x207 + (x94 + (x82 + (x69 + (x55 + (x40 + (x24 + x7)))))))))))))))))); let x373: u64 = (x351 + (x333 + (x316 + (x300 + (x285 + (x271 + (x258 + (x246 + (x235 + (x225 + (x216 + (x106 + (x95 + (x83 + (x70 + (x56 + (x41 + (x25 + x8)))))))))))))))))); let x374: u64 = (x352 + (x334 + (x317 + (x301 + (x286 + (x272 + (x259 + (x247 + (x236 + (x226 + (x117 + (x107 + (x96 + (x84 + (x71 + (x57 + (x42 + (x26 + x9)))))))))))))))))); let x375: u64 = (x353 + (x335 + (x318 + (x302 + (x287 + (x273 + (x260 + (x248 + (x237 + (x127 + (x118 + (x108 + (x97 + (x85 + (x72 + (x58 + (x43 + (x27 + x10)))))))))))))))))); let x376: u64 = (x354 + (x336 + (x319 + (x303 + (x288 + (x274 + (x261 + (x249 + (x136 + (x128 + (x119 + (x109 + (x98 + (x86 + (x73 + (x59 + (x44 + (x28 + x11)))))))))))))))))); let x377: u64 = (x355 + (x337 + (x320 + (x304 + (x289 + (x275 + (x262 + (x144 + (x137 + (x129 + (x120 + (x110 + (x99 + (x87 + (x74 + (x60 + (x45 + (x29 + x12)))))))))))))))))); let x378: u64 = (x356 + (x338 + (x321 + (x305 + (x290 + (x276 + (x151 + (x145 + (x138 + (x130 + (x121 + (x111 + (x100 + (x88 + (x75 + (x61 + (x46 + (x30 + x13)))))))))))))))))); let x379: u64 = (x357 + (x339 + (x322 + (x306 + (x291 + (x157 + (x152 + (x146 + (x139 + (x131 + (x122 + (x112 + (x101 + (x89 + (x76 + (x62 + (x47 + (x31 + x14)))))))))))))))))); let x380: u64 = (x358 + (x340 + (x323 + (x307 + (x162 + (x158 + (x153 + (x147 + (x140 + (x132 + (x123 + (x113 + (x102 + (x90 + (x77 + (x63 + (x48 + (x32 + x15)))))))))))))))))); let x381: u64 = (x359 + (x341 + (x324 + (x166 + (x163 + (x159 + (x154 + (x148 + (x141 + (x133 + (x124 + (x114 + (x103 + (x91 + (x78 + (x64 + (x49 + (x33 + x16)))))))))))))))))); let x382: u64 = (x360 + (x342 + (x169 + (x167 + (x164 + (x160 + (x155 + (x149 + (x142 + (x134 + (x125 + (x115 + (x104 + (x92 + (x79 + (x65 + (x50 + (x34 + x17)))))))))))))))))); let x383: u64 = (x363 + x382); let x384: u64 = (x383 >> 27); let x385: u32 = ((x383 & (0x7ffffff as u64)) as u32); let x386: u64 = (x384 + x381); let x387: u64 = (x386 >> 28); let x388: u32 = ((x386 & (0xfffffff as u64)) as u32); let x389: u64 = (x387 + x380); let x390: u64 = (x389 >> 27); let x391: u32 = ((x389 & (0x7ffffff as u64)) as u32); let x392: u64 = (x390 + x379); let x393: u64 = (x392 >> 28); let x394: u32 = ((x392 & (0xfffffff as u64)) as u32); let x395: u64 = (x393 + x378); let x396: u64 = (x395 >> 27); let x397: u32 = ((x395 & (0x7ffffff as u64)) as u32); let x398: u64 = (x396 + x377); let x399: u64 = (x398 >> 27); let x400: u32 = ((x398 & (0x7ffffff as u64)) as u32); let x401: u64 = (x399 + x376); let x402: u64 = (x401 >> 28); let x403: u32 = ((x401 & (0xfffffff as u64)) as u32); let x404: u64 = (x402 + x375); let x405: u64 = (x404 >> 27); let x406: u32 = ((x404 & (0x7ffffff as u64)) as u32); let x407: u64 = (x405 + x374); let x408: u64 = (x407 >> 28); let x409: u32 = ((x407 & (0xfffffff as u64)) as u32); let x410: u64 = (x408 + x373); let x411: u64 = (x410 >> 27); let x412: u32 = ((x410 & (0x7ffffff as u64)) as u32); let x413: u64 = (x411 + x372); let x414: u64 = (x413 >> 28); let x415: u32 = ((x413 & (0xfffffff as u64)) as u32); let x416: u64 = (x414 + x371); let x417: u64 = (x416 >> 27); let x418: u32 = ((x416 & (0x7ffffff as u64)) as u32); let x419: u64 = (x417 + x370); let x420: u64 = (x419 >> 27); let x421: u32 = ((x419 & (0x7ffffff as u64)) as u32); let x422: u64 = (x420 + x369); let x423: u64 = (x422 >> 28); let x424: u32 = ((x422 & (0xfffffff as u64)) as u32); let x425: u64 = (x423 + x368); let x426: u64 = (x425 >> 27); let x427: u32 = ((x425 & (0x7ffffff as u64)) as u32); let x428: u64 = (x426 + x367); let x429: u64 = (x428 >> 28); let x430: u32 = ((x428 & (0xfffffff as u64)) as u32); let x431: u64 = (x429 + x366); let x432: u64 = (x431 >> 27); let x433: u32 = ((x431 & (0x7ffffff as u64)) as u32); let x434: u64 = (x432 + x365); let x435: u64 = (x434 >> 27); let x436: u32 = ((x434 & (0x7ffffff as u64)) as u32); let x437: u64 = ((x364 as u64) + x435); let x438: u32 = ((x437 >> 28) as u32); let x439: u32 = ((x437 & (0xfffffff as u64)) as u32); let x440: u32 = (x438 + x385); let x441: fiat_p521_u1 = ((x440 >> 27) as fiat_p521_u1); let x442: u32 = (x440 & 0x7ffffff); let x443: u32 = ((x441 as u32) + x388); out1[0] = x439; out1[1] = x442; out1[2] = x443; out1[3] = x391; out1[4] = x394; out1[5] = x397; out1[6] = x400; out1[7] = x403; out1[8] = x406; out1[9] = x409; out1[10] = x412; out1[11] = x415; out1[12] = x418; out1[13] = x421; out1[14] = x424; out1[15] = x427; out1[16] = x430; out1[17] = x433; out1[18] = x436; } /// The function fiat_p521_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_p521_carry_square(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element) { let x1: u32 = (arg1[18]); let x2: u32 = (x1 * 0x2); let x3: u32 = ((arg1[18]) * 0x2); let x4: u32 = (arg1[17]); let x5: u32 = (x4 * 0x2); let x6: u32 = ((arg1[17]) * 0x2); let x7: u32 = (arg1[16]); let x8: u32 = (x7 * 0x2); let x9: u32 = ((arg1[16]) * 0x2); let x10: u32 = (arg1[15]); let x11: u32 = (x10 * 0x2); let x12: u32 = ((arg1[15]) * 0x2); let x13: u32 = (arg1[14]); let x14: u32 = (x13 * 0x2); let x15: u32 = ((arg1[14]) * 0x2); let x16: u32 = (arg1[13]); let x17: u32 = (x16 * 0x2); let x18: u32 = ((arg1[13]) * 0x2); let x19: u32 = (arg1[12]); let x20: u32 = (x19 * 0x2); let x21: u32 = ((arg1[12]) * 0x2); let x22: u32 = (arg1[11]); let x23: u32 = (x22 * 0x2); let x24: u32 = ((arg1[11]) * 0x2); let x25: u32 = (arg1[10]); let x26: u32 = (x25 * 0x2); let x27: u32 = ((arg1[10]) * 0x2); let x28: u32 = ((arg1[9]) * 0x2); let x29: u32 = ((arg1[8]) * 0x2); let x30: u32 = ((arg1[7]) * 0x2); let x31: u32 = ((arg1[6]) * 0x2); let x32: u32 = ((arg1[5]) * 0x2); let x33: u32 = ((arg1[4]) * 0x2); let x34: u32 = ((arg1[3]) * 0x2); let x35: u32 = ((arg1[2]) * 0x2); let x36: u32 = ((arg1[1]) * 0x2); let x37: u64 = (((arg1[18]) as u64) * (x1 as u64)); let x38: u64 = (((arg1[17]) as u64) * ((x2 * 0x2) as u64)); let x39: u64 = (((arg1[17]) as u64) * ((x4 * 0x2) as u64)); let x40: u64 = (((arg1[16]) as u64) * (x2 as u64)); let x41: u64 = (((arg1[16]) as u64) * ((x5 * 0x2) as u64)); let x42: u64 = (((arg1[16]) as u64) * (x7 as u64)); let x43: u64 = (((arg1[15]) as u64) * ((x2 * 0x2) as u64)); let x44: u64 = (((arg1[15]) as u64) * ((x5 * 0x2) as u64)); let x45: u64 = (((arg1[15]) as u64) * (x8 as u64)); let x46: u64 = (((arg1[15]) as u64) * ((x10 * 0x2) as u64)); let x47: u64 = (((arg1[14]) as u64) * (x2 as u64)); let x48: u64 = (((arg1[14]) as u64) * (x5 as u64)); let x49: u64 = (((arg1[14]) as u64) * (x8 as u64)); let x50: u64 = (((arg1[14]) as u64) * (x11 as u64)); let x51: u64 = (((arg1[14]) as u64) * (x13 as u64)); let x52: u64 = (((arg1[13]) as u64) * (x2 as u64)); let x53: u64 = (((arg1[13]) as u64) * ((x5 * 0x2) as u64)); let x54: u64 = (((arg1[13]) as u64) * (x8 as u64)); let x55: u64 = (((arg1[13]) as u64) * ((x11 * 0x2) as u64)); let x56: u64 = (((arg1[13]) as u64) * (x14 as u64)); let x57: u64 = (((arg1[13]) as u64) * ((x16 * 0x2) as u64)); let x58: u64 = (((arg1[12]) as u64) * ((x2 * 0x2) as u64)); let x59: u64 = (((arg1[12]) as u64) * ((x5 * 0x2) as u64)); let x60: u64 = (((arg1[12]) as u64) * ((x8 * 0x2) as u64)); let x61: u64 = (((arg1[12]) as u64) * ((x11 * 0x2) as u64)); let x62: u64 = (((arg1[12]) as u64) * ((x14 * 0x2) as u64)); let x63: u64 = (((arg1[12]) as u64) * ((x17 * 0x2) as u64)); let x64: u64 = (((arg1[12]) as u64) * ((x19 * 0x2) as u64)); let x65: u64 = (((arg1[11]) as u64) * (x2 as u64)); let x66: u64 = (((arg1[11]) as u64) * ((x5 * 0x2) as u64)); let x67: u64 = (((arg1[11]) as u64) * (x8 as u64)); let x68: u64 = (((arg1[11]) as u64) * ((x11 * 0x2) as u64)); let x69: u64 = (((arg1[11]) as u64) * (x14 as u64)); let x70: u64 = (((arg1[11]) as u64) * (x17 as u64)); let x71: u64 = (((arg1[11]) as u64) * ((x20 * 0x2) as u64)); let x72: u64 = (((arg1[11]) as u64) * (x22 as u64)); let x73: u64 = (((arg1[10]) as u64) * ((x2 * 0x2) as u64)); let x74: u64 = (((arg1[10]) as u64) * ((x5 * 0x2) as u64)); let x75: u64 = (((arg1[10]) as u64) * ((x8 * 0x2) as u64)); let x76: u64 = (((arg1[10]) as u64) * ((x11 * 0x2) as u64)); let x77: u64 = (((arg1[10]) as u64) * (x14 as u64)); let x78: u64 = (((arg1[10]) as u64) * ((x17 * 0x2) as u64)); let x79: u64 = (((arg1[10]) as u64) * ((x20 * 0x2) as u64)); let x80: u64 = (((arg1[10]) as u64) * ((x23 * 0x2) as u64)); let x81: u64 = (((arg1[10]) as u64) * ((x25 * 0x2) as u64)); let x82: u64 = (((arg1[9]) as u64) * (x2 as u64)); let x83: u64 = (((arg1[9]) as u64) * ((x5 * 0x2) as u64)); let x84: u64 = (((arg1[9]) as u64) * (x8 as u64)); let x85: u64 = (((arg1[9]) as u64) * (x11 as u64)); let x86: u64 = (((arg1[9]) as u64) * (x14 as u64)); let x87: u64 = (((arg1[9]) as u64) * (x17 as u64)); let x88: u64 = (((arg1[9]) as u64) * ((x20 * 0x2) as u64)); let x89: u64 = (((arg1[9]) as u64) * (x23 as u64)); let x90: u64 = (((arg1[9]) as u64) * ((x26 * 0x2) as u64)); let x91: u64 = (((arg1[9]) as u64) * ((arg1[9]) as u64)); let x92: u64 = (((arg1[8]) as u64) * ((x2 * 0x2) as u64)); let x93: u64 = (((arg1[8]) as u64) * ((x5 * 0x2) as u64)); let x94: u64 = (((arg1[8]) as u64) * (x8 as u64)); let x95: u64 = (((arg1[8]) as u64) * ((x11 * 0x2) as u64)); let x96: u64 = (((arg1[8]) as u64) * (x14 as u64)); let x97: u64 = (((arg1[8]) as u64) * ((x17 * 0x2) as u64)); let x98: u64 = (((arg1[8]) as u64) * ((x20 * 0x2) as u64)); let x99: u64 = (((arg1[8]) as u64) * ((x23 * 0x2) as u64)); let x100: u64 = (((arg1[8]) as u64) * ((x27 * 0x2) as u64)); let x101: u64 = (((arg1[8]) as u64) * (x28 as u64)); let x102: u64 = (((arg1[8]) as u64) * (((arg1[8]) * 0x2) as u64)); let x103: u64 = (((arg1[7]) as u64) * (x2 as u64)); let x104: u64 = (((arg1[7]) as u64) * (x5 as u64)); let x105: u64 = (((arg1[7]) as u64) * (x8 as u64)); let x106: u64 = (((arg1[7]) as u64) * (x11 as u64)); let x107: u64 = (((arg1[7]) as u64) * (x14 as u64)); let x108: u64 = (((arg1[7]) as u64) * (x17 as u64)); let x109: u64 = (((arg1[7]) as u64) * ((x20 * 0x2) as u64)); let x110: u64 = (((arg1[7]) as u64) * (x24 as u64)); let x111: u64 = (((arg1[7]) as u64) * (x27 as u64)); let x112: u64 = (((arg1[7]) as u64) * (x28 as u64)); let x113: u64 = (((arg1[7]) as u64) * (x29 as u64)); let x114: u64 = (((arg1[7]) as u64) * ((arg1[7]) as u64)); let x115: u64 = (((arg1[6]) as u64) * (x2 as u64)); let x116: u64 = (((arg1[6]) as u64) * ((x5 * 0x2) as u64)); let x117: u64 = (((arg1[6]) as u64) * (x8 as u64)); let x118: u64 = (((arg1[6]) as u64) * ((x11 * 0x2) as u64)); let x119: u64 = (((arg1[6]) as u64) * (x14 as u64)); let x120: u64 = (((arg1[6]) as u64) * ((x17 * 0x2) as u64)); let x121: u64 = (((arg1[6]) as u64) * ((x21 * 0x2) as u64)); let x122: u64 = (((arg1[6]) as u64) * (x24 as u64)); let x123: u64 = (((arg1[6]) as u64) * ((x27 * 0x2) as u64)); let x124: u64 = (((arg1[6]) as u64) * (x28 as u64)); let x125: u64 = (((arg1[6]) as u64) * ((x29 * 0x2) as u64)); let x126: u64 = (((arg1[6]) as u64) * (x30 as u64)); let x127: u64 = (((arg1[6]) as u64) * ((arg1[6]) as u64)); let x128: u64 = (((arg1[5]) as u64) * ((x2 * 0x2) as u64)); let x129: u64 = (((arg1[5]) as u64) * ((x5 * 0x2) as u64)); let x130: u64 = (((arg1[5]) as u64) * ((x8 * 0x2) as u64)); let x131: u64 = (((arg1[5]) as u64) * ((x11 * 0x2) as u64)); let x132: u64 = (((arg1[5]) as u64) * ((x14 * 0x2) as u64)); let x133: u64 = (((arg1[5]) as u64) * ((x18 * 0x2) as u64)); let x134: u64 = (((arg1[5]) as u64) * ((x21 * 0x2) as u64)); let x135: u64 = (((arg1[5]) as u64) * ((x24 * 0x2) as u64)); let x136: u64 = (((arg1[5]) as u64) * ((x27 * 0x2) as u64)); let x137: u64 = (((arg1[5]) as u64) * ((x28 * 0x2) as u64)); let x138: u64 = (((arg1[5]) as u64) * ((x29 * 0x2) as u64)); let x139: u64 = (((arg1[5]) as u64) * (x30 as u64)); let x140: u64 = (((arg1[5]) as u64) * ((x31 * 0x2) as u64)); let x141: u64 = (((arg1[5]) as u64) * (((arg1[5]) * 0x2) as u64)); let x142: u64 = (((arg1[4]) as u64) * (x2 as u64)); let x143: u64 = (((arg1[4]) as u64) * ((x5 * 0x2) as u64)); let x144: u64 = (((arg1[4]) as u64) * (x8 as u64)); let x145: u64 = (((arg1[4]) as u64) * ((x11 * 0x2) as u64)); let x146: u64 = (((arg1[4]) as u64) * (x15 as u64)); let x147: u64 = (((arg1[4]) as u64) * (x18 as u64)); let x148: u64 = (((arg1[4]) as u64) * ((x21 * 0x2) as u64)); let x149: u64 = (((arg1[4]) as u64) * (x24 as u64)); let x150: u64 = (((arg1[4]) as u64) * ((x27 * 0x2) as u64)); let x151: u64 = (((arg1[4]) as u64) * (x28 as u64)); let x152: u64 = (((arg1[4]) as u64) * (x29 as u64)); let x153: u64 = (((arg1[4]) as u64) * (x30 as u64)); let x154: u64 = (((arg1[4]) as u64) * (x31 as u64)); let x155: u64 = (((arg1[4]) as u64) * ((x32 * 0x2) as u64)); let x156: u64 = (((arg1[4]) as u64) * ((arg1[4]) as u64)); let x157: u64 = (((arg1[3]) as u64) * ((x2 * 0x2) as u64)); let x158: u64 = (((arg1[3]) as u64) * ((x5 * 0x2) as u64)); let x159: u64 = (((arg1[3]) as u64) * ((x8 * 0x2) as u64)); let x160: u64 = (((arg1[3]) as u64) * ((x12 * 0x2) as u64)); let x161: u64 = (((arg1[3]) as u64) * (x15 as u64)); let x162: u64 = (((arg1[3]) as u64) * ((x18 * 0x2) as u64)); let x163: u64 = (((arg1[3]) as u64) * ((x21 * 0x2) as u64)); let x164: u64 = (((arg1[3]) as u64) * ((x24 * 0x2) as u64)); let x165: u64 = (((arg1[3]) as u64) * ((x27 * 0x2) as u64)); let x166: u64 = (((arg1[3]) as u64) * (x28 as u64)); let x167: u64 = (((arg1[3]) as u64) * ((x29 * 0x2) as u64)); let x168: u64 = (((arg1[3]) as u64) * (x30 as u64)); let x169: u64 = (((arg1[3]) as u64) * ((x31 * 0x2) as u64)); let x170: u64 = (((arg1[3]) as u64) * ((x32 * 0x2) as u64)); let x171: u64 = (((arg1[3]) as u64) * ((x33 * 0x2) as u64)); let x172: u64 = (((arg1[3]) as u64) * (((arg1[3]) * 0x2) as u64)); let x173: u64 = (((arg1[2]) as u64) * (x2 as u64)); let x174: u64 = (((arg1[2]) as u64) * ((x5 * 0x2) as u64)); let x175: u64 = (((arg1[2]) as u64) * (x9 as u64)); let x176: u64 = (((arg1[2]) as u64) * (x12 as u64)); let x177: u64 = (((arg1[2]) as u64) * (x15 as u64)); let x178: u64 = (((arg1[2]) as u64) * (x18 as u64)); let x179: u64 = (((arg1[2]) as u64) * ((x21 * 0x2) as u64)); let x180: u64 = (((arg1[2]) as u64) * (x24 as u64)); let x181: u64 = (((arg1[2]) as u64) * (x27 as u64)); let x182: u64 = (((arg1[2]) as u64) * (x28 as u64)); let x183: u64 = (((arg1[2]) as u64) * (x29 as u64)); let x184: u64 = (((arg1[2]) as u64) * (x30 as u64)); let x185: u64 = (((arg1[2]) as u64) * (x31 as u64)); let x186: u64 = (((arg1[2]) as u64) * ((x32 * 0x2) as u64)); let x187: u64 = (((arg1[2]) as u64) * (x33 as u64)); let x188: u64 = (((arg1[2]) as u64) * (x34 as u64)); let x189: u64 = (((arg1[2]) as u64) * ((arg1[2]) as u64)); let x190: u64 = (((arg1[1]) as u64) * ((x2 * 0x2) as u64)); let x191: u64 = (((arg1[1]) as u64) * ((x6 * 0x2) as u64)); let x192: u64 = (((arg1[1]) as u64) * (x9 as u64)); let x193: u64 = (((arg1[1]) as u64) * ((x12 * 0x2) as u64)); let x194: u64 = (((arg1[1]) as u64) * (x15 as u64)); let x195: u64 = (((arg1[1]) as u64) * ((x18 * 0x2) as u64)); let x196: u64 = (((arg1[1]) as u64) * ((x21 * 0x2) as u64)); let x197: u64 = (((arg1[1]) as u64) * (x24 as u64)); let x198: u64 = (((arg1[1]) as u64) * ((x27 * 0x2) as u64)); let x199: u64 = (((arg1[1]) as u64) * (x28 as u64)); let x200: u64 = (((arg1[1]) as u64) * ((x29 * 0x2) as u64)); let x201: u64 = (((arg1[1]) as u64) * (x30 as u64)); let x202: u64 = (((arg1[1]) as u64) * ((x31 * 0x2) as u64)); let x203: u64 = (((arg1[1]) as u64) * ((x32 * 0x2) as u64)); let x204: u64 = (((arg1[1]) as u64) * (x33 as u64)); let x205: u64 = (((arg1[1]) as u64) * ((x34 * 0x2) as u64)); let x206: u64 = (((arg1[1]) as u64) * (x35 as u64)); let x207: u64 = (((arg1[1]) as u64) * (((arg1[1]) * 0x2) as u64)); let x208: u64 = (((arg1[0]) as u64) * (x3 as u64)); let x209: u64 = (((arg1[0]) as u64) * (x6 as u64)); let x210: u64 = (((arg1[0]) as u64) * (x9 as u64)); let x211: u64 = (((arg1[0]) as u64) * (x12 as u64)); let x212: u64 = (((arg1[0]) as u64) * (x15 as u64)); let x213: u64 = (((arg1[0]) as u64) * (x18 as u64)); let x214: u64 = (((arg1[0]) as u64) * (x21 as u64)); let x215: u64 = (((arg1[0]) as u64) * (x24 as u64)); let x216: u64 = (((arg1[0]) as u64) * (x27 as u64)); let x217: u64 = (((arg1[0]) as u64) * (x28 as u64)); let x218: u64 = (((arg1[0]) as u64) * (x29 as u64)); let x219: u64 = (((arg1[0]) as u64) * (x30 as u64)); let x220: u64 = (((arg1[0]) as u64) * (x31 as u64)); let x221: u64 = (((arg1[0]) as u64) * (x32 as u64)); let x222: u64 = (((arg1[0]) as u64) * (x33 as u64)); let x223: u64 = (((arg1[0]) as u64) * (x34 as u64)); let x224: u64 = (((arg1[0]) as u64) * (x35 as u64)); let x225: u64 = (((arg1[0]) as u64) * (x36 as u64)); let x226: u64 = (((arg1[0]) as u64) * ((arg1[0]) as u64)); let x227: u64 = (x226 + (x190 + (x174 + (x159 + (x145 + (x132 + (x120 + (x109 + (x99 + x90))))))))); let x228: u64 = (x227 >> 28); let x229: u32 = ((x227 & (0xfffffff as u64)) as u32); let x230: u64 = (x208 + (x191 + (x175 + (x160 + (x146 + (x133 + (x121 + (x110 + (x100 + x91))))))))); let x231: u64 = (x209 + (x192 + (x176 + (x161 + (x147 + (x134 + (x122 + (x111 + (x101 + x37))))))))); let x232: u64 = (x210 + (x193 + (x177 + (x162 + (x148 + (x135 + (x123 + (x112 + (x102 + x38))))))))); let x233: u64 = (x211 + (x194 + (x178 + (x163 + (x149 + (x136 + (x124 + (x113 + (x40 + x39))))))))); let x234: u64 = (x212 + (x195 + (x179 + (x164 + (x150 + (x137 + (x125 + (x114 + (x43 + x41))))))))); let x235: u64 = (x213 + (x196 + (x180 + (x165 + (x151 + (x138 + (x126 + (x47 + (x44 + x42))))))))); let x236: u64 = (x214 + (x197 + (x181 + (x166 + (x152 + (x139 + (x127 + (x52 + (x48 + x45))))))))); let x237: u64 = (x215 + (x198 + (x182 + (x167 + (x153 + (x140 + (x58 + (x53 + (x49 + x46))))))))); let x238: u64 = (x216 + (x199 + (x183 + (x168 + (x154 + (x141 + (x65 + (x59 + (x54 + x50))))))))); let x239: u64 = (x217 + (x200 + (x184 + (x169 + (x155 + (x73 + (x66 + (x60 + (x55 + x51))))))))); let x240: u64 = (x218 + (x201 + (x185 + (x170 + (x156 + (x82 + (x74 + (x67 + (x61 + x56))))))))); let x241: u64 = (x219 + (x202 + (x186 + (x171 + (x92 + (x83 + (x75 + (x68 + (x62 + x57))))))))); let x242: u64 = (x220 + (x203 + (x187 + (x172 + (x103 + (x93 + (x84 + (x76 + (x69 + x63))))))))); let x243: u64 = (x221 + (x204 + (x188 + (x115 + (x104 + (x94 + (x85 + (x77 + (x70 + x64))))))))); let x244: u64 = (x222 + (x205 + (x189 + (x128 + (x116 + (x105 + (x95 + (x86 + (x78 + x71))))))))); let x245: u64 = (x223 + (x206 + (x142 + (x129 + (x117 + (x106 + (x96 + (x87 + (x79 + x72))))))))); let x246: u64 = (x224 + (x207 + (x157 + (x143 + (x130 + (x118 + (x107 + (x97 + (x88 + x80))))))))); let x247: u64 = (x225 + (x173 + (x158 + (x144 + (x131 + (x119 + (x108 + (x98 + (x89 + x81))))))))); let x248: u64 = (x228 + x247); let x249: u64 = (x248 >> 27); let x250: u32 = ((x248 & (0x7ffffff as u64)) as u32); let x251: u64 = (x249 + x246); let x252: u64 = (x251 >> 28); let x253: u32 = ((x251 & (0xfffffff as u64)) as u32); let x254: u64 = (x252 + x245); let x255: u64 = (x254 >> 27); let x256: u32 = ((x254 & (0x7ffffff as u64)) as u32); let x257: u64 = (x255 + x244); let x258: u64 = (x257 >> 28); let x259: u32 = ((x257 & (0xfffffff as u64)) as u32); let x260: u64 = (x258 + x243); let x261: u64 = (x260 >> 27); let x262: u32 = ((x260 & (0x7ffffff as u64)) as u32); let x263: u64 = (x261 + x242); let x264: u64 = (x263 >> 27); let x265: u32 = ((x263 & (0x7ffffff as u64)) as u32); let x266: u64 = (x264 + x241); let x267: u64 = (x266 >> 28); let x268: u32 = ((x266 & (0xfffffff as u64)) as u32); let x269: u64 = (x267 + x240); let x270: u64 = (x269 >> 27); let x271: u32 = ((x269 & (0x7ffffff as u64)) as u32); let x272: u64 = (x270 + x239); let x273: u64 = (x272 >> 28); let x274: u32 = ((x272 & (0xfffffff as u64)) as u32); let x275: u64 = (x273 + x238); let x276: u64 = (x275 >> 27); let x277: u32 = ((x275 & (0x7ffffff as u64)) as u32); let x278: u64 = (x276 + x237); let x279: u64 = (x278 >> 28); let x280: u32 = ((x278 & (0xfffffff as u64)) as u32); let x281: u64 = (x279 + x236); let x282: u64 = (x281 >> 27); let x283: u32 = ((x281 & (0x7ffffff as u64)) as u32); let x284: u64 = (x282 + x235); let x285: u64 = (x284 >> 27); let x286: u32 = ((x284 & (0x7ffffff as u64)) as u32); let x287: u64 = (x285 + x234); let x288: u64 = (x287 >> 28); let x289: u32 = ((x287 & (0xfffffff as u64)) as u32); let x290: u64 = (x288 + x233); let x291: u64 = (x290 >> 27); let x292: u32 = ((x290 & (0x7ffffff as u64)) as u32); let x293: u64 = (x291 + x232); let x294: u64 = (x293 >> 28); let x295: u32 = ((x293 & (0xfffffff as u64)) as u32); let x296: u64 = (x294 + x231); let x297: u64 = (x296 >> 27); let x298: u32 = ((x296 & (0x7ffffff as u64)) as u32); let x299: u64 = (x297 + x230); let x300: u64 = (x299 >> 27); let x301: u32 = ((x299 & (0x7ffffff as u64)) as u32); let x302: u64 = ((x229 as u64) + x300); let x303: u32 = ((x302 >> 28) as u32); let x304: u32 = ((x302 & (0xfffffff as u64)) as u32); let x305: u32 = (x303 + x250); let x306: fiat_p521_u1 = ((x305 >> 27) as fiat_p521_u1); let x307: u32 = (x305 & 0x7ffffff); let x308: u32 = ((x306 as u32) + x253); out1[0] = x304; out1[1] = x307; out1[2] = x308; out1[3] = x256; out1[4] = x259; out1[5] = x262; out1[6] = x265; out1[7] = x268; out1[8] = x271; out1[9] = x274; out1[10] = x277; out1[11] = x280; out1[12] = x283; out1[13] = x286; out1[14] = x289; out1[15] = x292; out1[16] = x295; out1[17] = x298; out1[18] = x301; } /// The function fiat_p521_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_p521_carry(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = ((x1 >> 28) + (arg1[1])); let x3: u32 = ((x2 >> 27) + (arg1[2])); let x4: u32 = ((x3 >> 28) + (arg1[3])); let x5: u32 = ((x4 >> 27) + (arg1[4])); let x6: u32 = ((x5 >> 28) + (arg1[5])); let x7: u32 = ((x6 >> 27) + (arg1[6])); let x8: u32 = ((x7 >> 27) + (arg1[7])); let x9: u32 = ((x8 >> 28) + (arg1[8])); let x10: u32 = ((x9 >> 27) + (arg1[9])); let x11: u32 = ((x10 >> 28) + (arg1[10])); let x12: u32 = ((x11 >> 27) + (arg1[11])); let x13: u32 = ((x12 >> 28) + (arg1[12])); let x14: u32 = ((x13 >> 27) + (arg1[13])); let x15: u32 = ((x14 >> 27) + (arg1[14])); let x16: u32 = ((x15 >> 28) + (arg1[15])); let x17: u32 = ((x16 >> 27) + (arg1[16])); let x18: u32 = ((x17 >> 28) + (arg1[17])); let x19: u32 = ((x18 >> 27) + (arg1[18])); let x20: u32 = ((x1 & 0xfffffff) + (x19 >> 27)); let x21: u32 = ((((x20 >> 28) as fiat_p521_u1) as u32) + (x2 & 0x7ffffff)); let x22: u32 = (x20 & 0xfffffff); let x23: u32 = (x21 & 0x7ffffff); let x24: u32 = ((((x21 >> 27) as fiat_p521_u1) as u32) + (x3 & 0xfffffff)); let x25: u32 = (x4 & 0x7ffffff); let x26: u32 = (x5 & 0xfffffff); let x27: u32 = (x6 & 0x7ffffff); let x28: u32 = (x7 & 0x7ffffff); let x29: u32 = (x8 & 0xfffffff); let x30: u32 = (x9 & 0x7ffffff); let x31: u32 = (x10 & 0xfffffff); let x32: u32 = (x11 & 0x7ffffff); let x33: u32 = (x12 & 0xfffffff); let x34: u32 = (x13 & 0x7ffffff); let x35: u32 = (x14 & 0x7ffffff); let x36: u32 = (x15 & 0xfffffff); let x37: u32 = (x16 & 0x7ffffff); let x38: u32 = (x17 & 0xfffffff); let x39: u32 = (x18 & 0x7ffffff); let x40: u32 = (x19 & 0x7ffffff); out1[0] = x22; out1[1] = x23; out1[2] = x24; out1[3] = x25; out1[4] = x26; out1[5] = x27; out1[6] = x28; out1[7] = x29; out1[8] = x30; out1[9] = x31; out1[10] = x32; out1[11] = x33; out1[12] = x34; out1[13] = x35; out1[14] = x36; out1[15] = x37; out1[16] = x38; out1[17] = x39; out1[18] = x40; } /// The function fiat_p521_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_p521_add(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element, arg2: &fiat_p521_tight_field_element) { let x1: u32 = ((arg1[0]) + (arg2[0])); let x2: u32 = ((arg1[1]) + (arg2[1])); let x3: u32 = ((arg1[2]) + (arg2[2])); let x4: u32 = ((arg1[3]) + (arg2[3])); let x5: u32 = ((arg1[4]) + (arg2[4])); let x6: u32 = ((arg1[5]) + (arg2[5])); let x7: u32 = ((arg1[6]) + (arg2[6])); let x8: u32 = ((arg1[7]) + (arg2[7])); let x9: u32 = ((arg1[8]) + (arg2[8])); let x10: u32 = ((arg1[9]) + (arg2[9])); let x11: u32 = ((arg1[10]) + (arg2[10])); let x12: u32 = ((arg1[11]) + (arg2[11])); let x13: u32 = ((arg1[12]) + (arg2[12])); let x14: u32 = ((arg1[13]) + (arg2[13])); let x15: u32 = ((arg1[14]) + (arg2[14])); let x16: u32 = ((arg1[15]) + (arg2[15])); let x17: u32 = ((arg1[16]) + (arg2[16])); let x18: u32 = ((arg1[17]) + (arg2[17])); let x19: u32 = ((arg1[18]) + (arg2[18])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; out1[17] = x18; out1[18] = x19; } /// The function fiat_p521_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_p521_sub(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element, arg2: &fiat_p521_tight_field_element) { let x1: u32 = ((0x1ffffffe + (arg1[0])) - (arg2[0])); let x2: u32 = ((0xffffffe + (arg1[1])) - (arg2[1])); let x3: u32 = ((0x1ffffffe + (arg1[2])) - (arg2[2])); let x4: u32 = ((0xffffffe + (arg1[3])) - (arg2[3])); let x5: u32 = ((0x1ffffffe + (arg1[4])) - (arg2[4])); let x6: u32 = ((0xffffffe + (arg1[5])) - (arg2[5])); let x7: u32 = ((0xffffffe + (arg1[6])) - (arg2[6])); let x8: u32 = ((0x1ffffffe + (arg1[7])) - (arg2[7])); let x9: u32 = ((0xffffffe + (arg1[8])) - (arg2[8])); let x10: u32 = ((0x1ffffffe + (arg1[9])) - (arg2[9])); let x11: u32 = ((0xffffffe + (arg1[10])) - (arg2[10])); let x12: u32 = ((0x1ffffffe + (arg1[11])) - (arg2[11])); let x13: u32 = ((0xffffffe + (arg1[12])) - (arg2[12])); let x14: u32 = ((0xffffffe + (arg1[13])) - (arg2[13])); let x15: u32 = ((0x1ffffffe + (arg1[14])) - (arg2[14])); let x16: u32 = ((0xffffffe + (arg1[15])) - (arg2[15])); let x17: u32 = ((0x1ffffffe + (arg1[16])) - (arg2[16])); let x18: u32 = ((0xffffffe + (arg1[17])) - (arg2[17])); let x19: u32 = ((0xffffffe + (arg1[18])) - (arg2[18])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; out1[17] = x18; out1[18] = x19; } /// The function fiat_p521_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_p521_opp(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element) { let x1: u32 = (0x1ffffffe - (arg1[0])); let x2: u32 = (0xffffffe - (arg1[1])); let x3: u32 = (0x1ffffffe - (arg1[2])); let x4: u32 = (0xffffffe - (arg1[3])); let x5: u32 = (0x1ffffffe - (arg1[4])); let x6: u32 = (0xffffffe - (arg1[5])); let x7: u32 = (0xffffffe - (arg1[6])); let x8: u32 = (0x1ffffffe - (arg1[7])); let x9: u32 = (0xffffffe - (arg1[8])); let x10: u32 = (0x1ffffffe - (arg1[9])); let x11: u32 = (0xffffffe - (arg1[10])); let x12: u32 = (0x1ffffffe - (arg1[11])); let x13: u32 = (0xffffffe - (arg1[12])); let x14: u32 = (0xffffffe - (arg1[13])); let x15: u32 = (0x1ffffffe - (arg1[14])); let x16: u32 = (0xffffffe - (arg1[15])); let x17: u32 = (0x1ffffffe - (arg1[16])); let x18: u32 = (0xffffffe - (arg1[17])); let x19: u32 = (0xffffffe - (arg1[18])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; out1[17] = x18; out1[18] = x19; } /// The function fiat_p521_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_p521_selectznz(out1: &mut [u32; 19], arg1: fiat_p521_u1, arg2: &[u32; 19], arg3: &[u32; 19]) { let mut x1: u32 = 0; fiat_p521_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_p521_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_p521_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_p521_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_p521_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_p521_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_p521_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_p521_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u32 = 0; fiat_p521_cmovznz_u32(&mut x9, arg1, (arg2[8]), (arg3[8])); let mut x10: u32 = 0; fiat_p521_cmovznz_u32(&mut x10, arg1, (arg2[9]), (arg3[9])); let mut x11: u32 = 0; fiat_p521_cmovznz_u32(&mut x11, arg1, (arg2[10]), (arg3[10])); let mut x12: u32 = 0; fiat_p521_cmovznz_u32(&mut x12, arg1, (arg2[11]), (arg3[11])); let mut x13: u32 = 0; fiat_p521_cmovznz_u32(&mut x13, arg1, (arg2[12]), (arg3[12])); let mut x14: u32 = 0; fiat_p521_cmovznz_u32(&mut x14, arg1, (arg2[13]), (arg3[13])); let mut x15: u32 = 0; fiat_p521_cmovznz_u32(&mut x15, arg1, (arg2[14]), (arg3[14])); let mut x16: u32 = 0; fiat_p521_cmovznz_u32(&mut x16, arg1, (arg2[15]), (arg3[15])); let mut x17: u32 = 0; fiat_p521_cmovznz_u32(&mut x17, arg1, (arg2[16]), (arg3[16])); let mut x18: u32 = 0; fiat_p521_cmovznz_u32(&mut x18, arg1, (arg2[17]), (arg3[17])); let mut x19: u32 = 0; fiat_p521_cmovznz_u32(&mut x19, arg1, (arg2[18]), (arg3[18])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; out1[17] = x18; out1[18] = x19; } /// The function fiat_p521_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] #[inline] pub fn fiat_p521_to_bytes(out1: &mut [u8; 66], arg1: &fiat_p521_tight_field_element) { let mut x1: u32 = 0; let mut x2: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x1, &mut x2, 0x0, (arg1[0]), 0xfffffff); let mut x3: u32 = 0; let mut x4: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x3, &mut x4, x2, (arg1[1]), 0x7ffffff); let mut x5: u32 = 0; let mut x6: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x5, &mut x6, x4, (arg1[2]), 0xfffffff); let mut x7: u32 = 0; let mut x8: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x7, &mut x8, x6, (arg1[3]), 0x7ffffff); let mut x9: u32 = 0; let mut x10: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x9, &mut x10, x8, (arg1[4]), 0xfffffff); let mut x11: u32 = 0; let mut x12: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x11, &mut x12, x10, (arg1[5]), 0x7ffffff); let mut x13: u32 = 0; let mut x14: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x13, &mut x14, x12, (arg1[6]), 0x7ffffff); let mut x15: u32 = 0; let mut x16: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x15, &mut x16, x14, (arg1[7]), 0xfffffff); let mut x17: u32 = 0; let mut x18: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x17, &mut x18, x16, (arg1[8]), 0x7ffffff); let mut x19: u32 = 0; let mut x20: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x19, &mut x20, x18, (arg1[9]), 0xfffffff); let mut x21: u32 = 0; let mut x22: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x21, &mut x22, x20, (arg1[10]), 0x7ffffff); let mut x23: u32 = 0; let mut x24: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x23, &mut x24, x22, (arg1[11]), 0xfffffff); let mut x25: u32 = 0; let mut x26: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x25, &mut x26, x24, (arg1[12]), 0x7ffffff); let mut x27: u32 = 0; let mut x28: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x27, &mut x28, x26, (arg1[13]), 0x7ffffff); let mut x29: u32 = 0; let mut x30: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x29, &mut x30, x28, (arg1[14]), 0xfffffff); let mut x31: u32 = 0; let mut x32: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x31, &mut x32, x30, (arg1[15]), 0x7ffffff); let mut x33: u32 = 0; let mut x34: fiat_p521_u1 = 0; fiat_p521_subborrowx_u28(&mut x33, &mut x34, x32, (arg1[16]), 0xfffffff); let mut x35: u32 = 0; let mut x36: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x35, &mut x36, x34, (arg1[17]), 0x7ffffff); let mut x37: u32 = 0; let mut x38: fiat_p521_u1 = 0; fiat_p521_subborrowx_u27(&mut x37, &mut x38, x36, (arg1[18]), 0x7ffffff); let mut x39: u32 = 0; fiat_p521_cmovznz_u32(&mut x39, x38, (0x0 as u32), 0xffffffff); let mut x40: u32 = 0; let mut x41: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x40, &mut x41, 0x0, x1, (x39 & 0xfffffff)); let mut x42: u32 = 0; let mut x43: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x42, &mut x43, x41, x3, (x39 & 0x7ffffff)); let mut x44: u32 = 0; let mut x45: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x44, &mut x45, x43, x5, (x39 & 0xfffffff)); let mut x46: u32 = 0; let mut x47: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x46, &mut x47, x45, x7, (x39 & 0x7ffffff)); let mut x48: u32 = 0; let mut x49: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x48, &mut x49, x47, x9, (x39 & 0xfffffff)); let mut x50: u32 = 0; let mut x51: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x50, &mut x51, x49, x11, (x39 & 0x7ffffff)); let mut x52: u32 = 0; let mut x53: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x52, &mut x53, x51, x13, (x39 & 0x7ffffff)); let mut x54: u32 = 0; let mut x55: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x54, &mut x55, x53, x15, (x39 & 0xfffffff)); let mut x56: u32 = 0; let mut x57: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x56, &mut x57, x55, x17, (x39 & 0x7ffffff)); let mut x58: u32 = 0; let mut x59: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x58, &mut x59, x57, x19, (x39 & 0xfffffff)); let mut x60: u32 = 0; let mut x61: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x60, &mut x61, x59, x21, (x39 & 0x7ffffff)); let mut x62: u32 = 0; let mut x63: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x62, &mut x63, x61, x23, (x39 & 0xfffffff)); let mut x64: u32 = 0; let mut x65: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x64, &mut x65, x63, x25, (x39 & 0x7ffffff)); let mut x66: u32 = 0; let mut x67: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x66, &mut x67, x65, x27, (x39 & 0x7ffffff)); let mut x68: u32 = 0; let mut x69: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x68, &mut x69, x67, x29, (x39 & 0xfffffff)); let mut x70: u32 = 0; let mut x71: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x70, &mut x71, x69, x31, (x39 & 0x7ffffff)); let mut x72: u32 = 0; let mut x73: fiat_p521_u1 = 0; fiat_p521_addcarryx_u28(&mut x72, &mut x73, x71, x33, (x39 & 0xfffffff)); let mut x74: u32 = 0; let mut x75: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x74, &mut x75, x73, x35, (x39 & 0x7ffffff)); let mut x76: u32 = 0; let mut x77: fiat_p521_u1 = 0; fiat_p521_addcarryx_u27(&mut x76, &mut x77, x75, x37, (x39 & 0x7ffffff)); let x78: u64 = ((x76 as u64) << 6); let x79: u32 = (x74 << 3); let x80: u64 = ((x72 as u64) << 7); let x81: u32 = (x70 << 4); let x82: u32 = (x66 << 5); let x83: u32 = (x64 << 2); let x84: u64 = ((x62 as u64) << 6); let x85: u32 = (x60 << 3); let x86: u64 = ((x58 as u64) << 7); let x87: u32 = (x56 << 4); let x88: u32 = (x52 << 5); let x89: u32 = (x50 << 2); let x90: u64 = ((x48 as u64) << 6); let x91: u32 = (x46 << 3); let x92: u64 = ((x44 as u64) << 7); let x93: u32 = (x42 << 4); let x94: u8 = ((x40 & (0xff as u32)) as u8); let x95: u32 = (x40 >> 8); let x96: u8 = ((x95 & (0xff as u32)) as u8); let x97: u32 = (x95 >> 8); let x98: u8 = ((x97 & (0xff as u32)) as u8); let x99: u8 = ((x97 >> 8) as u8); let x100: u32 = (x93 + (x99 as u32)); let x101: u8 = ((x100 & (0xff as u32)) as u8); let x102: u32 = (x100 >> 8); let x103: u8 = ((x102 & (0xff as u32)) as u8); let x104: u32 = (x102 >> 8); let x105: u8 = ((x104 & (0xff as u32)) as u8); let x106: u8 = ((x104 >> 8) as u8); let x107: u64 = (x92 + (x106 as u64)); let x108: u8 = ((x107 & (0xff as u64)) as u8); let x109: u32 = ((x107 >> 8) as u32); let x110: u8 = ((x109 & (0xff as u32)) as u8); let x111: u32 = (x109 >> 8); let x112: u8 = ((x111 & (0xff as u32)) as u8); let x113: u32 = (x111 >> 8); let x114: u8 = ((x113 & (0xff as u32)) as u8); let x115: u8 = ((x113 >> 8) as u8); let x116: u32 = (x91 + (x115 as u32)); let x117: u8 = ((x116 & (0xff as u32)) as u8); let x118: u32 = (x116 >> 8); let x119: u8 = ((x118 & (0xff as u32)) as u8); let x120: u32 = (x118 >> 8); let x121: u8 = ((x120 & (0xff as u32)) as u8); let x122: u8 = ((x120 >> 8) as u8); let x123: u64 = (x90 + (x122 as u64)); let x124: u8 = ((x123 & (0xff as u64)) as u8); let x125: u32 = ((x123 >> 8) as u32); let x126: u8 = ((x125 & (0xff as u32)) as u8); let x127: u32 = (x125 >> 8); let x128: u8 = ((x127 & (0xff as u32)) as u8); let x129: u32 = (x127 >> 8); let x130: u8 = ((x129 & (0xff as u32)) as u8); let x131: u8 = ((x129 >> 8) as u8); let x132: u32 = (x89 + (x131 as u32)); let x133: u8 = ((x132 & (0xff as u32)) as u8); let x134: u32 = (x132 >> 8); let x135: u8 = ((x134 & (0xff as u32)) as u8); let x136: u32 = (x134 >> 8); let x137: u8 = ((x136 & (0xff as u32)) as u8); let x138: u8 = ((x136 >> 8) as u8); let x139: u32 = (x88 + (x138 as u32)); let x140: u8 = ((x139 & (0xff as u32)) as u8); let x141: u32 = (x139 >> 8); let x142: u8 = ((x141 & (0xff as u32)) as u8); let x143: u32 = (x141 >> 8); let x144: u8 = ((x143 & (0xff as u32)) as u8); let x145: u8 = ((x143 >> 8) as u8); let x146: u8 = ((x54 & (0xff as u32)) as u8); let x147: u32 = (x54 >> 8); let x148: u8 = ((x147 & (0xff as u32)) as u8); let x149: u32 = (x147 >> 8); let x150: u8 = ((x149 & (0xff as u32)) as u8); let x151: u8 = ((x149 >> 8) as u8); let x152: u32 = (x87 + (x151 as u32)); let x153: u8 = ((x152 & (0xff as u32)) as u8); let x154: u32 = (x152 >> 8); let x155: u8 = ((x154 & (0xff as u32)) as u8); let x156: u32 = (x154 >> 8); let x157: u8 = ((x156 & (0xff as u32)) as u8); let x158: u8 = ((x156 >> 8) as u8); let x159: u64 = (x86 + (x158 as u64)); let x160: u8 = ((x159 & (0xff as u64)) as u8); let x161: u32 = ((x159 >> 8) as u32); let x162: u8 = ((x161 & (0xff as u32)) as u8); let x163: u32 = (x161 >> 8); let x164: u8 = ((x163 & (0xff as u32)) as u8); let x165: u32 = (x163 >> 8); let x166: u8 = ((x165 & (0xff as u32)) as u8); let x167: u8 = ((x165 >> 8) as u8); let x168: u32 = (x85 + (x167 as u32)); let x169: u8 = ((x168 & (0xff as u32)) as u8); let x170: u32 = (x168 >> 8); let x171: u8 = ((x170 & (0xff as u32)) as u8); let x172: u32 = (x170 >> 8); let x173: u8 = ((x172 & (0xff as u32)) as u8); let x174: u8 = ((x172 >> 8) as u8); let x175: u64 = (x84 + (x174 as u64)); let x176: u8 = ((x175 & (0xff as u64)) as u8); let x177: u32 = ((x175 >> 8) as u32); let x178: u8 = ((x177 & (0xff as u32)) as u8); let x179: u32 = (x177 >> 8); let x180: u8 = ((x179 & (0xff as u32)) as u8); let x181: u32 = (x179 >> 8); let x182: u8 = ((x181 & (0xff as u32)) as u8); let x183: u8 = ((x181 >> 8) as u8); let x184: u32 = (x83 + (x183 as u32)); let x185: u8 = ((x184 & (0xff as u32)) as u8); let x186: u32 = (x184 >> 8); let x187: u8 = ((x186 & (0xff as u32)) as u8); let x188: u32 = (x186 >> 8); let x189: u8 = ((x188 & (0xff as u32)) as u8); let x190: u8 = ((x188 >> 8) as u8); let x191: u32 = (x82 + (x190 as u32)); let x192: u8 = ((x191 & (0xff as u32)) as u8); let x193: u32 = (x191 >> 8); let x194: u8 = ((x193 & (0xff as u32)) as u8); let x195: u32 = (x193 >> 8); let x196: u8 = ((x195 & (0xff as u32)) as u8); let x197: u8 = ((x195 >> 8) as u8); let x198: u8 = ((x68 & (0xff as u32)) as u8); let x199: u32 = (x68 >> 8); let x200: u8 = ((x199 & (0xff as u32)) as u8); let x201: u32 = (x199 >> 8); let x202: u8 = ((x201 & (0xff as u32)) as u8); let x203: u8 = ((x201 >> 8) as u8); let x204: u32 = (x81 + (x203 as u32)); let x205: u8 = ((x204 & (0xff as u32)) as u8); let x206: u32 = (x204 >> 8); let x207: u8 = ((x206 & (0xff as u32)) as u8); let x208: u32 = (x206 >> 8); let x209: u8 = ((x208 & (0xff as u32)) as u8); let x210: u8 = ((x208 >> 8) as u8); let x211: u64 = (x80 + (x210 as u64)); let x212: u8 = ((x211 & (0xff as u64)) as u8); let x213: u32 = ((x211 >> 8) as u32); let x214: u8 = ((x213 & (0xff as u32)) as u8); let x215: u32 = (x213 >> 8); let x216: u8 = ((x215 & (0xff as u32)) as u8); let x217: u32 = (x215 >> 8); let x218: u8 = ((x217 & (0xff as u32)) as u8); let x219: u8 = ((x217 >> 8) as u8); let x220: u32 = (x79 + (x219 as u32)); let x221: u8 = ((x220 & (0xff as u32)) as u8); let x222: u32 = (x220 >> 8); let x223: u8 = ((x222 & (0xff as u32)) as u8); let x224: u32 = (x222 >> 8); let x225: u8 = ((x224 & (0xff as u32)) as u8); let x226: u8 = ((x224 >> 8) as u8); let x227: u64 = (x78 + (x226 as u64)); let x228: u8 = ((x227 & (0xff as u64)) as u8); let x229: u32 = ((x227 >> 8) as u32); let x230: u8 = ((x229 & (0xff as u32)) as u8); let x231: u32 = (x229 >> 8); let x232: u8 = ((x231 & (0xff as u32)) as u8); let x233: u32 = (x231 >> 8); let x234: u8 = ((x233 & (0xff as u32)) as u8); let x235: fiat_p521_u1 = ((x233 >> 8) as fiat_p521_u1); out1[0] = x94; out1[1] = x96; out1[2] = x98; out1[3] = x101; out1[4] = x103; out1[5] = x105; out1[6] = x108; out1[7] = x110; out1[8] = x112; out1[9] = x114; out1[10] = x117; out1[11] = x119; out1[12] = x121; out1[13] = x124; out1[14] = x126; out1[15] = x128; out1[16] = x130; out1[17] = x133; out1[18] = x135; out1[19] = x137; out1[20] = x140; out1[21] = x142; out1[22] = x144; out1[23] = x145; out1[24] = x146; out1[25] = x148; out1[26] = x150; out1[27] = x153; out1[28] = x155; out1[29] = x157; out1[30] = x160; out1[31] = x162; out1[32] = x164; out1[33] = x166; out1[34] = x169; out1[35] = x171; out1[36] = x173; out1[37] = x176; out1[38] = x178; out1[39] = x180; out1[40] = x182; out1[41] = x185; out1[42] = x187; out1[43] = x189; out1[44] = x192; out1[45] = x194; out1[46] = x196; out1[47] = x197; out1[48] = x198; out1[49] = x200; out1[50] = x202; out1[51] = x205; out1[52] = x207; out1[53] = x209; out1[54] = x212; out1[55] = x214; out1[56] = x216; out1[57] = x218; out1[58] = x221; out1[59] = x223; out1[60] = x225; out1[61] = x228; out1[62] = x230; out1[63] = x232; out1[64] = x234; out1[65] = (x235 as u8); } /// The function fiat_p521_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] #[inline] pub fn fiat_p521_from_bytes(out1: &mut fiat_p521_tight_field_element, arg1: &[u8; 66]) { let x1: u32 = ((((arg1[65]) as fiat_p521_u1) as u32) << 26); let x2: u32 = (((arg1[64]) as u32) << 18); let x3: u32 = (((arg1[63]) as u32) << 10); let x4: u32 = (((arg1[62]) as u32) << 2); let x5: u32 = (((arg1[61]) as u32) << 21); let x6: u32 = (((arg1[60]) as u32) << 13); let x7: u32 = (((arg1[59]) as u32) << 5); let x8: u64 = (((arg1[58]) as u64) << 25); let x9: u32 = (((arg1[57]) as u32) << 17); let x10: u32 = (((arg1[56]) as u32) << 9); let x11: u32 = (((arg1[55]) as u32) * (0x2 as u32)); let x12: u32 = (((arg1[54]) as u32) << 20); let x13: u32 = (((arg1[53]) as u32) << 12); let x14: u32 = (((arg1[52]) as u32) << 4); let x15: u32 = (((arg1[51]) as u32) << 24); let x16: u32 = (((arg1[50]) as u32) << 16); let x17: u32 = (((arg1[49]) as u32) << 8); let x18: u8 = (arg1[48]); let x19: u32 = (((arg1[47]) as u32) << 19); let x20: u32 = (((arg1[46]) as u32) << 11); let x21: u32 = (((arg1[45]) as u32) << 3); let x22: u32 = (((arg1[44]) as u32) << 22); let x23: u32 = (((arg1[43]) as u32) << 14); let x24: u32 = (((arg1[42]) as u32) << 6); let x25: u64 = (((arg1[41]) as u64) << 26); let x26: u32 = (((arg1[40]) as u32) << 18); let x27: u32 = (((arg1[39]) as u32) << 10); let x28: u32 = (((arg1[38]) as u32) << 2); let x29: u32 = (((arg1[37]) as u32) << 21); let x30: u32 = (((arg1[36]) as u32) << 13); let x31: u32 = (((arg1[35]) as u32) << 5); let x32: u64 = (((arg1[34]) as u64) << 25); let x33: u32 = (((arg1[33]) as u32) << 17); let x34: u32 = (((arg1[32]) as u32) << 9); let x35: u32 = (((arg1[31]) as u32) * (0x2 as u32)); let x36: u32 = (((arg1[30]) as u32) << 20); let x37: u32 = (((arg1[29]) as u32) << 12); let x38: u32 = (((arg1[28]) as u32) << 4); let x39: u32 = (((arg1[27]) as u32) << 24); let x40: u32 = (((arg1[26]) as u32) << 16); let x41: u32 = (((arg1[25]) as u32) << 8); let x42: u8 = (arg1[24]); let x43: u32 = (((arg1[23]) as u32) << 19); let x44: u32 = (((arg1[22]) as u32) << 11); let x45: u32 = (((arg1[21]) as u32) << 3); let x46: u32 = (((arg1[20]) as u32) << 22); let x47: u32 = (((arg1[19]) as u32) << 14); let x48: u32 = (((arg1[18]) as u32) << 6); let x49: u64 = (((arg1[17]) as u64) << 26); let x50: u32 = (((arg1[16]) as u32) << 18); let x51: u32 = (((arg1[15]) as u32) << 10); let x52: u32 = (((arg1[14]) as u32) << 2); let x53: u32 = (((arg1[13]) as u32) << 21); let x54: u32 = (((arg1[12]) as u32) << 13); let x55: u32 = (((arg1[11]) as u32) << 5); let x56: u64 = (((arg1[10]) as u64) << 25); let x57: u32 = (((arg1[9]) as u32) << 17); let x58: u32 = (((arg1[8]) as u32) << 9); let x59: u32 = (((arg1[7]) as u32) * (0x2 as u32)); let x60: u32 = (((arg1[6]) as u32) << 20); let x61: u32 = (((arg1[5]) as u32) << 12); let x62: u32 = (((arg1[4]) as u32) << 4); let x63: u32 = (((arg1[3]) as u32) << 24); let x64: u32 = (((arg1[2]) as u32) << 16); let x65: u32 = (((arg1[1]) as u32) << 8); let x66: u8 = (arg1[0]); let x67: u32 = (x65 + (x66 as u32)); let x68: u32 = (x64 + x67); let x69: u32 = (x63 + x68); let x70: u32 = (x69 & 0xfffffff); let x71: u8 = ((x69 >> 28) as u8); let x72: u32 = (x62 + (x71 as u32)); let x73: u32 = (x61 + x72); let x74: u32 = (x60 + x73); let x75: u32 = (x74 & 0x7ffffff); let x76: fiat_p521_u1 = ((x74 >> 27) as fiat_p521_u1); let x77: u32 = (x59 + (x76 as u32)); let x78: u32 = (x58 + x77); let x79: u32 = (x57 + x78); let x80: u64 = (x56 + (x79 as u64)); let x81: u32 = ((x80 & (0xfffffff as u64)) as u32); let x82: u8 = ((x80 >> 28) as u8); let x83: u32 = (x55 + (x82 as u32)); let x84: u32 = (x54 + x83); let x85: u32 = (x53 + x84); let x86: u32 = (x85 & 0x7ffffff); let x87: u8 = ((x85 >> 27) as u8); let x88: u32 = (x52 + (x87 as u32)); let x89: u32 = (x51 + x88); let x90: u32 = (x50 + x89); let x91: u64 = (x49 + (x90 as u64)); let x92: u32 = ((x91 & (0xfffffff as u64)) as u32); let x93: u8 = ((x91 >> 28) as u8); let x94: u32 = (x48 + (x93 as u32)); let x95: u32 = (x47 + x94); let x96: u32 = (x46 + x95); let x97: u32 = (x96 & 0x7ffffff); let x98: u8 = ((x96 >> 27) as u8); let x99: u32 = (x45 + (x98 as u32)); let x100: u32 = (x44 + x99); let x101: u32 = (x43 + x100); let x102: u32 = (x41 + (x42 as u32)); let x103: u32 = (x40 + x102); let x104: u32 = (x39 + x103); let x105: u32 = (x104 & 0xfffffff); let x106: u8 = ((x104 >> 28) as u8); let x107: u32 = (x38 + (x106 as u32)); let x108: u32 = (x37 + x107); let x109: u32 = (x36 + x108); let x110: u32 = (x109 & 0x7ffffff); let x111: fiat_p521_u1 = ((x109 >> 27) as fiat_p521_u1); let x112: u32 = (x35 + (x111 as u32)); let x113: u32 = (x34 + x112); let x114: u32 = (x33 + x113); let x115: u64 = (x32 + (x114 as u64)); let x116: u32 = ((x115 & (0xfffffff as u64)) as u32); let x117: u8 = ((x115 >> 28) as u8); let x118: u32 = (x31 + (x117 as u32)); let x119: u32 = (x30 + x118); let x120: u32 = (x29 + x119); let x121: u32 = (x120 & 0x7ffffff); let x122: u8 = ((x120 >> 27) as u8); let x123: u32 = (x28 + (x122 as u32)); let x124: u32 = (x27 + x123); let x125: u32 = (x26 + x124); let x126: u64 = (x25 + (x125 as u64)); let x127: u32 = ((x126 & (0xfffffff as u64)) as u32); let x128: u8 = ((x126 >> 28) as u8); let x129: u32 = (x24 + (x128 as u32)); let x130: u32 = (x23 + x129); let x131: u32 = (x22 + x130); let x132: u32 = (x131 & 0x7ffffff); let x133: u8 = ((x131 >> 27) as u8); let x134: u32 = (x21 + (x133 as u32)); let x135: u32 = (x20 + x134); let x136: u32 = (x19 + x135); let x137: u32 = (x17 + (x18 as u32)); let x138: u32 = (x16 + x137); let x139: u32 = (x15 + x138); let x140: u32 = (x139 & 0xfffffff); let x141: u8 = ((x139 >> 28) as u8); let x142: u32 = (x14 + (x141 as u32)); let x143: u32 = (x13 + x142); let x144: u32 = (x12 + x143); let x145: u32 = (x144 & 0x7ffffff); let x146: fiat_p521_u1 = ((x144 >> 27) as fiat_p521_u1); let x147: u32 = (x11 + (x146 as u32)); let x148: u32 = (x10 + x147); let x149: u32 = (x9 + x148); let x150: u64 = (x8 + (x149 as u64)); let x151: u32 = ((x150 & (0xfffffff as u64)) as u32); let x152: u8 = ((x150 >> 28) as u8); let x153: u32 = (x7 + (x152 as u32)); let x154: u32 = (x6 + x153); let x155: u32 = (x5 + x154); let x156: u32 = (x155 & 0x7ffffff); let x157: u8 = ((x155 >> 27) as u8); let x158: u32 = (x4 + (x157 as u32)); let x159: u32 = (x3 + x158); let x160: u32 = (x2 + x159); let x161: u32 = (x1 + x160); out1[0] = x70; out1[1] = x75; out1[2] = x81; out1[3] = x86; out1[4] = x92; out1[5] = x97; out1[6] = x101; out1[7] = x105; out1[8] = x110; out1[9] = x116; out1[10] = x121; out1[11] = x127; out1[12] = x132; out1[13] = x136; out1[14] = x140; out1[15] = x145; out1[16] = x151; out1[17] = x156; out1[18] = x161; } /// The function fiat_p521_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_p521_relax(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = (arg1[1]); let x3: u32 = (arg1[2]); let x4: u32 = (arg1[3]); let x5: u32 = (arg1[4]); let x6: u32 = (arg1[5]); let x7: u32 = (arg1[6]); let x8: u32 = (arg1[7]); let x9: u32 = (arg1[8]); let x10: u32 = (arg1[9]); let x11: u32 = (arg1[10]); let x12: u32 = (arg1[11]); let x13: u32 = (arg1[12]); let x14: u32 = (arg1[13]); let x15: u32 = (arg1[14]); let x16: u32 = (arg1[15]); let x17: u32 = (arg1[16]); let x18: u32 = (arg1[17]); let x19: u32 = (arg1[18]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; out1[17] = x18; out1[18] = x19; } fiat-crypto-0.2.2/src/p521_64.rs000064400000000000000000001307441046102023000142340ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline p521 64 '(auto)' '2^521 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: p521 //! machine_wordsize = 64 (from "64") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 9 (from "(auto)") //! s-c = 2^521 - [(1, 1)] (from "2^521 - 1") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 0, 1] //! eval z = z[0] + (z[1] << 58) + (z[2] << 116) + (z[3] << 174) + (z[4] << 232) + (z[5] << 0x122) + (z[6] << 0x15c) + (z[7] << 0x196) + (z[8] << 0x1d0) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) //! balance = [0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x3fffffffffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_p521_u1 = u8; pub type fiat_p521_i1 = i8; pub type fiat_p521_u2 = u8; pub type fiat_p521_i2 = i8; /** The type fiat_p521_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_p521_loose_field_element(pub [u64; 9]); impl core::ops::Index for fiat_p521_loose_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p521_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_p521_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] */ #[derive(Clone, Copy)] pub struct fiat_p521_tight_field_element(pub [u64; 9]); impl core::ops::Index for fiat_p521_tight_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_p521_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_p521_addcarryx_u58 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^58 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^58⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffffffffffff] /// arg3: [0x0 ~> 0x3ffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_addcarryx_u58(out1: &mut u64, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0x3ffffffffffffff); let x3: fiat_p521_u1 = ((x1 >> 58) as fiat_p521_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p521_subborrowx_u58 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^58 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^58⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffffffffffff] /// arg3: [0x0 ~> 0x3ffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_subborrowx_u58(out1: &mut u64, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_p521_i1 = ((x1 >> 58) as fiat_p521_i1); let x3: u64 = (((x1 as i128) & (0x3ffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p521_i2) - (x2 as fiat_p521_i2)) as fiat_p521_u1); } /// The function fiat_p521_addcarryx_u57 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^57 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^57⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x1ffffffffffffff] /// arg3: [0x0 ~> 0x1ffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x1ffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_addcarryx_u57(out1: &mut u64, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0x1ffffffffffffff); let x3: fiat_p521_u1 = ((x1 >> 57) as fiat_p521_u1); *out1 = x2; *out2 = x3; } /// The function fiat_p521_subborrowx_u57 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^57 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^57⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x1ffffffffffffff] /// arg3: [0x0 ~> 0x1ffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x1ffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_p521_subborrowx_u57(out1: &mut u64, out2: &mut fiat_p521_u1, arg1: fiat_p521_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_p521_i1 = ((x1 >> 57) as fiat_p521_i1); let x3: u64 = (((x1 as i128) & (0x1ffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_p521_i2) - (x2 as fiat_p521_i2)) as fiat_p521_u1); } /// The function fiat_p521_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_p521_cmovznz_u64(out1: &mut u64, arg1: fiat_p521_u1, arg2: u64, arg3: u64) { let x1: fiat_p521_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_p521_i2) - (x1 as fiat_p521_i2)) as fiat_p521_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_p521_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_p521_carry_mul(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element, arg2: &fiat_p521_loose_field_element) { let x1: u128 = (((arg1[8]) as u128) * (((arg2[8]) * 0x2) as u128)); let x2: u128 = (((arg1[8]) as u128) * (((arg2[7]) * 0x2) as u128)); let x3: u128 = (((arg1[8]) as u128) * (((arg2[6]) * 0x2) as u128)); let x4: u128 = (((arg1[8]) as u128) * (((arg2[5]) * 0x2) as u128)); let x5: u128 = (((arg1[8]) as u128) * (((arg2[4]) * 0x2) as u128)); let x6: u128 = (((arg1[8]) as u128) * (((arg2[3]) * 0x2) as u128)); let x7: u128 = (((arg1[8]) as u128) * (((arg2[2]) * 0x2) as u128)); let x8: u128 = (((arg1[8]) as u128) * (((arg2[1]) * 0x2) as u128)); let x9: u128 = (((arg1[7]) as u128) * (((arg2[8]) * 0x2) as u128)); let x10: u128 = (((arg1[7]) as u128) * (((arg2[7]) * 0x2) as u128)); let x11: u128 = (((arg1[7]) as u128) * (((arg2[6]) * 0x2) as u128)); let x12: u128 = (((arg1[7]) as u128) * (((arg2[5]) * 0x2) as u128)); let x13: u128 = (((arg1[7]) as u128) * (((arg2[4]) * 0x2) as u128)); let x14: u128 = (((arg1[7]) as u128) * (((arg2[3]) * 0x2) as u128)); let x15: u128 = (((arg1[7]) as u128) * (((arg2[2]) * 0x2) as u128)); let x16: u128 = (((arg1[6]) as u128) * (((arg2[8]) * 0x2) as u128)); let x17: u128 = (((arg1[6]) as u128) * (((arg2[7]) * 0x2) as u128)); let x18: u128 = (((arg1[6]) as u128) * (((arg2[6]) * 0x2) as u128)); let x19: u128 = (((arg1[6]) as u128) * (((arg2[5]) * 0x2) as u128)); let x20: u128 = (((arg1[6]) as u128) * (((arg2[4]) * 0x2) as u128)); let x21: u128 = (((arg1[6]) as u128) * (((arg2[3]) * 0x2) as u128)); let x22: u128 = (((arg1[5]) as u128) * (((arg2[8]) * 0x2) as u128)); let x23: u128 = (((arg1[5]) as u128) * (((arg2[7]) * 0x2) as u128)); let x24: u128 = (((arg1[5]) as u128) * (((arg2[6]) * 0x2) as u128)); let x25: u128 = (((arg1[5]) as u128) * (((arg2[5]) * 0x2) as u128)); let x26: u128 = (((arg1[5]) as u128) * (((arg2[4]) * 0x2) as u128)); let x27: u128 = (((arg1[4]) as u128) * (((arg2[8]) * 0x2) as u128)); let x28: u128 = (((arg1[4]) as u128) * (((arg2[7]) * 0x2) as u128)); let x29: u128 = (((arg1[4]) as u128) * (((arg2[6]) * 0x2) as u128)); let x30: u128 = (((arg1[4]) as u128) * (((arg2[5]) * 0x2) as u128)); let x31: u128 = (((arg1[3]) as u128) * (((arg2[8]) * 0x2) as u128)); let x32: u128 = (((arg1[3]) as u128) * (((arg2[7]) * 0x2) as u128)); let x33: u128 = (((arg1[3]) as u128) * (((arg2[6]) * 0x2) as u128)); let x34: u128 = (((arg1[2]) as u128) * (((arg2[8]) * 0x2) as u128)); let x35: u128 = (((arg1[2]) as u128) * (((arg2[7]) * 0x2) as u128)); let x36: u128 = (((arg1[1]) as u128) * (((arg2[8]) * 0x2) as u128)); let x37: u128 = (((arg1[8]) as u128) * ((arg2[0]) as u128)); let x38: u128 = (((arg1[7]) as u128) * ((arg2[1]) as u128)); let x39: u128 = (((arg1[7]) as u128) * ((arg2[0]) as u128)); let x40: u128 = (((arg1[6]) as u128) * ((arg2[2]) as u128)); let x41: u128 = (((arg1[6]) as u128) * ((arg2[1]) as u128)); let x42: u128 = (((arg1[6]) as u128) * ((arg2[0]) as u128)); let x43: u128 = (((arg1[5]) as u128) * ((arg2[3]) as u128)); let x44: u128 = (((arg1[5]) as u128) * ((arg2[2]) as u128)); let x45: u128 = (((arg1[5]) as u128) * ((arg2[1]) as u128)); let x46: u128 = (((arg1[5]) as u128) * ((arg2[0]) as u128)); let x47: u128 = (((arg1[4]) as u128) * ((arg2[4]) as u128)); let x48: u128 = (((arg1[4]) as u128) * ((arg2[3]) as u128)); let x49: u128 = (((arg1[4]) as u128) * ((arg2[2]) as u128)); let x50: u128 = (((arg1[4]) as u128) * ((arg2[1]) as u128)); let x51: u128 = (((arg1[4]) as u128) * ((arg2[0]) as u128)); let x52: u128 = (((arg1[3]) as u128) * ((arg2[5]) as u128)); let x53: u128 = (((arg1[3]) as u128) * ((arg2[4]) as u128)); let x54: u128 = (((arg1[3]) as u128) * ((arg2[3]) as u128)); let x55: u128 = (((arg1[3]) as u128) * ((arg2[2]) as u128)); let x56: u128 = (((arg1[3]) as u128) * ((arg2[1]) as u128)); let x57: u128 = (((arg1[3]) as u128) * ((arg2[0]) as u128)); let x58: u128 = (((arg1[2]) as u128) * ((arg2[6]) as u128)); let x59: u128 = (((arg1[2]) as u128) * ((arg2[5]) as u128)); let x60: u128 = (((arg1[2]) as u128) * ((arg2[4]) as u128)); let x61: u128 = (((arg1[2]) as u128) * ((arg2[3]) as u128)); let x62: u128 = (((arg1[2]) as u128) * ((arg2[2]) as u128)); let x63: u128 = (((arg1[2]) as u128) * ((arg2[1]) as u128)); let x64: u128 = (((arg1[2]) as u128) * ((arg2[0]) as u128)); let x65: u128 = (((arg1[1]) as u128) * ((arg2[7]) as u128)); let x66: u128 = (((arg1[1]) as u128) * ((arg2[6]) as u128)); let x67: u128 = (((arg1[1]) as u128) * ((arg2[5]) as u128)); let x68: u128 = (((arg1[1]) as u128) * ((arg2[4]) as u128)); let x69: u128 = (((arg1[1]) as u128) * ((arg2[3]) as u128)); let x70: u128 = (((arg1[1]) as u128) * ((arg2[2]) as u128)); let x71: u128 = (((arg1[1]) as u128) * ((arg2[1]) as u128)); let x72: u128 = (((arg1[1]) as u128) * ((arg2[0]) as u128)); let x73: u128 = (((arg1[0]) as u128) * ((arg2[8]) as u128)); let x74: u128 = (((arg1[0]) as u128) * ((arg2[7]) as u128)); let x75: u128 = (((arg1[0]) as u128) * ((arg2[6]) as u128)); let x76: u128 = (((arg1[0]) as u128) * ((arg2[5]) as u128)); let x77: u128 = (((arg1[0]) as u128) * ((arg2[4]) as u128)); let x78: u128 = (((arg1[0]) as u128) * ((arg2[3]) as u128)); let x79: u128 = (((arg1[0]) as u128) * ((arg2[2]) as u128)); let x80: u128 = (((arg1[0]) as u128) * ((arg2[1]) as u128)); let x81: u128 = (((arg1[0]) as u128) * ((arg2[0]) as u128)); let x82: u128 = (x81 + (x36 + (x35 + (x33 + (x30 + (x26 + (x21 + (x15 + x8)))))))); let x83: u128 = (x82 >> 58); let x84: u64 = ((x82 & (0x3ffffffffffffff as u128)) as u64); let x85: u128 = (x73 + (x65 + (x58 + (x52 + (x47 + (x43 + (x40 + (x38 + x37)))))))); let x86: u128 = (x74 + (x66 + (x59 + (x53 + (x48 + (x44 + (x41 + (x39 + x1)))))))); let x87: u128 = (x75 + (x67 + (x60 + (x54 + (x49 + (x45 + (x42 + (x9 + x2)))))))); let x88: u128 = (x76 + (x68 + (x61 + (x55 + (x50 + (x46 + (x16 + (x10 + x3)))))))); let x89: u128 = (x77 + (x69 + (x62 + (x56 + (x51 + (x22 + (x17 + (x11 + x4)))))))); let x90: u128 = (x78 + (x70 + (x63 + (x57 + (x27 + (x23 + (x18 + (x12 + x5)))))))); let x91: u128 = (x79 + (x71 + (x64 + (x31 + (x28 + (x24 + (x19 + (x13 + x6)))))))); let x92: u128 = (x80 + (x72 + (x34 + (x32 + (x29 + (x25 + (x20 + (x14 + x7)))))))); let x93: u128 = (x83 + x92); let x94: u128 = (x93 >> 58); let x95: u64 = ((x93 & (0x3ffffffffffffff as u128)) as u64); let x96: u128 = (x94 + x91); let x97: u128 = (x96 >> 58); let x98: u64 = ((x96 & (0x3ffffffffffffff as u128)) as u64); let x99: u128 = (x97 + x90); let x100: u128 = (x99 >> 58); let x101: u64 = ((x99 & (0x3ffffffffffffff as u128)) as u64); let x102: u128 = (x100 + x89); let x103: u128 = (x102 >> 58); let x104: u64 = ((x102 & (0x3ffffffffffffff as u128)) as u64); let x105: u128 = (x103 + x88); let x106: u128 = (x105 >> 58); let x107: u64 = ((x105 & (0x3ffffffffffffff as u128)) as u64); let x108: u128 = (x106 + x87); let x109: u128 = (x108 >> 58); let x110: u64 = ((x108 & (0x3ffffffffffffff as u128)) as u64); let x111: u128 = (x109 + x86); let x112: u128 = (x111 >> 58); let x113: u64 = ((x111 & (0x3ffffffffffffff as u128)) as u64); let x114: u128 = (x112 + x85); let x115: u128 = (x114 >> 57); let x116: u64 = ((x114 & (0x1ffffffffffffff as u128)) as u64); let x117: u128 = ((x84 as u128) + x115); let x118: u64 = ((x117 >> 58) as u64); let x119: u64 = ((x117 & (0x3ffffffffffffff as u128)) as u64); let x120: u64 = (x118 + x95); let x121: fiat_p521_u1 = ((x120 >> 58) as fiat_p521_u1); let x122: u64 = (x120 & 0x3ffffffffffffff); let x123: u64 = ((x121 as u64) + x98); out1[0] = x119; out1[1] = x122; out1[2] = x123; out1[3] = x101; out1[4] = x104; out1[5] = x107; out1[6] = x110; out1[7] = x113; out1[8] = x116; } /// The function fiat_p521_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_p521_carry_square(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element) { let x1: u64 = (arg1[8]); let x2: u64 = (x1 * 0x2); let x3: u64 = ((arg1[8]) * 0x2); let x4: u64 = (arg1[7]); let x5: u64 = (x4 * 0x2); let x6: u64 = ((arg1[7]) * 0x2); let x7: u64 = (arg1[6]); let x8: u64 = (x7 * 0x2); let x9: u64 = ((arg1[6]) * 0x2); let x10: u64 = (arg1[5]); let x11: u64 = (x10 * 0x2); let x12: u64 = ((arg1[5]) * 0x2); let x13: u64 = ((arg1[4]) * 0x2); let x14: u64 = ((arg1[3]) * 0x2); let x15: u64 = ((arg1[2]) * 0x2); let x16: u64 = ((arg1[1]) * 0x2); let x17: u128 = (((arg1[8]) as u128) * ((x1 * 0x2) as u128)); let x18: u128 = (((arg1[7]) as u128) * ((x2 * 0x2) as u128)); let x19: u128 = (((arg1[7]) as u128) * ((x4 * 0x2) as u128)); let x20: u128 = (((arg1[6]) as u128) * ((x2 * 0x2) as u128)); let x21: u128 = (((arg1[6]) as u128) * ((x5 * 0x2) as u128)); let x22: u128 = (((arg1[6]) as u128) * ((x7 * 0x2) as u128)); let x23: u128 = (((arg1[5]) as u128) * ((x2 * 0x2) as u128)); let x24: u128 = (((arg1[5]) as u128) * ((x5 * 0x2) as u128)); let x25: u128 = (((arg1[5]) as u128) * ((x8 * 0x2) as u128)); let x26: u128 = (((arg1[5]) as u128) * ((x10 * 0x2) as u128)); let x27: u128 = (((arg1[4]) as u128) * ((x2 * 0x2) as u128)); let x28: u128 = (((arg1[4]) as u128) * ((x5 * 0x2) as u128)); let x29: u128 = (((arg1[4]) as u128) * ((x8 * 0x2) as u128)); let x30: u128 = (((arg1[4]) as u128) * ((x11 * 0x2) as u128)); let x31: u128 = (((arg1[4]) as u128) * ((arg1[4]) as u128)); let x32: u128 = (((arg1[3]) as u128) * ((x2 * 0x2) as u128)); let x33: u128 = (((arg1[3]) as u128) * ((x5 * 0x2) as u128)); let x34: u128 = (((arg1[3]) as u128) * ((x8 * 0x2) as u128)); let x35: u128 = (((arg1[3]) as u128) * (x12 as u128)); let x36: u128 = (((arg1[3]) as u128) * (x13 as u128)); let x37: u128 = (((arg1[3]) as u128) * ((arg1[3]) as u128)); let x38: u128 = (((arg1[2]) as u128) * ((x2 * 0x2) as u128)); let x39: u128 = (((arg1[2]) as u128) * ((x5 * 0x2) as u128)); let x40: u128 = (((arg1[2]) as u128) * (x9 as u128)); let x41: u128 = (((arg1[2]) as u128) * (x12 as u128)); let x42: u128 = (((arg1[2]) as u128) * (x13 as u128)); let x43: u128 = (((arg1[2]) as u128) * (x14 as u128)); let x44: u128 = (((arg1[2]) as u128) * ((arg1[2]) as u128)); let x45: u128 = (((arg1[1]) as u128) * ((x2 * 0x2) as u128)); let x46: u128 = (((arg1[1]) as u128) * (x6 as u128)); let x47: u128 = (((arg1[1]) as u128) * (x9 as u128)); let x48: u128 = (((arg1[1]) as u128) * (x12 as u128)); let x49: u128 = (((arg1[1]) as u128) * (x13 as u128)); let x50: u128 = (((arg1[1]) as u128) * (x14 as u128)); let x51: u128 = (((arg1[1]) as u128) * (x15 as u128)); let x52: u128 = (((arg1[1]) as u128) * ((arg1[1]) as u128)); let x53: u128 = (((arg1[0]) as u128) * (x3 as u128)); let x54: u128 = (((arg1[0]) as u128) * (x6 as u128)); let x55: u128 = (((arg1[0]) as u128) * (x9 as u128)); let x56: u128 = (((arg1[0]) as u128) * (x12 as u128)); let x57: u128 = (((arg1[0]) as u128) * (x13 as u128)); let x58: u128 = (((arg1[0]) as u128) * (x14 as u128)); let x59: u128 = (((arg1[0]) as u128) * (x15 as u128)); let x60: u128 = (((arg1[0]) as u128) * (x16 as u128)); let x61: u128 = (((arg1[0]) as u128) * ((arg1[0]) as u128)); let x62: u128 = (x61 + (x45 + (x39 + (x34 + x30)))); let x63: u128 = (x62 >> 58); let x64: u64 = ((x62 & (0x3ffffffffffffff as u128)) as u64); let x65: u128 = (x53 + (x46 + (x40 + (x35 + x31)))); let x66: u128 = (x54 + (x47 + (x41 + (x36 + x17)))); let x67: u128 = (x55 + (x48 + (x42 + (x37 + x18)))); let x68: u128 = (x56 + (x49 + (x43 + (x20 + x19)))); let x69: u128 = (x57 + (x50 + (x44 + (x23 + x21)))); let x70: u128 = (x58 + (x51 + (x27 + (x24 + x22)))); let x71: u128 = (x59 + (x52 + (x32 + (x28 + x25)))); let x72: u128 = (x60 + (x38 + (x33 + (x29 + x26)))); let x73: u128 = (x63 + x72); let x74: u128 = (x73 >> 58); let x75: u64 = ((x73 & (0x3ffffffffffffff as u128)) as u64); let x76: u128 = (x74 + x71); let x77: u128 = (x76 >> 58); let x78: u64 = ((x76 & (0x3ffffffffffffff as u128)) as u64); let x79: u128 = (x77 + x70); let x80: u128 = (x79 >> 58); let x81: u64 = ((x79 & (0x3ffffffffffffff as u128)) as u64); let x82: u128 = (x80 + x69); let x83: u128 = (x82 >> 58); let x84: u64 = ((x82 & (0x3ffffffffffffff as u128)) as u64); let x85: u128 = (x83 + x68); let x86: u128 = (x85 >> 58); let x87: u64 = ((x85 & (0x3ffffffffffffff as u128)) as u64); let x88: u128 = (x86 + x67); let x89: u128 = (x88 >> 58); let x90: u64 = ((x88 & (0x3ffffffffffffff as u128)) as u64); let x91: u128 = (x89 + x66); let x92: u128 = (x91 >> 58); let x93: u64 = ((x91 & (0x3ffffffffffffff as u128)) as u64); let x94: u128 = (x92 + x65); let x95: u128 = (x94 >> 57); let x96: u64 = ((x94 & (0x1ffffffffffffff as u128)) as u64); let x97: u128 = ((x64 as u128) + x95); let x98: u64 = ((x97 >> 58) as u64); let x99: u64 = ((x97 & (0x3ffffffffffffff as u128)) as u64); let x100: u64 = (x98 + x75); let x101: fiat_p521_u1 = ((x100 >> 58) as fiat_p521_u1); let x102: u64 = (x100 & 0x3ffffffffffffff); let x103: u64 = ((x101 as u64) + x78); out1[0] = x99; out1[1] = x102; out1[2] = x103; out1[3] = x81; out1[4] = x84; out1[5] = x87; out1[6] = x90; out1[7] = x93; out1[8] = x96; } /// The function fiat_p521_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_p521_carry(out1: &mut fiat_p521_tight_field_element, arg1: &fiat_p521_loose_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = ((x1 >> 58) + (arg1[1])); let x3: u64 = ((x2 >> 58) + (arg1[2])); let x4: u64 = ((x3 >> 58) + (arg1[3])); let x5: u64 = ((x4 >> 58) + (arg1[4])); let x6: u64 = ((x5 >> 58) + (arg1[5])); let x7: u64 = ((x6 >> 58) + (arg1[6])); let x8: u64 = ((x7 >> 58) + (arg1[7])); let x9: u64 = ((x8 >> 58) + (arg1[8])); let x10: u64 = ((x1 & 0x3ffffffffffffff) + (x9 >> 57)); let x11: u64 = ((((x10 >> 58) as fiat_p521_u1) as u64) + (x2 & 0x3ffffffffffffff)); let x12: u64 = (x10 & 0x3ffffffffffffff); let x13: u64 = (x11 & 0x3ffffffffffffff); let x14: u64 = ((((x11 >> 58) as fiat_p521_u1) as u64) + (x3 & 0x3ffffffffffffff)); let x15: u64 = (x4 & 0x3ffffffffffffff); let x16: u64 = (x5 & 0x3ffffffffffffff); let x17: u64 = (x6 & 0x3ffffffffffffff); let x18: u64 = (x7 & 0x3ffffffffffffff); let x19: u64 = (x8 & 0x3ffffffffffffff); let x20: u64 = (x9 & 0x1ffffffffffffff); out1[0] = x12; out1[1] = x13; out1[2] = x14; out1[3] = x15; out1[4] = x16; out1[5] = x17; out1[6] = x18; out1[7] = x19; out1[8] = x20; } /// The function fiat_p521_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_p521_add(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element, arg2: &fiat_p521_tight_field_element) { let x1: u64 = ((arg1[0]) + (arg2[0])); let x2: u64 = ((arg1[1]) + (arg2[1])); let x3: u64 = ((arg1[2]) + (arg2[2])); let x4: u64 = ((arg1[3]) + (arg2[3])); let x5: u64 = ((arg1[4]) + (arg2[4])); let x6: u64 = ((arg1[5]) + (arg2[5])); let x7: u64 = ((arg1[6]) + (arg2[6])); let x8: u64 = ((arg1[7]) + (arg2[7])); let x9: u64 = ((arg1[8]) + (arg2[8])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; } /// The function fiat_p521_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_p521_sub(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element, arg2: &fiat_p521_tight_field_element) { let x1: u64 = ((0x7fffffffffffffe + (arg1[0])) - (arg2[0])); let x2: u64 = ((0x7fffffffffffffe + (arg1[1])) - (arg2[1])); let x3: u64 = ((0x7fffffffffffffe + (arg1[2])) - (arg2[2])); let x4: u64 = ((0x7fffffffffffffe + (arg1[3])) - (arg2[3])); let x5: u64 = ((0x7fffffffffffffe + (arg1[4])) - (arg2[4])); let x6: u64 = ((0x7fffffffffffffe + (arg1[5])) - (arg2[5])); let x7: u64 = ((0x7fffffffffffffe + (arg1[6])) - (arg2[6])); let x8: u64 = ((0x7fffffffffffffe + (arg1[7])) - (arg2[7])); let x9: u64 = ((0x3fffffffffffffe + (arg1[8])) - (arg2[8])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; } /// The function fiat_p521_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_p521_opp(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element) { let x1: u64 = (0x7fffffffffffffe - (arg1[0])); let x2: u64 = (0x7fffffffffffffe - (arg1[1])); let x3: u64 = (0x7fffffffffffffe - (arg1[2])); let x4: u64 = (0x7fffffffffffffe - (arg1[3])); let x5: u64 = (0x7fffffffffffffe - (arg1[4])); let x6: u64 = (0x7fffffffffffffe - (arg1[5])); let x7: u64 = (0x7fffffffffffffe - (arg1[6])); let x8: u64 = (0x7fffffffffffffe - (arg1[7])); let x9: u64 = (0x3fffffffffffffe - (arg1[8])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; } /// The function fiat_p521_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_p521_selectznz(out1: &mut [u64; 9], arg1: fiat_p521_u1, arg2: &[u64; 9], arg3: &[u64; 9]) { let mut x1: u64 = 0; fiat_p521_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_p521_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_p521_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_p521_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u64 = 0; fiat_p521_cmovznz_u64(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u64 = 0; fiat_p521_cmovznz_u64(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u64 = 0; fiat_p521_cmovznz_u64(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u64 = 0; fiat_p521_cmovznz_u64(&mut x8, arg1, (arg2[7]), (arg3[7])); let mut x9: u64 = 0; fiat_p521_cmovznz_u64(&mut x9, arg1, (arg2[8]), (arg3[8])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; } /// The function fiat_p521_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] #[inline] pub fn fiat_p521_to_bytes(out1: &mut [u8; 66], arg1: &fiat_p521_tight_field_element) { let mut x1: u64 = 0; let mut x2: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x1, &mut x2, 0x0, (arg1[0]), 0x3ffffffffffffff); let mut x3: u64 = 0; let mut x4: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x3, &mut x4, x2, (arg1[1]), 0x3ffffffffffffff); let mut x5: u64 = 0; let mut x6: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x5, &mut x6, x4, (arg1[2]), 0x3ffffffffffffff); let mut x7: u64 = 0; let mut x8: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x7, &mut x8, x6, (arg1[3]), 0x3ffffffffffffff); let mut x9: u64 = 0; let mut x10: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x9, &mut x10, x8, (arg1[4]), 0x3ffffffffffffff); let mut x11: u64 = 0; let mut x12: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x11, &mut x12, x10, (arg1[5]), 0x3ffffffffffffff); let mut x13: u64 = 0; let mut x14: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x13, &mut x14, x12, (arg1[6]), 0x3ffffffffffffff); let mut x15: u64 = 0; let mut x16: fiat_p521_u1 = 0; fiat_p521_subborrowx_u58(&mut x15, &mut x16, x14, (arg1[7]), 0x3ffffffffffffff); let mut x17: u64 = 0; let mut x18: fiat_p521_u1 = 0; fiat_p521_subborrowx_u57(&mut x17, &mut x18, x16, (arg1[8]), 0x1ffffffffffffff); let mut x19: u64 = 0; fiat_p521_cmovznz_u64(&mut x19, x18, (0x0 as u64), 0xffffffffffffffff); let mut x20: u64 = 0; let mut x21: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x20, &mut x21, 0x0, x1, (x19 & 0x3ffffffffffffff)); let mut x22: u64 = 0; let mut x23: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x22, &mut x23, x21, x3, (x19 & 0x3ffffffffffffff)); let mut x24: u64 = 0; let mut x25: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x24, &mut x25, x23, x5, (x19 & 0x3ffffffffffffff)); let mut x26: u64 = 0; let mut x27: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x26, &mut x27, x25, x7, (x19 & 0x3ffffffffffffff)); let mut x28: u64 = 0; let mut x29: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x28, &mut x29, x27, x9, (x19 & 0x3ffffffffffffff)); let mut x30: u64 = 0; let mut x31: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x30, &mut x31, x29, x11, (x19 & 0x3ffffffffffffff)); let mut x32: u64 = 0; let mut x33: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x32, &mut x33, x31, x13, (x19 & 0x3ffffffffffffff)); let mut x34: u64 = 0; let mut x35: fiat_p521_u1 = 0; fiat_p521_addcarryx_u58(&mut x34, &mut x35, x33, x15, (x19 & 0x3ffffffffffffff)); let mut x36: u64 = 0; let mut x37: fiat_p521_u1 = 0; fiat_p521_addcarryx_u57(&mut x36, &mut x37, x35, x17, (x19 & 0x1ffffffffffffff)); let x38: u64 = (x34 << 6); let x39: u64 = (x32 << 4); let x40: u64 = (x30 << 2); let x41: u64 = (x26 << 6); let x42: u64 = (x24 << 4); let x43: u64 = (x22 << 2); let x44: u8 = ((x20 & (0xff as u64)) as u8); let x45: u64 = (x20 >> 8); let x46: u8 = ((x45 & (0xff as u64)) as u8); let x47: u64 = (x45 >> 8); let x48: u8 = ((x47 & (0xff as u64)) as u8); let x49: u64 = (x47 >> 8); let x50: u8 = ((x49 & (0xff as u64)) as u8); let x51: u64 = (x49 >> 8); let x52: u8 = ((x51 & (0xff as u64)) as u8); let x53: u64 = (x51 >> 8); let x54: u8 = ((x53 & (0xff as u64)) as u8); let x55: u64 = (x53 >> 8); let x56: u8 = ((x55 & (0xff as u64)) as u8); let x57: u8 = ((x55 >> 8) as u8); let x58: u64 = (x43 + (x57 as u64)); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u64 = (x58 >> 8); let x61: u8 = ((x60 & (0xff as u64)) as u8); let x62: u64 = (x60 >> 8); let x63: u8 = ((x62 & (0xff as u64)) as u8); let x64: u64 = (x62 >> 8); let x65: u8 = ((x64 & (0xff as u64)) as u8); let x66: u64 = (x64 >> 8); let x67: u8 = ((x66 & (0xff as u64)) as u8); let x68: u64 = (x66 >> 8); let x69: u8 = ((x68 & (0xff as u64)) as u8); let x70: u64 = (x68 >> 8); let x71: u8 = ((x70 & (0xff as u64)) as u8); let x72: u8 = ((x70 >> 8) as u8); let x73: u64 = (x42 + (x72 as u64)); let x74: u8 = ((x73 & (0xff as u64)) as u8); let x75: u64 = (x73 >> 8); let x76: u8 = ((x75 & (0xff as u64)) as u8); let x77: u64 = (x75 >> 8); let x78: u8 = ((x77 & (0xff as u64)) as u8); let x79: u64 = (x77 >> 8); let x80: u8 = ((x79 & (0xff as u64)) as u8); let x81: u64 = (x79 >> 8); let x82: u8 = ((x81 & (0xff as u64)) as u8); let x83: u64 = (x81 >> 8); let x84: u8 = ((x83 & (0xff as u64)) as u8); let x85: u64 = (x83 >> 8); let x86: u8 = ((x85 & (0xff as u64)) as u8); let x87: u8 = ((x85 >> 8) as u8); let x88: u64 = (x41 + (x87 as u64)); let x89: u8 = ((x88 & (0xff as u64)) as u8); let x90: u64 = (x88 >> 8); let x91: u8 = ((x90 & (0xff as u64)) as u8); let x92: u64 = (x90 >> 8); let x93: u8 = ((x92 & (0xff as u64)) as u8); let x94: u64 = (x92 >> 8); let x95: u8 = ((x94 & (0xff as u64)) as u8); let x96: u64 = (x94 >> 8); let x97: u8 = ((x96 & (0xff as u64)) as u8); let x98: u64 = (x96 >> 8); let x99: u8 = ((x98 & (0xff as u64)) as u8); let x100: u64 = (x98 >> 8); let x101: u8 = ((x100 & (0xff as u64)) as u8); let x102: u8 = ((x100 >> 8) as u8); let x103: u8 = ((x28 & (0xff as u64)) as u8); let x104: u64 = (x28 >> 8); let x105: u8 = ((x104 & (0xff as u64)) as u8); let x106: u64 = (x104 >> 8); let x107: u8 = ((x106 & (0xff as u64)) as u8); let x108: u64 = (x106 >> 8); let x109: u8 = ((x108 & (0xff as u64)) as u8); let x110: u64 = (x108 >> 8); let x111: u8 = ((x110 & (0xff as u64)) as u8); let x112: u64 = (x110 >> 8); let x113: u8 = ((x112 & (0xff as u64)) as u8); let x114: u64 = (x112 >> 8); let x115: u8 = ((x114 & (0xff as u64)) as u8); let x116: u8 = ((x114 >> 8) as u8); let x117: u64 = (x40 + (x116 as u64)); let x118: u8 = ((x117 & (0xff as u64)) as u8); let x119: u64 = (x117 >> 8); let x120: u8 = ((x119 & (0xff as u64)) as u8); let x121: u64 = (x119 >> 8); let x122: u8 = ((x121 & (0xff as u64)) as u8); let x123: u64 = (x121 >> 8); let x124: u8 = ((x123 & (0xff as u64)) as u8); let x125: u64 = (x123 >> 8); let x126: u8 = ((x125 & (0xff as u64)) as u8); let x127: u64 = (x125 >> 8); let x128: u8 = ((x127 & (0xff as u64)) as u8); let x129: u64 = (x127 >> 8); let x130: u8 = ((x129 & (0xff as u64)) as u8); let x131: u8 = ((x129 >> 8) as u8); let x132: u64 = (x39 + (x131 as u64)); let x133: u8 = ((x132 & (0xff as u64)) as u8); let x134: u64 = (x132 >> 8); let x135: u8 = ((x134 & (0xff as u64)) as u8); let x136: u64 = (x134 >> 8); let x137: u8 = ((x136 & (0xff as u64)) as u8); let x138: u64 = (x136 >> 8); let x139: u8 = ((x138 & (0xff as u64)) as u8); let x140: u64 = (x138 >> 8); let x141: u8 = ((x140 & (0xff as u64)) as u8); let x142: u64 = (x140 >> 8); let x143: u8 = ((x142 & (0xff as u64)) as u8); let x144: u64 = (x142 >> 8); let x145: u8 = ((x144 & (0xff as u64)) as u8); let x146: u8 = ((x144 >> 8) as u8); let x147: u64 = (x38 + (x146 as u64)); let x148: u8 = ((x147 & (0xff as u64)) as u8); let x149: u64 = (x147 >> 8); let x150: u8 = ((x149 & (0xff as u64)) as u8); let x151: u64 = (x149 >> 8); let x152: u8 = ((x151 & (0xff as u64)) as u8); let x153: u64 = (x151 >> 8); let x154: u8 = ((x153 & (0xff as u64)) as u8); let x155: u64 = (x153 >> 8); let x156: u8 = ((x155 & (0xff as u64)) as u8); let x157: u64 = (x155 >> 8); let x158: u8 = ((x157 & (0xff as u64)) as u8); let x159: u64 = (x157 >> 8); let x160: u8 = ((x159 & (0xff as u64)) as u8); let x161: u8 = ((x159 >> 8) as u8); let x162: u8 = ((x36 & (0xff as u64)) as u8); let x163: u64 = (x36 >> 8); let x164: u8 = ((x163 & (0xff as u64)) as u8); let x165: u64 = (x163 >> 8); let x166: u8 = ((x165 & (0xff as u64)) as u8); let x167: u64 = (x165 >> 8); let x168: u8 = ((x167 & (0xff as u64)) as u8); let x169: u64 = (x167 >> 8); let x170: u8 = ((x169 & (0xff as u64)) as u8); let x171: u64 = (x169 >> 8); let x172: u8 = ((x171 & (0xff as u64)) as u8); let x173: u64 = (x171 >> 8); let x174: u8 = ((x173 & (0xff as u64)) as u8); let x175: fiat_p521_u1 = ((x173 >> 8) as fiat_p521_u1); out1[0] = x44; out1[1] = x46; out1[2] = x48; out1[3] = x50; out1[4] = x52; out1[5] = x54; out1[6] = x56; out1[7] = x59; out1[8] = x61; out1[9] = x63; out1[10] = x65; out1[11] = x67; out1[12] = x69; out1[13] = x71; out1[14] = x74; out1[15] = x76; out1[16] = x78; out1[17] = x80; out1[18] = x82; out1[19] = x84; out1[20] = x86; out1[21] = x89; out1[22] = x91; out1[23] = x93; out1[24] = x95; out1[25] = x97; out1[26] = x99; out1[27] = x101; out1[28] = x102; out1[29] = x103; out1[30] = x105; out1[31] = x107; out1[32] = x109; out1[33] = x111; out1[34] = x113; out1[35] = x115; out1[36] = x118; out1[37] = x120; out1[38] = x122; out1[39] = x124; out1[40] = x126; out1[41] = x128; out1[42] = x130; out1[43] = x133; out1[44] = x135; out1[45] = x137; out1[46] = x139; out1[47] = x141; out1[48] = x143; out1[49] = x145; out1[50] = x148; out1[51] = x150; out1[52] = x152; out1[53] = x154; out1[54] = x156; out1[55] = x158; out1[56] = x160; out1[57] = x161; out1[58] = x162; out1[59] = x164; out1[60] = x166; out1[61] = x168; out1[62] = x170; out1[63] = x172; out1[64] = x174; out1[65] = (x175 as u8); } /// The function fiat_p521_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] #[inline] pub fn fiat_p521_from_bytes(out1: &mut fiat_p521_tight_field_element, arg1: &[u8; 66]) { let x1: u64 = ((((arg1[65]) as fiat_p521_u1) as u64) << 56); let x2: u64 = (((arg1[64]) as u64) << 48); let x3: u64 = (((arg1[63]) as u64) << 40); let x4: u64 = (((arg1[62]) as u64) << 32); let x5: u64 = (((arg1[61]) as u64) << 24); let x6: u64 = (((arg1[60]) as u64) << 16); let x7: u64 = (((arg1[59]) as u64) << 8); let x8: u8 = (arg1[58]); let x9: u64 = (((arg1[57]) as u64) << 50); let x10: u64 = (((arg1[56]) as u64) << 42); let x11: u64 = (((arg1[55]) as u64) << 34); let x12: u64 = (((arg1[54]) as u64) << 26); let x13: u64 = (((arg1[53]) as u64) << 18); let x14: u64 = (((arg1[52]) as u64) << 10); let x15: u64 = (((arg1[51]) as u64) << 2); let x16: u64 = (((arg1[50]) as u64) << 52); let x17: u64 = (((arg1[49]) as u64) << 44); let x18: u64 = (((arg1[48]) as u64) << 36); let x19: u64 = (((arg1[47]) as u64) << 28); let x20: u64 = (((arg1[46]) as u64) << 20); let x21: u64 = (((arg1[45]) as u64) << 12); let x22: u64 = (((arg1[44]) as u64) << 4); let x23: u64 = (((arg1[43]) as u64) << 54); let x24: u64 = (((arg1[42]) as u64) << 46); let x25: u64 = (((arg1[41]) as u64) << 38); let x26: u64 = (((arg1[40]) as u64) << 30); let x27: u64 = (((arg1[39]) as u64) << 22); let x28: u64 = (((arg1[38]) as u64) << 14); let x29: u64 = (((arg1[37]) as u64) << 6); let x30: u64 = (((arg1[36]) as u64) << 56); let x31: u64 = (((arg1[35]) as u64) << 48); let x32: u64 = (((arg1[34]) as u64) << 40); let x33: u64 = (((arg1[33]) as u64) << 32); let x34: u64 = (((arg1[32]) as u64) << 24); let x35: u64 = (((arg1[31]) as u64) << 16); let x36: u64 = (((arg1[30]) as u64) << 8); let x37: u8 = (arg1[29]); let x38: u64 = (((arg1[28]) as u64) << 50); let x39: u64 = (((arg1[27]) as u64) << 42); let x40: u64 = (((arg1[26]) as u64) << 34); let x41: u64 = (((arg1[25]) as u64) << 26); let x42: u64 = (((arg1[24]) as u64) << 18); let x43: u64 = (((arg1[23]) as u64) << 10); let x44: u64 = (((arg1[22]) as u64) << 2); let x45: u64 = (((arg1[21]) as u64) << 52); let x46: u64 = (((arg1[20]) as u64) << 44); let x47: u64 = (((arg1[19]) as u64) << 36); let x48: u64 = (((arg1[18]) as u64) << 28); let x49: u64 = (((arg1[17]) as u64) << 20); let x50: u64 = (((arg1[16]) as u64) << 12); let x51: u64 = (((arg1[15]) as u64) << 4); let x52: u64 = (((arg1[14]) as u64) << 54); let x53: u64 = (((arg1[13]) as u64) << 46); let x54: u64 = (((arg1[12]) as u64) << 38); let x55: u64 = (((arg1[11]) as u64) << 30); let x56: u64 = (((arg1[10]) as u64) << 22); let x57: u64 = (((arg1[9]) as u64) << 14); let x58: u64 = (((arg1[8]) as u64) << 6); let x59: u64 = (((arg1[7]) as u64) << 56); let x60: u64 = (((arg1[6]) as u64) << 48); let x61: u64 = (((arg1[5]) as u64) << 40); let x62: u64 = (((arg1[4]) as u64) << 32); let x63: u64 = (((arg1[3]) as u64) << 24); let x64: u64 = (((arg1[2]) as u64) << 16); let x65: u64 = (((arg1[1]) as u64) << 8); let x66: u8 = (arg1[0]); let x67: u64 = (x65 + (x66 as u64)); let x68: u64 = (x64 + x67); let x69: u64 = (x63 + x68); let x70: u64 = (x62 + x69); let x71: u64 = (x61 + x70); let x72: u64 = (x60 + x71); let x73: u64 = (x59 + x72); let x74: u64 = (x73 & 0x3ffffffffffffff); let x75: u8 = ((x73 >> 58) as u8); let x76: u64 = (x58 + (x75 as u64)); let x77: u64 = (x57 + x76); let x78: u64 = (x56 + x77); let x79: u64 = (x55 + x78); let x80: u64 = (x54 + x79); let x81: u64 = (x53 + x80); let x82: u64 = (x52 + x81); let x83: u64 = (x82 & 0x3ffffffffffffff); let x84: u8 = ((x82 >> 58) as u8); let x85: u64 = (x51 + (x84 as u64)); let x86: u64 = (x50 + x85); let x87: u64 = (x49 + x86); let x88: u64 = (x48 + x87); let x89: u64 = (x47 + x88); let x90: u64 = (x46 + x89); let x91: u64 = (x45 + x90); let x92: u64 = (x91 & 0x3ffffffffffffff); let x93: u8 = ((x91 >> 58) as u8); let x94: u64 = (x44 + (x93 as u64)); let x95: u64 = (x43 + x94); let x96: u64 = (x42 + x95); let x97: u64 = (x41 + x96); let x98: u64 = (x40 + x97); let x99: u64 = (x39 + x98); let x100: u64 = (x38 + x99); let x101: u64 = (x36 + (x37 as u64)); let x102: u64 = (x35 + x101); let x103: u64 = (x34 + x102); let x104: u64 = (x33 + x103); let x105: u64 = (x32 + x104); let x106: u64 = (x31 + x105); let x107: u64 = (x30 + x106); let x108: u64 = (x107 & 0x3ffffffffffffff); let x109: u8 = ((x107 >> 58) as u8); let x110: u64 = (x29 + (x109 as u64)); let x111: u64 = (x28 + x110); let x112: u64 = (x27 + x111); let x113: u64 = (x26 + x112); let x114: u64 = (x25 + x113); let x115: u64 = (x24 + x114); let x116: u64 = (x23 + x115); let x117: u64 = (x116 & 0x3ffffffffffffff); let x118: u8 = ((x116 >> 58) as u8); let x119: u64 = (x22 + (x118 as u64)); let x120: u64 = (x21 + x119); let x121: u64 = (x20 + x120); let x122: u64 = (x19 + x121); let x123: u64 = (x18 + x122); let x124: u64 = (x17 + x123); let x125: u64 = (x16 + x124); let x126: u64 = (x125 & 0x3ffffffffffffff); let x127: u8 = ((x125 >> 58) as u8); let x128: u64 = (x15 + (x127 as u64)); let x129: u64 = (x14 + x128); let x130: u64 = (x13 + x129); let x131: u64 = (x12 + x130); let x132: u64 = (x11 + x131); let x133: u64 = (x10 + x132); let x134: u64 = (x9 + x133); let x135: u64 = (x7 + (x8 as u64)); let x136: u64 = (x6 + x135); let x137: u64 = (x5 + x136); let x138: u64 = (x4 + x137); let x139: u64 = (x3 + x138); let x140: u64 = (x2 + x139); let x141: u64 = (x1 + x140); out1[0] = x74; out1[1] = x83; out1[2] = x92; out1[3] = x100; out1[4] = x108; out1[5] = x117; out1[6] = x126; out1[7] = x134; out1[8] = x141; } /// The function fiat_p521_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_p521_relax(out1: &mut fiat_p521_loose_field_element, arg1: &fiat_p521_tight_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = (arg1[1]); let x3: u64 = (arg1[2]); let x4: u64 = (arg1[3]); let x5: u64 = (arg1[4]); let x6: u64 = (arg1[5]); let x7: u64 = (arg1[6]); let x8: u64 = (arg1[7]); let x9: u64 = (arg1[8]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; } fiat-crypto-0.2.2/src/poly1305_32.rs000064400000000000000000000503451046102023000150320ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline poly1305 32 '(auto)' '2^130 - 5' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: poly1305 //! machine_wordsize = 32 (from "32") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 5 (from "(auto)") //! s-c = 2^130 - [(1, 5)] (from "2^130 - 5") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 3, 4, 0, 1] //! eval z = z[0] + (z[1] << 26) + (z[2] << 52) + (z[3] << 78) + (z[4] << 104) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) //! balance = [0x7fffff6, 0x7fffffe, 0x7fffffe, 0x7fffffe, 0x7fffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_poly1305_u1 = u8; pub type fiat_poly1305_i1 = i8; pub type fiat_poly1305_u2 = u8; pub type fiat_poly1305_i2 = i8; /** The type fiat_poly1305_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] */ #[derive(Clone, Copy)] pub struct fiat_poly1305_loose_field_element(pub [u32; 5]); impl core::ops::Index for fiat_poly1305_loose_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_poly1305_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_poly1305_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] */ #[derive(Clone, Copy)] pub struct fiat_poly1305_tight_field_element(pub [u32; 5]); impl core::ops::Index for fiat_poly1305_tight_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_poly1305_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_poly1305_addcarryx_u26 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^26 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffff] /// arg3: [0x0 ~> 0x3ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_addcarryx_u26(out1: &mut u32, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u32, arg3: u32) { let x1: u32 = (((arg1 as u32) + arg2) + arg3); let x2: u32 = (x1 & 0x3ffffff); let x3: fiat_poly1305_u1 = ((x1 >> 26) as fiat_poly1305_u1); *out1 = x2; *out2 = x3; } /// The function fiat_poly1305_subborrowx_u26 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^26 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x3ffffff] /// arg3: [0x0 ~> 0x3ffffff] /// Output Bounds: /// out1: [0x0 ~> 0x3ffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_subborrowx_u26(out1: &mut u32, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u32, arg3: u32) { let x1: i32 = ((((((arg2 as i64) - (arg1 as i64)) as i32) as i64) - (arg3 as i64)) as i32); let x2: fiat_poly1305_i1 = ((x1 >> 26) as fiat_poly1305_i1); let x3: u32 = (((x1 as i64) & (0x3ffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_poly1305_i2) - (x2 as fiat_poly1305_i2)) as fiat_poly1305_u1); } /// The function fiat_poly1305_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_poly1305_cmovznz_u32(out1: &mut u32, arg1: fiat_poly1305_u1, arg2: u32, arg3: u32) { let x1: fiat_poly1305_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_poly1305_i2) - (x1 as fiat_poly1305_i2)) as fiat_poly1305_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_poly1305_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_poly1305_carry_mul(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element, arg2: &fiat_poly1305_loose_field_element) { let x1: u64 = (((arg1[4]) as u64) * (((arg2[4]) * 0x5) as u64)); let x2: u64 = (((arg1[4]) as u64) * (((arg2[3]) * 0x5) as u64)); let x3: u64 = (((arg1[4]) as u64) * (((arg2[2]) * 0x5) as u64)); let x4: u64 = (((arg1[4]) as u64) * (((arg2[1]) * 0x5) as u64)); let x5: u64 = (((arg1[3]) as u64) * (((arg2[4]) * 0x5) as u64)); let x6: u64 = (((arg1[3]) as u64) * (((arg2[3]) * 0x5) as u64)); let x7: u64 = (((arg1[3]) as u64) * (((arg2[2]) * 0x5) as u64)); let x8: u64 = (((arg1[2]) as u64) * (((arg2[4]) * 0x5) as u64)); let x9: u64 = (((arg1[2]) as u64) * (((arg2[3]) * 0x5) as u64)); let x10: u64 = (((arg1[1]) as u64) * (((arg2[4]) * 0x5) as u64)); let x11: u64 = (((arg1[4]) as u64) * ((arg2[0]) as u64)); let x12: u64 = (((arg1[3]) as u64) * ((arg2[1]) as u64)); let x13: u64 = (((arg1[3]) as u64) * ((arg2[0]) as u64)); let x14: u64 = (((arg1[2]) as u64) * ((arg2[2]) as u64)); let x15: u64 = (((arg1[2]) as u64) * ((arg2[1]) as u64)); let x16: u64 = (((arg1[2]) as u64) * ((arg2[0]) as u64)); let x17: u64 = (((arg1[1]) as u64) * ((arg2[3]) as u64)); let x18: u64 = (((arg1[1]) as u64) * ((arg2[2]) as u64)); let x19: u64 = (((arg1[1]) as u64) * ((arg2[1]) as u64)); let x20: u64 = (((arg1[1]) as u64) * ((arg2[0]) as u64)); let x21: u64 = (((arg1[0]) as u64) * ((arg2[4]) as u64)); let x22: u64 = (((arg1[0]) as u64) * ((arg2[3]) as u64)); let x23: u64 = (((arg1[0]) as u64) * ((arg2[2]) as u64)); let x24: u64 = (((arg1[0]) as u64) * ((arg2[1]) as u64)); let x25: u64 = (((arg1[0]) as u64) * ((arg2[0]) as u64)); let x26: u64 = (x25 + (x10 + (x9 + (x7 + x4)))); let x27: u64 = (x26 >> 26); let x28: u32 = ((x26 & (0x3ffffff as u64)) as u32); let x29: u64 = (x21 + (x17 + (x14 + (x12 + x11)))); let x30: u64 = (x22 + (x18 + (x15 + (x13 + x1)))); let x31: u64 = (x23 + (x19 + (x16 + (x5 + x2)))); let x32: u64 = (x24 + (x20 + (x8 + (x6 + x3)))); let x33: u64 = (x27 + x32); let x34: u64 = (x33 >> 26); let x35: u32 = ((x33 & (0x3ffffff as u64)) as u32); let x36: u64 = (x34 + x31); let x37: u64 = (x36 >> 26); let x38: u32 = ((x36 & (0x3ffffff as u64)) as u32); let x39: u64 = (x37 + x30); let x40: u64 = (x39 >> 26); let x41: u32 = ((x39 & (0x3ffffff as u64)) as u32); let x42: u64 = (x40 + x29); let x43: u32 = ((x42 >> 26) as u32); let x44: u32 = ((x42 & (0x3ffffff as u64)) as u32); let x45: u64 = ((x43 as u64) * (0x5 as u64)); let x46: u64 = ((x28 as u64) + x45); let x47: u32 = ((x46 >> 26) as u32); let x48: u32 = ((x46 & (0x3ffffff as u64)) as u32); let x49: u32 = (x47 + x35); let x50: fiat_poly1305_u1 = ((x49 >> 26) as fiat_poly1305_u1); let x51: u32 = (x49 & 0x3ffffff); let x52: u32 = ((x50 as u32) + x38); out1[0] = x48; out1[1] = x51; out1[2] = x52; out1[3] = x41; out1[4] = x44; } /// The function fiat_poly1305_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_poly1305_carry_square(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element) { let x1: u32 = ((arg1[4]) * 0x5); let x2: u32 = (x1 * 0x2); let x3: u32 = ((arg1[4]) * 0x2); let x4: u32 = ((arg1[3]) * 0x5); let x5: u32 = (x4 * 0x2); let x6: u32 = ((arg1[3]) * 0x2); let x7: u32 = ((arg1[2]) * 0x2); let x8: u32 = ((arg1[1]) * 0x2); let x9: u64 = (((arg1[4]) as u64) * (x1 as u64)); let x10: u64 = (((arg1[3]) as u64) * (x2 as u64)); let x11: u64 = (((arg1[3]) as u64) * (x4 as u64)); let x12: u64 = (((arg1[2]) as u64) * (x2 as u64)); let x13: u64 = (((arg1[2]) as u64) * (x5 as u64)); let x14: u64 = (((arg1[2]) as u64) * ((arg1[2]) as u64)); let x15: u64 = (((arg1[1]) as u64) * (x2 as u64)); let x16: u64 = (((arg1[1]) as u64) * (x6 as u64)); let x17: u64 = (((arg1[1]) as u64) * (x7 as u64)); let x18: u64 = (((arg1[1]) as u64) * ((arg1[1]) as u64)); let x19: u64 = (((arg1[0]) as u64) * (x3 as u64)); let x20: u64 = (((arg1[0]) as u64) * (x6 as u64)); let x21: u64 = (((arg1[0]) as u64) * (x7 as u64)); let x22: u64 = (((arg1[0]) as u64) * (x8 as u64)); let x23: u64 = (((arg1[0]) as u64) * ((arg1[0]) as u64)); let x24: u64 = (x23 + (x15 + x13)); let x25: u64 = (x24 >> 26); let x26: u32 = ((x24 & (0x3ffffff as u64)) as u32); let x27: u64 = (x19 + (x16 + x14)); let x28: u64 = (x20 + (x17 + x9)); let x29: u64 = (x21 + (x18 + x10)); let x30: u64 = (x22 + (x12 + x11)); let x31: u64 = (x25 + x30); let x32: u64 = (x31 >> 26); let x33: u32 = ((x31 & (0x3ffffff as u64)) as u32); let x34: u64 = (x32 + x29); let x35: u64 = (x34 >> 26); let x36: u32 = ((x34 & (0x3ffffff as u64)) as u32); let x37: u64 = (x35 + x28); let x38: u64 = (x37 >> 26); let x39: u32 = ((x37 & (0x3ffffff as u64)) as u32); let x40: u64 = (x38 + x27); let x41: u32 = ((x40 >> 26) as u32); let x42: u32 = ((x40 & (0x3ffffff as u64)) as u32); let x43: u64 = ((x41 as u64) * (0x5 as u64)); let x44: u64 = ((x26 as u64) + x43); let x45: u32 = ((x44 >> 26) as u32); let x46: u32 = ((x44 & (0x3ffffff as u64)) as u32); let x47: u32 = (x45 + x33); let x48: fiat_poly1305_u1 = ((x47 >> 26) as fiat_poly1305_u1); let x49: u32 = (x47 & 0x3ffffff); let x50: u32 = ((x48 as u32) + x36); out1[0] = x46; out1[1] = x49; out1[2] = x50; out1[3] = x39; out1[4] = x42; } /// The function fiat_poly1305_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_poly1305_carry(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = ((x1 >> 26) + (arg1[1])); let x3: u32 = ((x2 >> 26) + (arg1[2])); let x4: u32 = ((x3 >> 26) + (arg1[3])); let x5: u32 = ((x4 >> 26) + (arg1[4])); let x6: u32 = ((x1 & 0x3ffffff) + ((x5 >> 26) * 0x5)); let x7: u32 = ((((x6 >> 26) as fiat_poly1305_u1) as u32) + (x2 & 0x3ffffff)); let x8: u32 = (x6 & 0x3ffffff); let x9: u32 = (x7 & 0x3ffffff); let x10: u32 = ((((x7 >> 26) as fiat_poly1305_u1) as u32) + (x3 & 0x3ffffff)); let x11: u32 = (x4 & 0x3ffffff); let x12: u32 = (x5 & 0x3ffffff); out1[0] = x8; out1[1] = x9; out1[2] = x10; out1[3] = x11; out1[4] = x12; } /// The function fiat_poly1305_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_poly1305_add(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element, arg2: &fiat_poly1305_tight_field_element) { let x1: u32 = ((arg1[0]) + (arg2[0])); let x2: u32 = ((arg1[1]) + (arg2[1])); let x3: u32 = ((arg1[2]) + (arg2[2])); let x4: u32 = ((arg1[3]) + (arg2[3])); let x5: u32 = ((arg1[4]) + (arg2[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_poly1305_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_poly1305_sub(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element, arg2: &fiat_poly1305_tight_field_element) { let x1: u32 = ((0x7fffff6 + (arg1[0])) - (arg2[0])); let x2: u32 = ((0x7fffffe + (arg1[1])) - (arg2[1])); let x3: u32 = ((0x7fffffe + (arg1[2])) - (arg2[2])); let x4: u32 = ((0x7fffffe + (arg1[3])) - (arg2[3])); let x5: u32 = ((0x7fffffe + (arg1[4])) - (arg2[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_poly1305_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_poly1305_opp(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element) { let x1: u32 = (0x7fffff6 - (arg1[0])); let x2: u32 = (0x7fffffe - (arg1[1])); let x3: u32 = (0x7fffffe - (arg1[2])); let x4: u32 = (0x7fffffe - (arg1[3])); let x5: u32 = (0x7fffffe - (arg1[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_poly1305_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_poly1305_selectznz(out1: &mut [u32; 5], arg1: fiat_poly1305_u1, arg2: &[u32; 5], arg3: &[u32; 5]) { let mut x1: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } /// The function fiat_poly1305_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..16] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] #[inline] pub fn fiat_poly1305_to_bytes(out1: &mut [u8; 17], arg1: &fiat_poly1305_tight_field_element) { let mut x1: u32 = 0; let mut x2: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u26(&mut x1, &mut x2, 0x0, (arg1[0]), 0x3fffffb); let mut x3: u32 = 0; let mut x4: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u26(&mut x3, &mut x4, x2, (arg1[1]), 0x3ffffff); let mut x5: u32 = 0; let mut x6: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u26(&mut x5, &mut x6, x4, (arg1[2]), 0x3ffffff); let mut x7: u32 = 0; let mut x8: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u26(&mut x7, &mut x8, x6, (arg1[3]), 0x3ffffff); let mut x9: u32 = 0; let mut x10: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u26(&mut x9, &mut x10, x8, (arg1[4]), 0x3ffffff); let mut x11: u32 = 0; fiat_poly1305_cmovznz_u32(&mut x11, x10, (0x0 as u32), 0xffffffff); let mut x12: u32 = 0; let mut x13: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u26(&mut x12, &mut x13, 0x0, x1, (x11 & 0x3fffffb)); let mut x14: u32 = 0; let mut x15: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u26(&mut x14, &mut x15, x13, x3, (x11 & 0x3ffffff)); let mut x16: u32 = 0; let mut x17: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u26(&mut x16, &mut x17, x15, x5, (x11 & 0x3ffffff)); let mut x18: u32 = 0; let mut x19: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u26(&mut x18, &mut x19, x17, x7, (x11 & 0x3ffffff)); let mut x20: u32 = 0; let mut x21: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u26(&mut x20, &mut x21, x19, x9, (x11 & 0x3ffffff)); let x22: u32 = (x18 << 6); let x23: u32 = (x16 << 4); let x24: u32 = (x14 << 2); let x25: u8 = ((x12 & (0xff as u32)) as u8); let x26: u32 = (x12 >> 8); let x27: u8 = ((x26 & (0xff as u32)) as u8); let x28: u32 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u8 = ((x28 >> 8) as u8); let x31: u32 = (x24 + (x30 as u32)); let x32: u8 = ((x31 & (0xff as u32)) as u8); let x33: u32 = (x31 >> 8); let x34: u8 = ((x33 & (0xff as u32)) as u8); let x35: u32 = (x33 >> 8); let x36: u8 = ((x35 & (0xff as u32)) as u8); let x37: u8 = ((x35 >> 8) as u8); let x38: u32 = (x23 + (x37 as u32)); let x39: u8 = ((x38 & (0xff as u32)) as u8); let x40: u32 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u32 = (x22 + (x44 as u32)); let x46: u8 = ((x45 & (0xff as u32)) as u8); let x47: u32 = (x45 >> 8); let x48: u8 = ((x47 & (0xff as u32)) as u8); let x49: u32 = (x47 >> 8); let x50: u8 = ((x49 & (0xff as u32)) as u8); let x51: u8 = ((x49 >> 8) as u8); let x52: u8 = ((x20 & (0xff as u32)) as u8); let x53: u32 = (x20 >> 8); let x54: u8 = ((x53 & (0xff as u32)) as u8); let x55: u32 = (x53 >> 8); let x56: u8 = ((x55 & (0xff as u32)) as u8); let x57: u8 = ((x55 >> 8) as u8); out1[0] = x25; out1[1] = x27; out1[2] = x29; out1[3] = x32; out1[4] = x34; out1[5] = x36; out1[6] = x39; out1[7] = x41; out1[8] = x43; out1[9] = x46; out1[10] = x48; out1[11] = x50; out1[12] = x51; out1[13] = x52; out1[14] = x54; out1[15] = x56; out1[16] = x57; } /// The function fiat_poly1305_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] #[inline] pub fn fiat_poly1305_from_bytes(out1: &mut fiat_poly1305_tight_field_element, arg1: &[u8; 17]) { let x1: u32 = (((arg1[16]) as u32) << 24); let x2: u32 = (((arg1[15]) as u32) << 16); let x3: u32 = (((arg1[14]) as u32) << 8); let x4: u8 = (arg1[13]); let x5: u32 = (((arg1[12]) as u32) << 18); let x6: u32 = (((arg1[11]) as u32) << 10); let x7: u32 = (((arg1[10]) as u32) << 2); let x8: u32 = (((arg1[9]) as u32) << 20); let x9: u32 = (((arg1[8]) as u32) << 12); let x10: u32 = (((arg1[7]) as u32) << 4); let x11: u32 = (((arg1[6]) as u32) << 22); let x12: u32 = (((arg1[5]) as u32) << 14); let x13: u32 = (((arg1[4]) as u32) << 6); let x14: u32 = (((arg1[3]) as u32) << 24); let x15: u32 = (((arg1[2]) as u32) << 16); let x16: u32 = (((arg1[1]) as u32) << 8); let x17: u8 = (arg1[0]); let x18: u32 = (x16 + (x17 as u32)); let x19: u32 = (x15 + x18); let x20: u32 = (x14 + x19); let x21: u32 = (x20 & 0x3ffffff); let x22: u8 = ((x20 >> 26) as u8); let x23: u32 = (x13 + (x22 as u32)); let x24: u32 = (x12 + x23); let x25: u32 = (x11 + x24); let x26: u32 = (x25 & 0x3ffffff); let x27: u8 = ((x25 >> 26) as u8); let x28: u32 = (x10 + (x27 as u32)); let x29: u32 = (x9 + x28); let x30: u32 = (x8 + x29); let x31: u32 = (x30 & 0x3ffffff); let x32: u8 = ((x30 >> 26) as u8); let x33: u32 = (x7 + (x32 as u32)); let x34: u32 = (x6 + x33); let x35: u32 = (x5 + x34); let x36: u32 = (x3 + (x4 as u32)); let x37: u32 = (x2 + x36); let x38: u32 = (x1 + x37); out1[0] = x21; out1[1] = x26; out1[2] = x31; out1[3] = x35; out1[4] = x38; } /// The function fiat_poly1305_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_poly1305_relax(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element) { let x1: u32 = (arg1[0]); let x2: u32 = (arg1[1]); let x3: u32 = (arg1[2]); let x4: u32 = (arg1[3]); let x5: u32 = (arg1[4]); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; } fiat-crypto-0.2.2/src/poly1305_64.rs000064400000000000000000000440521046102023000150350ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Rust --inline poly1305 64 3 '2^130 - 5' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes relax //! curve description: poly1305 //! machine_wordsize = 64 (from "64") //! requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, relax //! n = 3 (from "3") //! s-c = 2^130 - [(1, 5)] (from "2^130 - 5") //! tight_bounds_multiplier = 1 (from "") //! //! Computed values: //! carry_chain = [0, 1, 2, 0, 1] //! eval z = z[0] + (z[1] << 44) + (z[2] << 87) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) //! balance = [0x1ffffffffff6, 0xffffffffffe, 0xffffffffffe] #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_poly1305_u1 = u8; pub type fiat_poly1305_i1 = i8; pub type fiat_poly1305_u2 = u8; pub type fiat_poly1305_i2 = i8; /** The type fiat_poly1305_loose_field_element is a field element with loose bounds. */ /** Bounds: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] */ #[derive(Clone, Copy)] pub struct fiat_poly1305_loose_field_element(pub [u64; 3]); impl core::ops::Index for fiat_poly1305_loose_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_poly1305_loose_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_poly1305_tight_field_element is a field element with tight bounds. */ /** Bounds: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] */ #[derive(Clone, Copy)] pub struct fiat_poly1305_tight_field_element(pub [u64; 3]); impl core::ops::Index for fiat_poly1305_tight_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_poly1305_tight_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_poly1305_addcarryx_u44 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^44 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^44⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffffffff] /// arg3: [0x0 ~> 0xfffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_addcarryx_u44(out1: &mut u64, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0xfffffffffff); let x3: fiat_poly1305_u1 = ((x1 >> 44) as fiat_poly1305_u1); *out1 = x2; *out2 = x3; } /// The function fiat_poly1305_subborrowx_u44 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^44 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^44⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xfffffffffff] /// arg3: [0x0 ~> 0xfffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xfffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_subborrowx_u44(out1: &mut u64, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_poly1305_i1 = ((x1 >> 44) as fiat_poly1305_i1); let x3: u64 = (((x1 as i128) & (0xfffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_poly1305_i2) - (x2 as fiat_poly1305_i2)) as fiat_poly1305_u1); } /// The function fiat_poly1305_addcarryx_u43 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^43 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^43⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffffffff] /// arg3: [0x0 ~> 0x7ffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_addcarryx_u43(out1: &mut u64, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u64, arg3: u64) { let x1: u64 = (((arg1 as u64) + arg2) + arg3); let x2: u64 = (x1 & 0x7ffffffffff); let x3: fiat_poly1305_u1 = ((x1 >> 43) as fiat_poly1305_u1); *out1 = x2; *out2 = x3; } /// The function fiat_poly1305_subborrowx_u43 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^43 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^43⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0x7ffffffffff] /// arg3: [0x0 ~> 0x7ffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0x7ffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_poly1305_subborrowx_u43(out1: &mut u64, out2: &mut fiat_poly1305_u1, arg1: fiat_poly1305_u1, arg2: u64, arg3: u64) { let x1: i64 = ((((((arg2 as i128) - (arg1 as i128)) as i64) as i128) - (arg3 as i128)) as i64); let x2: fiat_poly1305_i1 = ((x1 >> 43) as fiat_poly1305_i1); let x3: u64 = (((x1 as i128) & (0x7ffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_poly1305_i2) - (x2 as fiat_poly1305_i2)) as fiat_poly1305_u1); } /// The function fiat_poly1305_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_poly1305_cmovznz_u64(out1: &mut u64, arg1: fiat_poly1305_u1, arg2: u64, arg3: u64) { let x1: fiat_poly1305_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_poly1305_i2) - (x1 as fiat_poly1305_i2)) as fiat_poly1305_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_poly1305_carry_mul multiplies two field elements and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg2) mod m /// #[inline] pub fn fiat_poly1305_carry_mul(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element, arg2: &fiat_poly1305_loose_field_element) { let x1: u128 = (((arg1[2]) as u128) * (((arg2[2]) * 0x5) as u128)); let x2: u128 = (((arg1[2]) as u128) * (((arg2[1]) * 0xa) as u128)); let x3: u128 = (((arg1[1]) as u128) * (((arg2[2]) * 0xa) as u128)); let x4: u128 = (((arg1[2]) as u128) * ((arg2[0]) as u128)); let x5: u128 = (((arg1[1]) as u128) * (((arg2[1]) * 0x2) as u128)); let x6: u128 = (((arg1[1]) as u128) * ((arg2[0]) as u128)); let x7: u128 = (((arg1[0]) as u128) * ((arg2[2]) as u128)); let x8: u128 = (((arg1[0]) as u128) * ((arg2[1]) as u128)); let x9: u128 = (((arg1[0]) as u128) * ((arg2[0]) as u128)); let x10: u128 = (x9 + (x3 + x2)); let x11: u64 = ((x10 >> 44) as u64); let x12: u64 = ((x10 & (0xfffffffffff as u128)) as u64); let x13: u128 = (x7 + (x5 + x4)); let x14: u128 = (x8 + (x6 + x1)); let x15: u128 = ((x11 as u128) + x14); let x16: u64 = ((x15 >> 43) as u64); let x17: u64 = ((x15 & (0x7ffffffffff as u128)) as u64); let x18: u128 = ((x16 as u128) + x13); let x19: u64 = ((x18 >> 43) as u64); let x20: u64 = ((x18 & (0x7ffffffffff as u128)) as u64); let x21: u64 = (x19 * 0x5); let x22: u64 = (x12 + x21); let x23: u64 = (x22 >> 44); let x24: u64 = (x22 & 0xfffffffffff); let x25: u64 = (x23 + x17); let x26: fiat_poly1305_u1 = ((x25 >> 43) as fiat_poly1305_u1); let x27: u64 = (x25 & 0x7ffffffffff); let x28: u64 = ((x26 as u64) + x20); out1[0] = x24; out1[1] = x27; out1[2] = x28; } /// The function fiat_poly1305_carry_square squares a field element and reduces the result. /// /// Postconditions: /// eval out1 mod m = (eval arg1 * eval arg1) mod m /// #[inline] pub fn fiat_poly1305_carry_square(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element) { let x1: u64 = ((arg1[2]) * 0x5); let x2: u64 = (x1 * 0x2); let x3: u64 = ((arg1[2]) * 0x2); let x4: u64 = ((arg1[1]) * 0x2); let x5: u128 = (((arg1[2]) as u128) * (x1 as u128)); let x6: u128 = (((arg1[1]) as u128) * ((x2 * 0x2) as u128)); let x7: u128 = (((arg1[1]) as u128) * (((arg1[1]) * 0x2) as u128)); let x8: u128 = (((arg1[0]) as u128) * (x3 as u128)); let x9: u128 = (((arg1[0]) as u128) * (x4 as u128)); let x10: u128 = (((arg1[0]) as u128) * ((arg1[0]) as u128)); let x11: u128 = (x10 + x6); let x12: u64 = ((x11 >> 44) as u64); let x13: u64 = ((x11 & (0xfffffffffff as u128)) as u64); let x14: u128 = (x8 + x7); let x15: u128 = (x9 + x5); let x16: u128 = ((x12 as u128) + x15); let x17: u64 = ((x16 >> 43) as u64); let x18: u64 = ((x16 & (0x7ffffffffff as u128)) as u64); let x19: u128 = ((x17 as u128) + x14); let x20: u64 = ((x19 >> 43) as u64); let x21: u64 = ((x19 & (0x7ffffffffff as u128)) as u64); let x22: u64 = (x20 * 0x5); let x23: u64 = (x13 + x22); let x24: u64 = (x23 >> 44); let x25: u64 = (x23 & 0xfffffffffff); let x26: u64 = (x24 + x18); let x27: fiat_poly1305_u1 = ((x26 >> 43) as fiat_poly1305_u1); let x28: u64 = (x26 & 0x7ffffffffff); let x29: u64 = ((x27 as u64) + x21); out1[0] = x25; out1[1] = x28; out1[2] = x29; } /// The function fiat_poly1305_carry reduces a field element. /// /// Postconditions: /// eval out1 mod m = eval arg1 mod m /// #[inline] pub fn fiat_poly1305_carry(out1: &mut fiat_poly1305_tight_field_element, arg1: &fiat_poly1305_loose_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = ((x1 >> 44) + (arg1[1])); let x3: u64 = ((x2 >> 43) + (arg1[2])); let x4: u64 = ((x1 & 0xfffffffffff) + ((x3 >> 43) * 0x5)); let x5: u64 = ((((x4 >> 44) as fiat_poly1305_u1) as u64) + (x2 & 0x7ffffffffff)); let x6: u64 = (x4 & 0xfffffffffff); let x7: u64 = (x5 & 0x7ffffffffff); let x8: u64 = ((((x5 >> 43) as fiat_poly1305_u1) as u64) + (x3 & 0x7ffffffffff)); out1[0] = x6; out1[1] = x7; out1[2] = x8; } /// The function fiat_poly1305_add adds two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 + eval arg2) mod m /// #[inline] pub fn fiat_poly1305_add(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element, arg2: &fiat_poly1305_tight_field_element) { let x1: u64 = ((arg1[0]) + (arg2[0])); let x2: u64 = ((arg1[1]) + (arg2[1])); let x3: u64 = ((arg1[2]) + (arg2[2])); out1[0] = x1; out1[1] = x2; out1[2] = x3; } /// The function fiat_poly1305_sub subtracts two field elements. /// /// Postconditions: /// eval out1 mod m = (eval arg1 - eval arg2) mod m /// #[inline] pub fn fiat_poly1305_sub(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element, arg2: &fiat_poly1305_tight_field_element) { let x1: u64 = ((0x1ffffffffff6 + (arg1[0])) - (arg2[0])); let x2: u64 = ((0xffffffffffe + (arg1[1])) - (arg2[1])); let x3: u64 = ((0xffffffffffe + (arg1[2])) - (arg2[2])); out1[0] = x1; out1[1] = x2; out1[2] = x3; } /// The function fiat_poly1305_opp negates a field element. /// /// Postconditions: /// eval out1 mod m = -eval arg1 mod m /// #[inline] pub fn fiat_poly1305_opp(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element) { let x1: u64 = (0x1ffffffffff6 - (arg1[0])); let x2: u64 = (0xffffffffffe - (arg1[1])); let x3: u64 = (0xffffffffffe - (arg1[2])); out1[0] = x1; out1[1] = x2; out1[2] = x3; } /// The function fiat_poly1305_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_poly1305_selectznz(out1: &mut [u64; 3], arg1: fiat_poly1305_u1, arg2: &[u64; 3], arg3: &[u64; 3]) { let mut x1: u64 = 0; fiat_poly1305_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_poly1305_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_poly1305_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); out1[0] = x1; out1[1] = x2; out1[2] = x3; } /// The function fiat_poly1305_to_bytes serializes a field element to bytes in little-endian order. /// /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..16] /// /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] #[inline] pub fn fiat_poly1305_to_bytes(out1: &mut [u8; 17], arg1: &fiat_poly1305_tight_field_element) { let mut x1: u64 = 0; let mut x2: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u44(&mut x1, &mut x2, 0x0, (arg1[0]), 0xffffffffffb); let mut x3: u64 = 0; let mut x4: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u43(&mut x3, &mut x4, x2, (arg1[1]), 0x7ffffffffff); let mut x5: u64 = 0; let mut x6: fiat_poly1305_u1 = 0; fiat_poly1305_subborrowx_u43(&mut x5, &mut x6, x4, (arg1[2]), 0x7ffffffffff); let mut x7: u64 = 0; fiat_poly1305_cmovznz_u64(&mut x7, x6, (0x0 as u64), 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u44(&mut x8, &mut x9, 0x0, x1, (x7 & 0xffffffffffb)); let mut x10: u64 = 0; let mut x11: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u43(&mut x10, &mut x11, x9, x3, (x7 & 0x7ffffffffff)); let mut x12: u64 = 0; let mut x13: fiat_poly1305_u1 = 0; fiat_poly1305_addcarryx_u43(&mut x12, &mut x13, x11, x5, (x7 & 0x7ffffffffff)); let x14: u64 = (x12 << 7); let x15: u64 = (x10 << 4); let x16: u8 = ((x8 & (0xff as u64)) as u8); let x17: u64 = (x8 >> 8); let x18: u8 = ((x17 & (0xff as u64)) as u8); let x19: u64 = (x17 >> 8); let x20: u8 = ((x19 & (0xff as u64)) as u8); let x21: u64 = (x19 >> 8); let x22: u8 = ((x21 & (0xff as u64)) as u8); let x23: u64 = (x21 >> 8); let x24: u8 = ((x23 & (0xff as u64)) as u8); let x25: u8 = ((x23 >> 8) as u8); let x26: u64 = (x15 + (x25 as u64)); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u64 = (x30 >> 8); let x33: u8 = ((x32 & (0xff as u64)) as u8); let x34: u64 = (x32 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u8 = ((x34 >> 8) as u8); let x37: u64 = (x14 + (x36 as u64)); let x38: u8 = ((x37 & (0xff as u64)) as u8); let x39: u64 = (x37 >> 8); let x40: u8 = ((x39 & (0xff as u64)) as u8); let x41: u64 = (x39 >> 8); let x42: u8 = ((x41 & (0xff as u64)) as u8); let x43: u64 = (x41 >> 8); let x44: u8 = ((x43 & (0xff as u64)) as u8); let x45: u64 = (x43 >> 8); let x46: u8 = ((x45 & (0xff as u64)) as u8); let x47: u64 = (x45 >> 8); let x48: u8 = ((x47 & (0xff as u64)) as u8); let x49: u8 = ((x47 >> 8) as u8); out1[0] = x16; out1[1] = x18; out1[2] = x20; out1[3] = x22; out1[4] = x24; out1[5] = x27; out1[6] = x29; out1[7] = x31; out1[8] = x33; out1[9] = x35; out1[10] = x38; out1[11] = x40; out1[12] = x42; out1[13] = x44; out1[14] = x46; out1[15] = x48; out1[16] = x49; } /// The function fiat_poly1305_from_bytes deserializes a field element from bytes in little-endian order. /// /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] #[inline] pub fn fiat_poly1305_from_bytes(out1: &mut fiat_poly1305_tight_field_element, arg1: &[u8; 17]) { let x1: u64 = (((arg1[16]) as u64) << 41); let x2: u64 = (((arg1[15]) as u64) << 33); let x3: u64 = (((arg1[14]) as u64) << 25); let x4: u64 = (((arg1[13]) as u64) << 17); let x5: u64 = (((arg1[12]) as u64) << 9); let x6: u64 = (((arg1[11]) as u64) * (0x2 as u64)); let x7: u64 = (((arg1[10]) as u64) << 36); let x8: u64 = (((arg1[9]) as u64) << 28); let x9: u64 = (((arg1[8]) as u64) << 20); let x10: u64 = (((arg1[7]) as u64) << 12); let x11: u64 = (((arg1[6]) as u64) << 4); let x12: u64 = (((arg1[5]) as u64) << 40); let x13: u64 = (((arg1[4]) as u64) << 32); let x14: u64 = (((arg1[3]) as u64) << 24); let x15: u64 = (((arg1[2]) as u64) << 16); let x16: u64 = (((arg1[1]) as u64) << 8); let x17: u8 = (arg1[0]); let x18: u64 = (x16 + (x17 as u64)); let x19: u64 = (x15 + x18); let x20: u64 = (x14 + x19); let x21: u64 = (x13 + x20); let x22: u64 = (x12 + x21); let x23: u64 = (x22 & 0xfffffffffff); let x24: u8 = ((x22 >> 44) as u8); let x25: u64 = (x11 + (x24 as u64)); let x26: u64 = (x10 + x25); let x27: u64 = (x9 + x26); let x28: u64 = (x8 + x27); let x29: u64 = (x7 + x28); let x30: u64 = (x29 & 0x7ffffffffff); let x31: fiat_poly1305_u1 = ((x29 >> 43) as fiat_poly1305_u1); let x32: u64 = (x6 + (x31 as u64)); let x33: u64 = (x5 + x32); let x34: u64 = (x4 + x33); let x35: u64 = (x3 + x34); let x36: u64 = (x2 + x35); let x37: u64 = (x1 + x36); out1[0] = x23; out1[1] = x30; out1[2] = x37; } /// The function fiat_poly1305_relax is the identity function converting from tight field elements to loose field elements. /// /// Postconditions: /// out1 = arg1 /// #[inline] pub fn fiat_poly1305_relax(out1: &mut fiat_poly1305_loose_field_element, arg1: &fiat_poly1305_tight_field_element) { let x1: u64 = (arg1[0]); let x2: u64 = (arg1[1]); let x3: u64 = (arg1[2]); out1[0] = x1; out1[1] = x2; out1[2] = x3; } fiat-crypto-0.2.2/src/secp256k1_dettman_32.rs000064400000000000000000000405501046102023000166720ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/dettman_multiplication' --lang Rust --inline secp256k1_dettman 32 10 22 6 '2^256 - 4294968273' mul square //! curve description: secp256k1_dettman //! machine_wordsize = 32 (from "32") //! requested operations: mul, square //! n = 10 (from "10") //! last_limb_width = 22 (from "22") //! last_reduction = 6 (from "6") //! s-c = 2^256 - [(1, 4294968273)] (from "2^256 - 4294968273") //! inbounds_multiplier: None (from "") //! //! Computed values: //! //! #![allow(unused_parens)] #![allow(non_camel_case_types)] /// The function fiat_secp256k1_dettman_mul multiplies two field elements. /// /// Postconditions: /// eval out1 mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 = (eval arg1 * eval arg2) mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 /// /// Input Bounds: /// arg1: [[0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7ffffe]] /// arg2: [[0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7ffffe]] /// Output Bounds: /// out1: [[0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x5fffff]] #[inline] pub fn fiat_secp256k1_dettman_mul(out1: &mut [u32; 10], arg1: &[u32; 10], arg2: &[u32; 10]) { let x1: u64 = ((((arg1[8]) as u64) * ((arg2[9]) as u64)) + (((arg1[9]) as u64) * ((arg2[8]) as u64))); let x2: u32 = ((x1 >> 26) as u32); let x3: u32 = ((x1 & (0x3ffffff as u64)) as u32); let x4: u64 = (((((arg1[0]) as u64) * ((arg2[7]) as u64)) + ((((arg1[1]) as u64) * ((arg2[6]) as u64)) + ((((arg1[2]) as u64) * ((arg2[5]) as u64)) + ((((arg1[3]) as u64) * ((arg2[4]) as u64)) + ((((arg1[4]) as u64) * ((arg2[3]) as u64)) + ((((arg1[5]) as u64) * ((arg2[2]) as u64)) + ((((arg1[6]) as u64) * ((arg2[1]) as u64)) + (((arg1[7]) as u64) * ((arg2[0]) as u64))))))))) + ((x3 as u64) * (0x3d10 as u64))); let x5: u32 = ((x4 >> 26) as u32); let x6: u32 = ((x4 & (0x3ffffff as u64)) as u32); let x7: u64 = ((x2 as u64) + (((arg1[9]) as u64) * ((arg2[9]) as u64))); let x8: u32 = ((x7 >> 32) as u32); let x9: u32 = ((x7 & (0xffffffff as u64)) as u32); let x10: u64 = (((x5 as u64) + (((((arg1[0]) as u64) * ((arg2[8]) as u64)) + ((((arg1[1]) as u64) * ((arg2[7]) as u64)) + ((((arg1[2]) as u64) * ((arg2[6]) as u64)) + ((((arg1[3]) as u64) * ((arg2[5]) as u64)) + ((((arg1[4]) as u64) * ((arg2[4]) as u64)) + ((((arg1[5]) as u64) * ((arg2[3]) as u64)) + ((((arg1[6]) as u64) * ((arg2[2]) as u64)) + ((((arg1[7]) as u64) * ((arg2[1]) as u64)) + (((arg1[8]) as u64) * ((arg2[0]) as u64)))))))))) + ((x3 as u64) << 10))) + ((x9 as u64) * (0x3d10 as u64))); let x11: u32 = ((x10 >> 26) as u32); let x12: u32 = ((x10 & (0x3ffffff as u64)) as u32); let x13: u64 = (((x11 as u64) + (((((arg1[0]) as u64) * ((arg2[9]) as u64)) + ((((arg1[1]) as u64) * ((arg2[8]) as u64)) + ((((arg1[2]) as u64) * ((arg2[7]) as u64)) + ((((arg1[3]) as u64) * ((arg2[6]) as u64)) + ((((arg1[4]) as u64) * ((arg2[5]) as u64)) + ((((arg1[5]) as u64) * ((arg2[4]) as u64)) + ((((arg1[6]) as u64) * ((arg2[3]) as u64)) + ((((arg1[7]) as u64) * ((arg2[2]) as u64)) + ((((arg1[8]) as u64) * ((arg2[1]) as u64)) + (((arg1[9]) as u64) * ((arg2[0]) as u64))))))))))) + ((x9 as u64) << 10))) + ((x8 as u64) * (0xf4400 as u64))); let x14: u32 = ((x13 >> 26) as u32); let x15: u32 = ((x13 & (0x3ffffff as u64)) as u32); let x16: u64 = ((x14 as u64) + (((((arg1[1]) as u64) * ((arg2[9]) as u64)) + ((((arg1[2]) as u64) * ((arg2[8]) as u64)) + ((((arg1[3]) as u64) * ((arg2[7]) as u64)) + ((((arg1[4]) as u64) * ((arg2[6]) as u64)) + ((((arg1[5]) as u64) * ((arg2[5]) as u64)) + ((((arg1[6]) as u64) * ((arg2[4]) as u64)) + ((((arg1[7]) as u64) * ((arg2[3]) as u64)) + ((((arg1[8]) as u64) * ((arg2[2]) as u64)) + (((arg1[9]) as u64) * ((arg2[1]) as u64)))))))))) + ((x8 << 16) as u64))); let x17: u32 = ((x16 >> 26) as u32); let x18: u32 = ((x16 & (0x3ffffff as u64)) as u32); let x19: u32 = (x15 >> 22); let x20: u32 = (x15 & 0x3fffff); let x21: u64 = ((((arg1[0]) as u64) * ((arg2[0]) as u64)) + (((x19 + (x18 << 4)) as u64) * (0x3d1 as u64))); let x22: u32 = ((x21 >> 26) as u32); let x23: u32 = ((x21 & (0x3ffffff as u64)) as u32); let x24: u64 = ((x17 as u64) + ((((arg1[2]) as u64) * ((arg2[9]) as u64)) + ((((arg1[3]) as u64) * ((arg2[8]) as u64)) + ((((arg1[4]) as u64) * ((arg2[7]) as u64)) + ((((arg1[5]) as u64) * ((arg2[6]) as u64)) + ((((arg1[6]) as u64) * ((arg2[5]) as u64)) + ((((arg1[7]) as u64) * ((arg2[4]) as u64)) + ((((arg1[8]) as u64) * ((arg2[3]) as u64)) + (((arg1[9]) as u64) * ((arg2[2]) as u64)))))))))); let x25: u32 = ((x24 >> 26) as u32); let x26: u32 = ((x24 & (0x3ffffff as u64)) as u32); let x27: u64 = (((x22 as u64) + (((((arg1[0]) as u64) * ((arg2[1]) as u64)) + (((arg1[1]) as u64) * ((arg2[0]) as u64))) + (((x19 + (x18 << 4)) as u64) << 6))) + ((x26 as u64) * (0x3d10 as u64))); let x28: u32 = ((x27 >> 26) as u32); let x29: u32 = ((x27 & (0x3ffffff as u64)) as u32); let x30: u64 = ((x25 as u64) + ((((arg1[3]) as u64) * ((arg2[9]) as u64)) + ((((arg1[4]) as u64) * ((arg2[8]) as u64)) + ((((arg1[5]) as u64) * ((arg2[7]) as u64)) + ((((arg1[6]) as u64) * ((arg2[6]) as u64)) + ((((arg1[7]) as u64) * ((arg2[5]) as u64)) + ((((arg1[8]) as u64) * ((arg2[4]) as u64)) + (((arg1[9]) as u64) * ((arg2[3]) as u64))))))))); let x31: u32 = ((x30 >> 26) as u32); let x32: u32 = ((x30 & (0x3ffffff as u64)) as u32); let x33: u64 = (((x28 as u64) + (((((arg1[0]) as u64) * ((arg2[2]) as u64)) + ((((arg1[1]) as u64) * ((arg2[1]) as u64)) + (((arg1[2]) as u64) * ((arg2[0]) as u64)))) + ((x26 as u64) << 10))) + ((x32 as u64) * (0x3d10 as u64))); let x34: u32 = ((x33 >> 26) as u32); let x35: u32 = ((x33 & (0x3ffffff as u64)) as u32); let x36: u64 = ((x31 as u64) + ((((arg1[4]) as u64) * ((arg2[9]) as u64)) + ((((arg1[5]) as u64) * ((arg2[8]) as u64)) + ((((arg1[6]) as u64) * ((arg2[7]) as u64)) + ((((arg1[7]) as u64) * ((arg2[6]) as u64)) + ((((arg1[8]) as u64) * ((arg2[5]) as u64)) + (((arg1[9]) as u64) * ((arg2[4]) as u64)))))))); let x37: u32 = ((x36 >> 26) as u32); let x38: u32 = ((x36 & (0x3ffffff as u64)) as u32); let x39: u64 = (((x34 as u64) + (((((arg1[0]) as u64) * ((arg2[3]) as u64)) + ((((arg1[1]) as u64) * ((arg2[2]) as u64)) + ((((arg1[2]) as u64) * ((arg2[1]) as u64)) + (((arg1[3]) as u64) * ((arg2[0]) as u64))))) + ((x32 as u64) << 10))) + ((x38 as u64) * (0x3d10 as u64))); let x40: u32 = ((x39 >> 26) as u32); let x41: u32 = ((x39 & (0x3ffffff as u64)) as u32); let x42: u64 = ((x37 as u64) + ((((arg1[5]) as u64) * ((arg2[9]) as u64)) + ((((arg1[6]) as u64) * ((arg2[8]) as u64)) + ((((arg1[7]) as u64) * ((arg2[7]) as u64)) + ((((arg1[8]) as u64) * ((arg2[6]) as u64)) + (((arg1[9]) as u64) * ((arg2[5]) as u64))))))); let x43: u32 = ((x42 >> 26) as u32); let x44: u32 = ((x42 & (0x3ffffff as u64)) as u32); let x45: u64 = (((x40 as u64) + (((((arg1[0]) as u64) * ((arg2[4]) as u64)) + ((((arg1[1]) as u64) * ((arg2[3]) as u64)) + ((((arg1[2]) as u64) * ((arg2[2]) as u64)) + ((((arg1[3]) as u64) * ((arg2[1]) as u64)) + (((arg1[4]) as u64) * ((arg2[0]) as u64)))))) + ((x38 as u64) << 10))) + ((x44 as u64) * (0x3d10 as u64))); let x46: u32 = ((x45 >> 26) as u32); let x47: u32 = ((x45 & (0x3ffffff as u64)) as u32); let x48: u64 = ((x43 as u64) + ((((arg1[6]) as u64) * ((arg2[9]) as u64)) + ((((arg1[7]) as u64) * ((arg2[8]) as u64)) + ((((arg1[8]) as u64) * ((arg2[7]) as u64)) + (((arg1[9]) as u64) * ((arg2[6]) as u64)))))); let x49: u32 = ((x48 >> 26) as u32); let x50: u32 = ((x48 & (0x3ffffff as u64)) as u32); let x51: u64 = (((x46 as u64) + (((((arg1[0]) as u64) * ((arg2[5]) as u64)) + ((((arg1[1]) as u64) * ((arg2[4]) as u64)) + ((((arg1[2]) as u64) * ((arg2[3]) as u64)) + ((((arg1[3]) as u64) * ((arg2[2]) as u64)) + ((((arg1[4]) as u64) * ((arg2[1]) as u64)) + (((arg1[5]) as u64) * ((arg2[0]) as u64))))))) + ((x44 as u64) << 10))) + ((x50 as u64) * (0x3d10 as u64))); let x52: u32 = ((x51 >> 26) as u32); let x53: u32 = ((x51 & (0x3ffffff as u64)) as u32); let x54: u64 = ((x49 as u64) + ((((arg1[7]) as u64) * ((arg2[9]) as u64)) + ((((arg1[8]) as u64) * ((arg2[8]) as u64)) + (((arg1[9]) as u64) * ((arg2[7]) as u64))))); let x55: u32 = ((x54 >> 32) as u32); let x56: u32 = ((x54 & (0xffffffff as u64)) as u32); let x57: u64 = (((x52 as u64) + (((((arg1[0]) as u64) * ((arg2[6]) as u64)) + ((((arg1[1]) as u64) * ((arg2[5]) as u64)) + ((((arg1[2]) as u64) * ((arg2[4]) as u64)) + ((((arg1[3]) as u64) * ((arg2[3]) as u64)) + ((((arg1[4]) as u64) * ((arg2[2]) as u64)) + ((((arg1[5]) as u64) * ((arg2[1]) as u64)) + (((arg1[6]) as u64) * ((arg2[0]) as u64)))))))) + ((x50 as u64) << 10))) + ((x56 as u64) * (0x3d10 as u64))); let x58: u32 = ((x57 >> 26) as u32); let x59: u32 = ((x57 & (0x3ffffff as u64)) as u32); let x60: u64 = (((x58 as u64) + ((x6 as u64) + ((x56 as u64) << 10))) + ((x55 as u64) * (0xf4400 as u64))); let x61: u32 = ((x60 >> 26) as u32); let x62: u32 = ((x60 & (0x3ffffff as u64)) as u32); let x63: u64 = ((x61 as u64) + ((x12 as u64) + ((x55 as u64) << 16))); let x64: u32 = ((x63 >> 26) as u32); let x65: u32 = ((x63 & (0x3ffffff as u64)) as u32); let x66: u32 = (x64 + x20); out1[0] = x23; out1[1] = x29; out1[2] = x35; out1[3] = x41; out1[4] = x47; out1[5] = x53; out1[6] = x59; out1[7] = x62; out1[8] = x65; out1[9] = x66; } /// The function fiat_secp256k1_dettman_square squares a field element. /// /// Postconditions: /// eval out1 mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 = (eval arg1 * eval arg1) mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 /// /// Input Bounds: /// arg1: [[0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7ffffe]] /// Output Bounds: /// out1: [[0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x7fffffe], [0x0 ~> 0x5fffff]] #[inline] pub fn fiat_secp256k1_dettman_square(out1: &mut [u32; 10], arg1: &[u32; 10]) { let x1: u32 = ((arg1[8]) * 0x2); let x2: u32 = ((arg1[7]) * 0x2); let x3: u32 = ((arg1[6]) * 0x2); let x4: u32 = ((arg1[5]) * 0x2); let x5: u32 = ((arg1[4]) * 0x2); let x6: u32 = ((arg1[3]) * 0x2); let x7: u32 = ((arg1[2]) * 0x2); let x8: u32 = ((arg1[1]) * 0x2); let x9: u32 = ((arg1[0]) * 0x2); let x10: u64 = ((x1 as u64) * ((arg1[9]) as u64)); let x11: u32 = ((x10 >> 26) as u32); let x12: u32 = ((x10 & (0x3ffffff as u64)) as u32); let x13: u64 = ((((x9 as u64) * ((arg1[7]) as u64)) + (((x8 as u64) * ((arg1[6]) as u64)) + (((x7 as u64) * ((arg1[5]) as u64)) + ((x6 as u64) * ((arg1[4]) as u64))))) + ((x12 as u64) * (0x3d10 as u64))); let x14: u32 = ((x13 >> 26) as u32); let x15: u32 = ((x13 & (0x3ffffff as u64)) as u32); let x16: u64 = ((x11 as u64) + (((arg1[9]) as u64) * ((arg1[9]) as u64))); let x17: u32 = ((x16 >> 32) as u32); let x18: u32 = ((x16 & (0xffffffff as u64)) as u32); let x19: u64 = (((x14 as u64) + ((((x9 as u64) * ((arg1[8]) as u64)) + (((x8 as u64) * ((arg1[7]) as u64)) + (((x7 as u64) * ((arg1[6]) as u64)) + (((x6 as u64) * ((arg1[5]) as u64)) + (((arg1[4]) as u64) * ((arg1[4]) as u64)))))) + ((x12 as u64) << 10))) + ((x18 as u64) * (0x3d10 as u64))); let x20: u32 = ((x19 >> 26) as u32); let x21: u32 = ((x19 & (0x3ffffff as u64)) as u32); let x22: u64 = (((x20 as u64) + ((((x9 as u64) * ((arg1[9]) as u64)) + (((x8 as u64) * ((arg1[8]) as u64)) + (((x7 as u64) * ((arg1[7]) as u64)) + (((x6 as u64) * ((arg1[6]) as u64)) + ((x5 as u64) * ((arg1[5]) as u64)))))) + ((x18 as u64) << 10))) + ((x17 as u64) * (0xf4400 as u64))); let x23: u32 = ((x22 >> 26) as u32); let x24: u32 = ((x22 & (0x3ffffff as u64)) as u32); let x25: u64 = ((x23 as u64) + ((((x8 as u64) * ((arg1[9]) as u64)) + (((x7 as u64) * ((arg1[8]) as u64)) + (((x6 as u64) * ((arg1[7]) as u64)) + (((x5 as u64) * ((arg1[6]) as u64)) + (((arg1[5]) as u64) * ((arg1[5]) as u64)))))) + ((x17 << 16) as u64))); let x26: u32 = ((x25 >> 26) as u32); let x27: u32 = ((x25 & (0x3ffffff as u64)) as u32); let x28: u32 = (x24 >> 22); let x29: u32 = (x24 & 0x3fffff); let x30: u64 = ((((arg1[0]) as u64) * ((arg1[0]) as u64)) + (((x28 + (x27 << 4)) as u64) * (0x3d1 as u64))); let x31: u32 = ((x30 >> 26) as u32); let x32: u32 = ((x30 & (0x3ffffff as u64)) as u32); let x33: u64 = ((x26 as u64) + (((x7 as u64) * ((arg1[9]) as u64)) + (((x6 as u64) * ((arg1[8]) as u64)) + (((x5 as u64) * ((arg1[7]) as u64)) + ((x4 as u64) * ((arg1[6]) as u64)))))); let x34: u32 = ((x33 >> 26) as u32); let x35: u32 = ((x33 & (0x3ffffff as u64)) as u32); let x36: u64 = (((x31 as u64) + (((x9 as u64) * ((arg1[1]) as u64)) + (((x28 + (x27 << 4)) as u64) << 6))) + ((x35 as u64) * (0x3d10 as u64))); let x37: u32 = ((x36 >> 26) as u32); let x38: u32 = ((x36 & (0x3ffffff as u64)) as u32); let x39: u64 = ((x34 as u64) + (((x6 as u64) * ((arg1[9]) as u64)) + (((x5 as u64) * ((arg1[8]) as u64)) + (((x4 as u64) * ((arg1[7]) as u64)) + (((arg1[6]) as u64) * ((arg1[6]) as u64)))))); let x40: u32 = ((x39 >> 26) as u32); let x41: u32 = ((x39 & (0x3ffffff as u64)) as u32); let x42: u64 = (((x37 as u64) + ((((x9 as u64) * ((arg1[2]) as u64)) + (((arg1[1]) as u64) * ((arg1[1]) as u64))) + ((x35 as u64) << 10))) + ((x41 as u64) * (0x3d10 as u64))); let x43: u32 = ((x42 >> 26) as u32); let x44: u32 = ((x42 & (0x3ffffff as u64)) as u32); let x45: u64 = ((x40 as u64) + (((x5 as u64) * ((arg1[9]) as u64)) + (((x4 as u64) * ((arg1[8]) as u64)) + ((x3 as u64) * ((arg1[7]) as u64))))); let x46: u32 = ((x45 >> 26) as u32); let x47: u32 = ((x45 & (0x3ffffff as u64)) as u32); let x48: u64 = (((x43 as u64) + ((((x9 as u64) * ((arg1[3]) as u64)) + ((x8 as u64) * ((arg1[2]) as u64))) + ((x41 as u64) << 10))) + ((x47 as u64) * (0x3d10 as u64))); let x49: u32 = ((x48 >> 26) as u32); let x50: u32 = ((x48 & (0x3ffffff as u64)) as u32); let x51: u64 = ((x46 as u64) + (((x4 as u64) * ((arg1[9]) as u64)) + (((x3 as u64) * ((arg1[8]) as u64)) + (((arg1[7]) as u64) * ((arg1[7]) as u64))))); let x52: u32 = ((x51 >> 26) as u32); let x53: u32 = ((x51 & (0x3ffffff as u64)) as u32); let x54: u64 = (((x49 as u64) + ((((x9 as u64) * ((arg1[4]) as u64)) + (((x8 as u64) * ((arg1[3]) as u64)) + (((arg1[2]) as u64) * ((arg1[2]) as u64)))) + ((x47 as u64) << 10))) + ((x53 as u64) * (0x3d10 as u64))); let x55: u32 = ((x54 >> 26) as u32); let x56: u32 = ((x54 & (0x3ffffff as u64)) as u32); let x57: u64 = ((x52 as u64) + (((x3 as u64) * ((arg1[9]) as u64)) + ((x2 as u64) * ((arg1[8]) as u64)))); let x58: u32 = ((x57 >> 26) as u32); let x59: u32 = ((x57 & (0x3ffffff as u64)) as u32); let x60: u64 = (((x55 as u64) + ((((x9 as u64) * ((arg1[5]) as u64)) + (((x8 as u64) * ((arg1[4]) as u64)) + ((x7 as u64) * ((arg1[3]) as u64)))) + ((x53 as u64) << 10))) + ((x59 as u64) * (0x3d10 as u64))); let x61: u32 = ((x60 >> 26) as u32); let x62: u32 = ((x60 & (0x3ffffff as u64)) as u32); let x63: u64 = ((x58 as u64) + (((x2 as u64) * ((arg1[9]) as u64)) + (((arg1[8]) as u64) * ((arg1[8]) as u64)))); let x64: u32 = ((x63 >> 32) as u32); let x65: u32 = ((x63 & (0xffffffff as u64)) as u32); let x66: u64 = (((x61 as u64) + ((((x9 as u64) * ((arg1[6]) as u64)) + (((x8 as u64) * ((arg1[5]) as u64)) + (((x7 as u64) * ((arg1[4]) as u64)) + (((arg1[3]) as u64) * ((arg1[3]) as u64))))) + ((x59 as u64) << 10))) + ((x65 as u64) * (0x3d10 as u64))); let x67: u32 = ((x66 >> 26) as u32); let x68: u32 = ((x66 & (0x3ffffff as u64)) as u32); let x69: u64 = (((x67 as u64) + ((x15 as u64) + ((x65 as u64) << 10))) + ((x64 as u64) * (0xf4400 as u64))); let x70: u32 = ((x69 >> 26) as u32); let x71: u32 = ((x69 & (0x3ffffff as u64)) as u32); let x72: u64 = ((x70 as u64) + ((x21 as u64) + ((x64 as u64) << 16))); let x73: u32 = ((x72 >> 26) as u32); let x74: u32 = ((x72 & (0x3ffffff as u64)) as u32); let x75: u32 = (x73 + x29); out1[0] = x32; out1[1] = x38; out1[2] = x44; out1[3] = x50; out1[4] = x56; out1[5] = x62; out1[6] = x68; out1[7] = x71; out1[8] = x74; out1[9] = x75; } fiat-crypto-0.2.2/src/secp256k1_dettman_64.rs000064400000000000000000000167551046102023000167110ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/dettman_multiplication' --lang Rust --inline secp256k1_dettman 64 5 48 2 '2^256 - 4294968273' mul square //! curve description: secp256k1_dettman //! machine_wordsize = 64 (from "64") //! requested operations: mul, square //! n = 5 (from "5") //! last_limb_width = 48 (from "48") //! last_reduction = 2 (from "2") //! s-c = 2^256 - [(1, 4294968273)] (from "2^256 - 4294968273") //! inbounds_multiplier: None (from "") //! //! Computed values: //! //! #![allow(unused_parens)] #![allow(non_camel_case_types)] /// The function fiat_secp256k1_dettman_mul multiplies two field elements. /// /// Postconditions: /// eval out1 mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 = (eval arg1 * eval arg2) mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 /// /// Input Bounds: /// arg1: [[0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1fffffffffffe]] /// arg2: [[0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1fffffffffffe]] /// Output Bounds: /// out1: [[0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x17fffffffffff]] #[inline] pub fn fiat_secp256k1_dettman_mul(out1: &mut [u64; 5], arg1: &[u64; 5], arg2: &[u64; 5]) { let x1: u128 = (((arg1[4]) as u128) * ((arg2[4]) as u128)); let x2: u64 = ((x1 >> 64) as u64); let x3: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x4: u128 = (((((arg1[0]) as u128) * ((arg2[3]) as u128)) + ((((arg1[1]) as u128) * ((arg2[2]) as u128)) + ((((arg1[2]) as u128) * ((arg2[1]) as u128)) + (((arg1[3]) as u128) * ((arg2[0]) as u128))))) + ((x3 as u128) * (0x1000003d10 as u128))); let x5: u64 = ((x4 >> 52) as u64); let x6: u64 = ((x4 & (0xfffffffffffff as u128)) as u64); let x7: u128 = (((x5 as u128) + ((((arg1[0]) as u128) * ((arg2[4]) as u128)) + ((((arg1[1]) as u128) * ((arg2[3]) as u128)) + ((((arg1[2]) as u128) * ((arg2[2]) as u128)) + ((((arg1[3]) as u128) * ((arg2[1]) as u128)) + (((arg1[4]) as u128) * ((arg2[0]) as u128))))))) + ((x2 as u128) * (0x1000003d10000 as u128))); let x8: u64 = ((x7 >> 52) as u64); let x9: u64 = ((x7 & (0xfffffffffffff as u128)) as u64); let x10: u128 = ((x8 as u128) + ((((arg1[1]) as u128) * ((arg2[4]) as u128)) + ((((arg1[2]) as u128) * ((arg2[3]) as u128)) + ((((arg1[3]) as u128) * ((arg2[2]) as u128)) + (((arg1[4]) as u128) * ((arg2[1]) as u128)))))); let x11: u64 = ((x10 >> 52) as u64); let x12: u64 = ((x10 & (0xfffffffffffff as u128)) as u64); let x13: u64 = (x9 >> 48); let x14: u64 = (x9 & 0xffffffffffff); let x15: u128 = ((((arg1[0]) as u128) * ((arg2[0]) as u128)) + (((x13 + (x12 << 4)) as u128) * (0x1000003d1 as u128))); let x16: u64 = ((x15 >> 52) as u64); let x17: u64 = ((x15 & (0xfffffffffffff as u128)) as u64); let x18: u128 = ((x11 as u128) + ((((arg1[2]) as u128) * ((arg2[4]) as u128)) + ((((arg1[3]) as u128) * ((arg2[3]) as u128)) + (((arg1[4]) as u128) * ((arg2[2]) as u128))))); let x19: u64 = ((x18 >> 52) as u64); let x20: u64 = ((x18 & (0xfffffffffffff as u128)) as u64); let x21: u128 = (((x16 as u128) + ((((arg1[0]) as u128) * ((arg2[1]) as u128)) + (((arg1[1]) as u128) * ((arg2[0]) as u128)))) + ((x20 as u128) * (0x1000003d10 as u128))); let x22: u64 = ((x21 >> 52) as u64); let x23: u64 = ((x21 & (0xfffffffffffff as u128)) as u64); let x24: u128 = ((x19 as u128) + ((((arg1[3]) as u128) * ((arg2[4]) as u128)) + (((arg1[4]) as u128) * ((arg2[3]) as u128)))); let x25: u64 = ((x24 >> 64) as u64); let x26: u64 = ((x24 & (0xffffffffffffffff as u128)) as u64); let x27: u128 = (((x22 as u128) + ((((arg1[0]) as u128) * ((arg2[2]) as u128)) + ((((arg1[1]) as u128) * ((arg2[1]) as u128)) + (((arg1[2]) as u128) * ((arg2[0]) as u128))))) + ((x26 as u128) * (0x1000003d10 as u128))); let x28: u64 = ((x27 >> 52) as u64); let x29: u64 = ((x27 & (0xfffffffffffff as u128)) as u64); let x30: u128 = (((x28 + x6) as u128) + ((x25 as u128) * (0x1000003d10000 as u128))); let x31: u64 = ((x30 >> 52) as u64); let x32: u64 = ((x30 & (0xfffffffffffff as u128)) as u64); let x33: u64 = (x31 + x14); out1[0] = x17; out1[1] = x23; out1[2] = x29; out1[3] = x32; out1[4] = x33; } /// The function fiat_secp256k1_dettman_square squares a field element. /// /// Postconditions: /// eval out1 mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 = (eval arg1 * eval arg1) mod 115792089237316195423570985008687907853269984665640564039457584007908834671663 /// /// Input Bounds: /// arg1: [[0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1fffffffffffe]] /// Output Bounds: /// out1: [[0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x1ffffffffffffe], [0x0 ~> 0x17fffffffffff]] #[inline] pub fn fiat_secp256k1_dettman_square(out1: &mut [u64; 5], arg1: &[u64; 5]) { let x1: u64 = ((arg1[3]) * 0x2); let x2: u64 = ((arg1[2]) * 0x2); let x3: u64 = ((arg1[1]) * 0x2); let x4: u64 = ((arg1[0]) * 0x2); let x5: u128 = (((arg1[4]) as u128) * ((arg1[4]) as u128)); let x6: u64 = ((x5 >> 64) as u64); let x7: u64 = ((x5 & (0xffffffffffffffff as u128)) as u64); let x8: u128 = ((((x4 as u128) * ((arg1[3]) as u128)) + ((x3 as u128) * ((arg1[2]) as u128))) + ((x7 as u128) * (0x1000003d10 as u128))); let x9: u64 = ((x8 >> 52) as u64); let x10: u64 = ((x8 & (0xfffffffffffff as u128)) as u64); let x11: u128 = (((x9 as u128) + (((x4 as u128) * ((arg1[4]) as u128)) + (((x3 as u128) * ((arg1[3]) as u128)) + (((arg1[2]) as u128) * ((arg1[2]) as u128))))) + ((x6 as u128) * (0x1000003d10000 as u128))); let x12: u64 = ((x11 >> 52) as u64); let x13: u64 = ((x11 & (0xfffffffffffff as u128)) as u64); let x14: u128 = ((x12 as u128) + (((x3 as u128) * ((arg1[4]) as u128)) + ((x2 as u128) * ((arg1[3]) as u128)))); let x15: u64 = ((x14 >> 52) as u64); let x16: u64 = ((x14 & (0xfffffffffffff as u128)) as u64); let x17: u64 = (x13 >> 48); let x18: u64 = (x13 & 0xffffffffffff); let x19: u128 = ((((arg1[0]) as u128) * ((arg1[0]) as u128)) + (((x17 + (x16 << 4)) as u128) * (0x1000003d1 as u128))); let x20: u64 = ((x19 >> 52) as u64); let x21: u64 = ((x19 & (0xfffffffffffff as u128)) as u64); let x22: u128 = ((x15 as u128) + (((x2 as u128) * ((arg1[4]) as u128)) + (((arg1[3]) as u128) * ((arg1[3]) as u128)))); let x23: u64 = ((x22 >> 52) as u64); let x24: u64 = ((x22 & (0xfffffffffffff as u128)) as u64); let x25: u128 = (((x20 as u128) + ((x4 as u128) * ((arg1[1]) as u128))) + ((x24 as u128) * (0x1000003d10 as u128))); let x26: u64 = ((x25 >> 52) as u64); let x27: u64 = ((x25 & (0xfffffffffffff as u128)) as u64); let x28: u128 = ((x23 as u128) + ((x1 as u128) * ((arg1[4]) as u128))); let x29: u64 = ((x28 >> 64) as u64); let x30: u64 = ((x28 & (0xffffffffffffffff as u128)) as u64); let x31: u128 = (((x26 as u128) + (((x4 as u128) * ((arg1[2]) as u128)) + (((arg1[1]) as u128) * ((arg1[1]) as u128)))) + ((x30 as u128) * (0x1000003d10 as u128))); let x32: u64 = ((x31 >> 52) as u64); let x33: u64 = ((x31 & (0xfffffffffffff as u128)) as u64); let x34: u128 = (((x32 + x10) as u128) + ((x29 as u128) * (0x1000003d10000 as u128))); let x35: u64 = ((x34 >> 52) as u64); let x36: u64 = ((x34 & (0xfffffffffffff as u128)) as u64); let x37: u64 = (x35 + x18); out1[0] = x21; out1[1] = x27; out1[2] = x33; out1[3] = x36; out1[4] = x37; } fiat-crypto-0.2.2/src/secp256k1_montgomery_32.rs000064400000000000000000007746701046102023000174570ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline secp256k1_montgomery 32 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: secp256k1_montgomery //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_secp256k1_montgomery_u1 = u8; pub type fiat_secp256k1_montgomery_i1 = i8; pub type fiat_secp256k1_montgomery_u2 = u8; pub type fiat_secp256k1_montgomery_i2 = i8; /** The type fiat_secp256k1_montgomery_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_secp256k1_montgomery_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_secp256k1_montgomery_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_non_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_secp256k1_montgomery_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_secp256k1_montgomery_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_addcarryx_u32(out1: &mut u32, out2: &mut fiat_secp256k1_montgomery_u1, arg1: fiat_secp256k1_montgomery_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_secp256k1_montgomery_u1 = ((x1 >> 32) as fiat_secp256k1_montgomery_u1); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_subborrowx_u32(out1: &mut u32, out2: &mut fiat_secp256k1_montgomery_u1, arg1: fiat_secp256k1_montgomery_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_secp256k1_montgomery_i1 = ((x1 >> 32) as fiat_secp256k1_montgomery_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_secp256k1_montgomery_i2) - (x2 as fiat_secp256k1_montgomery_i2)) as fiat_secp256k1_montgomery_u1); } /// The function fiat_secp256k1_montgomery_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_cmovznz_u32(out1: &mut u32, arg1: fiat_secp256k1_montgomery_u1, arg2: u32, arg3: u32) { let x1: fiat_secp256k1_montgomery_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_secp256k1_montgomery_i2) - (x1 as fiat_secp256k1_montgomery_i2)) as fiat_secp256k1_montgomery_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_secp256k1_montgomery_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_mul(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x9, &mut x10, x8, (arg2[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x11, &mut x12, x8, (arg2[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x13, &mut x14, x8, (arg2[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x15, &mut x16, x8, (arg2[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x17, &mut x18, x8, (arg2[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x19, &mut x20, x8, (arg2[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x21, &mut x22, x8, (arg2[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x23, &mut x24, x8, (arg2[0])); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x40, &mut x41, x23, 0xd2253531); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x48, &mut x49, x40, 0xffffffff); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x50, &mut x51, x40, 0xffffffff); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x52, &mut x53, x40, 0xffffffff); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x54, &mut x55, x40, 0xfffffffe); let mut x56: u32 = 0; let mut x57: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x56, &mut x57, x40, 0xfffffc2f); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x58, &mut x59, 0x0, x57, x54); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x60, &mut x61, x59, x55, x52); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x62, &mut x63, x61, x53, x50); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x64, &mut x65, x63, x51, x48); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x66, &mut x67, x65, x49, x46); let mut x68: u32 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x68, &mut x69, x67, x47, x44); let mut x70: u32 = 0; let mut x71: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x70, &mut x71, x69, x45, x42); let x72: u32 = ((x71 as u32) + x43); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x73, &mut x74, 0x0, x23, x56); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x75, &mut x76, x74, x25, x58); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x77, &mut x78, x76, x27, x60); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x79, &mut x80, x78, x29, x62); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x81, &mut x82, x80, x31, x64); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x83, &mut x84, x82, x33, x66); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x85, &mut x86, x84, x35, x68); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x87, &mut x88, x86, x37, x70); let mut x89: u32 = 0; let mut x90: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x89, &mut x90, x88, x39, x72); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x91, &mut x92, x1, (arg2[7])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x93, &mut x94, x1, (arg2[6])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x95, &mut x96, x1, (arg2[5])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x97, &mut x98, x1, (arg2[4])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x99, &mut x100, x1, (arg2[3])); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x101, &mut x102, x1, (arg2[2])); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x103, &mut x104, x1, (arg2[1])); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x105, &mut x106, x1, (arg2[0])); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x107, &mut x108, 0x0, x106, x103); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x109, &mut x110, x108, x104, x101); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x111, &mut x112, x110, x102, x99); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x113, &mut x114, x112, x100, x97); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x115, &mut x116, x114, x98, x95); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x117, &mut x118, x116, x96, x93); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x119, &mut x120, x118, x94, x91); let x121: u32 = ((x120 as u32) + x92); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x122, &mut x123, 0x0, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x132, &mut x133, x131, x85, x115); let mut x134: u32 = 0; let mut x135: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x134, &mut x135, x133, x87, x117); let mut x136: u32 = 0; let mut x137: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x136, &mut x137, x135, x89, x119); let mut x138: u32 = 0; let mut x139: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x138, &mut x139, x137, (x90 as u32), x121); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x140, &mut x141, x122, 0xd2253531); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x142, &mut x143, x140, 0xffffffff); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x144, &mut x145, x140, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x146, &mut x147, x140, 0xffffffff); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x148, &mut x149, x140, 0xffffffff); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x150, &mut x151, x140, 0xffffffff); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x152, &mut x153, x140, 0xffffffff); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x154, &mut x155, x140, 0xfffffffe); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x156, &mut x157, x140, 0xfffffc2f); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x160, &mut x161, x159, x155, x152); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x162, &mut x163, x161, x153, x150); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x164, &mut x165, x163, x151, x148); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x166, &mut x167, x165, x149, x146); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x168, &mut x169, x167, x147, x144); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x170, &mut x171, x169, x145, x142); let x172: u32 = ((x171 as u32) + x143); let mut x173: u32 = 0; let mut x174: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x173, &mut x174, 0x0, x122, x156); let mut x175: u32 = 0; let mut x176: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x175, &mut x176, x174, x124, x158); let mut x177: u32 = 0; let mut x178: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x177, &mut x178, x176, x126, x160); let mut x179: u32 = 0; let mut x180: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x179, &mut x180, x178, x128, x162); let mut x181: u32 = 0; let mut x182: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x181, &mut x182, x180, x130, x164); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x183, &mut x184, x182, x132, x166); let mut x185: u32 = 0; let mut x186: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x185, &mut x186, x184, x134, x168); let mut x187: u32 = 0; let mut x188: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x187, &mut x188, x186, x136, x170); let mut x189: u32 = 0; let mut x190: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x189, &mut x190, x188, x138, x172); let x191: u32 = ((x190 as u32) + (x139 as u32)); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x192, &mut x193, x2, (arg2[7])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x194, &mut x195, x2, (arg2[6])); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x196, &mut x197, x2, (arg2[5])); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x198, &mut x199, x2, (arg2[4])); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x200, &mut x201, x2, (arg2[3])); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x202, &mut x203, x2, (arg2[2])); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x204, &mut x205, x2, (arg2[1])); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x206, &mut x207, x2, (arg2[0])); let mut x208: u32 = 0; let mut x209: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x208, &mut x209, 0x0, x207, x204); let mut x210: u32 = 0; let mut x211: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x210, &mut x211, x209, x205, x202); let mut x212: u32 = 0; let mut x213: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x212, &mut x213, x211, x203, x200); let mut x214: u32 = 0; let mut x215: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x214, &mut x215, x213, x201, x198); let mut x216: u32 = 0; let mut x217: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x216, &mut x217, x215, x199, x196); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x218, &mut x219, x217, x197, x194); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x220, &mut x221, x219, x195, x192); let x222: u32 = ((x221 as u32) + x193); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x223, &mut x224, 0x0, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x229, &mut x230, x228, x181, x212); let mut x231: u32 = 0; let mut x232: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x231, &mut x232, x230, x183, x214); let mut x233: u32 = 0; let mut x234: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x233, &mut x234, x232, x185, x216); let mut x235: u32 = 0; let mut x236: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x235, &mut x236, x234, x187, x218); let mut x237: u32 = 0; let mut x238: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x237, &mut x238, x236, x189, x220); let mut x239: u32 = 0; let mut x240: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x239, &mut x240, x238, x191, x222); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x241, &mut x242, x223, 0xd2253531); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x243, &mut x244, x241, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x245, &mut x246, x241, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x247, &mut x248, x241, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x249, &mut x250, x241, 0xffffffff); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x251, &mut x252, x241, 0xffffffff); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x253, &mut x254, x241, 0xffffffff); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x255, &mut x256, x241, 0xfffffffe); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x257, &mut x258, x241, 0xfffffc2f); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x259, &mut x260, 0x0, x258, x255); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x261, &mut x262, x260, x256, x253); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x263, &mut x264, x262, x254, x251); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x265, &mut x266, x264, x252, x249); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x267, &mut x268, x266, x250, x247); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x269, &mut x270, x268, x248, x245); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x271, &mut x272, x270, x246, x243); let x273: u32 = ((x272 as u32) + x244); let mut x274: u32 = 0; let mut x275: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x274, &mut x275, 0x0, x223, x257); let mut x276: u32 = 0; let mut x277: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x276, &mut x277, x275, x225, x259); let mut x278: u32 = 0; let mut x279: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x278, &mut x279, x277, x227, x261); let mut x280: u32 = 0; let mut x281: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x280, &mut x281, x279, x229, x263); let mut x282: u32 = 0; let mut x283: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x282, &mut x283, x281, x231, x265); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x284, &mut x285, x283, x233, x267); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x286, &mut x287, x285, x235, x269); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x288, &mut x289, x287, x237, x271); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x290, &mut x291, x289, x239, x273); let x292: u32 = ((x291 as u32) + (x240 as u32)); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x293, &mut x294, x3, (arg2[7])); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x295, &mut x296, x3, (arg2[6])); let mut x297: u32 = 0; let mut x298: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x297, &mut x298, x3, (arg2[5])); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x299, &mut x300, x3, (arg2[4])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x301, &mut x302, x3, (arg2[3])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x303, &mut x304, x3, (arg2[2])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x305, &mut x306, x3, (arg2[1])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x307, &mut x308, x3, (arg2[0])); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x311, &mut x312, x310, x306, x303); let mut x313: u32 = 0; let mut x314: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x313, &mut x314, x312, x304, x301); let mut x315: u32 = 0; let mut x316: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x315, &mut x316, x314, x302, x299); let mut x317: u32 = 0; let mut x318: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x317, &mut x318, x316, x300, x297); let mut x319: u32 = 0; let mut x320: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x319, &mut x320, x318, x298, x295); let mut x321: u32 = 0; let mut x322: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x321, &mut x322, x320, x296, x293); let x323: u32 = ((x322 as u32) + x294); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x324, &mut x325, 0x0, x276, x307); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x326, &mut x327, x325, x278, x309); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x328, &mut x329, x327, x280, x311); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x330, &mut x331, x329, x282, x313); let mut x332: u32 = 0; let mut x333: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x332, &mut x333, x331, x284, x315); let mut x334: u32 = 0; let mut x335: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x334, &mut x335, x333, x286, x317); let mut x336: u32 = 0; let mut x337: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x336, &mut x337, x335, x288, x319); let mut x338: u32 = 0; let mut x339: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x338, &mut x339, x337, x290, x321); let mut x340: u32 = 0; let mut x341: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x340, &mut x341, x339, x292, x323); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x342, &mut x343, x324, 0xd2253531); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x350, &mut x351, x342, 0xffffffff); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x352, &mut x353, x342, 0xffffffff); let mut x354: u32 = 0; let mut x355: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x354, &mut x355, x342, 0xffffffff); let mut x356: u32 = 0; let mut x357: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x356, &mut x357, x342, 0xfffffffe); let mut x358: u32 = 0; let mut x359: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x358, &mut x359, x342, 0xfffffc2f); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x360, &mut x361, 0x0, x359, x356); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x362, &mut x363, x361, x357, x354); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x364, &mut x365, x363, x355, x352); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x366, &mut x367, x365, x353, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x368, &mut x369, x367, x351, x348); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x370, &mut x371, x369, x349, x346); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x372, &mut x373, x371, x347, x344); let x374: u32 = ((x373 as u32) + x345); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x375, &mut x376, 0x0, x324, x358); let mut x377: u32 = 0; let mut x378: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x377, &mut x378, x376, x326, x360); let mut x379: u32 = 0; let mut x380: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x379, &mut x380, x378, x328, x362); let mut x381: u32 = 0; let mut x382: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x381, &mut x382, x380, x330, x364); let mut x383: u32 = 0; let mut x384: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x383, &mut x384, x382, x332, x366); let mut x385: u32 = 0; let mut x386: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x385, &mut x386, x384, x334, x368); let mut x387: u32 = 0; let mut x388: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x387, &mut x388, x386, x336, x370); let mut x389: u32 = 0; let mut x390: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x389, &mut x390, x388, x338, x372); let mut x391: u32 = 0; let mut x392: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x391, &mut x392, x390, x340, x374); let x393: u32 = ((x392 as u32) + (x341 as u32)); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x394, &mut x395, x4, (arg2[7])); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x396, &mut x397, x4, (arg2[6])); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x398, &mut x399, x4, (arg2[5])); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x400, &mut x401, x4, (arg2[4])); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x402, &mut x403, x4, (arg2[3])); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x404, &mut x405, x4, (arg2[2])); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x406, &mut x407, x4, (arg2[1])); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x408, &mut x409, x4, (arg2[0])); let mut x410: u32 = 0; let mut x411: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x410, &mut x411, 0x0, x409, x406); let mut x412: u32 = 0; let mut x413: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x412, &mut x413, x411, x407, x404); let mut x414: u32 = 0; let mut x415: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x414, &mut x415, x413, x405, x402); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x416, &mut x417, x415, x403, x400); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x418, &mut x419, x417, x401, x398); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x420, &mut x421, x419, x399, x396); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x422, &mut x423, x421, x397, x394); let x424: u32 = ((x423 as u32) + x395); let mut x425: u32 = 0; let mut x426: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x425, &mut x426, 0x0, x377, x408); let mut x427: u32 = 0; let mut x428: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x427, &mut x428, x426, x379, x410); let mut x429: u32 = 0; let mut x430: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x429, &mut x430, x428, x381, x412); let mut x431: u32 = 0; let mut x432: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x431, &mut x432, x430, x383, x414); let mut x433: u32 = 0; let mut x434: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x433, &mut x434, x432, x385, x416); let mut x435: u32 = 0; let mut x436: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x435, &mut x436, x434, x387, x418); let mut x437: u32 = 0; let mut x438: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x437, &mut x438, x436, x389, x420); let mut x439: u32 = 0; let mut x440: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x439, &mut x440, x438, x391, x422); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x441, &mut x442, x440, x393, x424); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x443, &mut x444, x425, 0xd2253531); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x445, &mut x446, x443, 0xffffffff); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x447, &mut x448, x443, 0xffffffff); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x449, &mut x450, x443, 0xffffffff); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x451, &mut x452, x443, 0xffffffff); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x453, &mut x454, x443, 0xffffffff); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x455, &mut x456, x443, 0xffffffff); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x457, &mut x458, x443, 0xfffffffe); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x459, &mut x460, x443, 0xfffffc2f); let mut x461: u32 = 0; let mut x462: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x461, &mut x462, 0x0, x460, x457); let mut x463: u32 = 0; let mut x464: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x463, &mut x464, x462, x458, x455); let mut x465: u32 = 0; let mut x466: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x465, &mut x466, x464, x456, x453); let mut x467: u32 = 0; let mut x468: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x467, &mut x468, x466, x454, x451); let mut x469: u32 = 0; let mut x470: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x469, &mut x470, x468, x452, x449); let mut x471: u32 = 0; let mut x472: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x471, &mut x472, x470, x450, x447); let mut x473: u32 = 0; let mut x474: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x473, &mut x474, x472, x448, x445); let x475: u32 = ((x474 as u32) + x446); let mut x476: u32 = 0; let mut x477: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x476, &mut x477, 0x0, x425, x459); let mut x478: u32 = 0; let mut x479: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x478, &mut x479, x477, x427, x461); let mut x480: u32 = 0; let mut x481: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x480, &mut x481, x479, x429, x463); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x482, &mut x483, x481, x431, x465); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x484, &mut x485, x483, x433, x467); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x486, &mut x487, x485, x435, x469); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x488, &mut x489, x487, x437, x471); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x490, &mut x491, x489, x439, x473); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x492, &mut x493, x491, x441, x475); let x494: u32 = ((x493 as u32) + (x442 as u32)); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x495, &mut x496, x5, (arg2[7])); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x497, &mut x498, x5, (arg2[6])); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x499, &mut x500, x5, (arg2[5])); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x501, &mut x502, x5, (arg2[4])); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x503, &mut x504, x5, (arg2[3])); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x505, &mut x506, x5, (arg2[2])); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x507, &mut x508, x5, (arg2[1])); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x509, &mut x510, x5, (arg2[0])); let mut x511: u32 = 0; let mut x512: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x511, &mut x512, 0x0, x510, x507); let mut x513: u32 = 0; let mut x514: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x513, &mut x514, x512, x508, x505); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x515, &mut x516, x514, x506, x503); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x517, &mut x518, x516, x504, x501); let mut x519: u32 = 0; let mut x520: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x519, &mut x520, x518, x502, x499); let mut x521: u32 = 0; let mut x522: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x521, &mut x522, x520, x500, x497); let mut x523: u32 = 0; let mut x524: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x523, &mut x524, x522, x498, x495); let x525: u32 = ((x524 as u32) + x496); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x526, &mut x527, 0x0, x478, x509); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x528, &mut x529, x527, x480, x511); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x530, &mut x531, x529, x482, x513); let mut x532: u32 = 0; let mut x533: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x532, &mut x533, x531, x484, x515); let mut x534: u32 = 0; let mut x535: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x534, &mut x535, x533, x486, x517); let mut x536: u32 = 0; let mut x537: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x536, &mut x537, x535, x488, x519); let mut x538: u32 = 0; let mut x539: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x538, &mut x539, x537, x490, x521); let mut x540: u32 = 0; let mut x541: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x540, &mut x541, x539, x492, x523); let mut x542: u32 = 0; let mut x543: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x542, &mut x543, x541, x494, x525); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x544, &mut x545, x526, 0xd2253531); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x546, &mut x547, x544, 0xffffffff); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x548, &mut x549, x544, 0xffffffff); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x550, &mut x551, x544, 0xffffffff); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x552, &mut x553, x544, 0xffffffff); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x554, &mut x555, x544, 0xffffffff); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x556, &mut x557, x544, 0xffffffff); let mut x558: u32 = 0; let mut x559: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x558, &mut x559, x544, 0xfffffffe); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x560, &mut x561, x544, 0xfffffc2f); let mut x562: u32 = 0; let mut x563: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x562, &mut x563, 0x0, x561, x558); let mut x564: u32 = 0; let mut x565: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x564, &mut x565, x563, x559, x556); let mut x566: u32 = 0; let mut x567: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x566, &mut x567, x565, x557, x554); let mut x568: u32 = 0; let mut x569: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x568, &mut x569, x567, x555, x552); let mut x570: u32 = 0; let mut x571: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x570, &mut x571, x569, x553, x550); let mut x572: u32 = 0; let mut x573: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x572, &mut x573, x571, x551, x548); let mut x574: u32 = 0; let mut x575: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x574, &mut x575, x573, x549, x546); let x576: u32 = ((x575 as u32) + x547); let mut x577: u32 = 0; let mut x578: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x577, &mut x578, 0x0, x526, x560); let mut x579: u32 = 0; let mut x580: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x579, &mut x580, x578, x528, x562); let mut x581: u32 = 0; let mut x582: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x581, &mut x582, x580, x530, x564); let mut x583: u32 = 0; let mut x584: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x583, &mut x584, x582, x532, x566); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x585, &mut x586, x584, x534, x568); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x587, &mut x588, x586, x536, x570); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x589, &mut x590, x588, x538, x572); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x591, &mut x592, x590, x540, x574); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x593, &mut x594, x592, x542, x576); let x595: u32 = ((x594 as u32) + (x543 as u32)); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x596, &mut x597, x6, (arg2[7])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x598, &mut x599, x6, (arg2[6])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x600, &mut x601, x6, (arg2[5])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x602, &mut x603, x6, (arg2[4])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x604, &mut x605, x6, (arg2[3])); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x606, &mut x607, x6, (arg2[2])); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x608, &mut x609, x6, (arg2[1])); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x610, &mut x611, x6, (arg2[0])); let mut x612: u32 = 0; let mut x613: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x612, &mut x613, 0x0, x611, x608); let mut x614: u32 = 0; let mut x615: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x614, &mut x615, x613, x609, x606); let mut x616: u32 = 0; let mut x617: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x616, &mut x617, x615, x607, x604); let mut x618: u32 = 0; let mut x619: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x618, &mut x619, x617, x605, x602); let mut x620: u32 = 0; let mut x621: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x620, &mut x621, x619, x603, x600); let mut x622: u32 = 0; let mut x623: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x622, &mut x623, x621, x601, x598); let mut x624: u32 = 0; let mut x625: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x624, &mut x625, x623, x599, x596); let x626: u32 = ((x625 as u32) + x597); let mut x627: u32 = 0; let mut x628: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x627, &mut x628, 0x0, x579, x610); let mut x629: u32 = 0; let mut x630: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x629, &mut x630, x628, x581, x612); let mut x631: u32 = 0; let mut x632: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x631, &mut x632, x630, x583, x614); let mut x633: u32 = 0; let mut x634: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x633, &mut x634, x632, x585, x616); let mut x635: u32 = 0; let mut x636: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x635, &mut x636, x634, x587, x618); let mut x637: u32 = 0; let mut x638: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x637, &mut x638, x636, x589, x620); let mut x639: u32 = 0; let mut x640: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x639, &mut x640, x638, x591, x622); let mut x641: u32 = 0; let mut x642: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x641, &mut x642, x640, x593, x624); let mut x643: u32 = 0; let mut x644: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x643, &mut x644, x642, x595, x626); let mut x645: u32 = 0; let mut x646: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x645, &mut x646, x627, 0xd2253531); let mut x647: u32 = 0; let mut x648: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x647, &mut x648, x645, 0xffffffff); let mut x649: u32 = 0; let mut x650: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x649, &mut x650, x645, 0xffffffff); let mut x651: u32 = 0; let mut x652: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x651, &mut x652, x645, 0xffffffff); let mut x653: u32 = 0; let mut x654: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x653, &mut x654, x645, 0xffffffff); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x655, &mut x656, x645, 0xffffffff); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x657, &mut x658, x645, 0xffffffff); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x659, &mut x660, x645, 0xfffffffe); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x661, &mut x662, x645, 0xfffffc2f); let mut x663: u32 = 0; let mut x664: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x663, &mut x664, 0x0, x662, x659); let mut x665: u32 = 0; let mut x666: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x665, &mut x666, x664, x660, x657); let mut x667: u32 = 0; let mut x668: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x667, &mut x668, x666, x658, x655); let mut x669: u32 = 0; let mut x670: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x669, &mut x670, x668, x656, x653); let mut x671: u32 = 0; let mut x672: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x671, &mut x672, x670, x654, x651); let mut x673: u32 = 0; let mut x674: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x673, &mut x674, x672, x652, x649); let mut x675: u32 = 0; let mut x676: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x675, &mut x676, x674, x650, x647); let x677: u32 = ((x676 as u32) + x648); let mut x678: u32 = 0; let mut x679: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x678, &mut x679, 0x0, x627, x661); let mut x680: u32 = 0; let mut x681: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x680, &mut x681, x679, x629, x663); let mut x682: u32 = 0; let mut x683: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x682, &mut x683, x681, x631, x665); let mut x684: u32 = 0; let mut x685: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x684, &mut x685, x683, x633, x667); let mut x686: u32 = 0; let mut x687: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x686, &mut x687, x685, x635, x669); let mut x688: u32 = 0; let mut x689: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x688, &mut x689, x687, x637, x671); let mut x690: u32 = 0; let mut x691: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x690, &mut x691, x689, x639, x673); let mut x692: u32 = 0; let mut x693: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x692, &mut x693, x691, x641, x675); let mut x694: u32 = 0; let mut x695: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x694, &mut x695, x693, x643, x677); let x696: u32 = ((x695 as u32) + (x644 as u32)); let mut x697: u32 = 0; let mut x698: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x697, &mut x698, x7, (arg2[7])); let mut x699: u32 = 0; let mut x700: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x699, &mut x700, x7, (arg2[6])); let mut x701: u32 = 0; let mut x702: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x701, &mut x702, x7, (arg2[5])); let mut x703: u32 = 0; let mut x704: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x703, &mut x704, x7, (arg2[4])); let mut x705: u32 = 0; let mut x706: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x705, &mut x706, x7, (arg2[3])); let mut x707: u32 = 0; let mut x708: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x707, &mut x708, x7, (arg2[2])); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x709, &mut x710, x7, (arg2[1])); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x711, &mut x712, x7, (arg2[0])); let mut x713: u32 = 0; let mut x714: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x713, &mut x714, 0x0, x712, x709); let mut x715: u32 = 0; let mut x716: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x715, &mut x716, x714, x710, x707); let mut x717: u32 = 0; let mut x718: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x717, &mut x718, x716, x708, x705); let mut x719: u32 = 0; let mut x720: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x719, &mut x720, x718, x706, x703); let mut x721: u32 = 0; let mut x722: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x721, &mut x722, x720, x704, x701); let mut x723: u32 = 0; let mut x724: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x723, &mut x724, x722, x702, x699); let mut x725: u32 = 0; let mut x726: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x725, &mut x726, x724, x700, x697); let x727: u32 = ((x726 as u32) + x698); let mut x728: u32 = 0; let mut x729: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x728, &mut x729, 0x0, x680, x711); let mut x730: u32 = 0; let mut x731: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x730, &mut x731, x729, x682, x713); let mut x732: u32 = 0; let mut x733: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x732, &mut x733, x731, x684, x715); let mut x734: u32 = 0; let mut x735: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x734, &mut x735, x733, x686, x717); let mut x736: u32 = 0; let mut x737: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x736, &mut x737, x735, x688, x719); let mut x738: u32 = 0; let mut x739: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x738, &mut x739, x737, x690, x721); let mut x740: u32 = 0; let mut x741: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x740, &mut x741, x739, x692, x723); let mut x742: u32 = 0; let mut x743: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x742, &mut x743, x741, x694, x725); let mut x744: u32 = 0; let mut x745: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x744, &mut x745, x743, x696, x727); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x746, &mut x747, x728, 0xd2253531); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x748, &mut x749, x746, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x750, &mut x751, x746, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x752, &mut x753, x746, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x754, &mut x755, x746, 0xffffffff); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x756, &mut x757, x746, 0xffffffff); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x758, &mut x759, x746, 0xffffffff); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x760, &mut x761, x746, 0xfffffffe); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x762, &mut x763, x746, 0xfffffc2f); let mut x764: u32 = 0; let mut x765: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x764, &mut x765, 0x0, x763, x760); let mut x766: u32 = 0; let mut x767: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x766, &mut x767, x765, x761, x758); let mut x768: u32 = 0; let mut x769: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x768, &mut x769, x767, x759, x756); let mut x770: u32 = 0; let mut x771: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x770, &mut x771, x769, x757, x754); let mut x772: u32 = 0; let mut x773: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x772, &mut x773, x771, x755, x752); let mut x774: u32 = 0; let mut x775: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x774, &mut x775, x773, x753, x750); let mut x776: u32 = 0; let mut x777: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x776, &mut x777, x775, x751, x748); let x778: u32 = ((x777 as u32) + x749); let mut x779: u32 = 0; let mut x780: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x779, &mut x780, 0x0, x728, x762); let mut x781: u32 = 0; let mut x782: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x781, &mut x782, x780, x730, x764); let mut x783: u32 = 0; let mut x784: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x783, &mut x784, x782, x732, x766); let mut x785: u32 = 0; let mut x786: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x785, &mut x786, x784, x734, x768); let mut x787: u32 = 0; let mut x788: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x787, &mut x788, x786, x736, x770); let mut x789: u32 = 0; let mut x790: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x789, &mut x790, x788, x738, x772); let mut x791: u32 = 0; let mut x792: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x791, &mut x792, x790, x740, x774); let mut x793: u32 = 0; let mut x794: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x793, &mut x794, x792, x742, x776); let mut x795: u32 = 0; let mut x796: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x795, &mut x796, x794, x744, x778); let x797: u32 = ((x796 as u32) + (x745 as u32)); let mut x798: u32 = 0; let mut x799: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x798, &mut x799, 0x0, x781, 0xfffffc2f); let mut x800: u32 = 0; let mut x801: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x800, &mut x801, x799, x783, 0xfffffffe); let mut x802: u32 = 0; let mut x803: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x802, &mut x803, x801, x785, 0xffffffff); let mut x804: u32 = 0; let mut x805: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x804, &mut x805, x803, x787, 0xffffffff); let mut x806: u32 = 0; let mut x807: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x806, &mut x807, x805, x789, 0xffffffff); let mut x808: u32 = 0; let mut x809: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x808, &mut x809, x807, x791, 0xffffffff); let mut x810: u32 = 0; let mut x811: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x810, &mut x811, x809, x793, 0xffffffff); let mut x812: u32 = 0; let mut x813: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x812, &mut x813, x811, x795, 0xffffffff); let mut x814: u32 = 0; let mut x815: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x814, &mut x815, x813, x797, (0x0 as u32)); let mut x816: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x816, x815, x798, x781); let mut x817: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x817, x815, x800, x783); let mut x818: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x818, x815, x802, x785); let mut x819: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x819, x815, x804, x787); let mut x820: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x820, x815, x806, x789); let mut x821: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x821, x815, x808, x791); let mut x822: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x822, x815, x810, x793); let mut x823: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x823, x815, x812, x795); out1[0] = x816; out1[1] = x817; out1[2] = x818; out1[3] = x819; out1[4] = x820; out1[5] = x821; out1[6] = x822; out1[7] = x823; } /// The function fiat_secp256k1_montgomery_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_square(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x9, &mut x10, x8, (arg1[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x11, &mut x12, x8, (arg1[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x13, &mut x14, x8, (arg1[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x15, &mut x16, x8, (arg1[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x17, &mut x18, x8, (arg1[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x19, &mut x20, x8, (arg1[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x21, &mut x22, x8, (arg1[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x23, &mut x24, x8, (arg1[0])); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x40, &mut x41, x23, 0xd2253531); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x48, &mut x49, x40, 0xffffffff); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x50, &mut x51, x40, 0xffffffff); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x52, &mut x53, x40, 0xffffffff); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x54, &mut x55, x40, 0xfffffffe); let mut x56: u32 = 0; let mut x57: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x56, &mut x57, x40, 0xfffffc2f); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x58, &mut x59, 0x0, x57, x54); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x60, &mut x61, x59, x55, x52); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x62, &mut x63, x61, x53, x50); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x64, &mut x65, x63, x51, x48); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x66, &mut x67, x65, x49, x46); let mut x68: u32 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x68, &mut x69, x67, x47, x44); let mut x70: u32 = 0; let mut x71: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x70, &mut x71, x69, x45, x42); let x72: u32 = ((x71 as u32) + x43); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x73, &mut x74, 0x0, x23, x56); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x75, &mut x76, x74, x25, x58); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x77, &mut x78, x76, x27, x60); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x79, &mut x80, x78, x29, x62); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x81, &mut x82, x80, x31, x64); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x83, &mut x84, x82, x33, x66); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x85, &mut x86, x84, x35, x68); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x87, &mut x88, x86, x37, x70); let mut x89: u32 = 0; let mut x90: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x89, &mut x90, x88, x39, x72); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x91, &mut x92, x1, (arg1[7])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x93, &mut x94, x1, (arg1[6])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x95, &mut x96, x1, (arg1[5])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x97, &mut x98, x1, (arg1[4])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x99, &mut x100, x1, (arg1[3])); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x101, &mut x102, x1, (arg1[2])); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x103, &mut x104, x1, (arg1[1])); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x105, &mut x106, x1, (arg1[0])); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x107, &mut x108, 0x0, x106, x103); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x109, &mut x110, x108, x104, x101); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x111, &mut x112, x110, x102, x99); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x113, &mut x114, x112, x100, x97); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x115, &mut x116, x114, x98, x95); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x117, &mut x118, x116, x96, x93); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x119, &mut x120, x118, x94, x91); let x121: u32 = ((x120 as u32) + x92); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x122, &mut x123, 0x0, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x132, &mut x133, x131, x85, x115); let mut x134: u32 = 0; let mut x135: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x134, &mut x135, x133, x87, x117); let mut x136: u32 = 0; let mut x137: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x136, &mut x137, x135, x89, x119); let mut x138: u32 = 0; let mut x139: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x138, &mut x139, x137, (x90 as u32), x121); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x140, &mut x141, x122, 0xd2253531); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x142, &mut x143, x140, 0xffffffff); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x144, &mut x145, x140, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x146, &mut x147, x140, 0xffffffff); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x148, &mut x149, x140, 0xffffffff); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x150, &mut x151, x140, 0xffffffff); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x152, &mut x153, x140, 0xffffffff); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x154, &mut x155, x140, 0xfffffffe); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x156, &mut x157, x140, 0xfffffc2f); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x160, &mut x161, x159, x155, x152); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x162, &mut x163, x161, x153, x150); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x164, &mut x165, x163, x151, x148); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x166, &mut x167, x165, x149, x146); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x168, &mut x169, x167, x147, x144); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x170, &mut x171, x169, x145, x142); let x172: u32 = ((x171 as u32) + x143); let mut x173: u32 = 0; let mut x174: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x173, &mut x174, 0x0, x122, x156); let mut x175: u32 = 0; let mut x176: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x175, &mut x176, x174, x124, x158); let mut x177: u32 = 0; let mut x178: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x177, &mut x178, x176, x126, x160); let mut x179: u32 = 0; let mut x180: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x179, &mut x180, x178, x128, x162); let mut x181: u32 = 0; let mut x182: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x181, &mut x182, x180, x130, x164); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x183, &mut x184, x182, x132, x166); let mut x185: u32 = 0; let mut x186: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x185, &mut x186, x184, x134, x168); let mut x187: u32 = 0; let mut x188: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x187, &mut x188, x186, x136, x170); let mut x189: u32 = 0; let mut x190: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x189, &mut x190, x188, x138, x172); let x191: u32 = ((x190 as u32) + (x139 as u32)); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x192, &mut x193, x2, (arg1[7])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x194, &mut x195, x2, (arg1[6])); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x196, &mut x197, x2, (arg1[5])); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x198, &mut x199, x2, (arg1[4])); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x200, &mut x201, x2, (arg1[3])); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x202, &mut x203, x2, (arg1[2])); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x204, &mut x205, x2, (arg1[1])); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x206, &mut x207, x2, (arg1[0])); let mut x208: u32 = 0; let mut x209: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x208, &mut x209, 0x0, x207, x204); let mut x210: u32 = 0; let mut x211: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x210, &mut x211, x209, x205, x202); let mut x212: u32 = 0; let mut x213: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x212, &mut x213, x211, x203, x200); let mut x214: u32 = 0; let mut x215: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x214, &mut x215, x213, x201, x198); let mut x216: u32 = 0; let mut x217: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x216, &mut x217, x215, x199, x196); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x218, &mut x219, x217, x197, x194); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x220, &mut x221, x219, x195, x192); let x222: u32 = ((x221 as u32) + x193); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x223, &mut x224, 0x0, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x229, &mut x230, x228, x181, x212); let mut x231: u32 = 0; let mut x232: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x231, &mut x232, x230, x183, x214); let mut x233: u32 = 0; let mut x234: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x233, &mut x234, x232, x185, x216); let mut x235: u32 = 0; let mut x236: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x235, &mut x236, x234, x187, x218); let mut x237: u32 = 0; let mut x238: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x237, &mut x238, x236, x189, x220); let mut x239: u32 = 0; let mut x240: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x239, &mut x240, x238, x191, x222); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x241, &mut x242, x223, 0xd2253531); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x243, &mut x244, x241, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x245, &mut x246, x241, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x247, &mut x248, x241, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x249, &mut x250, x241, 0xffffffff); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x251, &mut x252, x241, 0xffffffff); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x253, &mut x254, x241, 0xffffffff); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x255, &mut x256, x241, 0xfffffffe); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x257, &mut x258, x241, 0xfffffc2f); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x259, &mut x260, 0x0, x258, x255); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x261, &mut x262, x260, x256, x253); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x263, &mut x264, x262, x254, x251); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x265, &mut x266, x264, x252, x249); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x267, &mut x268, x266, x250, x247); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x269, &mut x270, x268, x248, x245); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x271, &mut x272, x270, x246, x243); let x273: u32 = ((x272 as u32) + x244); let mut x274: u32 = 0; let mut x275: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x274, &mut x275, 0x0, x223, x257); let mut x276: u32 = 0; let mut x277: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x276, &mut x277, x275, x225, x259); let mut x278: u32 = 0; let mut x279: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x278, &mut x279, x277, x227, x261); let mut x280: u32 = 0; let mut x281: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x280, &mut x281, x279, x229, x263); let mut x282: u32 = 0; let mut x283: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x282, &mut x283, x281, x231, x265); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x284, &mut x285, x283, x233, x267); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x286, &mut x287, x285, x235, x269); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x288, &mut x289, x287, x237, x271); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x290, &mut x291, x289, x239, x273); let x292: u32 = ((x291 as u32) + (x240 as u32)); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x293, &mut x294, x3, (arg1[7])); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x295, &mut x296, x3, (arg1[6])); let mut x297: u32 = 0; let mut x298: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x297, &mut x298, x3, (arg1[5])); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x299, &mut x300, x3, (arg1[4])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x301, &mut x302, x3, (arg1[3])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x303, &mut x304, x3, (arg1[2])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x305, &mut x306, x3, (arg1[1])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x307, &mut x308, x3, (arg1[0])); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x311, &mut x312, x310, x306, x303); let mut x313: u32 = 0; let mut x314: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x313, &mut x314, x312, x304, x301); let mut x315: u32 = 0; let mut x316: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x315, &mut x316, x314, x302, x299); let mut x317: u32 = 0; let mut x318: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x317, &mut x318, x316, x300, x297); let mut x319: u32 = 0; let mut x320: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x319, &mut x320, x318, x298, x295); let mut x321: u32 = 0; let mut x322: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x321, &mut x322, x320, x296, x293); let x323: u32 = ((x322 as u32) + x294); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x324, &mut x325, 0x0, x276, x307); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x326, &mut x327, x325, x278, x309); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x328, &mut x329, x327, x280, x311); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x330, &mut x331, x329, x282, x313); let mut x332: u32 = 0; let mut x333: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x332, &mut x333, x331, x284, x315); let mut x334: u32 = 0; let mut x335: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x334, &mut x335, x333, x286, x317); let mut x336: u32 = 0; let mut x337: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x336, &mut x337, x335, x288, x319); let mut x338: u32 = 0; let mut x339: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x338, &mut x339, x337, x290, x321); let mut x340: u32 = 0; let mut x341: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x340, &mut x341, x339, x292, x323); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x342, &mut x343, x324, 0xd2253531); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x350, &mut x351, x342, 0xffffffff); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x352, &mut x353, x342, 0xffffffff); let mut x354: u32 = 0; let mut x355: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x354, &mut x355, x342, 0xffffffff); let mut x356: u32 = 0; let mut x357: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x356, &mut x357, x342, 0xfffffffe); let mut x358: u32 = 0; let mut x359: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x358, &mut x359, x342, 0xfffffc2f); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x360, &mut x361, 0x0, x359, x356); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x362, &mut x363, x361, x357, x354); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x364, &mut x365, x363, x355, x352); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x366, &mut x367, x365, x353, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x368, &mut x369, x367, x351, x348); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x370, &mut x371, x369, x349, x346); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x372, &mut x373, x371, x347, x344); let x374: u32 = ((x373 as u32) + x345); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x375, &mut x376, 0x0, x324, x358); let mut x377: u32 = 0; let mut x378: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x377, &mut x378, x376, x326, x360); let mut x379: u32 = 0; let mut x380: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x379, &mut x380, x378, x328, x362); let mut x381: u32 = 0; let mut x382: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x381, &mut x382, x380, x330, x364); let mut x383: u32 = 0; let mut x384: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x383, &mut x384, x382, x332, x366); let mut x385: u32 = 0; let mut x386: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x385, &mut x386, x384, x334, x368); let mut x387: u32 = 0; let mut x388: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x387, &mut x388, x386, x336, x370); let mut x389: u32 = 0; let mut x390: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x389, &mut x390, x388, x338, x372); let mut x391: u32 = 0; let mut x392: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x391, &mut x392, x390, x340, x374); let x393: u32 = ((x392 as u32) + (x341 as u32)); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x394, &mut x395, x4, (arg1[7])); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x396, &mut x397, x4, (arg1[6])); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x398, &mut x399, x4, (arg1[5])); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x400, &mut x401, x4, (arg1[4])); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x402, &mut x403, x4, (arg1[3])); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x404, &mut x405, x4, (arg1[2])); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x406, &mut x407, x4, (arg1[1])); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x408, &mut x409, x4, (arg1[0])); let mut x410: u32 = 0; let mut x411: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x410, &mut x411, 0x0, x409, x406); let mut x412: u32 = 0; let mut x413: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x412, &mut x413, x411, x407, x404); let mut x414: u32 = 0; let mut x415: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x414, &mut x415, x413, x405, x402); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x416, &mut x417, x415, x403, x400); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x418, &mut x419, x417, x401, x398); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x420, &mut x421, x419, x399, x396); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x422, &mut x423, x421, x397, x394); let x424: u32 = ((x423 as u32) + x395); let mut x425: u32 = 0; let mut x426: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x425, &mut x426, 0x0, x377, x408); let mut x427: u32 = 0; let mut x428: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x427, &mut x428, x426, x379, x410); let mut x429: u32 = 0; let mut x430: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x429, &mut x430, x428, x381, x412); let mut x431: u32 = 0; let mut x432: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x431, &mut x432, x430, x383, x414); let mut x433: u32 = 0; let mut x434: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x433, &mut x434, x432, x385, x416); let mut x435: u32 = 0; let mut x436: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x435, &mut x436, x434, x387, x418); let mut x437: u32 = 0; let mut x438: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x437, &mut x438, x436, x389, x420); let mut x439: u32 = 0; let mut x440: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x439, &mut x440, x438, x391, x422); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x441, &mut x442, x440, x393, x424); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x443, &mut x444, x425, 0xd2253531); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x445, &mut x446, x443, 0xffffffff); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x447, &mut x448, x443, 0xffffffff); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x449, &mut x450, x443, 0xffffffff); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x451, &mut x452, x443, 0xffffffff); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x453, &mut x454, x443, 0xffffffff); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x455, &mut x456, x443, 0xffffffff); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x457, &mut x458, x443, 0xfffffffe); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x459, &mut x460, x443, 0xfffffc2f); let mut x461: u32 = 0; let mut x462: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x461, &mut x462, 0x0, x460, x457); let mut x463: u32 = 0; let mut x464: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x463, &mut x464, x462, x458, x455); let mut x465: u32 = 0; let mut x466: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x465, &mut x466, x464, x456, x453); let mut x467: u32 = 0; let mut x468: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x467, &mut x468, x466, x454, x451); let mut x469: u32 = 0; let mut x470: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x469, &mut x470, x468, x452, x449); let mut x471: u32 = 0; let mut x472: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x471, &mut x472, x470, x450, x447); let mut x473: u32 = 0; let mut x474: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x473, &mut x474, x472, x448, x445); let x475: u32 = ((x474 as u32) + x446); let mut x476: u32 = 0; let mut x477: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x476, &mut x477, 0x0, x425, x459); let mut x478: u32 = 0; let mut x479: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x478, &mut x479, x477, x427, x461); let mut x480: u32 = 0; let mut x481: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x480, &mut x481, x479, x429, x463); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x482, &mut x483, x481, x431, x465); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x484, &mut x485, x483, x433, x467); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x486, &mut x487, x485, x435, x469); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x488, &mut x489, x487, x437, x471); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x490, &mut x491, x489, x439, x473); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x492, &mut x493, x491, x441, x475); let x494: u32 = ((x493 as u32) + (x442 as u32)); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x495, &mut x496, x5, (arg1[7])); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x497, &mut x498, x5, (arg1[6])); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x499, &mut x500, x5, (arg1[5])); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x501, &mut x502, x5, (arg1[4])); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x503, &mut x504, x5, (arg1[3])); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x505, &mut x506, x5, (arg1[2])); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x507, &mut x508, x5, (arg1[1])); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x509, &mut x510, x5, (arg1[0])); let mut x511: u32 = 0; let mut x512: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x511, &mut x512, 0x0, x510, x507); let mut x513: u32 = 0; let mut x514: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x513, &mut x514, x512, x508, x505); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x515, &mut x516, x514, x506, x503); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x517, &mut x518, x516, x504, x501); let mut x519: u32 = 0; let mut x520: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x519, &mut x520, x518, x502, x499); let mut x521: u32 = 0; let mut x522: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x521, &mut x522, x520, x500, x497); let mut x523: u32 = 0; let mut x524: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x523, &mut x524, x522, x498, x495); let x525: u32 = ((x524 as u32) + x496); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x526, &mut x527, 0x0, x478, x509); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x528, &mut x529, x527, x480, x511); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x530, &mut x531, x529, x482, x513); let mut x532: u32 = 0; let mut x533: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x532, &mut x533, x531, x484, x515); let mut x534: u32 = 0; let mut x535: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x534, &mut x535, x533, x486, x517); let mut x536: u32 = 0; let mut x537: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x536, &mut x537, x535, x488, x519); let mut x538: u32 = 0; let mut x539: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x538, &mut x539, x537, x490, x521); let mut x540: u32 = 0; let mut x541: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x540, &mut x541, x539, x492, x523); let mut x542: u32 = 0; let mut x543: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x542, &mut x543, x541, x494, x525); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x544, &mut x545, x526, 0xd2253531); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x546, &mut x547, x544, 0xffffffff); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x548, &mut x549, x544, 0xffffffff); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x550, &mut x551, x544, 0xffffffff); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x552, &mut x553, x544, 0xffffffff); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x554, &mut x555, x544, 0xffffffff); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x556, &mut x557, x544, 0xffffffff); let mut x558: u32 = 0; let mut x559: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x558, &mut x559, x544, 0xfffffffe); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x560, &mut x561, x544, 0xfffffc2f); let mut x562: u32 = 0; let mut x563: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x562, &mut x563, 0x0, x561, x558); let mut x564: u32 = 0; let mut x565: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x564, &mut x565, x563, x559, x556); let mut x566: u32 = 0; let mut x567: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x566, &mut x567, x565, x557, x554); let mut x568: u32 = 0; let mut x569: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x568, &mut x569, x567, x555, x552); let mut x570: u32 = 0; let mut x571: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x570, &mut x571, x569, x553, x550); let mut x572: u32 = 0; let mut x573: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x572, &mut x573, x571, x551, x548); let mut x574: u32 = 0; let mut x575: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x574, &mut x575, x573, x549, x546); let x576: u32 = ((x575 as u32) + x547); let mut x577: u32 = 0; let mut x578: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x577, &mut x578, 0x0, x526, x560); let mut x579: u32 = 0; let mut x580: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x579, &mut x580, x578, x528, x562); let mut x581: u32 = 0; let mut x582: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x581, &mut x582, x580, x530, x564); let mut x583: u32 = 0; let mut x584: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x583, &mut x584, x582, x532, x566); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x585, &mut x586, x584, x534, x568); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x587, &mut x588, x586, x536, x570); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x589, &mut x590, x588, x538, x572); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x591, &mut x592, x590, x540, x574); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x593, &mut x594, x592, x542, x576); let x595: u32 = ((x594 as u32) + (x543 as u32)); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x596, &mut x597, x6, (arg1[7])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x598, &mut x599, x6, (arg1[6])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x600, &mut x601, x6, (arg1[5])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x602, &mut x603, x6, (arg1[4])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x604, &mut x605, x6, (arg1[3])); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x606, &mut x607, x6, (arg1[2])); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x608, &mut x609, x6, (arg1[1])); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x610, &mut x611, x6, (arg1[0])); let mut x612: u32 = 0; let mut x613: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x612, &mut x613, 0x0, x611, x608); let mut x614: u32 = 0; let mut x615: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x614, &mut x615, x613, x609, x606); let mut x616: u32 = 0; let mut x617: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x616, &mut x617, x615, x607, x604); let mut x618: u32 = 0; let mut x619: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x618, &mut x619, x617, x605, x602); let mut x620: u32 = 0; let mut x621: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x620, &mut x621, x619, x603, x600); let mut x622: u32 = 0; let mut x623: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x622, &mut x623, x621, x601, x598); let mut x624: u32 = 0; let mut x625: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x624, &mut x625, x623, x599, x596); let x626: u32 = ((x625 as u32) + x597); let mut x627: u32 = 0; let mut x628: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x627, &mut x628, 0x0, x579, x610); let mut x629: u32 = 0; let mut x630: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x629, &mut x630, x628, x581, x612); let mut x631: u32 = 0; let mut x632: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x631, &mut x632, x630, x583, x614); let mut x633: u32 = 0; let mut x634: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x633, &mut x634, x632, x585, x616); let mut x635: u32 = 0; let mut x636: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x635, &mut x636, x634, x587, x618); let mut x637: u32 = 0; let mut x638: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x637, &mut x638, x636, x589, x620); let mut x639: u32 = 0; let mut x640: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x639, &mut x640, x638, x591, x622); let mut x641: u32 = 0; let mut x642: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x641, &mut x642, x640, x593, x624); let mut x643: u32 = 0; let mut x644: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x643, &mut x644, x642, x595, x626); let mut x645: u32 = 0; let mut x646: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x645, &mut x646, x627, 0xd2253531); let mut x647: u32 = 0; let mut x648: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x647, &mut x648, x645, 0xffffffff); let mut x649: u32 = 0; let mut x650: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x649, &mut x650, x645, 0xffffffff); let mut x651: u32 = 0; let mut x652: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x651, &mut x652, x645, 0xffffffff); let mut x653: u32 = 0; let mut x654: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x653, &mut x654, x645, 0xffffffff); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x655, &mut x656, x645, 0xffffffff); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x657, &mut x658, x645, 0xffffffff); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x659, &mut x660, x645, 0xfffffffe); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x661, &mut x662, x645, 0xfffffc2f); let mut x663: u32 = 0; let mut x664: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x663, &mut x664, 0x0, x662, x659); let mut x665: u32 = 0; let mut x666: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x665, &mut x666, x664, x660, x657); let mut x667: u32 = 0; let mut x668: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x667, &mut x668, x666, x658, x655); let mut x669: u32 = 0; let mut x670: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x669, &mut x670, x668, x656, x653); let mut x671: u32 = 0; let mut x672: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x671, &mut x672, x670, x654, x651); let mut x673: u32 = 0; let mut x674: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x673, &mut x674, x672, x652, x649); let mut x675: u32 = 0; let mut x676: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x675, &mut x676, x674, x650, x647); let x677: u32 = ((x676 as u32) + x648); let mut x678: u32 = 0; let mut x679: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x678, &mut x679, 0x0, x627, x661); let mut x680: u32 = 0; let mut x681: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x680, &mut x681, x679, x629, x663); let mut x682: u32 = 0; let mut x683: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x682, &mut x683, x681, x631, x665); let mut x684: u32 = 0; let mut x685: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x684, &mut x685, x683, x633, x667); let mut x686: u32 = 0; let mut x687: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x686, &mut x687, x685, x635, x669); let mut x688: u32 = 0; let mut x689: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x688, &mut x689, x687, x637, x671); let mut x690: u32 = 0; let mut x691: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x690, &mut x691, x689, x639, x673); let mut x692: u32 = 0; let mut x693: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x692, &mut x693, x691, x641, x675); let mut x694: u32 = 0; let mut x695: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x694, &mut x695, x693, x643, x677); let x696: u32 = ((x695 as u32) + (x644 as u32)); let mut x697: u32 = 0; let mut x698: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x697, &mut x698, x7, (arg1[7])); let mut x699: u32 = 0; let mut x700: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x699, &mut x700, x7, (arg1[6])); let mut x701: u32 = 0; let mut x702: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x701, &mut x702, x7, (arg1[5])); let mut x703: u32 = 0; let mut x704: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x703, &mut x704, x7, (arg1[4])); let mut x705: u32 = 0; let mut x706: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x705, &mut x706, x7, (arg1[3])); let mut x707: u32 = 0; let mut x708: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x707, &mut x708, x7, (arg1[2])); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x709, &mut x710, x7, (arg1[1])); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x711, &mut x712, x7, (arg1[0])); let mut x713: u32 = 0; let mut x714: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x713, &mut x714, 0x0, x712, x709); let mut x715: u32 = 0; let mut x716: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x715, &mut x716, x714, x710, x707); let mut x717: u32 = 0; let mut x718: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x717, &mut x718, x716, x708, x705); let mut x719: u32 = 0; let mut x720: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x719, &mut x720, x718, x706, x703); let mut x721: u32 = 0; let mut x722: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x721, &mut x722, x720, x704, x701); let mut x723: u32 = 0; let mut x724: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x723, &mut x724, x722, x702, x699); let mut x725: u32 = 0; let mut x726: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x725, &mut x726, x724, x700, x697); let x727: u32 = ((x726 as u32) + x698); let mut x728: u32 = 0; let mut x729: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x728, &mut x729, 0x0, x680, x711); let mut x730: u32 = 0; let mut x731: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x730, &mut x731, x729, x682, x713); let mut x732: u32 = 0; let mut x733: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x732, &mut x733, x731, x684, x715); let mut x734: u32 = 0; let mut x735: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x734, &mut x735, x733, x686, x717); let mut x736: u32 = 0; let mut x737: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x736, &mut x737, x735, x688, x719); let mut x738: u32 = 0; let mut x739: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x738, &mut x739, x737, x690, x721); let mut x740: u32 = 0; let mut x741: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x740, &mut x741, x739, x692, x723); let mut x742: u32 = 0; let mut x743: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x742, &mut x743, x741, x694, x725); let mut x744: u32 = 0; let mut x745: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x744, &mut x745, x743, x696, x727); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x746, &mut x747, x728, 0xd2253531); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x748, &mut x749, x746, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x750, &mut x751, x746, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x752, &mut x753, x746, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x754, &mut x755, x746, 0xffffffff); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x756, &mut x757, x746, 0xffffffff); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x758, &mut x759, x746, 0xffffffff); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x760, &mut x761, x746, 0xfffffffe); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x762, &mut x763, x746, 0xfffffc2f); let mut x764: u32 = 0; let mut x765: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x764, &mut x765, 0x0, x763, x760); let mut x766: u32 = 0; let mut x767: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x766, &mut x767, x765, x761, x758); let mut x768: u32 = 0; let mut x769: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x768, &mut x769, x767, x759, x756); let mut x770: u32 = 0; let mut x771: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x770, &mut x771, x769, x757, x754); let mut x772: u32 = 0; let mut x773: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x772, &mut x773, x771, x755, x752); let mut x774: u32 = 0; let mut x775: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x774, &mut x775, x773, x753, x750); let mut x776: u32 = 0; let mut x777: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x776, &mut x777, x775, x751, x748); let x778: u32 = ((x777 as u32) + x749); let mut x779: u32 = 0; let mut x780: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x779, &mut x780, 0x0, x728, x762); let mut x781: u32 = 0; let mut x782: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x781, &mut x782, x780, x730, x764); let mut x783: u32 = 0; let mut x784: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x783, &mut x784, x782, x732, x766); let mut x785: u32 = 0; let mut x786: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x785, &mut x786, x784, x734, x768); let mut x787: u32 = 0; let mut x788: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x787, &mut x788, x786, x736, x770); let mut x789: u32 = 0; let mut x790: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x789, &mut x790, x788, x738, x772); let mut x791: u32 = 0; let mut x792: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x791, &mut x792, x790, x740, x774); let mut x793: u32 = 0; let mut x794: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x793, &mut x794, x792, x742, x776); let mut x795: u32 = 0; let mut x796: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x795, &mut x796, x794, x744, x778); let x797: u32 = ((x796 as u32) + (x745 as u32)); let mut x798: u32 = 0; let mut x799: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x798, &mut x799, 0x0, x781, 0xfffffc2f); let mut x800: u32 = 0; let mut x801: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x800, &mut x801, x799, x783, 0xfffffffe); let mut x802: u32 = 0; let mut x803: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x802, &mut x803, x801, x785, 0xffffffff); let mut x804: u32 = 0; let mut x805: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x804, &mut x805, x803, x787, 0xffffffff); let mut x806: u32 = 0; let mut x807: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x806, &mut x807, x805, x789, 0xffffffff); let mut x808: u32 = 0; let mut x809: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x808, &mut x809, x807, x791, 0xffffffff); let mut x810: u32 = 0; let mut x811: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x810, &mut x811, x809, x793, 0xffffffff); let mut x812: u32 = 0; let mut x813: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x812, &mut x813, x811, x795, 0xffffffff); let mut x814: u32 = 0; let mut x815: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x814, &mut x815, x813, x797, (0x0 as u32)); let mut x816: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x816, x815, x798, x781); let mut x817: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x817, x815, x800, x783); let mut x818: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x818, x815, x802, x785); let mut x819: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x819, x815, x804, x787); let mut x820: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x820, x815, x806, x789); let mut x821: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x821, x815, x808, x791); let mut x822: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x822, x815, x810, x793); let mut x823: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x823, x815, x812, x795); out1[0] = x816; out1[1] = x817; out1[2] = x818; out1[3] = x819; out1[4] = x820; out1[5] = x821; out1[6] = x822; out1[7] = x823; } /// The function fiat_secp256k1_montgomery_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_add(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x17, &mut x18, 0x0, x1, 0xfffffc2f); let mut x19: u32 = 0; let mut x20: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x19, &mut x20, x18, x3, 0xfffffffe); let mut x21: u32 = 0; let mut x22: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x21, &mut x22, x20, x5, 0xffffffff); let mut x23: u32 = 0; let mut x24: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x23, &mut x24, x22, x7, 0xffffffff); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x25, &mut x26, x24, x9, 0xffffffff); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x27, &mut x28, x26, x11, 0xffffffff); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x29, &mut x30, x28, x13, 0xffffffff); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x31, &mut x32, x30, x15, 0xffffffff); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x33, &mut x34, x32, (x16 as u32), (0x0 as u32)); let mut x35: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x35, x34, x17, x1); let mut x36: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x36, x34, x19, x3); let mut x37: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x37, x34, x21, x5); let mut x38: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x38, x34, x23, x7); let mut x39: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x39, x34, x25, x9); let mut x40: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x40, x34, x27, x11); let mut x41: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x41, x34, x29, x13); let mut x42: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x42, x34, x31, x15); out1[0] = x35; out1[1] = x36; out1[2] = x37; out1[3] = x38; out1[4] = x39; out1[5] = x40; out1[6] = x41; out1[7] = x42; } /// The function fiat_secp256k1_montgomery_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_sub(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xfffffc2f)); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xfffffffe)); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x22, &mut x23, x21, x5, x17); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x24, &mut x25, x23, x7, x17); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x26, &mut x27, x25, x9, x17); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x30, &mut x31, x29, x13, x17); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_secp256k1_montgomery_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_opp(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xfffffc2f)); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xfffffffe)); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x22, &mut x23, x21, x5, x17); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x24, &mut x25, x23, x7, x17); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x26, &mut x27, x25, x9, x17); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x30, &mut x31, x29, x13, x17); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_secp256k1_montgomery_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_from_montgomery(out1: &mut fiat_secp256k1_montgomery_non_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x2, &mut x3, x1, 0xd2253531); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x6, &mut x7, x2, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x8, &mut x9, x2, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x10, &mut x11, x2, 0xffffffff); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x12, &mut x13, x2, 0xffffffff); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x14, &mut x15, x2, 0xffffffff); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x16, &mut x17, x2, 0xfffffffe); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x18, &mut x19, x2, 0xfffffc2f); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x20, &mut x21, 0x0, x19, x16); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x22, &mut x23, x21, x17, x14); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x24, &mut x25, x23, x15, x12); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x26, &mut x27, x25, x13, x10); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x28, &mut x29, x27, x11, x8); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x30, &mut x31, x29, x9, x6); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x32, &mut x33, x31, x7, x4); let mut x34: u32 = 0; let mut x35: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x34, &mut x35, 0x0, x1, x18); let mut x36: u32 = 0; let mut x37: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x36, &mut x37, x35, (0x0 as u32), x20); let mut x38: u32 = 0; let mut x39: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x38, &mut x39, x37, (0x0 as u32), x22); let mut x40: u32 = 0; let mut x41: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x40, &mut x41, x39, (0x0 as u32), x24); let mut x42: u32 = 0; let mut x43: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), x26); let mut x44: u32 = 0; let mut x45: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x44, &mut x45, x43, (0x0 as u32), x28); let mut x46: u32 = 0; let mut x47: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x46, &mut x47, x45, (0x0 as u32), x30); let mut x48: u32 = 0; let mut x49: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x48, &mut x49, x47, (0x0 as u32), x32); let mut x50: u32 = 0; let mut x51: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x50, &mut x51, x49, (0x0 as u32), ((x33 as u32) + x5)); let mut x52: u32 = 0; let mut x53: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x52, &mut x53, 0x0, x36, (arg1[1])); let mut x54: u32 = 0; let mut x55: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x54, &mut x55, x53, x38, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x56, &mut x57, x55, x40, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x58, &mut x59, x57, x42, (0x0 as u32)); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x60, &mut x61, x59, x44, (0x0 as u32)); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x62, &mut x63, x61, x46, (0x0 as u32)); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x64, &mut x65, x63, x48, (0x0 as u32)); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x66, &mut x67, x65, x50, (0x0 as u32)); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x68, &mut x69, x52, 0xd2253531); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x70, &mut x71, x68, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x72, &mut x73, x68, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x74, &mut x75, x68, 0xffffffff); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x76, &mut x77, x68, 0xffffffff); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x78, &mut x79, x68, 0xffffffff); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x80, &mut x81, x68, 0xffffffff); let mut x82: u32 = 0; let mut x83: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x82, &mut x83, x68, 0xfffffffe); let mut x84: u32 = 0; let mut x85: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x84, &mut x85, x68, 0xfffffc2f); let mut x86: u32 = 0; let mut x87: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x86, &mut x87, 0x0, x85, x82); let mut x88: u32 = 0; let mut x89: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x88, &mut x89, x87, x83, x80); let mut x90: u32 = 0; let mut x91: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x90, &mut x91, x89, x81, x78); let mut x92: u32 = 0; let mut x93: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x92, &mut x93, x91, x79, x76); let mut x94: u32 = 0; let mut x95: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x94, &mut x95, x93, x77, x74); let mut x96: u32 = 0; let mut x97: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x96, &mut x97, x95, x75, x72); let mut x98: u32 = 0; let mut x99: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x98, &mut x99, x97, x73, x70); let mut x100: u32 = 0; let mut x101: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x100, &mut x101, 0x0, x52, x84); let mut x102: u32 = 0; let mut x103: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x102, &mut x103, x101, x54, x86); let mut x104: u32 = 0; let mut x105: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x104, &mut x105, x103, x56, x88); let mut x106: u32 = 0; let mut x107: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x106, &mut x107, x105, x58, x90); let mut x108: u32 = 0; let mut x109: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x108, &mut x109, x107, x60, x92); let mut x110: u32 = 0; let mut x111: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x110, &mut x111, x109, x62, x94); let mut x112: u32 = 0; let mut x113: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x112, &mut x113, x111, x64, x96); let mut x114: u32 = 0; let mut x115: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x114, &mut x115, x113, x66, x98); let mut x116: u32 = 0; let mut x117: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x116, &mut x117, x115, ((x67 as u32) + (x51 as u32)), ((x99 as u32) + x71)); let mut x118: u32 = 0; let mut x119: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x118, &mut x119, 0x0, x102, (arg1[2])); let mut x120: u32 = 0; let mut x121: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x120, &mut x121, x119, x104, (0x0 as u32)); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x122, &mut x123, x121, x106, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x124, &mut x125, x123, x108, (0x0 as u32)); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x126, &mut x127, x125, x110, (0x0 as u32)); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x128, &mut x129, x127, x112, (0x0 as u32)); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x130, &mut x131, x129, x114, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x132, &mut x133, x131, x116, (0x0 as u32)); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x134, &mut x135, x118, 0xd2253531); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x136, &mut x137, x134, 0xffffffff); let mut x138: u32 = 0; let mut x139: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x138, &mut x139, x134, 0xffffffff); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x140, &mut x141, x134, 0xffffffff); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x142, &mut x143, x134, 0xffffffff); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x144, &mut x145, x134, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x146, &mut x147, x134, 0xffffffff); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x148, &mut x149, x134, 0xfffffffe); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x150, &mut x151, x134, 0xfffffc2f); let mut x152: u32 = 0; let mut x153: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x152, &mut x153, 0x0, x151, x148); let mut x154: u32 = 0; let mut x155: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x154, &mut x155, x153, x149, x146); let mut x156: u32 = 0; let mut x157: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x156, &mut x157, x155, x147, x144); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x158, &mut x159, x157, x145, x142); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x160, &mut x161, x159, x143, x140); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x162, &mut x163, x161, x141, x138); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x164, &mut x165, x163, x139, x136); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x166, &mut x167, 0x0, x118, x150); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x168, &mut x169, x167, x120, x152); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x170, &mut x171, x169, x122, x154); let mut x172: u32 = 0; let mut x173: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x172, &mut x173, x171, x124, x156); let mut x174: u32 = 0; let mut x175: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x174, &mut x175, x173, x126, x158); let mut x176: u32 = 0; let mut x177: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x176, &mut x177, x175, x128, x160); let mut x178: u32 = 0; let mut x179: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x178, &mut x179, x177, x130, x162); let mut x180: u32 = 0; let mut x181: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x180, &mut x181, x179, x132, x164); let mut x182: u32 = 0; let mut x183: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x182, &mut x183, x181, ((x133 as u32) + (x117 as u32)), ((x165 as u32) + x137)); let mut x184: u32 = 0; let mut x185: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x184, &mut x185, 0x0, x168, (arg1[3])); let mut x186: u32 = 0; let mut x187: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x186, &mut x187, x185, x170, (0x0 as u32)); let mut x188: u32 = 0; let mut x189: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x188, &mut x189, x187, x172, (0x0 as u32)); let mut x190: u32 = 0; let mut x191: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x190, &mut x191, x189, x174, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x192, &mut x193, x191, x176, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x194, &mut x195, x193, x178, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x196, &mut x197, x195, x180, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x198, &mut x199, x197, x182, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x200, &mut x201, x184, 0xd2253531); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x202, &mut x203, x200, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x204, &mut x205, x200, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x206, &mut x207, x200, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x208, &mut x209, x200, 0xffffffff); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x210, &mut x211, x200, 0xffffffff); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x212, &mut x213, x200, 0xffffffff); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x214, &mut x215, x200, 0xfffffffe); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x216, &mut x217, x200, 0xfffffc2f); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x218, &mut x219, 0x0, x217, x214); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x220, &mut x221, x219, x215, x212); let mut x222: u32 = 0; let mut x223: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x222, &mut x223, x221, x213, x210); let mut x224: u32 = 0; let mut x225: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x224, &mut x225, x223, x211, x208); let mut x226: u32 = 0; let mut x227: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x226, &mut x227, x225, x209, x206); let mut x228: u32 = 0; let mut x229: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x228, &mut x229, x227, x207, x204); let mut x230: u32 = 0; let mut x231: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x230, &mut x231, x229, x205, x202); let mut x232: u32 = 0; let mut x233: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x232, &mut x233, 0x0, x184, x216); let mut x234: u32 = 0; let mut x235: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x234, &mut x235, x233, x186, x218); let mut x236: u32 = 0; let mut x237: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x236, &mut x237, x235, x188, x220); let mut x238: u32 = 0; let mut x239: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x238, &mut x239, x237, x190, x222); let mut x240: u32 = 0; let mut x241: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x240, &mut x241, x239, x192, x224); let mut x242: u32 = 0; let mut x243: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x242, &mut x243, x241, x194, x226); let mut x244: u32 = 0; let mut x245: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x244, &mut x245, x243, x196, x228); let mut x246: u32 = 0; let mut x247: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x246, &mut x247, x245, x198, x230); let mut x248: u32 = 0; let mut x249: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x248, &mut x249, x247, ((x199 as u32) + (x183 as u32)), ((x231 as u32) + x203)); let mut x250: u32 = 0; let mut x251: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x250, &mut x251, 0x0, x234, (arg1[4])); let mut x252: u32 = 0; let mut x253: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x252, &mut x253, x251, x236, (0x0 as u32)); let mut x254: u32 = 0; let mut x255: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x254, &mut x255, x253, x238, (0x0 as u32)); let mut x256: u32 = 0; let mut x257: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x256, &mut x257, x255, x240, (0x0 as u32)); let mut x258: u32 = 0; let mut x259: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x258, &mut x259, x257, x242, (0x0 as u32)); let mut x260: u32 = 0; let mut x261: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x260, &mut x261, x259, x244, (0x0 as u32)); let mut x262: u32 = 0; let mut x263: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x262, &mut x263, x261, x246, (0x0 as u32)); let mut x264: u32 = 0; let mut x265: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x264, &mut x265, x263, x248, (0x0 as u32)); let mut x266: u32 = 0; let mut x267: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x266, &mut x267, x250, 0xd2253531); let mut x268: u32 = 0; let mut x269: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x268, &mut x269, x266, 0xffffffff); let mut x270: u32 = 0; let mut x271: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x270, &mut x271, x266, 0xffffffff); let mut x272: u32 = 0; let mut x273: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x272, &mut x273, x266, 0xffffffff); let mut x274: u32 = 0; let mut x275: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x274, &mut x275, x266, 0xffffffff); let mut x276: u32 = 0; let mut x277: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x276, &mut x277, x266, 0xffffffff); let mut x278: u32 = 0; let mut x279: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x278, &mut x279, x266, 0xffffffff); let mut x280: u32 = 0; let mut x281: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x280, &mut x281, x266, 0xfffffffe); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x282, &mut x283, x266, 0xfffffc2f); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x284, &mut x285, 0x0, x283, x280); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x286, &mut x287, x285, x281, x278); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x288, &mut x289, x287, x279, x276); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x290, &mut x291, x289, x277, x274); let mut x292: u32 = 0; let mut x293: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x292, &mut x293, x291, x275, x272); let mut x294: u32 = 0; let mut x295: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x294, &mut x295, x293, x273, x270); let mut x296: u32 = 0; let mut x297: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x296, &mut x297, x295, x271, x268); let mut x298: u32 = 0; let mut x299: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x298, &mut x299, 0x0, x250, x282); let mut x300: u32 = 0; let mut x301: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x300, &mut x301, x299, x252, x284); let mut x302: u32 = 0; let mut x303: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x302, &mut x303, x301, x254, x286); let mut x304: u32 = 0; let mut x305: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x304, &mut x305, x303, x256, x288); let mut x306: u32 = 0; let mut x307: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x306, &mut x307, x305, x258, x290); let mut x308: u32 = 0; let mut x309: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x308, &mut x309, x307, x260, x292); let mut x310: u32 = 0; let mut x311: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x310, &mut x311, x309, x262, x294); let mut x312: u32 = 0; let mut x313: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x312, &mut x313, x311, x264, x296); let mut x314: u32 = 0; let mut x315: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x314, &mut x315, x313, ((x265 as u32) + (x249 as u32)), ((x297 as u32) + x269)); let mut x316: u32 = 0; let mut x317: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x316, &mut x317, 0x0, x300, (arg1[5])); let mut x318: u32 = 0; let mut x319: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x318, &mut x319, x317, x302, (0x0 as u32)); let mut x320: u32 = 0; let mut x321: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x320, &mut x321, x319, x304, (0x0 as u32)); let mut x322: u32 = 0; let mut x323: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x322, &mut x323, x321, x306, (0x0 as u32)); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x324, &mut x325, x323, x308, (0x0 as u32)); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x326, &mut x327, x325, x310, (0x0 as u32)); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x328, &mut x329, x327, x312, (0x0 as u32)); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x330, &mut x331, x329, x314, (0x0 as u32)); let mut x332: u32 = 0; let mut x333: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x332, &mut x333, x316, 0xd2253531); let mut x334: u32 = 0; let mut x335: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x334, &mut x335, x332, 0xffffffff); let mut x336: u32 = 0; let mut x337: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x336, &mut x337, x332, 0xffffffff); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x338, &mut x339, x332, 0xffffffff); let mut x340: u32 = 0; let mut x341: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x340, &mut x341, x332, 0xffffffff); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x342, &mut x343, x332, 0xffffffff); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x344, &mut x345, x332, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x346, &mut x347, x332, 0xfffffffe); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x348, &mut x349, x332, 0xfffffc2f); let mut x350: u32 = 0; let mut x351: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x350, &mut x351, 0x0, x349, x346); let mut x352: u32 = 0; let mut x353: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x352, &mut x353, x351, x347, x344); let mut x354: u32 = 0; let mut x355: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x354, &mut x355, x353, x345, x342); let mut x356: u32 = 0; let mut x357: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x356, &mut x357, x355, x343, x340); let mut x358: u32 = 0; let mut x359: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x358, &mut x359, x357, x341, x338); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x360, &mut x361, x359, x339, x336); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x362, &mut x363, x361, x337, x334); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x364, &mut x365, 0x0, x316, x348); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x366, &mut x367, x365, x318, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x368, &mut x369, x367, x320, x352); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x370, &mut x371, x369, x322, x354); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x372, &mut x373, x371, x324, x356); let mut x374: u32 = 0; let mut x375: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x374, &mut x375, x373, x326, x358); let mut x376: u32 = 0; let mut x377: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x376, &mut x377, x375, x328, x360); let mut x378: u32 = 0; let mut x379: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x378, &mut x379, x377, x330, x362); let mut x380: u32 = 0; let mut x381: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x380, &mut x381, x379, ((x331 as u32) + (x315 as u32)), ((x363 as u32) + x335)); let mut x382: u32 = 0; let mut x383: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x382, &mut x383, 0x0, x366, (arg1[6])); let mut x384: u32 = 0; let mut x385: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x384, &mut x385, x383, x368, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x386, &mut x387, x385, x370, (0x0 as u32)); let mut x388: u32 = 0; let mut x389: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x388, &mut x389, x387, x372, (0x0 as u32)); let mut x390: u32 = 0; let mut x391: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x390, &mut x391, x389, x374, (0x0 as u32)); let mut x392: u32 = 0; let mut x393: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x392, &mut x393, x391, x376, (0x0 as u32)); let mut x394: u32 = 0; let mut x395: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x394, &mut x395, x393, x378, (0x0 as u32)); let mut x396: u32 = 0; let mut x397: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x396, &mut x397, x395, x380, (0x0 as u32)); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x398, &mut x399, x382, 0xd2253531); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x400, &mut x401, x398, 0xffffffff); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x402, &mut x403, x398, 0xffffffff); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x404, &mut x405, x398, 0xffffffff); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x406, &mut x407, x398, 0xffffffff); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x408, &mut x409, x398, 0xffffffff); let mut x410: u32 = 0; let mut x411: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x410, &mut x411, x398, 0xffffffff); let mut x412: u32 = 0; let mut x413: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x412, &mut x413, x398, 0xfffffffe); let mut x414: u32 = 0; let mut x415: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x414, &mut x415, x398, 0xfffffc2f); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x416, &mut x417, 0x0, x415, x412); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x418, &mut x419, x417, x413, x410); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x420, &mut x421, x419, x411, x408); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x422, &mut x423, x421, x409, x406); let mut x424: u32 = 0; let mut x425: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x424, &mut x425, x423, x407, x404); let mut x426: u32 = 0; let mut x427: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x426, &mut x427, x425, x405, x402); let mut x428: u32 = 0; let mut x429: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x428, &mut x429, x427, x403, x400); let mut x430: u32 = 0; let mut x431: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x430, &mut x431, 0x0, x382, x414); let mut x432: u32 = 0; let mut x433: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x432, &mut x433, x431, x384, x416); let mut x434: u32 = 0; let mut x435: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x434, &mut x435, x433, x386, x418); let mut x436: u32 = 0; let mut x437: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x436, &mut x437, x435, x388, x420); let mut x438: u32 = 0; let mut x439: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x438, &mut x439, x437, x390, x422); let mut x440: u32 = 0; let mut x441: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x440, &mut x441, x439, x392, x424); let mut x442: u32 = 0; let mut x443: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x442, &mut x443, x441, x394, x426); let mut x444: u32 = 0; let mut x445: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x444, &mut x445, x443, x396, x428); let mut x446: u32 = 0; let mut x447: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x446, &mut x447, x445, ((x397 as u32) + (x381 as u32)), ((x429 as u32) + x401)); let mut x448: u32 = 0; let mut x449: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x448, &mut x449, 0x0, x432, (arg1[7])); let mut x450: u32 = 0; let mut x451: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x450, &mut x451, x449, x434, (0x0 as u32)); let mut x452: u32 = 0; let mut x453: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x452, &mut x453, x451, x436, (0x0 as u32)); let mut x454: u32 = 0; let mut x455: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x454, &mut x455, x453, x438, (0x0 as u32)); let mut x456: u32 = 0; let mut x457: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x456, &mut x457, x455, x440, (0x0 as u32)); let mut x458: u32 = 0; let mut x459: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x458, &mut x459, x457, x442, (0x0 as u32)); let mut x460: u32 = 0; let mut x461: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x460, &mut x461, x459, x444, (0x0 as u32)); let mut x462: u32 = 0; let mut x463: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x462, &mut x463, x461, x446, (0x0 as u32)); let mut x464: u32 = 0; let mut x465: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x464, &mut x465, x448, 0xd2253531); let mut x466: u32 = 0; let mut x467: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x466, &mut x467, x464, 0xffffffff); let mut x468: u32 = 0; let mut x469: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x468, &mut x469, x464, 0xffffffff); let mut x470: u32 = 0; let mut x471: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x470, &mut x471, x464, 0xffffffff); let mut x472: u32 = 0; let mut x473: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x472, &mut x473, x464, 0xffffffff); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x474, &mut x475, x464, 0xffffffff); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x476, &mut x477, x464, 0xffffffff); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x478, &mut x479, x464, 0xfffffffe); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x480, &mut x481, x464, 0xfffffc2f); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x482, &mut x483, 0x0, x481, x478); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x484, &mut x485, x483, x479, x476); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x486, &mut x487, x485, x477, x474); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x488, &mut x489, x487, x475, x472); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x490, &mut x491, x489, x473, x470); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x492, &mut x493, x491, x471, x468); let mut x494: u32 = 0; let mut x495: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x494, &mut x495, x493, x469, x466); let mut x496: u32 = 0; let mut x497: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x496, &mut x497, 0x0, x448, x480); let mut x498: u32 = 0; let mut x499: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x498, &mut x499, x497, x450, x482); let mut x500: u32 = 0; let mut x501: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x500, &mut x501, x499, x452, x484); let mut x502: u32 = 0; let mut x503: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x502, &mut x503, x501, x454, x486); let mut x504: u32 = 0; let mut x505: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x504, &mut x505, x503, x456, x488); let mut x506: u32 = 0; let mut x507: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x506, &mut x507, x505, x458, x490); let mut x508: u32 = 0; let mut x509: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x508, &mut x509, x507, x460, x492); let mut x510: u32 = 0; let mut x511: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x510, &mut x511, x509, x462, x494); let mut x512: u32 = 0; let mut x513: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x512, &mut x513, x511, ((x463 as u32) + (x447 as u32)), ((x495 as u32) + x467)); let mut x514: u32 = 0; let mut x515: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x514, &mut x515, 0x0, x498, 0xfffffc2f); let mut x516: u32 = 0; let mut x517: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x516, &mut x517, x515, x500, 0xfffffffe); let mut x518: u32 = 0; let mut x519: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x518, &mut x519, x517, x502, 0xffffffff); let mut x520: u32 = 0; let mut x521: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x520, &mut x521, x519, x504, 0xffffffff); let mut x522: u32 = 0; let mut x523: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x522, &mut x523, x521, x506, 0xffffffff); let mut x524: u32 = 0; let mut x525: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x524, &mut x525, x523, x508, 0xffffffff); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x526, &mut x527, x525, x510, 0xffffffff); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x528, &mut x529, x527, x512, 0xffffffff); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x530, &mut x531, x529, (x513 as u32), (0x0 as u32)); let mut x532: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x532, x531, x514, x498); let mut x533: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x533, x531, x516, x500); let mut x534: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x534, x531, x518, x502); let mut x535: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x535, x531, x520, x504); let mut x536: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x536, x531, x522, x506); let mut x537: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x537, x531, x524, x508); let mut x538: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x538, x531, x526, x510); let mut x539: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x539, x531, x528, x512); out1[0] = x532; out1[1] = x533; out1[2] = x534; out1[3] = x535; out1[4] = x536; out1[5] = x537; out1[6] = x538; out1[7] = x539; } /// The function fiat_secp256k1_montgomery_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_to_montgomery(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x9, &mut x10, x8, 0x7a2); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x11, &mut x12, x8, 0xe90a1); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x15, &mut x16, x14, x10, x8); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x17, &mut x18, x11, 0xd2253531); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x19, &mut x20, x17, 0xffffffff); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x21, &mut x22, x17, 0xffffffff); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x23, &mut x24, x17, 0xffffffff); let mut x25: u32 = 0; let mut x26: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x25, &mut x26, x17, 0xffffffff); let mut x27: u32 = 0; let mut x28: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x27, &mut x28, x17, 0xffffffff); let mut x29: u32 = 0; let mut x30: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x29, &mut x30, x17, 0xffffffff); let mut x31: u32 = 0; let mut x32: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x31, &mut x32, x17, 0xfffffffe); let mut x33: u32 = 0; let mut x34: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x33, &mut x34, x17, 0xfffffc2f); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x35, &mut x36, 0x0, x34, x31); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x37, &mut x38, x36, x32, x29); let mut x39: u32 = 0; let mut x40: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x39, &mut x40, x38, x30, x27); let mut x41: u32 = 0; let mut x42: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x41, &mut x42, x40, x28, x25); let mut x43: u32 = 0; let mut x44: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x43, &mut x44, x42, x26, x23); let mut x45: u32 = 0; let mut x46: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x45, &mut x46, x44, x24, x21); let mut x47: u32 = 0; let mut x48: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x47, &mut x48, x46, x22, x19); let mut x49: u32 = 0; let mut x50: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x49, &mut x50, 0x0, x11, x33); let mut x51: u32 = 0; let mut x52: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x51, &mut x52, x50, x13, x35); let mut x53: u32 = 0; let mut x54: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x53, &mut x54, x52, x15, x37); let mut x55: u32 = 0; let mut x56: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x55, &mut x56, x54, (x16 as u32), x39); let mut x57: u32 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x57, &mut x58, x56, (0x0 as u32), x41); let mut x59: u32 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x59, &mut x60, x58, (0x0 as u32), x43); let mut x61: u32 = 0; let mut x62: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x61, &mut x62, x60, (0x0 as u32), x45); let mut x63: u32 = 0; let mut x64: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x63, &mut x64, x62, (0x0 as u32), x47); let mut x65: u32 = 0; let mut x66: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x65, &mut x66, x64, (0x0 as u32), ((x48 as u32) + x20)); let mut x67: u32 = 0; let mut x68: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x67, &mut x68, x1, 0x7a2); let mut x69: u32 = 0; let mut x70: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x69, &mut x70, x1, 0xe90a1); let mut x71: u32 = 0; let mut x72: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x71, &mut x72, 0x0, x70, x67); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x73, &mut x74, x72, x68, x1); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x75, &mut x76, 0x0, x51, x69); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x77, &mut x78, x76, x53, x71); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x79, &mut x80, x78, x55, x73); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x81, &mut x82, x80, x57, (x74 as u32)); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x83, &mut x84, x82, x59, (0x0 as u32)); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x85, &mut x86, x84, x61, (0x0 as u32)); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x87, &mut x88, x86, x63, (0x0 as u32)); let mut x89: u32 = 0; let mut x90: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x89, &mut x90, x88, x65, (0x0 as u32)); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x91, &mut x92, x75, 0xd2253531); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x93, &mut x94, x91, 0xffffffff); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x95, &mut x96, x91, 0xffffffff); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x97, &mut x98, x91, 0xffffffff); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x99, &mut x100, x91, 0xffffffff); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x101, &mut x102, x91, 0xffffffff); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x103, &mut x104, x91, 0xffffffff); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x105, &mut x106, x91, 0xfffffffe); let mut x107: u32 = 0; let mut x108: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x107, &mut x108, x91, 0xfffffc2f); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x109, &mut x110, 0x0, x108, x105); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x111, &mut x112, x110, x106, x103); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x113, &mut x114, x112, x104, x101); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x115, &mut x116, x114, x102, x99); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x117, &mut x118, x116, x100, x97); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x119, &mut x120, x118, x98, x95); let mut x121: u32 = 0; let mut x122: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x121, &mut x122, x120, x96, x93); let mut x123: u32 = 0; let mut x124: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x123, &mut x124, 0x0, x75, x107); let mut x125: u32 = 0; let mut x126: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x125, &mut x126, x124, x77, x109); let mut x127: u32 = 0; let mut x128: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x127, &mut x128, x126, x79, x111); let mut x129: u32 = 0; let mut x130: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x129, &mut x130, x128, x81, x113); let mut x131: u32 = 0; let mut x132: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x131, &mut x132, x130, x83, x115); let mut x133: u32 = 0; let mut x134: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x133, &mut x134, x132, x85, x117); let mut x135: u32 = 0; let mut x136: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x135, &mut x136, x134, x87, x119); let mut x137: u32 = 0; let mut x138: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x137, &mut x138, x136, x89, x121); let mut x139: u32 = 0; let mut x140: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x139, &mut x140, x138, ((x90 as u32) + (x66 as u32)), ((x122 as u32) + x94)); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x141, &mut x142, x2, 0x7a2); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x143, &mut x144, x2, 0xe90a1); let mut x145: u32 = 0; let mut x146: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x145, &mut x146, 0x0, x144, x141); let mut x147: u32 = 0; let mut x148: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x147, &mut x148, x146, x142, x2); let mut x149: u32 = 0; let mut x150: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x149, &mut x150, 0x0, x125, x143); let mut x151: u32 = 0; let mut x152: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x151, &mut x152, x150, x127, x145); let mut x153: u32 = 0; let mut x154: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x153, &mut x154, x152, x129, x147); let mut x155: u32 = 0; let mut x156: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x155, &mut x156, x154, x131, (x148 as u32)); let mut x157: u32 = 0; let mut x158: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x157, &mut x158, x156, x133, (0x0 as u32)); let mut x159: u32 = 0; let mut x160: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x159, &mut x160, x158, x135, (0x0 as u32)); let mut x161: u32 = 0; let mut x162: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x161, &mut x162, x160, x137, (0x0 as u32)); let mut x163: u32 = 0; let mut x164: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x163, &mut x164, x162, x139, (0x0 as u32)); let mut x165: u32 = 0; let mut x166: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x165, &mut x166, x149, 0xd2253531); let mut x167: u32 = 0; let mut x168: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x167, &mut x168, x165, 0xffffffff); let mut x169: u32 = 0; let mut x170: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x169, &mut x170, x165, 0xffffffff); let mut x171: u32 = 0; let mut x172: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x171, &mut x172, x165, 0xffffffff); let mut x173: u32 = 0; let mut x174: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x173, &mut x174, x165, 0xffffffff); let mut x175: u32 = 0; let mut x176: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x175, &mut x176, x165, 0xffffffff); let mut x177: u32 = 0; let mut x178: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x177, &mut x178, x165, 0xffffffff); let mut x179: u32 = 0; let mut x180: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x179, &mut x180, x165, 0xfffffffe); let mut x181: u32 = 0; let mut x182: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x181, &mut x182, x165, 0xfffffc2f); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x183, &mut x184, 0x0, x182, x179); let mut x185: u32 = 0; let mut x186: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x185, &mut x186, x184, x180, x177); let mut x187: u32 = 0; let mut x188: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x187, &mut x188, x186, x178, x175); let mut x189: u32 = 0; let mut x190: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x189, &mut x190, x188, x176, x173); let mut x191: u32 = 0; let mut x192: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x191, &mut x192, x190, x174, x171); let mut x193: u32 = 0; let mut x194: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x193, &mut x194, x192, x172, x169); let mut x195: u32 = 0; let mut x196: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x195, &mut x196, x194, x170, x167); let mut x197: u32 = 0; let mut x198: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x197, &mut x198, 0x0, x149, x181); let mut x199: u32 = 0; let mut x200: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x199, &mut x200, x198, x151, x183); let mut x201: u32 = 0; let mut x202: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x201, &mut x202, x200, x153, x185); let mut x203: u32 = 0; let mut x204: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x203, &mut x204, x202, x155, x187); let mut x205: u32 = 0; let mut x206: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x205, &mut x206, x204, x157, x189); let mut x207: u32 = 0; let mut x208: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x207, &mut x208, x206, x159, x191); let mut x209: u32 = 0; let mut x210: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x209, &mut x210, x208, x161, x193); let mut x211: u32 = 0; let mut x212: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x211, &mut x212, x210, x163, x195); let mut x213: u32 = 0; let mut x214: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x213, &mut x214, x212, ((x164 as u32) + (x140 as u32)), ((x196 as u32) + x168)); let mut x215: u32 = 0; let mut x216: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x215, &mut x216, x3, 0x7a2); let mut x217: u32 = 0; let mut x218: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x217, &mut x218, x3, 0xe90a1); let mut x219: u32 = 0; let mut x220: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x219, &mut x220, 0x0, x218, x215); let mut x221: u32 = 0; let mut x222: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x221, &mut x222, x220, x216, x3); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x223, &mut x224, 0x0, x199, x217); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x225, &mut x226, x224, x201, x219); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x227, &mut x228, x226, x203, x221); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x229, &mut x230, x228, x205, (x222 as u32)); let mut x231: u32 = 0; let mut x232: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x231, &mut x232, x230, x207, (0x0 as u32)); let mut x233: u32 = 0; let mut x234: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x233, &mut x234, x232, x209, (0x0 as u32)); let mut x235: u32 = 0; let mut x236: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x235, &mut x236, x234, x211, (0x0 as u32)); let mut x237: u32 = 0; let mut x238: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x237, &mut x238, x236, x213, (0x0 as u32)); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x239, &mut x240, x223, 0xd2253531); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x241, &mut x242, x239, 0xffffffff); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x243, &mut x244, x239, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x245, &mut x246, x239, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x247, &mut x248, x239, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x249, &mut x250, x239, 0xffffffff); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x251, &mut x252, x239, 0xffffffff); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x253, &mut x254, x239, 0xfffffffe); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x255, &mut x256, x239, 0xfffffc2f); let mut x257: u32 = 0; let mut x258: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x257, &mut x258, 0x0, x256, x253); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x259, &mut x260, x258, x254, x251); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x261, &mut x262, x260, x252, x249); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x263, &mut x264, x262, x250, x247); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x265, &mut x266, x264, x248, x245); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x267, &mut x268, x266, x246, x243); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x269, &mut x270, x268, x244, x241); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x271, &mut x272, 0x0, x223, x255); let mut x273: u32 = 0; let mut x274: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x273, &mut x274, x272, x225, x257); let mut x275: u32 = 0; let mut x276: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x275, &mut x276, x274, x227, x259); let mut x277: u32 = 0; let mut x278: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x277, &mut x278, x276, x229, x261); let mut x279: u32 = 0; let mut x280: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x279, &mut x280, x278, x231, x263); let mut x281: u32 = 0; let mut x282: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x281, &mut x282, x280, x233, x265); let mut x283: u32 = 0; let mut x284: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x283, &mut x284, x282, x235, x267); let mut x285: u32 = 0; let mut x286: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x285, &mut x286, x284, x237, x269); let mut x287: u32 = 0; let mut x288: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x287, &mut x288, x286, ((x238 as u32) + (x214 as u32)), ((x270 as u32) + x242)); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x289, &mut x290, x4, 0x7a2); let mut x291: u32 = 0; let mut x292: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x291, &mut x292, x4, 0xe90a1); let mut x293: u32 = 0; let mut x294: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x293, &mut x294, 0x0, x292, x289); let mut x295: u32 = 0; let mut x296: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x295, &mut x296, x294, x290, x4); let mut x297: u32 = 0; let mut x298: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x297, &mut x298, 0x0, x273, x291); let mut x299: u32 = 0; let mut x300: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x299, &mut x300, x298, x275, x293); let mut x301: u32 = 0; let mut x302: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x301, &mut x302, x300, x277, x295); let mut x303: u32 = 0; let mut x304: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x303, &mut x304, x302, x279, (x296 as u32)); let mut x305: u32 = 0; let mut x306: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x305, &mut x306, x304, x281, (0x0 as u32)); let mut x307: u32 = 0; let mut x308: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x307, &mut x308, x306, x283, (0x0 as u32)); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x309, &mut x310, x308, x285, (0x0 as u32)); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x311, &mut x312, x310, x287, (0x0 as u32)); let mut x313: u32 = 0; let mut x314: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x313, &mut x314, x297, 0xd2253531); let mut x315: u32 = 0; let mut x316: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x315, &mut x316, x313, 0xffffffff); let mut x317: u32 = 0; let mut x318: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x317, &mut x318, x313, 0xffffffff); let mut x319: u32 = 0; let mut x320: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x319, &mut x320, x313, 0xffffffff); let mut x321: u32 = 0; let mut x322: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x321, &mut x322, x313, 0xffffffff); let mut x323: u32 = 0; let mut x324: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x323, &mut x324, x313, 0xffffffff); let mut x325: u32 = 0; let mut x326: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x325, &mut x326, x313, 0xffffffff); let mut x327: u32 = 0; let mut x328: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x327, &mut x328, x313, 0xfffffffe); let mut x329: u32 = 0; let mut x330: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x329, &mut x330, x313, 0xfffffc2f); let mut x331: u32 = 0; let mut x332: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x331, &mut x332, 0x0, x330, x327); let mut x333: u32 = 0; let mut x334: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x333, &mut x334, x332, x328, x325); let mut x335: u32 = 0; let mut x336: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x335, &mut x336, x334, x326, x323); let mut x337: u32 = 0; let mut x338: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x337, &mut x338, x336, x324, x321); let mut x339: u32 = 0; let mut x340: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x339, &mut x340, x338, x322, x319); let mut x341: u32 = 0; let mut x342: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x341, &mut x342, x340, x320, x317); let mut x343: u32 = 0; let mut x344: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x343, &mut x344, x342, x318, x315); let mut x345: u32 = 0; let mut x346: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x345, &mut x346, 0x0, x297, x329); let mut x347: u32 = 0; let mut x348: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x347, &mut x348, x346, x299, x331); let mut x349: u32 = 0; let mut x350: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x349, &mut x350, x348, x301, x333); let mut x351: u32 = 0; let mut x352: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x351, &mut x352, x350, x303, x335); let mut x353: u32 = 0; let mut x354: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x353, &mut x354, x352, x305, x337); let mut x355: u32 = 0; let mut x356: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x355, &mut x356, x354, x307, x339); let mut x357: u32 = 0; let mut x358: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x357, &mut x358, x356, x309, x341); let mut x359: u32 = 0; let mut x360: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x359, &mut x360, x358, x311, x343); let mut x361: u32 = 0; let mut x362: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x361, &mut x362, x360, ((x312 as u32) + (x288 as u32)), ((x344 as u32) + x316)); let mut x363: u32 = 0; let mut x364: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x363, &mut x364, x5, 0x7a2); let mut x365: u32 = 0; let mut x366: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x365, &mut x366, x5, 0xe90a1); let mut x367: u32 = 0; let mut x368: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x367, &mut x368, 0x0, x366, x363); let mut x369: u32 = 0; let mut x370: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x369, &mut x370, x368, x364, x5); let mut x371: u32 = 0; let mut x372: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x371, &mut x372, 0x0, x347, x365); let mut x373: u32 = 0; let mut x374: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x373, &mut x374, x372, x349, x367); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x375, &mut x376, x374, x351, x369); let mut x377: u32 = 0; let mut x378: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x377, &mut x378, x376, x353, (x370 as u32)); let mut x379: u32 = 0; let mut x380: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x379, &mut x380, x378, x355, (0x0 as u32)); let mut x381: u32 = 0; let mut x382: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x381, &mut x382, x380, x357, (0x0 as u32)); let mut x383: u32 = 0; let mut x384: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x383, &mut x384, x382, x359, (0x0 as u32)); let mut x385: u32 = 0; let mut x386: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x385, &mut x386, x384, x361, (0x0 as u32)); let mut x387: u32 = 0; let mut x388: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x387, &mut x388, x371, 0xd2253531); let mut x389: u32 = 0; let mut x390: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x389, &mut x390, x387, 0xffffffff); let mut x391: u32 = 0; let mut x392: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x391, &mut x392, x387, 0xffffffff); let mut x393: u32 = 0; let mut x394: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x393, &mut x394, x387, 0xffffffff); let mut x395: u32 = 0; let mut x396: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x395, &mut x396, x387, 0xffffffff); let mut x397: u32 = 0; let mut x398: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x397, &mut x398, x387, 0xffffffff); let mut x399: u32 = 0; let mut x400: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x399, &mut x400, x387, 0xffffffff); let mut x401: u32 = 0; let mut x402: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x401, &mut x402, x387, 0xfffffffe); let mut x403: u32 = 0; let mut x404: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x403, &mut x404, x387, 0xfffffc2f); let mut x405: u32 = 0; let mut x406: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x405, &mut x406, 0x0, x404, x401); let mut x407: u32 = 0; let mut x408: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x407, &mut x408, x406, x402, x399); let mut x409: u32 = 0; let mut x410: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x409, &mut x410, x408, x400, x397); let mut x411: u32 = 0; let mut x412: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x411, &mut x412, x410, x398, x395); let mut x413: u32 = 0; let mut x414: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x413, &mut x414, x412, x396, x393); let mut x415: u32 = 0; let mut x416: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x415, &mut x416, x414, x394, x391); let mut x417: u32 = 0; let mut x418: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x417, &mut x418, x416, x392, x389); let mut x419: u32 = 0; let mut x420: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x419, &mut x420, 0x0, x371, x403); let mut x421: u32 = 0; let mut x422: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x421, &mut x422, x420, x373, x405); let mut x423: u32 = 0; let mut x424: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x423, &mut x424, x422, x375, x407); let mut x425: u32 = 0; let mut x426: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x425, &mut x426, x424, x377, x409); let mut x427: u32 = 0; let mut x428: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x427, &mut x428, x426, x379, x411); let mut x429: u32 = 0; let mut x430: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x429, &mut x430, x428, x381, x413); let mut x431: u32 = 0; let mut x432: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x431, &mut x432, x430, x383, x415); let mut x433: u32 = 0; let mut x434: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x433, &mut x434, x432, x385, x417); let mut x435: u32 = 0; let mut x436: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x435, &mut x436, x434, ((x386 as u32) + (x362 as u32)), ((x418 as u32) + x390)); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x437, &mut x438, x6, 0x7a2); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x439, &mut x440, x6, 0xe90a1); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x441, &mut x442, 0x0, x440, x437); let mut x443: u32 = 0; let mut x444: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x443, &mut x444, x442, x438, x6); let mut x445: u32 = 0; let mut x446: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x445, &mut x446, 0x0, x421, x439); let mut x447: u32 = 0; let mut x448: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x447, &mut x448, x446, x423, x441); let mut x449: u32 = 0; let mut x450: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x449, &mut x450, x448, x425, x443); let mut x451: u32 = 0; let mut x452: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x451, &mut x452, x450, x427, (x444 as u32)); let mut x453: u32 = 0; let mut x454: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x453, &mut x454, x452, x429, (0x0 as u32)); let mut x455: u32 = 0; let mut x456: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x455, &mut x456, x454, x431, (0x0 as u32)); let mut x457: u32 = 0; let mut x458: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x457, &mut x458, x456, x433, (0x0 as u32)); let mut x459: u32 = 0; let mut x460: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x459, &mut x460, x458, x435, (0x0 as u32)); let mut x461: u32 = 0; let mut x462: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x461, &mut x462, x445, 0xd2253531); let mut x463: u32 = 0; let mut x464: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x463, &mut x464, x461, 0xffffffff); let mut x465: u32 = 0; let mut x466: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x465, &mut x466, x461, 0xffffffff); let mut x467: u32 = 0; let mut x468: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x467, &mut x468, x461, 0xffffffff); let mut x469: u32 = 0; let mut x470: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x469, &mut x470, x461, 0xffffffff); let mut x471: u32 = 0; let mut x472: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x471, &mut x472, x461, 0xffffffff); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x473, &mut x474, x461, 0xffffffff); let mut x475: u32 = 0; let mut x476: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x475, &mut x476, x461, 0xfffffffe); let mut x477: u32 = 0; let mut x478: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x477, &mut x478, x461, 0xfffffc2f); let mut x479: u32 = 0; let mut x480: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x479, &mut x480, 0x0, x478, x475); let mut x481: u32 = 0; let mut x482: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x481, &mut x482, x480, x476, x473); let mut x483: u32 = 0; let mut x484: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x483, &mut x484, x482, x474, x471); let mut x485: u32 = 0; let mut x486: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x485, &mut x486, x484, x472, x469); let mut x487: u32 = 0; let mut x488: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x487, &mut x488, x486, x470, x467); let mut x489: u32 = 0; let mut x490: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x489, &mut x490, x488, x468, x465); let mut x491: u32 = 0; let mut x492: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x491, &mut x492, x490, x466, x463); let mut x493: u32 = 0; let mut x494: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x493, &mut x494, 0x0, x445, x477); let mut x495: u32 = 0; let mut x496: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x495, &mut x496, x494, x447, x479); let mut x497: u32 = 0; let mut x498: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x497, &mut x498, x496, x449, x481); let mut x499: u32 = 0; let mut x500: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x499, &mut x500, x498, x451, x483); let mut x501: u32 = 0; let mut x502: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x501, &mut x502, x500, x453, x485); let mut x503: u32 = 0; let mut x504: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x503, &mut x504, x502, x455, x487); let mut x505: u32 = 0; let mut x506: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x505, &mut x506, x504, x457, x489); let mut x507: u32 = 0; let mut x508: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x507, &mut x508, x506, x459, x491); let mut x509: u32 = 0; let mut x510: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x509, &mut x510, x508, ((x460 as u32) + (x436 as u32)), ((x492 as u32) + x464)); let mut x511: u32 = 0; let mut x512: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x511, &mut x512, x7, 0x7a2); let mut x513: u32 = 0; let mut x514: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x513, &mut x514, x7, 0xe90a1); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x515, &mut x516, 0x0, x514, x511); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x517, &mut x518, x516, x512, x7); let mut x519: u32 = 0; let mut x520: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x519, &mut x520, 0x0, x495, x513); let mut x521: u32 = 0; let mut x522: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x521, &mut x522, x520, x497, x515); let mut x523: u32 = 0; let mut x524: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x523, &mut x524, x522, x499, x517); let mut x525: u32 = 0; let mut x526: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x525, &mut x526, x524, x501, (x518 as u32)); let mut x527: u32 = 0; let mut x528: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x527, &mut x528, x526, x503, (0x0 as u32)); let mut x529: u32 = 0; let mut x530: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x529, &mut x530, x528, x505, (0x0 as u32)); let mut x531: u32 = 0; let mut x532: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x531, &mut x532, x530, x507, (0x0 as u32)); let mut x533: u32 = 0; let mut x534: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x533, &mut x534, x532, x509, (0x0 as u32)); let mut x535: u32 = 0; let mut x536: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x535, &mut x536, x519, 0xd2253531); let mut x537: u32 = 0; let mut x538: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x537, &mut x538, x535, 0xffffffff); let mut x539: u32 = 0; let mut x540: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x539, &mut x540, x535, 0xffffffff); let mut x541: u32 = 0; let mut x542: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x541, &mut x542, x535, 0xffffffff); let mut x543: u32 = 0; let mut x544: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x543, &mut x544, x535, 0xffffffff); let mut x545: u32 = 0; let mut x546: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x545, &mut x546, x535, 0xffffffff); let mut x547: u32 = 0; let mut x548: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x547, &mut x548, x535, 0xffffffff); let mut x549: u32 = 0; let mut x550: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x549, &mut x550, x535, 0xfffffffe); let mut x551: u32 = 0; let mut x552: u32 = 0; fiat_secp256k1_montgomery_mulx_u32(&mut x551, &mut x552, x535, 0xfffffc2f); let mut x553: u32 = 0; let mut x554: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x553, &mut x554, 0x0, x552, x549); let mut x555: u32 = 0; let mut x556: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x555, &mut x556, x554, x550, x547); let mut x557: u32 = 0; let mut x558: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x557, &mut x558, x556, x548, x545); let mut x559: u32 = 0; let mut x560: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x559, &mut x560, x558, x546, x543); let mut x561: u32 = 0; let mut x562: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x561, &mut x562, x560, x544, x541); let mut x563: u32 = 0; let mut x564: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x563, &mut x564, x562, x542, x539); let mut x565: u32 = 0; let mut x566: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x565, &mut x566, x564, x540, x537); let mut x567: u32 = 0; let mut x568: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x567, &mut x568, 0x0, x519, x551); let mut x569: u32 = 0; let mut x570: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x569, &mut x570, x568, x521, x553); let mut x571: u32 = 0; let mut x572: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x571, &mut x572, x570, x523, x555); let mut x573: u32 = 0; let mut x574: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x573, &mut x574, x572, x525, x557); let mut x575: u32 = 0; let mut x576: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x575, &mut x576, x574, x527, x559); let mut x577: u32 = 0; let mut x578: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x577, &mut x578, x576, x529, x561); let mut x579: u32 = 0; let mut x580: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x579, &mut x580, x578, x531, x563); let mut x581: u32 = 0; let mut x582: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x581, &mut x582, x580, x533, x565); let mut x583: u32 = 0; let mut x584: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x583, &mut x584, x582, ((x534 as u32) + (x510 as u32)), ((x566 as u32) + x538)); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x585, &mut x586, 0x0, x569, 0xfffffc2f); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x587, &mut x588, x586, x571, 0xfffffffe); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x589, &mut x590, x588, x573, 0xffffffff); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x591, &mut x592, x590, x575, 0xffffffff); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x593, &mut x594, x592, x577, 0xffffffff); let mut x595: u32 = 0; let mut x596: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x595, &mut x596, x594, x579, 0xffffffff); let mut x597: u32 = 0; let mut x598: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x597, &mut x598, x596, x581, 0xffffffff); let mut x599: u32 = 0; let mut x600: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x599, &mut x600, x598, x583, 0xffffffff); let mut x601: u32 = 0; let mut x602: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x601, &mut x602, x600, (x584 as u32), (0x0 as u32)); let mut x603: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x603, x602, x585, x569); let mut x604: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x604, x602, x587, x571); let mut x605: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x605, x602, x589, x573); let mut x606: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x606, x602, x591, x575); let mut x607: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x607, x602, x593, x577); let mut x608: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x608, x602, x595, x579); let mut x609: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x609, x602, x597, x581); let mut x610: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x610, x602, x599, x583); out1[0] = x603; out1[1] = x604; out1[2] = x605; out1[3] = x606; out1[4] = x607; out1[5] = x608; out1[6] = x609; out1[7] = x610; } /// The function fiat_secp256k1_montgomery_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_nonzero(out1: &mut u32, arg1: &[u32; 8]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); *out1 = x1; } /// The function fiat_secp256k1_montgomery_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_selectznz(out1: &mut [u32; 8], arg1: fiat_secp256k1_montgomery_u1, arg2: &[u32; 8], arg3: &[u32; 8]) { let mut x1: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_secp256k1_montgomery_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_secp256k1_montgomery_to_bytes(out1: &mut [u8; 32], arg1: &[u32; 8]) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[6]); let x3: u32 = (arg1[5]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[3]); let x6: u32 = (arg1[2]); let x7: u32 = (arg1[1]); let x8: u32 = (arg1[0]); let x9: u8 = ((x8 & (0xff as u32)) as u8); let x10: u32 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u32)) as u8); let x12: u32 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u8 = ((x12 >> 8) as u8); let x15: u8 = ((x7 & (0xff as u32)) as u8); let x16: u32 = (x7 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u32 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u32)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x6 & (0xff as u32)) as u8); let x22: u32 = (x6 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u32 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u32)) as u8); let x26: u8 = ((x24 >> 8) as u8); let x27: u8 = ((x5 & (0xff as u32)) as u8); let x28: u32 = (x5 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u32 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u32)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x4 & (0xff as u32)) as u8); let x34: u32 = (x4 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u32 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u32)) as u8); let x38: u8 = ((x36 >> 8) as u8); let x39: u8 = ((x3 & (0xff as u32)) as u8); let x40: u32 = (x3 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u8 = ((x2 & (0xff as u32)) as u8); let x46: u32 = (x2 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u32 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u32)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u8 = ((x1 & (0xff as u32)) as u8); let x52: u32 = (x1 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u32 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u32)) as u8); let x56: u8 = ((x54 >> 8) as u8); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x26; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x38; out1[20] = x39; out1[21] = x41; out1[22] = x43; out1[23] = x44; out1[24] = x45; out1[25] = x47; out1[26] = x49; out1[27] = x50; out1[28] = x51; out1[29] = x53; out1[30] = x55; out1[31] = x56; } /// The function fiat_secp256k1_montgomery_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_from_bytes(out1: &mut [u32; 8], arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 24); let x2: u32 = (((arg1[30]) as u32) << 16); let x3: u32 = (((arg1[29]) as u32) << 8); let x4: u8 = (arg1[28]); let x5: u32 = (((arg1[27]) as u32) << 24); let x6: u32 = (((arg1[26]) as u32) << 16); let x7: u32 = (((arg1[25]) as u32) << 8); let x8: u8 = (arg1[24]); let x9: u32 = (((arg1[23]) as u32) << 24); let x10: u32 = (((arg1[22]) as u32) << 16); let x11: u32 = (((arg1[21]) as u32) << 8); let x12: u8 = (arg1[20]); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 24); let x18: u32 = (((arg1[14]) as u32) << 16); let x19: u32 = (((arg1[13]) as u32) << 8); let x20: u8 = (arg1[12]); let x21: u32 = (((arg1[11]) as u32) << 24); let x22: u32 = (((arg1[10]) as u32) << 16); let x23: u32 = (((arg1[9]) as u32) << 8); let x24: u8 = (arg1[8]); let x25: u32 = (((arg1[7]) as u32) << 24); let x26: u32 = (((arg1[6]) as u32) << 16); let x27: u32 = (((arg1[5]) as u32) << 8); let x28: u8 = (arg1[4]); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x27 + (x28 as u32)); let x37: u32 = (x26 + x36); let x38: u32 = (x25 + x37); let x39: u32 = (x23 + (x24 as u32)); let x40: u32 = (x22 + x39); let x41: u32 = (x21 + x40); let x42: u32 = (x19 + (x20 as u32)); let x43: u32 = (x18 + x42); let x44: u32 = (x17 + x43); let x45: u32 = (x15 + (x16 as u32)); let x46: u32 = (x14 + x45); let x47: u32 = (x13 + x46); let x48: u32 = (x11 + (x12 as u32)); let x49: u32 = (x10 + x48); let x50: u32 = (x9 + x49); let x51: u32 = (x7 + (x8 as u32)); let x52: u32 = (x6 + x51); let x53: u32 = (x5 + x52); let x54: u32 = (x3 + (x4 as u32)); let x55: u32 = (x2 + x54); let x56: u32 = (x1 + x55); out1[0] = x35; out1[1] = x38; out1[2] = x41; out1[3] = x44; out1[4] = x47; out1[5] = x50; out1[6] = x53; out1[7] = x56; } /// The function fiat_secp256k1_montgomery_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_set_one(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element) { out1[0] = 0x3d1; out1[1] = (0x1 as u32); out1[2] = (0x0 as u32); out1[3] = (0x0 as u32); out1[4] = (0x0 as u32); out1[5] = (0x0 as u32); out1[6] = (0x0 as u32); out1[7] = (0x0 as u32); } /// The function fiat_secp256k1_montgomery_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_msat(out1: &mut [u32; 9]) { out1[0] = 0xfffffc2f; out1[1] = 0xfffffffe; out1[2] = 0xffffffff; out1[3] = 0xffffffff; out1[4] = 0xffffffff; out1[5] = 0xffffffff; out1[6] = 0xffffffff; out1[7] = 0xffffffff; out1[8] = (0x0 as u32); } /// The function fiat_secp256k1_montgomery_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_divstep(out1: &mut u32, out2: &mut [u32; 9], out3: &mut [u32; 9], out4: &mut [u32; 8], out5: &mut [u32; 8], arg1: u32, arg2: &[u32; 9], arg3: &[u32; 9], arg4: &[u32; 8], arg5: &[u32; 8]) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_secp256k1_montgomery_u1 = (((x1 >> 31) as fiat_secp256k1_montgomery_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_secp256k1_montgomery_u1)); let mut x4: u32 = 0; let mut x5: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; let mut x17: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x16, &mut x17, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), (!(arg2[1]))); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), (!(arg2[2]))); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[3]))); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[4]))); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[5]))); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[6]))); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[7]))); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[8]))); let mut x34: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x34, x3, (arg3[0]), x16); let mut x35: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x35, x3, (arg3[1]), x18); let mut x36: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x36, x3, (arg3[2]), x20); let mut x37: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x37, x3, (arg3[3]), x22); let mut x38: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x38, x3, (arg3[4]), x24); let mut x39: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x39, x3, (arg3[5]), x26); let mut x40: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x40, x3, (arg3[6]), x28); let mut x41: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x41, x3, (arg3[7]), x30); let mut x42: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x42, x3, (arg3[8]), x32); let mut x43: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x43, x3, (arg4[0]), (arg5[0])); let mut x44: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x44, x3, (arg4[1]), (arg5[1])); let mut x45: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x45, x3, (arg4[2]), (arg5[2])); let mut x46: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x46, x3, (arg4[3]), (arg5[3])); let mut x47: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x47, x3, (arg4[4]), (arg5[4])); let mut x48: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x48, x3, (arg4[5]), (arg5[5])); let mut x49: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x49, x3, (arg4[6]), (arg5[6])); let mut x50: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x50, x3, (arg4[7]), (arg5[7])); let mut x51: u32 = 0; let mut x52: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x51, &mut x52, 0x0, x43, x43); let mut x53: u32 = 0; let mut x54: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x53, &mut x54, x52, x44, x44); let mut x55: u32 = 0; let mut x56: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x55, &mut x56, x54, x45, x45); let mut x57: u32 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x57, &mut x58, x56, x46, x46); let mut x59: u32 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x59, &mut x60, x58, x47, x47); let mut x61: u32 = 0; let mut x62: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x61, &mut x62, x60, x48, x48); let mut x63: u32 = 0; let mut x64: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x63, &mut x64, x62, x49, x49); let mut x65: u32 = 0; let mut x66: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x65, &mut x66, x64, x50, x50); let mut x67: u32 = 0; let mut x68: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x67, &mut x68, 0x0, x51, 0xfffffc2f); let mut x69: u32 = 0; let mut x70: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x69, &mut x70, x68, x53, 0xfffffffe); let mut x71: u32 = 0; let mut x72: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x71, &mut x72, x70, x55, 0xffffffff); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x73, &mut x74, x72, x57, 0xffffffff); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x75, &mut x76, x74, x59, 0xffffffff); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x77, &mut x78, x76, x61, 0xffffffff); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x79, &mut x80, x78, x63, 0xffffffff); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x81, &mut x82, x80, x65, 0xffffffff); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x83, &mut x84, x82, (x66 as u32), (0x0 as u32)); let x85: u32 = (arg4[7]); let x86: u32 = (arg4[6]); let x87: u32 = (arg4[5]); let x88: u32 = (arg4[4]); let x89: u32 = (arg4[3]); let x90: u32 = (arg4[2]); let x91: u32 = (arg4[1]); let x92: u32 = (arg4[0]); let mut x93: u32 = 0; let mut x94: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x93, &mut x94, 0x0, (0x0 as u32), x92); let mut x95: u32 = 0; let mut x96: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x91); let mut x97: u32 = 0; let mut x98: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x97, &mut x98, x96, (0x0 as u32), x90); let mut x99: u32 = 0; let mut x100: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x99, &mut x100, x98, (0x0 as u32), x89); let mut x101: u32 = 0; let mut x102: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x101, &mut x102, x100, (0x0 as u32), x88); let mut x103: u32 = 0; let mut x104: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x103, &mut x104, x102, (0x0 as u32), x87); let mut x105: u32 = 0; let mut x106: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x105, &mut x106, x104, (0x0 as u32), x86); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x107, &mut x108, x106, (0x0 as u32), x85); let mut x109: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x109, x108, (0x0 as u32), 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x110, &mut x111, 0x0, x93, (x109 & 0xfffffc2f)); let mut x112: u32 = 0; let mut x113: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x112, &mut x113, x111, x95, (x109 & 0xfffffffe)); let mut x114: u32 = 0; let mut x115: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x114, &mut x115, x113, x97, x109); let mut x116: u32 = 0; let mut x117: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x116, &mut x117, x115, x99, x109); let mut x118: u32 = 0; let mut x119: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x118, &mut x119, x117, x101, x109); let mut x120: u32 = 0; let mut x121: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x120, &mut x121, x119, x103, x109); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x122, &mut x123, x121, x105, x109); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x124, &mut x125, x123, x107, x109); let mut x126: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x126, x3, (arg5[0]), x110); let mut x127: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x127, x3, (arg5[1]), x112); let mut x128: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x128, x3, (arg5[2]), x114); let mut x129: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x129, x3, (arg5[3]), x116); let mut x130: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x130, x3, (arg5[4]), x118); let mut x131: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x131, x3, (arg5[5]), x120); let mut x132: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x132, x3, (arg5[6]), x122); let mut x133: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x133, x3, (arg5[7]), x124); let x134: fiat_secp256k1_montgomery_u1 = ((x34 & (0x1 as u32)) as fiat_secp256k1_montgomery_u1); let mut x135: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x135, x134, (0x0 as u32), x7); let mut x136: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x136, x134, (0x0 as u32), x8); let mut x137: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x137, x134, (0x0 as u32), x9); let mut x138: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x138, x134, (0x0 as u32), x10); let mut x139: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x139, x134, (0x0 as u32), x11); let mut x140: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x140, x134, (0x0 as u32), x12); let mut x141: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x141, x134, (0x0 as u32), x13); let mut x142: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x142, x134, (0x0 as u32), x14); let mut x143: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x143, x134, (0x0 as u32), x15); let mut x144: u32 = 0; let mut x145: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x144, &mut x145, 0x0, x34, x135); let mut x146: u32 = 0; let mut x147: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x146, &mut x147, x145, x35, x136); let mut x148: u32 = 0; let mut x149: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x148, &mut x149, x147, x36, x137); let mut x150: u32 = 0; let mut x151: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x150, &mut x151, x149, x37, x138); let mut x152: u32 = 0; let mut x153: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x152, &mut x153, x151, x38, x139); let mut x154: u32 = 0; let mut x155: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x154, &mut x155, x153, x39, x140); let mut x156: u32 = 0; let mut x157: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x156, &mut x157, x155, x40, x141); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x158, &mut x159, x157, x41, x142); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x160, &mut x161, x159, x42, x143); let mut x162: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x162, x134, (0x0 as u32), x43); let mut x163: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x163, x134, (0x0 as u32), x44); let mut x164: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x164, x134, (0x0 as u32), x45); let mut x165: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x165, x134, (0x0 as u32), x46); let mut x166: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x166, x134, (0x0 as u32), x47); let mut x167: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x167, x134, (0x0 as u32), x48); let mut x168: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x168, x134, (0x0 as u32), x49); let mut x169: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x169, x134, (0x0 as u32), x50); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x170, &mut x171, 0x0, x126, x162); let mut x172: u32 = 0; let mut x173: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x172, &mut x173, x171, x127, x163); let mut x174: u32 = 0; let mut x175: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x174, &mut x175, x173, x128, x164); let mut x176: u32 = 0; let mut x177: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x176, &mut x177, x175, x129, x165); let mut x178: u32 = 0; let mut x179: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x178, &mut x179, x177, x130, x166); let mut x180: u32 = 0; let mut x181: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x180, &mut x181, x179, x131, x167); let mut x182: u32 = 0; let mut x183: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x182, &mut x183, x181, x132, x168); let mut x184: u32 = 0; let mut x185: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x184, &mut x185, x183, x133, x169); let mut x186: u32 = 0; let mut x187: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x186, &mut x187, 0x0, x170, 0xfffffc2f); let mut x188: u32 = 0; let mut x189: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x188, &mut x189, x187, x172, 0xfffffffe); let mut x190: u32 = 0; let mut x191: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x190, &mut x191, x189, x174, 0xffffffff); let mut x192: u32 = 0; let mut x193: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x192, &mut x193, x191, x176, 0xffffffff); let mut x194: u32 = 0; let mut x195: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x194, &mut x195, x193, x178, 0xffffffff); let mut x196: u32 = 0; let mut x197: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x196, &mut x197, x195, x180, 0xffffffff); let mut x198: u32 = 0; let mut x199: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x198, &mut x199, x197, x182, 0xffffffff); let mut x200: u32 = 0; let mut x201: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x200, &mut x201, x199, x184, 0xffffffff); let mut x202: u32 = 0; let mut x203: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u32(&mut x202, &mut x203, x201, (x185 as u32), (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u32(&mut x204, &mut x205, 0x0, x6, (0x1 as u32)); let x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); let x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); let x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); let x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); let x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); let x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); let x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); let x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); let x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); let mut x215: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x215, x84, x67, x51); let mut x216: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x216, x84, x69, x53); let mut x217: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x217, x84, x71, x55); let mut x218: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x218, x84, x73, x57); let mut x219: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x219, x84, x75, x59); let mut x220: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x220, x84, x77, x61); let mut x221: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x221, x84, x79, x63); let mut x222: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x222, x84, x81, x65); let mut x223: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x223, x203, x186, x170); let mut x224: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x224, x203, x188, x172); let mut x225: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x225, x203, x190, x174); let mut x226: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x226, x203, x192, x176); let mut x227: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x227, x203, x194, x178); let mut x228: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x228, x203, x196, x180); let mut x229: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x229, x203, x198, x182); let mut x230: u32 = 0; fiat_secp256k1_montgomery_cmovznz_u32(&mut x230, x203, x200, x184); *out1 = x204; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out3[0] = x206; out3[1] = x207; out3[2] = x208; out3[3] = x209; out3[4] = x210; out3[5] = x211; out3[6] = x212; out3[7] = x213; out3[8] = x214; out4[0] = x215; out4[1] = x216; out4[2] = x217; out4[3] = x218; out4[4] = x219; out4[5] = x220; out4[6] = x221; out4[7] = x222; out5[0] = x223; out5[1] = x224; out5[2] = x225; out5[3] = x226; out5[4] = x227; out5[5] = x228; out5[6] = x229; out5[7] = x230; } /// The function fiat_secp256k1_montgomery_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_divstep_precomp(out1: &mut [u32; 8]) { out1[0] = 0x31525e0a; out1[1] = 0xf201a418; out1[2] = 0xcd648d85; out1[3] = 0x9953f9dd; out1[4] = 0x3db210a9; out1[5] = 0xe8602946; out1[6] = 0x4b03709; out1[7] = 0x24fb8a31; } fiat-crypto-0.2.2/src/secp256k1_montgomery_64.rs000064400000000000000000002700251046102023000174450ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline secp256k1_montgomery 64 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: secp256k1_montgomery //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_secp256k1_montgomery_u1 = u8; pub type fiat_secp256k1_montgomery_i1 = i8; pub type fiat_secp256k1_montgomery_u2 = u8; pub type fiat_secp256k1_montgomery_i2 = i8; /** The type fiat_secp256k1_montgomery_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_secp256k1_montgomery_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_secp256k1_montgomery_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_secp256k1_montgomery_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_secp256k1_montgomery_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_addcarryx_u64(out1: &mut u64, out2: &mut fiat_secp256k1_montgomery_u1, arg1: fiat_secp256k1_montgomery_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_secp256k1_montgomery_u1 = ((x1 >> 64) as fiat_secp256k1_montgomery_u1); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_subborrowx_u64(out1: &mut u64, out2: &mut fiat_secp256k1_montgomery_u1, arg1: fiat_secp256k1_montgomery_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_secp256k1_montgomery_i1 = ((x1 >> 64) as fiat_secp256k1_montgomery_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_secp256k1_montgomery_i2) - (x2 as fiat_secp256k1_montgomery_i2)) as fiat_secp256k1_montgomery_u1); } /// The function fiat_secp256k1_montgomery_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_cmovznz_u64(out1: &mut u64, arg1: fiat_secp256k1_montgomery_u1, arg2: u64, arg3: u64) { let x1: fiat_secp256k1_montgomery_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_secp256k1_montgomery_i2) - (x1 as fiat_secp256k1_montgomery_i2)) as fiat_secp256k1_montgomery_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_secp256k1_montgomery_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_mul(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x20, &mut x21, x11, 0xd838091dd2253531); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x22, &mut x23, x20, 0xffffffffffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x26, &mut x27, x20, 0xffffffffffffffff); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x28, &mut x29, x20, 0xfffffffefffffc2f); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x47, &mut x48, x1, (arg2[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x49, &mut x50, x1, (arg2[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x51, &mut x52, x1, (arg2[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x53, &mut x54, x1, (arg2[0])); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x72, &mut x73, x62, 0xd838091dd2253531); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x74, &mut x75, x72, 0xffffffffffffffff); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x76, &mut x77, x72, 0xffffffffffffffff); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x78, &mut x79, x72, 0xffffffffffffffff); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x80, &mut x81, x72, 0xfffffffefffffc2f); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x100, &mut x101, x2, (arg2[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x102, &mut x103, x2, (arg2[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x104, &mut x105, x2, (arg2[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x106, &mut x107, x2, (arg2[0])); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x125, &mut x126, x115, 0xd838091dd2253531); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x127, &mut x128, x125, 0xffffffffffffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x129, &mut x130, x125, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x131, &mut x132, x125, 0xffffffffffffffff); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x133, &mut x134, x125, 0xfffffffefffffc2f); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x153, &mut x154, x3, (arg2[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x155, &mut x156, x3, (arg2[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x157, &mut x158, x3, (arg2[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x159, &mut x160, x3, (arg2[0])); let mut x161: u64 = 0; let mut x162: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x178, &mut x179, x168, 0xd838091dd2253531); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x180, &mut x181, x178, 0xffffffffffffffff); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x182, &mut x183, x178, 0xffffffffffffffff); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x184, &mut x185, x178, 0xffffffffffffffff); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x186, &mut x187, x178, 0xfffffffefffffc2f); let mut x188: u64 = 0; let mut x189: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xfffffffefffffc2f); let mut x208: u64 = 0; let mut x209: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xffffffffffffffff); let mut x210: u64 = 0; let mut x211: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xffffffffffffffff); let mut x212: u64 = 0; let mut x213: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffffffffffff); let mut x214: u64 = 0; let mut x215: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_secp256k1_montgomery_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_square(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x20, &mut x21, x11, 0xd838091dd2253531); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x22, &mut x23, x20, 0xffffffffffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x24, &mut x25, x20, 0xffffffffffffffff); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x26, &mut x27, x20, 0xffffffffffffffff); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x28, &mut x29, x20, 0xfffffffefffffc2f); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x47, &mut x48, x1, (arg1[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x49, &mut x50, x1, (arg1[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x51, &mut x52, x1, (arg1[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x53, &mut x54, x1, (arg1[0])); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x72, &mut x73, x62, 0xd838091dd2253531); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x74, &mut x75, x72, 0xffffffffffffffff); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x76, &mut x77, x72, 0xffffffffffffffff); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x78, &mut x79, x72, 0xffffffffffffffff); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x80, &mut x81, x72, 0xfffffffefffffc2f); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x100, &mut x101, x2, (arg1[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x102, &mut x103, x2, (arg1[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x104, &mut x105, x2, (arg1[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x106, &mut x107, x2, (arg1[0])); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x125, &mut x126, x115, 0xd838091dd2253531); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x127, &mut x128, x125, 0xffffffffffffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x129, &mut x130, x125, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x131, &mut x132, x125, 0xffffffffffffffff); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x133, &mut x134, x125, 0xfffffffefffffc2f); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x153, &mut x154, x3, (arg1[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x155, &mut x156, x3, (arg1[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x157, &mut x158, x3, (arg1[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x159, &mut x160, x3, (arg1[0])); let mut x161: u64 = 0; let mut x162: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x178, &mut x179, x168, 0xd838091dd2253531); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x180, &mut x181, x178, 0xffffffffffffffff); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x182, &mut x183, x178, 0xffffffffffffffff); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x184, &mut x185, x178, 0xffffffffffffffff); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x186, &mut x187, x178, 0xfffffffefffffc2f); let mut x188: u64 = 0; let mut x189: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xfffffffefffffc2f); let mut x208: u64 = 0; let mut x209: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xffffffffffffffff); let mut x210: u64 = 0; let mut x211: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xffffffffffffffff); let mut x212: u64 = 0; let mut x213: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffffffffffff); let mut x214: u64 = 0; let mut x215: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_secp256k1_montgomery_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_add(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, 0xfffffffefffffc2f); let mut x11: u64 = 0; let mut x12: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0xffffffffffffffff); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x13, &mut x14, x12, x5, 0xffffffffffffffff); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0xffffffffffffffff); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_secp256k1_montgomery_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_sub(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xfffffffefffffc2f)); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x12, &mut x13, x11, x3, x9); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x16, &mut x17, x15, x7, x9); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_secp256k1_montgomery_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_opp(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xfffffffefffffc2f)); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x12, &mut x13, x11, x3, x9); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x14, &mut x15, x13, x5, x9); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x16, &mut x17, x15, x7, x9); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_secp256k1_montgomery_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_from_montgomery(out1: &mut fiat_secp256k1_montgomery_non_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x2, &mut x3, x1, 0xd838091dd2253531); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x4, &mut x5, x2, 0xffffffffffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x6, &mut x7, x2, 0xffffffffffffffff); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x8, &mut x9, x2, 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x10, &mut x11, x2, 0xfffffffefffffc2f); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x12, &mut x13, 0x0, x11, x8); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x14, &mut x15, x13, x9, x6); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x16, &mut x17, x15, x7, x4); let mut x18: u64 = 0; let mut x19: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x18, &mut x19, 0x0, x1, x10); let mut x20: u64 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), x12); let mut x22: u64 = 0; let mut x23: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x22, &mut x23, x21, (0x0 as u64), x14); let mut x24: u64 = 0; let mut x25: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x24, &mut x25, x23, (0x0 as u64), x16); let mut x26: u64 = 0; let mut x27: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x26, &mut x27, x25, (0x0 as u64), ((x17 as u64) + x5)); let mut x28: u64 = 0; let mut x29: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x28, &mut x29, 0x0, x20, (arg1[1])); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x30, &mut x31, x29, x22, (0x0 as u64)); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x32, &mut x33, x31, x24, (0x0 as u64)); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x34, &mut x35, x33, x26, (0x0 as u64)); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x36, &mut x37, x28, 0xd838091dd2253531); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x38, &mut x39, x36, 0xffffffffffffffff); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x40, &mut x41, x36, 0xffffffffffffffff); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x42, &mut x43, x36, 0xffffffffffffffff); let mut x44: u64 = 0; let mut x45: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x44, &mut x45, x36, 0xfffffffefffffc2f); let mut x46: u64 = 0; let mut x47: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x46, &mut x47, 0x0, x45, x42); let mut x48: u64 = 0; let mut x49: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x48, &mut x49, x47, x43, x40); let mut x50: u64 = 0; let mut x51: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x50, &mut x51, x49, x41, x38); let mut x52: u64 = 0; let mut x53: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x52, &mut x53, 0x0, x28, x44); let mut x54: u64 = 0; let mut x55: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x54, &mut x55, x53, x30, x46); let mut x56: u64 = 0; let mut x57: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x56, &mut x57, x55, x32, x48); let mut x58: u64 = 0; let mut x59: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x58, &mut x59, x57, x34, x50); let mut x60: u64 = 0; let mut x61: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x60, &mut x61, x59, ((x35 as u64) + (x27 as u64)), ((x51 as u64) + x39)); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x62, &mut x63, 0x0, x54, (arg1[2])); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x64, &mut x65, x63, x56, (0x0 as u64)); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x66, &mut x67, x65, x58, (0x0 as u64)); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x68, &mut x69, x67, x60, (0x0 as u64)); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x70, &mut x71, x62, 0xd838091dd2253531); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x72, &mut x73, x70, 0xffffffffffffffff); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x74, &mut x75, x70, 0xffffffffffffffff); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x76, &mut x77, x70, 0xffffffffffffffff); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x78, &mut x79, x70, 0xfffffffefffffc2f); let mut x80: u64 = 0; let mut x81: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x80, &mut x81, 0x0, x79, x76); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x82, &mut x83, x81, x77, x74); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x84, &mut x85, x83, x75, x72); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x86, &mut x87, 0x0, x62, x78); let mut x88: u64 = 0; let mut x89: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x88, &mut x89, x87, x64, x80); let mut x90: u64 = 0; let mut x91: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x90, &mut x91, x89, x66, x82); let mut x92: u64 = 0; let mut x93: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x92, &mut x93, x91, x68, x84); let mut x94: u64 = 0; let mut x95: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x94, &mut x95, x93, ((x69 as u64) + (x61 as u64)), ((x85 as u64) + x73)); let mut x96: u64 = 0; let mut x97: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x96, &mut x97, 0x0, x88, (arg1[3])); let mut x98: u64 = 0; let mut x99: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x98, &mut x99, x97, x90, (0x0 as u64)); let mut x100: u64 = 0; let mut x101: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x100, &mut x101, x99, x92, (0x0 as u64)); let mut x102: u64 = 0; let mut x103: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x102, &mut x103, x101, x94, (0x0 as u64)); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x104, &mut x105, x96, 0xd838091dd2253531); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x106, &mut x107, x104, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x108, &mut x109, x104, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x110, &mut x111, x104, 0xffffffffffffffff); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x112, &mut x113, x104, 0xfffffffefffffc2f); let mut x114: u64 = 0; let mut x115: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x114, &mut x115, 0x0, x113, x110); let mut x116: u64 = 0; let mut x117: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x116, &mut x117, x115, x111, x108); let mut x118: u64 = 0; let mut x119: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x118, &mut x119, x117, x109, x106); let mut x120: u64 = 0; let mut x121: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x120, &mut x121, 0x0, x96, x112); let mut x122: u64 = 0; let mut x123: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x122, &mut x123, x121, x98, x114); let mut x124: u64 = 0; let mut x125: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x124, &mut x125, x123, x100, x116); let mut x126: u64 = 0; let mut x127: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x126, &mut x127, x125, x102, x118); let mut x128: u64 = 0; let mut x129: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x128, &mut x129, x127, ((x103 as u64) + (x95 as u64)), ((x119 as u64) + x107)); let mut x130: u64 = 0; let mut x131: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x130, &mut x131, 0x0, x122, 0xfffffffefffffc2f); let mut x132: u64 = 0; let mut x133: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x132, &mut x133, x131, x124, 0xffffffffffffffff); let mut x134: u64 = 0; let mut x135: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x134, &mut x135, x133, x126, 0xffffffffffffffff); let mut x136: u64 = 0; let mut x137: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x136, &mut x137, x135, x128, 0xffffffffffffffff); let mut x138: u64 = 0; let mut x139: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x138, &mut x139, x137, (x129 as u64), (0x0 as u64)); let mut x140: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x140, x139, x130, x122); let mut x141: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x141, x139, x132, x124); let mut x142: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x142, x139, x134, x126); let mut x143: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x143, x139, x136, x128); out1[0] = x140; out1[1] = x141; out1[2] = x142; out1[3] = x143; } /// The function fiat_secp256k1_montgomery_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_to_montgomery(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x5, &mut x6, x4, 0x7a2000e90a1); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x7, &mut x8, 0x0, x6, x4); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x9, &mut x10, x5, 0xd838091dd2253531); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x11, &mut x12, x9, 0xffffffffffffffff); let mut x13: u64 = 0; let mut x14: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x13, &mut x14, x9, 0xffffffffffffffff); let mut x15: u64 = 0; let mut x16: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x15, &mut x16, x9, 0xffffffffffffffff); let mut x17: u64 = 0; let mut x18: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x17, &mut x18, x9, 0xfffffffefffffc2f); let mut x19: u64 = 0; let mut x20: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x19, &mut x20, 0x0, x18, x15); let mut x21: u64 = 0; let mut x22: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x21, &mut x22, x20, x16, x13); let mut x23: u64 = 0; let mut x24: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x23, &mut x24, x22, x14, x11); let mut x25: u64 = 0; let mut x26: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x25, &mut x26, 0x0, x5, x17); let mut x27: u64 = 0; let mut x28: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x27, &mut x28, x26, x7, x19); let mut x29: u64 = 0; let mut x30: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x29, &mut x30, x28, (x8 as u64), x21); let mut x31: u64 = 0; let mut x32: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x31, &mut x32, x30, (0x0 as u64), x23); let mut x33: u64 = 0; let mut x34: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x33, &mut x34, x32, (0x0 as u64), ((x24 as u64) + x12)); let mut x35: u64 = 0; let mut x36: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x35, &mut x36, x1, 0x7a2000e90a1); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x37, &mut x38, 0x0, x36, x1); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x39, &mut x40, 0x0, x27, x35); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x41, &mut x42, x40, x29, x37); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x43, &mut x44, x42, x31, (x38 as u64)); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x45, &mut x46, x44, x33, (0x0 as u64)); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x47, &mut x48, x39, 0xd838091dd2253531); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x49, &mut x50, x47, 0xffffffffffffffff); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x51, &mut x52, x47, 0xffffffffffffffff); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x53, &mut x54, x47, 0xffffffffffffffff); let mut x55: u64 = 0; let mut x56: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x55, &mut x56, x47, 0xfffffffefffffc2f); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x57, &mut x58, 0x0, x56, x53); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x59, &mut x60, x58, x54, x51); let mut x61: u64 = 0; let mut x62: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x61, &mut x62, x60, x52, x49); let mut x63: u64 = 0; let mut x64: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x63, &mut x64, 0x0, x39, x55); let mut x65: u64 = 0; let mut x66: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x65, &mut x66, x64, x41, x57); let mut x67: u64 = 0; let mut x68: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x67, &mut x68, x66, x43, x59); let mut x69: u64 = 0; let mut x70: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x69, &mut x70, x68, x45, x61); let mut x71: u64 = 0; let mut x72: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x71, &mut x72, x70, ((x46 as u64) + (x34 as u64)), ((x62 as u64) + x50)); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x73, &mut x74, x2, 0x7a2000e90a1); let mut x75: u64 = 0; let mut x76: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x75, &mut x76, 0x0, x74, x2); let mut x77: u64 = 0; let mut x78: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x77, &mut x78, 0x0, x65, x73); let mut x79: u64 = 0; let mut x80: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x79, &mut x80, x78, x67, x75); let mut x81: u64 = 0; let mut x82: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x81, &mut x82, x80, x69, (x76 as u64)); let mut x83: u64 = 0; let mut x84: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x83, &mut x84, x82, x71, (0x0 as u64)); let mut x85: u64 = 0; let mut x86: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x85, &mut x86, x77, 0xd838091dd2253531); let mut x87: u64 = 0; let mut x88: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x87, &mut x88, x85, 0xffffffffffffffff); let mut x89: u64 = 0; let mut x90: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x89, &mut x90, x85, 0xffffffffffffffff); let mut x91: u64 = 0; let mut x92: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x91, &mut x92, x85, 0xffffffffffffffff); let mut x93: u64 = 0; let mut x94: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x93, &mut x94, x85, 0xfffffffefffffc2f); let mut x95: u64 = 0; let mut x96: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x95, &mut x96, 0x0, x94, x91); let mut x97: u64 = 0; let mut x98: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x97, &mut x98, x96, x92, x89); let mut x99: u64 = 0; let mut x100: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x99, &mut x100, x98, x90, x87); let mut x101: u64 = 0; let mut x102: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x101, &mut x102, 0x0, x77, x93); let mut x103: u64 = 0; let mut x104: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x103, &mut x104, x102, x79, x95); let mut x105: u64 = 0; let mut x106: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x105, &mut x106, x104, x81, x97); let mut x107: u64 = 0; let mut x108: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x107, &mut x108, x106, x83, x99); let mut x109: u64 = 0; let mut x110: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x109, &mut x110, x108, ((x84 as u64) + (x72 as u64)), ((x100 as u64) + x88)); let mut x111: u64 = 0; let mut x112: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x111, &mut x112, x3, 0x7a2000e90a1); let mut x113: u64 = 0; let mut x114: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x113, &mut x114, 0x0, x112, x3); let mut x115: u64 = 0; let mut x116: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x115, &mut x116, 0x0, x103, x111); let mut x117: u64 = 0; let mut x118: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x117, &mut x118, x116, x105, x113); let mut x119: u64 = 0; let mut x120: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x119, &mut x120, x118, x107, (x114 as u64)); let mut x121: u64 = 0; let mut x122: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x121, &mut x122, x120, x109, (0x0 as u64)); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x123, &mut x124, x115, 0xd838091dd2253531); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x125, &mut x126, x123, 0xffffffffffffffff); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x127, &mut x128, x123, 0xffffffffffffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x129, &mut x130, x123, 0xffffffffffffffff); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_secp256k1_montgomery_mulx_u64(&mut x131, &mut x132, x123, 0xfffffffefffffc2f); let mut x133: u64 = 0; let mut x134: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x133, &mut x134, 0x0, x132, x129); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x135, &mut x136, x134, x130, x127); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x137, &mut x138, x136, x128, x125); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x139, &mut x140, 0x0, x115, x131); let mut x141: u64 = 0; let mut x142: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x141, &mut x142, x140, x117, x133); let mut x143: u64 = 0; let mut x144: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x143, &mut x144, x142, x119, x135); let mut x145: u64 = 0; let mut x146: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x145, &mut x146, x144, x121, x137); let mut x147: u64 = 0; let mut x148: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x147, &mut x148, x146, ((x122 as u64) + (x110 as u64)), ((x138 as u64) + x126)); let mut x149: u64 = 0; let mut x150: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x149, &mut x150, 0x0, x141, 0xfffffffefffffc2f); let mut x151: u64 = 0; let mut x152: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x151, &mut x152, x150, x143, 0xffffffffffffffff); let mut x153: u64 = 0; let mut x154: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x153, &mut x154, x152, x145, 0xffffffffffffffff); let mut x155: u64 = 0; let mut x156: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x155, &mut x156, x154, x147, 0xffffffffffffffff); let mut x157: u64 = 0; let mut x158: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x157, &mut x158, x156, (x148 as u64), (0x0 as u64)); let mut x159: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x159, x158, x149, x141); let mut x160: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x160, x158, x151, x143); let mut x161: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x161, x158, x153, x145); let mut x162: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x162, x158, x155, x147); out1[0] = x159; out1[1] = x160; out1[2] = x161; out1[3] = x162; } /// The function fiat_secp256k1_montgomery_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_secp256k1_montgomery_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_selectznz(out1: &mut [u64; 4], arg1: fiat_secp256k1_montgomery_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_secp256k1_montgomery_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_secp256k1_montgomery_to_bytes(out1: &mut [u8; 32], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u8 = ((x58 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x53; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; } /// The function fiat_secp256k1_montgomery_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 56); let x2: u64 = (((arg1[30]) as u64) << 48); let x3: u64 = (((arg1[29]) as u64) << 40); let x4: u64 = (((arg1[28]) as u64) << 32); let x5: u64 = (((arg1[27]) as u64) << 24); let x6: u64 = (((arg1[26]) as u64) << 16); let x7: u64 = (((arg1[25]) as u64) << 8); let x8: u8 = (arg1[24]); let x9: u64 = (((arg1[23]) as u64) << 56); let x10: u64 = (((arg1[22]) as u64) << 48); let x11: u64 = (((arg1[21]) as u64) << 40); let x12: u64 = (((arg1[20]) as u64) << 32); let x13: u64 = (((arg1[19]) as u64) << 24); let x14: u64 = (((arg1[18]) as u64) << 16); let x15: u64 = (((arg1[17]) as u64) << 8); let x16: u8 = (arg1[16]); let x17: u64 = (((arg1[15]) as u64) << 56); let x18: u64 = (((arg1[14]) as u64) << 48); let x19: u64 = (((arg1[13]) as u64) << 40); let x20: u64 = (((arg1[12]) as u64) << 32); let x21: u64 = (((arg1[11]) as u64) << 24); let x22: u64 = (((arg1[10]) as u64) << 16); let x23: u64 = (((arg1[9]) as u64) << 8); let x24: u8 = (arg1[8]); let x25: u64 = (((arg1[7]) as u64) << 56); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x25 + x38); let x40: u64 = (x23 + (x24 as u64)); let x41: u64 = (x22 + x40); let x42: u64 = (x21 + x41); let x43: u64 = (x20 + x42); let x44: u64 = (x19 + x43); let x45: u64 = (x18 + x44); let x46: u64 = (x17 + x45); let x47: u64 = (x15 + (x16 as u64)); let x48: u64 = (x14 + x47); let x49: u64 = (x13 + x48); let x50: u64 = (x12 + x49); let x51: u64 = (x11 + x50); let x52: u64 = (x10 + x51); let x53: u64 = (x9 + x52); let x54: u64 = (x7 + (x8 as u64)); let x55: u64 = (x6 + x54); let x56: u64 = (x5 + x55); let x57: u64 = (x4 + x56); let x58: u64 = (x3 + x57); let x59: u64 = (x2 + x58); let x60: u64 = (x1 + x59); out1[0] = x39; out1[1] = x46; out1[2] = x53; out1[3] = x60; } /// The function fiat_secp256k1_montgomery_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_set_one(out1: &mut fiat_secp256k1_montgomery_montgomery_domain_field_element) { out1[0] = 0x1000003d1; out1[1] = (0x0 as u64); out1[2] = (0x0 as u64); out1[3] = (0x0 as u64); } /// The function fiat_secp256k1_montgomery_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_msat(out1: &mut [u64; 5]) { out1[0] = 0xfffffffefffffc2f; out1[1] = 0xffffffffffffffff; out1[2] = 0xffffffffffffffff; out1[3] = 0xffffffffffffffff; out1[4] = (0x0 as u64); } /// The function fiat_secp256k1_montgomery_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_secp256k1_montgomery_u1 = (((x1 >> 63) as fiat_secp256k1_montgomery_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_secp256k1_montgomery_u1)); let mut x4: u64 = 0; let mut x5: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, 0xfffffffefffffc2f); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0xffffffffffffffff); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x43, &mut x44, x42, x35, 0xffffffffffffffff); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0xffffffffffffffff); let mut x47: u64 = 0; let mut x48: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, (x61 & 0xfffffffefffffc2f)); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x64, &mut x65, x63, x55, x61); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x66, &mut x67, x65, x57, x61); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x68, &mut x69, x67, x59, x61); let mut x70: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_secp256k1_montgomery_u1 = ((x22 & (0x1 as u64)) as fiat_secp256k1_montgomery_u1); let mut x75: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, 0xfffffffefffffc2f); let mut x104: u64 = 0; let mut x105: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0xffffffffffffffff); let mut x106: u64 = 0; let mut x107: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x106, &mut x107, x105, x98, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_u1 = 0; fiat_secp256k1_montgomery_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_secp256k1_montgomery_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_secp256k1_montgomery_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0xf201a41831525e0a; out1[1] = 0x9953f9ddcd648d85; out1[2] = 0xe86029463db210a9; out1[3] = 0x24fb8a3104b03709; } fiat-crypto-0.2.2/src/secp256k1_montgomery_scalar_32.rs000064400000000000000000010740701046102023000207700ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline secp256k1_montgomery_scalar 32 '2^256 - 432420386565659656852420866394968145599' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: secp256k1_montgomery_scalar //! machine_wordsize = 32 (from "32") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 (from "2^256 - 432420386565659656852420866394968145599") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_secp256k1_montgomery_scalar_u1 = u8; pub type fiat_secp256k1_montgomery_scalar_i1 = i8; pub type fiat_secp256k1_montgomery_scalar_u2 = u8; pub type fiat_secp256k1_montgomery_scalar_i2 = i8; /** The type fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element(pub [u32; 8]); impl core::ops::Index for fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element { type Output = u32; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_secp256k1_montgomery_scalar_addcarryx_u32 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^32 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_scalar_addcarryx_u32(out1: &mut u32, out2: &mut fiat_secp256k1_montgomery_scalar_u1, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u32, arg3: u32) { let x1: u64 = (((arg1 as u64) + (arg2 as u64)) + (arg3 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: fiat_secp256k1_montgomery_scalar_u1 = ((x1 >> 32) as fiat_secp256k1_montgomery_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_scalar_subborrowx_u32 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^32 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_scalar_subborrowx_u32(out1: &mut u32, out2: &mut fiat_secp256k1_montgomery_scalar_u1, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u32, arg3: u32) { let x1: i64 = (((arg2 as i64) - (arg1 as i64)) - (arg3 as i64)); let x2: fiat_secp256k1_montgomery_scalar_i1 = ((x1 >> 32) as fiat_secp256k1_montgomery_scalar_i1); let x3: u32 = ((x1 & (0xffffffff as i64)) as u32); *out1 = x3; *out2 = (((0x0 as fiat_secp256k1_montgomery_scalar_i2) - (x2 as fiat_secp256k1_montgomery_scalar_i2)) as fiat_secp256k1_montgomery_scalar_u1); } /// The function fiat_secp256k1_montgomery_scalar_mulx_u32 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^32 /// out2 = ⌊arg1 * arg2 / 2^32⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_mulx_u32(out1: &mut u32, out2: &mut u32, arg1: u32, arg2: u32) { let x1: u64 = ((arg1 as u64) * (arg2 as u64)); let x2: u32 = ((x1 & (0xffffffff as u64)) as u32); let x3: u32 = ((x1 >> 32) as u32); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_scalar_cmovznz_u32 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffff] /// arg3: [0x0 ~> 0xffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_cmovznz_u32(out1: &mut u32, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u32, arg3: u32) { let x1: fiat_secp256k1_montgomery_scalar_u1 = (!(!arg1)); let x2: u32 = ((((((0x0 as fiat_secp256k1_montgomery_scalar_i2) - (x1 as fiat_secp256k1_montgomery_scalar_i2)) as fiat_secp256k1_montgomery_scalar_i1) as i64) & (0xffffffff as i64)) as u32); let x3: u32 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_secp256k1_montgomery_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_mul(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg2[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg2[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg2[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg2[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg2[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg2[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg2[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg2[0])); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x40, &mut x41, x23, 0x5588b13f); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x48, &mut x49, x40, 0xfffffffe); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x50, &mut x51, x40, 0xbaaedce6); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x52, &mut x53, x40, 0xaf48a03b); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x54, &mut x55, x40, 0xbfd25e8c); let mut x56: u32 = 0; let mut x57: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x56, &mut x57, x40, 0xd0364141); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x58, &mut x59, 0x0, x57, x54); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x60, &mut x61, x59, x55, x52); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x62, &mut x63, x61, x53, x50); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x51, x48); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x66, &mut x67, x65, x49, x46); let mut x68: u32 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x68, &mut x69, x67, x47, x44); let mut x70: u32 = 0; let mut x71: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x70, &mut x71, x69, x45, x42); let x72: u32 = ((x71 as u32) + x43); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x73, &mut x74, 0x0, x23, x56); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x25, x58); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x27, x60); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x29, x62); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x31, x64); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x33, x66); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x85, &mut x86, x84, x35, x68); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x87, &mut x88, x86, x37, x70); let mut x89: u32 = 0; let mut x90: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x89, &mut x90, x88, x39, x72); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg2[7])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x93, &mut x94, x1, (arg2[6])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x95, &mut x96, x1, (arg2[5])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x97, &mut x98, x1, (arg2[4])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x99, &mut x100, x1, (arg2[3])); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x101, &mut x102, x1, (arg2[2])); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x103, &mut x104, x1, (arg2[1])); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x105, &mut x106, x1, (arg2[0])); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x107, &mut x108, 0x0, x106, x103); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x104, x101); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x102, x99); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x100, x97); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x98, x95); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x96, x93); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x94, x91); let x121: u32 = ((x120 as u32) + x92); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x122, &mut x123, 0x0, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x132, &mut x133, x131, x85, x115); let mut x134: u32 = 0; let mut x135: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x134, &mut x135, x133, x87, x117); let mut x136: u32 = 0; let mut x137: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x136, &mut x137, x135, x89, x119); let mut x138: u32 = 0; let mut x139: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x138, &mut x139, x137, (x90 as u32), x121); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x140, &mut x141, x122, 0x5588b13f); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x142, &mut x143, x140, 0xffffffff); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x144, &mut x145, x140, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x146, &mut x147, x140, 0xffffffff); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x148, &mut x149, x140, 0xfffffffe); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x150, &mut x151, x140, 0xbaaedce6); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x152, &mut x153, x140, 0xaf48a03b); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x154, &mut x155, x140, 0xbfd25e8c); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x156, &mut x157, x140, 0xd0364141); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x155, x152); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x162, &mut x163, x161, x153, x150); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x151, x148); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x149, x146); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x147, x144); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x145, x142); let x172: u32 = ((x171 as u32) + x143); let mut x173: u32 = 0; let mut x174: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x173, &mut x174, 0x0, x122, x156); let mut x175: u32 = 0; let mut x176: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x124, x158); let mut x177: u32 = 0; let mut x178: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x126, x160); let mut x179: u32 = 0; let mut x180: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x128, x162); let mut x181: u32 = 0; let mut x182: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x181, &mut x182, x180, x130, x164); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x183, &mut x184, x182, x132, x166); let mut x185: u32 = 0; let mut x186: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x185, &mut x186, x184, x134, x168); let mut x187: u32 = 0; let mut x188: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x187, &mut x188, x186, x136, x170); let mut x189: u32 = 0; let mut x190: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x189, &mut x190, x188, x138, x172); let x191: u32 = ((x190 as u32) + (x139 as u32)); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x192, &mut x193, x2, (arg2[7])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x194, &mut x195, x2, (arg2[6])); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x196, &mut x197, x2, (arg2[5])); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x198, &mut x199, x2, (arg2[4])); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x200, &mut x201, x2, (arg2[3])); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x202, &mut x203, x2, (arg2[2])); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x204, &mut x205, x2, (arg2[1])); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x206, &mut x207, x2, (arg2[0])); let mut x208: u32 = 0; let mut x209: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x208, &mut x209, 0x0, x207, x204); let mut x210: u32 = 0; let mut x211: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x210, &mut x211, x209, x205, x202); let mut x212: u32 = 0; let mut x213: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x212, &mut x213, x211, x203, x200); let mut x214: u32 = 0; let mut x215: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x214, &mut x215, x213, x201, x198); let mut x216: u32 = 0; let mut x217: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x216, &mut x217, x215, x199, x196); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x218, &mut x219, x217, x197, x194); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x195, x192); let x222: u32 = ((x221 as u32) + x193); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x223, &mut x224, 0x0, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x181, x212); let mut x231: u32 = 0; let mut x232: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x231, &mut x232, x230, x183, x214); let mut x233: u32 = 0; let mut x234: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x233, &mut x234, x232, x185, x216); let mut x235: u32 = 0; let mut x236: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x235, &mut x236, x234, x187, x218); let mut x237: u32 = 0; let mut x238: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x237, &mut x238, x236, x189, x220); let mut x239: u32 = 0; let mut x240: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x239, &mut x240, x238, x191, x222); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x241, &mut x242, x223, 0x5588b13f); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x243, &mut x244, x241, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x245, &mut x246, x241, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x247, &mut x248, x241, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x249, &mut x250, x241, 0xfffffffe); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x251, &mut x252, x241, 0xbaaedce6); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x253, &mut x254, x241, 0xaf48a03b); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x255, &mut x256, x241, 0xbfd25e8c); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x257, &mut x258, x241, 0xd0364141); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x259, &mut x260, 0x0, x258, x255); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x256, x253); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x263, &mut x264, x262, x254, x251); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x252, x249); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x250, x247); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x248, x245); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x246, x243); let x273: u32 = ((x272 as u32) + x244); let mut x274: u32 = 0; let mut x275: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x274, &mut x275, 0x0, x223, x257); let mut x276: u32 = 0; let mut x277: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x276, &mut x277, x275, x225, x259); let mut x278: u32 = 0; let mut x279: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x278, &mut x279, x277, x227, x261); let mut x280: u32 = 0; let mut x281: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x280, &mut x281, x279, x229, x263); let mut x282: u32 = 0; let mut x283: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x282, &mut x283, x281, x231, x265); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x233, x267); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x235, x269); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x237, x271); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x239, x273); let x292: u32 = ((x291 as u32) + (x240 as u32)); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x293, &mut x294, x3, (arg2[7])); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x295, &mut x296, x3, (arg2[6])); let mut x297: u32 = 0; let mut x298: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x297, &mut x298, x3, (arg2[5])); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x299, &mut x300, x3, (arg2[4])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x301, &mut x302, x3, (arg2[3])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x303, &mut x304, x3, (arg2[2])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x305, &mut x306, x3, (arg2[1])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x307, &mut x308, x3, (arg2[0])); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x311, &mut x312, x310, x306, x303); let mut x313: u32 = 0; let mut x314: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x313, &mut x314, x312, x304, x301); let mut x315: u32 = 0; let mut x316: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x315, &mut x316, x314, x302, x299); let mut x317: u32 = 0; let mut x318: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x317, &mut x318, x316, x300, x297); let mut x319: u32 = 0; let mut x320: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x319, &mut x320, x318, x298, x295); let mut x321: u32 = 0; let mut x322: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x296, x293); let x323: u32 = ((x322 as u32) + x294); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x324, &mut x325, 0x0, x276, x307); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x278, x309); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x280, x311); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x330, &mut x331, x329, x282, x313); let mut x332: u32 = 0; let mut x333: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x332, &mut x333, x331, x284, x315); let mut x334: u32 = 0; let mut x335: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x334, &mut x335, x333, x286, x317); let mut x336: u32 = 0; let mut x337: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x336, &mut x337, x335, x288, x319); let mut x338: u32 = 0; let mut x339: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x338, &mut x339, x337, x290, x321); let mut x340: u32 = 0; let mut x341: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x340, &mut x341, x339, x292, x323); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x342, &mut x343, x324, 0x5588b13f); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x350, &mut x351, x342, 0xfffffffe); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x352, &mut x353, x342, 0xbaaedce6); let mut x354: u32 = 0; let mut x355: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x354, &mut x355, x342, 0xaf48a03b); let mut x356: u32 = 0; let mut x357: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x356, &mut x357, x342, 0xbfd25e8c); let mut x358: u32 = 0; let mut x359: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x358, &mut x359, x342, 0xd0364141); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x360, &mut x361, 0x0, x359, x356); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x357, x354); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x364, &mut x365, x363, x355, x352); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x353, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x368, &mut x369, x367, x351, x348); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x370, &mut x371, x369, x349, x346); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x372, &mut x373, x371, x347, x344); let x374: u32 = ((x373 as u32) + x345); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x375, &mut x376, 0x0, x324, x358); let mut x377: u32 = 0; let mut x378: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x326, x360); let mut x379: u32 = 0; let mut x380: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x328, x362); let mut x381: u32 = 0; let mut x382: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x330, x364); let mut x383: u32 = 0; let mut x384: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x332, x366); let mut x385: u32 = 0; let mut x386: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x334, x368); let mut x387: u32 = 0; let mut x388: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x336, x370); let mut x389: u32 = 0; let mut x390: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x338, x372); let mut x391: u32 = 0; let mut x392: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x340, x374); let x393: u32 = ((x392 as u32) + (x341 as u32)); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x394, &mut x395, x4, (arg2[7])); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x396, &mut x397, x4, (arg2[6])); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x398, &mut x399, x4, (arg2[5])); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x400, &mut x401, x4, (arg2[4])); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x402, &mut x403, x4, (arg2[3])); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x404, &mut x405, x4, (arg2[2])); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x406, &mut x407, x4, (arg2[1])); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x408, &mut x409, x4, (arg2[0])); let mut x410: u32 = 0; let mut x411: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x410, &mut x411, 0x0, x409, x406); let mut x412: u32 = 0; let mut x413: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x407, x404); let mut x414: u32 = 0; let mut x415: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x405, x402); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x403, x400); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x401, x398); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x399, x396); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x397, x394); let x424: u32 = ((x423 as u32) + x395); let mut x425: u32 = 0; let mut x426: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x425, &mut x426, 0x0, x377, x408); let mut x427: u32 = 0; let mut x428: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x427, &mut x428, x426, x379, x410); let mut x429: u32 = 0; let mut x430: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x429, &mut x430, x428, x381, x412); let mut x431: u32 = 0; let mut x432: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x431, &mut x432, x430, x383, x414); let mut x433: u32 = 0; let mut x434: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x433, &mut x434, x432, x385, x416); let mut x435: u32 = 0; let mut x436: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x435, &mut x436, x434, x387, x418); let mut x437: u32 = 0; let mut x438: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x437, &mut x438, x436, x389, x420); let mut x439: u32 = 0; let mut x440: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x439, &mut x440, x438, x391, x422); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x441, &mut x442, x440, x393, x424); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x443, &mut x444, x425, 0x5588b13f); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x445, &mut x446, x443, 0xffffffff); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x447, &mut x448, x443, 0xffffffff); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x449, &mut x450, x443, 0xffffffff); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x451, &mut x452, x443, 0xfffffffe); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x453, &mut x454, x443, 0xbaaedce6); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x455, &mut x456, x443, 0xaf48a03b); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x457, &mut x458, x443, 0xbfd25e8c); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x459, &mut x460, x443, 0xd0364141); let mut x461: u32 = 0; let mut x462: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x461, &mut x462, 0x0, x460, x457); let mut x463: u32 = 0; let mut x464: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x458, x455); let mut x465: u32 = 0; let mut x466: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x456, x453); let mut x467: u32 = 0; let mut x468: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x454, x451); let mut x469: u32 = 0; let mut x470: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x452, x449); let mut x471: u32 = 0; let mut x472: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x450, x447); let mut x473: u32 = 0; let mut x474: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x473, &mut x474, x472, x448, x445); let x475: u32 = ((x474 as u32) + x446); let mut x476: u32 = 0; let mut x477: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x476, &mut x477, 0x0, x425, x459); let mut x478: u32 = 0; let mut x479: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x478, &mut x479, x477, x427, x461); let mut x480: u32 = 0; let mut x481: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x480, &mut x481, x479, x429, x463); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x482, &mut x483, x481, x431, x465); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x433, x467); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x435, x469); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x437, x471); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x439, x473); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x492, &mut x493, x491, x441, x475); let x494: u32 = ((x493 as u32) + (x442 as u32)); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x495, &mut x496, x5, (arg2[7])); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x497, &mut x498, x5, (arg2[6])); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x499, &mut x500, x5, (arg2[5])); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x501, &mut x502, x5, (arg2[4])); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x503, &mut x504, x5, (arg2[3])); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x505, &mut x506, x5, (arg2[2])); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x507, &mut x508, x5, (arg2[1])); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x509, &mut x510, x5, (arg2[0])); let mut x511: u32 = 0; let mut x512: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x511, &mut x512, 0x0, x510, x507); let mut x513: u32 = 0; let mut x514: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x513, &mut x514, x512, x508, x505); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x515, &mut x516, x514, x506, x503); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x517, &mut x518, x516, x504, x501); let mut x519: u32 = 0; let mut x520: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x519, &mut x520, x518, x502, x499); let mut x521: u32 = 0; let mut x522: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x521, &mut x522, x520, x500, x497); let mut x523: u32 = 0; let mut x524: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x523, &mut x524, x522, x498, x495); let x525: u32 = ((x524 as u32) + x496); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x526, &mut x527, 0x0, x478, x509); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x528, &mut x529, x527, x480, x511); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x530, &mut x531, x529, x482, x513); let mut x532: u32 = 0; let mut x533: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x484, x515); let mut x534: u32 = 0; let mut x535: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x486, x517); let mut x536: u32 = 0; let mut x537: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x488, x519); let mut x538: u32 = 0; let mut x539: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x490, x521); let mut x540: u32 = 0; let mut x541: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x492, x523); let mut x542: u32 = 0; let mut x543: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x542, &mut x543, x541, x494, x525); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x544, &mut x545, x526, 0x5588b13f); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x546, &mut x547, x544, 0xffffffff); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x548, &mut x549, x544, 0xffffffff); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x550, &mut x551, x544, 0xffffffff); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x552, &mut x553, x544, 0xfffffffe); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x554, &mut x555, x544, 0xbaaedce6); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x556, &mut x557, x544, 0xaf48a03b); let mut x558: u32 = 0; let mut x559: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x558, &mut x559, x544, 0xbfd25e8c); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x560, &mut x561, x544, 0xd0364141); let mut x562: u32 = 0; let mut x563: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x562, &mut x563, 0x0, x561, x558); let mut x564: u32 = 0; let mut x565: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x564, &mut x565, x563, x559, x556); let mut x566: u32 = 0; let mut x567: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x566, &mut x567, x565, x557, x554); let mut x568: u32 = 0; let mut x569: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x568, &mut x569, x567, x555, x552); let mut x570: u32 = 0; let mut x571: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x570, &mut x571, x569, x553, x550); let mut x572: u32 = 0; let mut x573: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x572, &mut x573, x571, x551, x548); let mut x574: u32 = 0; let mut x575: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x574, &mut x575, x573, x549, x546); let x576: u32 = ((x575 as u32) + x547); let mut x577: u32 = 0; let mut x578: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x577, &mut x578, 0x0, x526, x560); let mut x579: u32 = 0; let mut x580: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x579, &mut x580, x578, x528, x562); let mut x581: u32 = 0; let mut x582: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x581, &mut x582, x580, x530, x564); let mut x583: u32 = 0; let mut x584: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x583, &mut x584, x582, x532, x566); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x585, &mut x586, x584, x534, x568); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x587, &mut x588, x586, x536, x570); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x589, &mut x590, x588, x538, x572); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x591, &mut x592, x590, x540, x574); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x542, x576); let x595: u32 = ((x594 as u32) + (x543 as u32)); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x596, &mut x597, x6, (arg2[7])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x598, &mut x599, x6, (arg2[6])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x600, &mut x601, x6, (arg2[5])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x602, &mut x603, x6, (arg2[4])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x604, &mut x605, x6, (arg2[3])); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x606, &mut x607, x6, (arg2[2])); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x608, &mut x609, x6, (arg2[1])); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x610, &mut x611, x6, (arg2[0])); let mut x612: u32 = 0; let mut x613: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x612, &mut x613, 0x0, x611, x608); let mut x614: u32 = 0; let mut x615: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x614, &mut x615, x613, x609, x606); let mut x616: u32 = 0; let mut x617: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x616, &mut x617, x615, x607, x604); let mut x618: u32 = 0; let mut x619: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x618, &mut x619, x617, x605, x602); let mut x620: u32 = 0; let mut x621: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x620, &mut x621, x619, x603, x600); let mut x622: u32 = 0; let mut x623: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x622, &mut x623, x621, x601, x598); let mut x624: u32 = 0; let mut x625: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x624, &mut x625, x623, x599, x596); let x626: u32 = ((x625 as u32) + x597); let mut x627: u32 = 0; let mut x628: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x627, &mut x628, 0x0, x579, x610); let mut x629: u32 = 0; let mut x630: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x581, x612); let mut x631: u32 = 0; let mut x632: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x583, x614); let mut x633: u32 = 0; let mut x634: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x585, x616); let mut x635: u32 = 0; let mut x636: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x635, &mut x636, x634, x587, x618); let mut x637: u32 = 0; let mut x638: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x637, &mut x638, x636, x589, x620); let mut x639: u32 = 0; let mut x640: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x639, &mut x640, x638, x591, x622); let mut x641: u32 = 0; let mut x642: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x593, x624); let mut x643: u32 = 0; let mut x644: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x595, x626); let mut x645: u32 = 0; let mut x646: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x645, &mut x646, x627, 0x5588b13f); let mut x647: u32 = 0; let mut x648: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x647, &mut x648, x645, 0xffffffff); let mut x649: u32 = 0; let mut x650: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x649, &mut x650, x645, 0xffffffff); let mut x651: u32 = 0; let mut x652: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x651, &mut x652, x645, 0xffffffff); let mut x653: u32 = 0; let mut x654: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x653, &mut x654, x645, 0xfffffffe); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x655, &mut x656, x645, 0xbaaedce6); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x657, &mut x658, x645, 0xaf48a03b); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x659, &mut x660, x645, 0xbfd25e8c); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x661, &mut x662, x645, 0xd0364141); let mut x663: u32 = 0; let mut x664: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x663, &mut x664, 0x0, x662, x659); let mut x665: u32 = 0; let mut x666: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x665, &mut x666, x664, x660, x657); let mut x667: u32 = 0; let mut x668: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x667, &mut x668, x666, x658, x655); let mut x669: u32 = 0; let mut x670: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x669, &mut x670, x668, x656, x653); let mut x671: u32 = 0; let mut x672: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x671, &mut x672, x670, x654, x651); let mut x673: u32 = 0; let mut x674: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x652, x649); let mut x675: u32 = 0; let mut x676: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x650, x647); let x677: u32 = ((x676 as u32) + x648); let mut x678: u32 = 0; let mut x679: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x678, &mut x679, 0x0, x627, x661); let mut x680: u32 = 0; let mut x681: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x680, &mut x681, x679, x629, x663); let mut x682: u32 = 0; let mut x683: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x682, &mut x683, x681, x631, x665); let mut x684: u32 = 0; let mut x685: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x684, &mut x685, x683, x633, x667); let mut x686: u32 = 0; let mut x687: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x686, &mut x687, x685, x635, x669); let mut x688: u32 = 0; let mut x689: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x688, &mut x689, x687, x637, x671); let mut x690: u32 = 0; let mut x691: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x690, &mut x691, x689, x639, x673); let mut x692: u32 = 0; let mut x693: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x692, &mut x693, x691, x641, x675); let mut x694: u32 = 0; let mut x695: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x694, &mut x695, x693, x643, x677); let x696: u32 = ((x695 as u32) + (x644 as u32)); let mut x697: u32 = 0; let mut x698: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x697, &mut x698, x7, (arg2[7])); let mut x699: u32 = 0; let mut x700: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x699, &mut x700, x7, (arg2[6])); let mut x701: u32 = 0; let mut x702: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x701, &mut x702, x7, (arg2[5])); let mut x703: u32 = 0; let mut x704: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x703, &mut x704, x7, (arg2[4])); let mut x705: u32 = 0; let mut x706: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x705, &mut x706, x7, (arg2[3])); let mut x707: u32 = 0; let mut x708: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x707, &mut x708, x7, (arg2[2])); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x709, &mut x710, x7, (arg2[1])); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x711, &mut x712, x7, (arg2[0])); let mut x713: u32 = 0; let mut x714: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x713, &mut x714, 0x0, x712, x709); let mut x715: u32 = 0; let mut x716: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x715, &mut x716, x714, x710, x707); let mut x717: u32 = 0; let mut x718: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x717, &mut x718, x716, x708, x705); let mut x719: u32 = 0; let mut x720: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x719, &mut x720, x718, x706, x703); let mut x721: u32 = 0; let mut x722: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x721, &mut x722, x720, x704, x701); let mut x723: u32 = 0; let mut x724: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x723, &mut x724, x722, x702, x699); let mut x725: u32 = 0; let mut x726: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x725, &mut x726, x724, x700, x697); let x727: u32 = ((x726 as u32) + x698); let mut x728: u32 = 0; let mut x729: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x728, &mut x729, 0x0, x680, x711); let mut x730: u32 = 0; let mut x731: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x730, &mut x731, x729, x682, x713); let mut x732: u32 = 0; let mut x733: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x732, &mut x733, x731, x684, x715); let mut x734: u32 = 0; let mut x735: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x734, &mut x735, x733, x686, x717); let mut x736: u32 = 0; let mut x737: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x736, &mut x737, x735, x688, x719); let mut x738: u32 = 0; let mut x739: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x738, &mut x739, x737, x690, x721); let mut x740: u32 = 0; let mut x741: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x740, &mut x741, x739, x692, x723); let mut x742: u32 = 0; let mut x743: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x742, &mut x743, x741, x694, x725); let mut x744: u32 = 0; let mut x745: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x744, &mut x745, x743, x696, x727); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x746, &mut x747, x728, 0x5588b13f); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x748, &mut x749, x746, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x750, &mut x751, x746, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x752, &mut x753, x746, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x754, &mut x755, x746, 0xfffffffe); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x756, &mut x757, x746, 0xbaaedce6); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x758, &mut x759, x746, 0xaf48a03b); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x760, &mut x761, x746, 0xbfd25e8c); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x762, &mut x763, x746, 0xd0364141); let mut x764: u32 = 0; let mut x765: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x764, &mut x765, 0x0, x763, x760); let mut x766: u32 = 0; let mut x767: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x766, &mut x767, x765, x761, x758); let mut x768: u32 = 0; let mut x769: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x768, &mut x769, x767, x759, x756); let mut x770: u32 = 0; let mut x771: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x770, &mut x771, x769, x757, x754); let mut x772: u32 = 0; let mut x773: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x772, &mut x773, x771, x755, x752); let mut x774: u32 = 0; let mut x775: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x774, &mut x775, x773, x753, x750); let mut x776: u32 = 0; let mut x777: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x776, &mut x777, x775, x751, x748); let x778: u32 = ((x777 as u32) + x749); let mut x779: u32 = 0; let mut x780: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x779, &mut x780, 0x0, x728, x762); let mut x781: u32 = 0; let mut x782: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x781, &mut x782, x780, x730, x764); let mut x783: u32 = 0; let mut x784: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x783, &mut x784, x782, x732, x766); let mut x785: u32 = 0; let mut x786: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x785, &mut x786, x784, x734, x768); let mut x787: u32 = 0; let mut x788: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x787, &mut x788, x786, x736, x770); let mut x789: u32 = 0; let mut x790: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x789, &mut x790, x788, x738, x772); let mut x791: u32 = 0; let mut x792: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x791, &mut x792, x790, x740, x774); let mut x793: u32 = 0; let mut x794: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x793, &mut x794, x792, x742, x776); let mut x795: u32 = 0; let mut x796: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x795, &mut x796, x794, x744, x778); let x797: u32 = ((x796 as u32) + (x745 as u32)); let mut x798: u32 = 0; let mut x799: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x798, &mut x799, 0x0, x781, 0xd0364141); let mut x800: u32 = 0; let mut x801: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x800, &mut x801, x799, x783, 0xbfd25e8c); let mut x802: u32 = 0; let mut x803: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x802, &mut x803, x801, x785, 0xaf48a03b); let mut x804: u32 = 0; let mut x805: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x804, &mut x805, x803, x787, 0xbaaedce6); let mut x806: u32 = 0; let mut x807: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x806, &mut x807, x805, x789, 0xfffffffe); let mut x808: u32 = 0; let mut x809: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x808, &mut x809, x807, x791, 0xffffffff); let mut x810: u32 = 0; let mut x811: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x810, &mut x811, x809, x793, 0xffffffff); let mut x812: u32 = 0; let mut x813: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x812, &mut x813, x811, x795, 0xffffffff); let mut x814: u32 = 0; let mut x815: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x814, &mut x815, x813, x797, (0x0 as u32)); let mut x816: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x816, x815, x798, x781); let mut x817: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x817, x815, x800, x783); let mut x818: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x818, x815, x802, x785); let mut x819: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x819, x815, x804, x787); let mut x820: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x820, x815, x806, x789); let mut x821: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x821, x815, x808, x791); let mut x822: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x822, x815, x810, x793); let mut x823: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x823, x815, x812, x795); out1[0] = x816; out1[1] = x817; out1[2] = x818; out1[3] = x819; out1[4] = x820; out1[5] = x821; out1[6] = x822; out1[7] = x823; } /// The function fiat_secp256k1_montgomery_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_square(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x9, &mut x10, x8, (arg1[7])); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x11, &mut x12, x8, (arg1[6])); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x13, &mut x14, x8, (arg1[5])); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x15, &mut x16, x8, (arg1[4])); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x17, &mut x18, x8, (arg1[3])); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x19, &mut x20, x8, (arg1[2])); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x21, &mut x22, x8, (arg1[1])); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x23, &mut x24, x8, (arg1[0])); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let x39: u32 = ((x38 as u32) + x10); let mut x40: u32 = 0; let mut x41: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x40, &mut x41, x23, 0x5588b13f); let mut x42: u32 = 0; let mut x43: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x42, &mut x43, x40, 0xffffffff); let mut x44: u32 = 0; let mut x45: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x44, &mut x45, x40, 0xffffffff); let mut x46: u32 = 0; let mut x47: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x46, &mut x47, x40, 0xffffffff); let mut x48: u32 = 0; let mut x49: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x48, &mut x49, x40, 0xfffffffe); let mut x50: u32 = 0; let mut x51: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x50, &mut x51, x40, 0xbaaedce6); let mut x52: u32 = 0; let mut x53: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x52, &mut x53, x40, 0xaf48a03b); let mut x54: u32 = 0; let mut x55: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x54, &mut x55, x40, 0xbfd25e8c); let mut x56: u32 = 0; let mut x57: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x56, &mut x57, x40, 0xd0364141); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x58, &mut x59, 0x0, x57, x54); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x60, &mut x61, x59, x55, x52); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x62, &mut x63, x61, x53, x50); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x51, x48); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x66, &mut x67, x65, x49, x46); let mut x68: u32 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x68, &mut x69, x67, x47, x44); let mut x70: u32 = 0; let mut x71: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x70, &mut x71, x69, x45, x42); let x72: u32 = ((x71 as u32) + x43); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x73, &mut x74, 0x0, x23, x56); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x25, x58); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x27, x60); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x29, x62); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x31, x64); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x33, x66); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x85, &mut x86, x84, x35, x68); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x87, &mut x88, x86, x37, x70); let mut x89: u32 = 0; let mut x90: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x89, &mut x90, x88, x39, x72); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x91, &mut x92, x1, (arg1[7])); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x93, &mut x94, x1, (arg1[6])); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x95, &mut x96, x1, (arg1[5])); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x97, &mut x98, x1, (arg1[4])); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x99, &mut x100, x1, (arg1[3])); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x101, &mut x102, x1, (arg1[2])); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x103, &mut x104, x1, (arg1[1])); let mut x105: u32 = 0; let mut x106: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x105, &mut x106, x1, (arg1[0])); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x107, &mut x108, 0x0, x106, x103); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x104, x101); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x102, x99); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x100, x97); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x98, x95); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x96, x93); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x119, &mut x120, x118, x94, x91); let x121: u32 = ((x120 as u32) + x92); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x122, &mut x123, 0x0, x75, x105); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x77, x107); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x126, &mut x127, x125, x79, x109); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x81, x111); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x83, x113); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x132, &mut x133, x131, x85, x115); let mut x134: u32 = 0; let mut x135: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x134, &mut x135, x133, x87, x117); let mut x136: u32 = 0; let mut x137: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x136, &mut x137, x135, x89, x119); let mut x138: u32 = 0; let mut x139: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x138, &mut x139, x137, (x90 as u32), x121); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x140, &mut x141, x122, 0x5588b13f); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x142, &mut x143, x140, 0xffffffff); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x144, &mut x145, x140, 0xffffffff); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x146, &mut x147, x140, 0xffffffff); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x148, &mut x149, x140, 0xfffffffe); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x150, &mut x151, x140, 0xbaaedce6); let mut x152: u32 = 0; let mut x153: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x152, &mut x153, x140, 0xaf48a03b); let mut x154: u32 = 0; let mut x155: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x154, &mut x155, x140, 0xbfd25e8c); let mut x156: u32 = 0; let mut x157: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x156, &mut x157, x140, 0xd0364141); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x158, &mut x159, 0x0, x157, x154); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x155, x152); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x162, &mut x163, x161, x153, x150); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x151, x148); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x166, &mut x167, x165, x149, x146); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x147, x144); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x145, x142); let x172: u32 = ((x171 as u32) + x143); let mut x173: u32 = 0; let mut x174: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x173, &mut x174, 0x0, x122, x156); let mut x175: u32 = 0; let mut x176: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x124, x158); let mut x177: u32 = 0; let mut x178: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x126, x160); let mut x179: u32 = 0; let mut x180: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x128, x162); let mut x181: u32 = 0; let mut x182: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x181, &mut x182, x180, x130, x164); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x183, &mut x184, x182, x132, x166); let mut x185: u32 = 0; let mut x186: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x185, &mut x186, x184, x134, x168); let mut x187: u32 = 0; let mut x188: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x187, &mut x188, x186, x136, x170); let mut x189: u32 = 0; let mut x190: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x189, &mut x190, x188, x138, x172); let x191: u32 = ((x190 as u32) + (x139 as u32)); let mut x192: u32 = 0; let mut x193: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x192, &mut x193, x2, (arg1[7])); let mut x194: u32 = 0; let mut x195: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x194, &mut x195, x2, (arg1[6])); let mut x196: u32 = 0; let mut x197: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x196, &mut x197, x2, (arg1[5])); let mut x198: u32 = 0; let mut x199: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x198, &mut x199, x2, (arg1[4])); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x200, &mut x201, x2, (arg1[3])); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x202, &mut x203, x2, (arg1[2])); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x204, &mut x205, x2, (arg1[1])); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x206, &mut x207, x2, (arg1[0])); let mut x208: u32 = 0; let mut x209: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x208, &mut x209, 0x0, x207, x204); let mut x210: u32 = 0; let mut x211: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x210, &mut x211, x209, x205, x202); let mut x212: u32 = 0; let mut x213: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x212, &mut x213, x211, x203, x200); let mut x214: u32 = 0; let mut x215: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x214, &mut x215, x213, x201, x198); let mut x216: u32 = 0; let mut x217: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x216, &mut x217, x215, x199, x196); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x218, &mut x219, x217, x197, x194); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x195, x192); let x222: u32 = ((x221 as u32) + x193); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x223, &mut x224, 0x0, x175, x206); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x177, x208); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x179, x210); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x181, x212); let mut x231: u32 = 0; let mut x232: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x231, &mut x232, x230, x183, x214); let mut x233: u32 = 0; let mut x234: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x233, &mut x234, x232, x185, x216); let mut x235: u32 = 0; let mut x236: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x235, &mut x236, x234, x187, x218); let mut x237: u32 = 0; let mut x238: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x237, &mut x238, x236, x189, x220); let mut x239: u32 = 0; let mut x240: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x239, &mut x240, x238, x191, x222); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x241, &mut x242, x223, 0x5588b13f); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x243, &mut x244, x241, 0xffffffff); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x245, &mut x246, x241, 0xffffffff); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x247, &mut x248, x241, 0xffffffff); let mut x249: u32 = 0; let mut x250: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x249, &mut x250, x241, 0xfffffffe); let mut x251: u32 = 0; let mut x252: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x251, &mut x252, x241, 0xbaaedce6); let mut x253: u32 = 0; let mut x254: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x253, &mut x254, x241, 0xaf48a03b); let mut x255: u32 = 0; let mut x256: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x255, &mut x256, x241, 0xbfd25e8c); let mut x257: u32 = 0; let mut x258: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x257, &mut x258, x241, 0xd0364141); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x259, &mut x260, 0x0, x258, x255); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x256, x253); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x263, &mut x264, x262, x254, x251); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x252, x249); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x250, x247); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x248, x245); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x246, x243); let x273: u32 = ((x272 as u32) + x244); let mut x274: u32 = 0; let mut x275: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x274, &mut x275, 0x0, x223, x257); let mut x276: u32 = 0; let mut x277: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x276, &mut x277, x275, x225, x259); let mut x278: u32 = 0; let mut x279: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x278, &mut x279, x277, x227, x261); let mut x280: u32 = 0; let mut x281: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x280, &mut x281, x279, x229, x263); let mut x282: u32 = 0; let mut x283: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x282, &mut x283, x281, x231, x265); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x284, &mut x285, x283, x233, x267); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x235, x269); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x237, x271); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x239, x273); let x292: u32 = ((x291 as u32) + (x240 as u32)); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x293, &mut x294, x3, (arg1[7])); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x295, &mut x296, x3, (arg1[6])); let mut x297: u32 = 0; let mut x298: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x297, &mut x298, x3, (arg1[5])); let mut x299: u32 = 0; let mut x300: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x299, &mut x300, x3, (arg1[4])); let mut x301: u32 = 0; let mut x302: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x301, &mut x302, x3, (arg1[3])); let mut x303: u32 = 0; let mut x304: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x303, &mut x304, x3, (arg1[2])); let mut x305: u32 = 0; let mut x306: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x305, &mut x306, x3, (arg1[1])); let mut x307: u32 = 0; let mut x308: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x307, &mut x308, x3, (arg1[0])); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x309, &mut x310, 0x0, x308, x305); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x311, &mut x312, x310, x306, x303); let mut x313: u32 = 0; let mut x314: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x313, &mut x314, x312, x304, x301); let mut x315: u32 = 0; let mut x316: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x315, &mut x316, x314, x302, x299); let mut x317: u32 = 0; let mut x318: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x317, &mut x318, x316, x300, x297); let mut x319: u32 = 0; let mut x320: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x319, &mut x320, x318, x298, x295); let mut x321: u32 = 0; let mut x322: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x296, x293); let x323: u32 = ((x322 as u32) + x294); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x324, &mut x325, 0x0, x276, x307); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x278, x309); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x280, x311); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x330, &mut x331, x329, x282, x313); let mut x332: u32 = 0; let mut x333: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x332, &mut x333, x331, x284, x315); let mut x334: u32 = 0; let mut x335: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x334, &mut x335, x333, x286, x317); let mut x336: u32 = 0; let mut x337: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x336, &mut x337, x335, x288, x319); let mut x338: u32 = 0; let mut x339: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x338, &mut x339, x337, x290, x321); let mut x340: u32 = 0; let mut x341: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x340, &mut x341, x339, x292, x323); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x342, &mut x343, x324, 0x5588b13f); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x344, &mut x345, x342, 0xffffffff); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x346, &mut x347, x342, 0xffffffff); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x348, &mut x349, x342, 0xffffffff); let mut x350: u32 = 0; let mut x351: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x350, &mut x351, x342, 0xfffffffe); let mut x352: u32 = 0; let mut x353: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x352, &mut x353, x342, 0xbaaedce6); let mut x354: u32 = 0; let mut x355: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x354, &mut x355, x342, 0xaf48a03b); let mut x356: u32 = 0; let mut x357: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x356, &mut x357, x342, 0xbfd25e8c); let mut x358: u32 = 0; let mut x359: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x358, &mut x359, x342, 0xd0364141); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x360, &mut x361, 0x0, x359, x356); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x357, x354); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x364, &mut x365, x363, x355, x352); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x353, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x368, &mut x369, x367, x351, x348); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x370, &mut x371, x369, x349, x346); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x372, &mut x373, x371, x347, x344); let x374: u32 = ((x373 as u32) + x345); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x375, &mut x376, 0x0, x324, x358); let mut x377: u32 = 0; let mut x378: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x377, &mut x378, x376, x326, x360); let mut x379: u32 = 0; let mut x380: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x379, &mut x380, x378, x328, x362); let mut x381: u32 = 0; let mut x382: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x381, &mut x382, x380, x330, x364); let mut x383: u32 = 0; let mut x384: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x383, &mut x384, x382, x332, x366); let mut x385: u32 = 0; let mut x386: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x385, &mut x386, x384, x334, x368); let mut x387: u32 = 0; let mut x388: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x387, &mut x388, x386, x336, x370); let mut x389: u32 = 0; let mut x390: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x389, &mut x390, x388, x338, x372); let mut x391: u32 = 0; let mut x392: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x391, &mut x392, x390, x340, x374); let x393: u32 = ((x392 as u32) + (x341 as u32)); let mut x394: u32 = 0; let mut x395: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x394, &mut x395, x4, (arg1[7])); let mut x396: u32 = 0; let mut x397: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x396, &mut x397, x4, (arg1[6])); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x398, &mut x399, x4, (arg1[5])); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x400, &mut x401, x4, (arg1[4])); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x402, &mut x403, x4, (arg1[3])); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x404, &mut x405, x4, (arg1[2])); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x406, &mut x407, x4, (arg1[1])); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x408, &mut x409, x4, (arg1[0])); let mut x410: u32 = 0; let mut x411: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x410, &mut x411, 0x0, x409, x406); let mut x412: u32 = 0; let mut x413: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x412, &mut x413, x411, x407, x404); let mut x414: u32 = 0; let mut x415: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x414, &mut x415, x413, x405, x402); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x416, &mut x417, x415, x403, x400); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x401, x398); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x399, x396); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x397, x394); let x424: u32 = ((x423 as u32) + x395); let mut x425: u32 = 0; let mut x426: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x425, &mut x426, 0x0, x377, x408); let mut x427: u32 = 0; let mut x428: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x427, &mut x428, x426, x379, x410); let mut x429: u32 = 0; let mut x430: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x429, &mut x430, x428, x381, x412); let mut x431: u32 = 0; let mut x432: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x431, &mut x432, x430, x383, x414); let mut x433: u32 = 0; let mut x434: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x433, &mut x434, x432, x385, x416); let mut x435: u32 = 0; let mut x436: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x435, &mut x436, x434, x387, x418); let mut x437: u32 = 0; let mut x438: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x437, &mut x438, x436, x389, x420); let mut x439: u32 = 0; let mut x440: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x439, &mut x440, x438, x391, x422); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x441, &mut x442, x440, x393, x424); let mut x443: u32 = 0; let mut x444: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x443, &mut x444, x425, 0x5588b13f); let mut x445: u32 = 0; let mut x446: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x445, &mut x446, x443, 0xffffffff); let mut x447: u32 = 0; let mut x448: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x447, &mut x448, x443, 0xffffffff); let mut x449: u32 = 0; let mut x450: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x449, &mut x450, x443, 0xffffffff); let mut x451: u32 = 0; let mut x452: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x451, &mut x452, x443, 0xfffffffe); let mut x453: u32 = 0; let mut x454: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x453, &mut x454, x443, 0xbaaedce6); let mut x455: u32 = 0; let mut x456: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x455, &mut x456, x443, 0xaf48a03b); let mut x457: u32 = 0; let mut x458: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x457, &mut x458, x443, 0xbfd25e8c); let mut x459: u32 = 0; let mut x460: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x459, &mut x460, x443, 0xd0364141); let mut x461: u32 = 0; let mut x462: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x461, &mut x462, 0x0, x460, x457); let mut x463: u32 = 0; let mut x464: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x458, x455); let mut x465: u32 = 0; let mut x466: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x456, x453); let mut x467: u32 = 0; let mut x468: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x454, x451); let mut x469: u32 = 0; let mut x470: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x452, x449); let mut x471: u32 = 0; let mut x472: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x471, &mut x472, x470, x450, x447); let mut x473: u32 = 0; let mut x474: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x473, &mut x474, x472, x448, x445); let x475: u32 = ((x474 as u32) + x446); let mut x476: u32 = 0; let mut x477: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x476, &mut x477, 0x0, x425, x459); let mut x478: u32 = 0; let mut x479: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x478, &mut x479, x477, x427, x461); let mut x480: u32 = 0; let mut x481: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x480, &mut x481, x479, x429, x463); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x482, &mut x483, x481, x431, x465); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x433, x467); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x435, x469); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x437, x471); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x439, x473); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x492, &mut x493, x491, x441, x475); let x494: u32 = ((x493 as u32) + (x442 as u32)); let mut x495: u32 = 0; let mut x496: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x495, &mut x496, x5, (arg1[7])); let mut x497: u32 = 0; let mut x498: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x497, &mut x498, x5, (arg1[6])); let mut x499: u32 = 0; let mut x500: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x499, &mut x500, x5, (arg1[5])); let mut x501: u32 = 0; let mut x502: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x501, &mut x502, x5, (arg1[4])); let mut x503: u32 = 0; let mut x504: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x503, &mut x504, x5, (arg1[3])); let mut x505: u32 = 0; let mut x506: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x505, &mut x506, x5, (arg1[2])); let mut x507: u32 = 0; let mut x508: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x507, &mut x508, x5, (arg1[1])); let mut x509: u32 = 0; let mut x510: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x509, &mut x510, x5, (arg1[0])); let mut x511: u32 = 0; let mut x512: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x511, &mut x512, 0x0, x510, x507); let mut x513: u32 = 0; let mut x514: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x513, &mut x514, x512, x508, x505); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x515, &mut x516, x514, x506, x503); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x517, &mut x518, x516, x504, x501); let mut x519: u32 = 0; let mut x520: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x519, &mut x520, x518, x502, x499); let mut x521: u32 = 0; let mut x522: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x521, &mut x522, x520, x500, x497); let mut x523: u32 = 0; let mut x524: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x523, &mut x524, x522, x498, x495); let x525: u32 = ((x524 as u32) + x496); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x526, &mut x527, 0x0, x478, x509); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x528, &mut x529, x527, x480, x511); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x530, &mut x531, x529, x482, x513); let mut x532: u32 = 0; let mut x533: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x532, &mut x533, x531, x484, x515); let mut x534: u32 = 0; let mut x535: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x534, &mut x535, x533, x486, x517); let mut x536: u32 = 0; let mut x537: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x536, &mut x537, x535, x488, x519); let mut x538: u32 = 0; let mut x539: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x538, &mut x539, x537, x490, x521); let mut x540: u32 = 0; let mut x541: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x540, &mut x541, x539, x492, x523); let mut x542: u32 = 0; let mut x543: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x542, &mut x543, x541, x494, x525); let mut x544: u32 = 0; let mut x545: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x544, &mut x545, x526, 0x5588b13f); let mut x546: u32 = 0; let mut x547: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x546, &mut x547, x544, 0xffffffff); let mut x548: u32 = 0; let mut x549: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x548, &mut x549, x544, 0xffffffff); let mut x550: u32 = 0; let mut x551: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x550, &mut x551, x544, 0xffffffff); let mut x552: u32 = 0; let mut x553: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x552, &mut x553, x544, 0xfffffffe); let mut x554: u32 = 0; let mut x555: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x554, &mut x555, x544, 0xbaaedce6); let mut x556: u32 = 0; let mut x557: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x556, &mut x557, x544, 0xaf48a03b); let mut x558: u32 = 0; let mut x559: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x558, &mut x559, x544, 0xbfd25e8c); let mut x560: u32 = 0; let mut x561: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x560, &mut x561, x544, 0xd0364141); let mut x562: u32 = 0; let mut x563: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x562, &mut x563, 0x0, x561, x558); let mut x564: u32 = 0; let mut x565: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x564, &mut x565, x563, x559, x556); let mut x566: u32 = 0; let mut x567: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x566, &mut x567, x565, x557, x554); let mut x568: u32 = 0; let mut x569: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x568, &mut x569, x567, x555, x552); let mut x570: u32 = 0; let mut x571: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x570, &mut x571, x569, x553, x550); let mut x572: u32 = 0; let mut x573: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x572, &mut x573, x571, x551, x548); let mut x574: u32 = 0; let mut x575: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x574, &mut x575, x573, x549, x546); let x576: u32 = ((x575 as u32) + x547); let mut x577: u32 = 0; let mut x578: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x577, &mut x578, 0x0, x526, x560); let mut x579: u32 = 0; let mut x580: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x579, &mut x580, x578, x528, x562); let mut x581: u32 = 0; let mut x582: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x581, &mut x582, x580, x530, x564); let mut x583: u32 = 0; let mut x584: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x583, &mut x584, x582, x532, x566); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x585, &mut x586, x584, x534, x568); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x587, &mut x588, x586, x536, x570); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x589, &mut x590, x588, x538, x572); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x591, &mut x592, x590, x540, x574); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x542, x576); let x595: u32 = ((x594 as u32) + (x543 as u32)); let mut x596: u32 = 0; let mut x597: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x596, &mut x597, x6, (arg1[7])); let mut x598: u32 = 0; let mut x599: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x598, &mut x599, x6, (arg1[6])); let mut x600: u32 = 0; let mut x601: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x600, &mut x601, x6, (arg1[5])); let mut x602: u32 = 0; let mut x603: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x602, &mut x603, x6, (arg1[4])); let mut x604: u32 = 0; let mut x605: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x604, &mut x605, x6, (arg1[3])); let mut x606: u32 = 0; let mut x607: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x606, &mut x607, x6, (arg1[2])); let mut x608: u32 = 0; let mut x609: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x608, &mut x609, x6, (arg1[1])); let mut x610: u32 = 0; let mut x611: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x610, &mut x611, x6, (arg1[0])); let mut x612: u32 = 0; let mut x613: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x612, &mut x613, 0x0, x611, x608); let mut x614: u32 = 0; let mut x615: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x614, &mut x615, x613, x609, x606); let mut x616: u32 = 0; let mut x617: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x616, &mut x617, x615, x607, x604); let mut x618: u32 = 0; let mut x619: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x618, &mut x619, x617, x605, x602); let mut x620: u32 = 0; let mut x621: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x620, &mut x621, x619, x603, x600); let mut x622: u32 = 0; let mut x623: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x622, &mut x623, x621, x601, x598); let mut x624: u32 = 0; let mut x625: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x624, &mut x625, x623, x599, x596); let x626: u32 = ((x625 as u32) + x597); let mut x627: u32 = 0; let mut x628: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x627, &mut x628, 0x0, x579, x610); let mut x629: u32 = 0; let mut x630: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x629, &mut x630, x628, x581, x612); let mut x631: u32 = 0; let mut x632: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x631, &mut x632, x630, x583, x614); let mut x633: u32 = 0; let mut x634: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x633, &mut x634, x632, x585, x616); let mut x635: u32 = 0; let mut x636: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x635, &mut x636, x634, x587, x618); let mut x637: u32 = 0; let mut x638: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x637, &mut x638, x636, x589, x620); let mut x639: u32 = 0; let mut x640: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x639, &mut x640, x638, x591, x622); let mut x641: u32 = 0; let mut x642: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x593, x624); let mut x643: u32 = 0; let mut x644: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x595, x626); let mut x645: u32 = 0; let mut x646: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x645, &mut x646, x627, 0x5588b13f); let mut x647: u32 = 0; let mut x648: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x647, &mut x648, x645, 0xffffffff); let mut x649: u32 = 0; let mut x650: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x649, &mut x650, x645, 0xffffffff); let mut x651: u32 = 0; let mut x652: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x651, &mut x652, x645, 0xffffffff); let mut x653: u32 = 0; let mut x654: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x653, &mut x654, x645, 0xfffffffe); let mut x655: u32 = 0; let mut x656: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x655, &mut x656, x645, 0xbaaedce6); let mut x657: u32 = 0; let mut x658: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x657, &mut x658, x645, 0xaf48a03b); let mut x659: u32 = 0; let mut x660: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x659, &mut x660, x645, 0xbfd25e8c); let mut x661: u32 = 0; let mut x662: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x661, &mut x662, x645, 0xd0364141); let mut x663: u32 = 0; let mut x664: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x663, &mut x664, 0x0, x662, x659); let mut x665: u32 = 0; let mut x666: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x665, &mut x666, x664, x660, x657); let mut x667: u32 = 0; let mut x668: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x667, &mut x668, x666, x658, x655); let mut x669: u32 = 0; let mut x670: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x669, &mut x670, x668, x656, x653); let mut x671: u32 = 0; let mut x672: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x671, &mut x672, x670, x654, x651); let mut x673: u32 = 0; let mut x674: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x673, &mut x674, x672, x652, x649); let mut x675: u32 = 0; let mut x676: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x675, &mut x676, x674, x650, x647); let x677: u32 = ((x676 as u32) + x648); let mut x678: u32 = 0; let mut x679: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x678, &mut x679, 0x0, x627, x661); let mut x680: u32 = 0; let mut x681: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x680, &mut x681, x679, x629, x663); let mut x682: u32 = 0; let mut x683: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x682, &mut x683, x681, x631, x665); let mut x684: u32 = 0; let mut x685: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x684, &mut x685, x683, x633, x667); let mut x686: u32 = 0; let mut x687: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x686, &mut x687, x685, x635, x669); let mut x688: u32 = 0; let mut x689: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x688, &mut x689, x687, x637, x671); let mut x690: u32 = 0; let mut x691: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x690, &mut x691, x689, x639, x673); let mut x692: u32 = 0; let mut x693: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x692, &mut x693, x691, x641, x675); let mut x694: u32 = 0; let mut x695: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x694, &mut x695, x693, x643, x677); let x696: u32 = ((x695 as u32) + (x644 as u32)); let mut x697: u32 = 0; let mut x698: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x697, &mut x698, x7, (arg1[7])); let mut x699: u32 = 0; let mut x700: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x699, &mut x700, x7, (arg1[6])); let mut x701: u32 = 0; let mut x702: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x701, &mut x702, x7, (arg1[5])); let mut x703: u32 = 0; let mut x704: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x703, &mut x704, x7, (arg1[4])); let mut x705: u32 = 0; let mut x706: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x705, &mut x706, x7, (arg1[3])); let mut x707: u32 = 0; let mut x708: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x707, &mut x708, x7, (arg1[2])); let mut x709: u32 = 0; let mut x710: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x709, &mut x710, x7, (arg1[1])); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x711, &mut x712, x7, (arg1[0])); let mut x713: u32 = 0; let mut x714: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x713, &mut x714, 0x0, x712, x709); let mut x715: u32 = 0; let mut x716: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x715, &mut x716, x714, x710, x707); let mut x717: u32 = 0; let mut x718: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x717, &mut x718, x716, x708, x705); let mut x719: u32 = 0; let mut x720: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x719, &mut x720, x718, x706, x703); let mut x721: u32 = 0; let mut x722: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x721, &mut x722, x720, x704, x701); let mut x723: u32 = 0; let mut x724: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x723, &mut x724, x722, x702, x699); let mut x725: u32 = 0; let mut x726: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x725, &mut x726, x724, x700, x697); let x727: u32 = ((x726 as u32) + x698); let mut x728: u32 = 0; let mut x729: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x728, &mut x729, 0x0, x680, x711); let mut x730: u32 = 0; let mut x731: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x730, &mut x731, x729, x682, x713); let mut x732: u32 = 0; let mut x733: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x732, &mut x733, x731, x684, x715); let mut x734: u32 = 0; let mut x735: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x734, &mut x735, x733, x686, x717); let mut x736: u32 = 0; let mut x737: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x736, &mut x737, x735, x688, x719); let mut x738: u32 = 0; let mut x739: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x738, &mut x739, x737, x690, x721); let mut x740: u32 = 0; let mut x741: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x740, &mut x741, x739, x692, x723); let mut x742: u32 = 0; let mut x743: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x742, &mut x743, x741, x694, x725); let mut x744: u32 = 0; let mut x745: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x744, &mut x745, x743, x696, x727); let mut x746: u32 = 0; let mut x747: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x746, &mut x747, x728, 0x5588b13f); let mut x748: u32 = 0; let mut x749: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x748, &mut x749, x746, 0xffffffff); let mut x750: u32 = 0; let mut x751: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x750, &mut x751, x746, 0xffffffff); let mut x752: u32 = 0; let mut x753: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x752, &mut x753, x746, 0xffffffff); let mut x754: u32 = 0; let mut x755: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x754, &mut x755, x746, 0xfffffffe); let mut x756: u32 = 0; let mut x757: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x756, &mut x757, x746, 0xbaaedce6); let mut x758: u32 = 0; let mut x759: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x758, &mut x759, x746, 0xaf48a03b); let mut x760: u32 = 0; let mut x761: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x760, &mut x761, x746, 0xbfd25e8c); let mut x762: u32 = 0; let mut x763: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x762, &mut x763, x746, 0xd0364141); let mut x764: u32 = 0; let mut x765: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x764, &mut x765, 0x0, x763, x760); let mut x766: u32 = 0; let mut x767: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x766, &mut x767, x765, x761, x758); let mut x768: u32 = 0; let mut x769: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x768, &mut x769, x767, x759, x756); let mut x770: u32 = 0; let mut x771: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x770, &mut x771, x769, x757, x754); let mut x772: u32 = 0; let mut x773: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x772, &mut x773, x771, x755, x752); let mut x774: u32 = 0; let mut x775: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x774, &mut x775, x773, x753, x750); let mut x776: u32 = 0; let mut x777: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x776, &mut x777, x775, x751, x748); let x778: u32 = ((x777 as u32) + x749); let mut x779: u32 = 0; let mut x780: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x779, &mut x780, 0x0, x728, x762); let mut x781: u32 = 0; let mut x782: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x781, &mut x782, x780, x730, x764); let mut x783: u32 = 0; let mut x784: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x783, &mut x784, x782, x732, x766); let mut x785: u32 = 0; let mut x786: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x785, &mut x786, x784, x734, x768); let mut x787: u32 = 0; let mut x788: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x787, &mut x788, x786, x736, x770); let mut x789: u32 = 0; let mut x790: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x789, &mut x790, x788, x738, x772); let mut x791: u32 = 0; let mut x792: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x791, &mut x792, x790, x740, x774); let mut x793: u32 = 0; let mut x794: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x793, &mut x794, x792, x742, x776); let mut x795: u32 = 0; let mut x796: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x795, &mut x796, x794, x744, x778); let x797: u32 = ((x796 as u32) + (x745 as u32)); let mut x798: u32 = 0; let mut x799: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x798, &mut x799, 0x0, x781, 0xd0364141); let mut x800: u32 = 0; let mut x801: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x800, &mut x801, x799, x783, 0xbfd25e8c); let mut x802: u32 = 0; let mut x803: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x802, &mut x803, x801, x785, 0xaf48a03b); let mut x804: u32 = 0; let mut x805: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x804, &mut x805, x803, x787, 0xbaaedce6); let mut x806: u32 = 0; let mut x807: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x806, &mut x807, x805, x789, 0xfffffffe); let mut x808: u32 = 0; let mut x809: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x808, &mut x809, x807, x791, 0xffffffff); let mut x810: u32 = 0; let mut x811: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x810, &mut x811, x809, x793, 0xffffffff); let mut x812: u32 = 0; let mut x813: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x812, &mut x813, x811, x795, 0xffffffff); let mut x814: u32 = 0; let mut x815: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x814, &mut x815, x813, x797, (0x0 as u32)); let mut x816: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x816, x815, x798, x781); let mut x817: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x817, x815, x800, x783); let mut x818: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x818, x815, x802, x785); let mut x819: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x819, x815, x804, x787); let mut x820: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x820, x815, x806, x789); let mut x821: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x821, x815, x808, x791); let mut x822: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x822, x815, x810, x793); let mut x823: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x823, x815, x812, x795); out1[0] = x816; out1[1] = x817; out1[2] = x818; out1[3] = x819; out1[4] = x820; out1[5] = x821; out1[6] = x822; out1[7] = x823; } /// The function fiat_secp256k1_montgomery_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_add(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; let mut x18: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x17, &mut x18, 0x0, x1, 0xd0364141); let mut x19: u32 = 0; let mut x20: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x19, &mut x20, x18, x3, 0xbfd25e8c); let mut x21: u32 = 0; let mut x22: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x21, &mut x22, x20, x5, 0xaf48a03b); let mut x23: u32 = 0; let mut x24: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x23, &mut x24, x22, x7, 0xbaaedce6); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x25, &mut x26, x24, x9, 0xfffffffe); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x27, &mut x28, x26, x11, 0xffffffff); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x29, &mut x30, x28, x13, 0xffffffff); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x31, &mut x32, x30, x15, 0xffffffff); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x33, &mut x34, x32, (x16 as u32), (0x0 as u32)); let mut x35: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x35, x34, x17, x1); let mut x36: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x36, x34, x19, x3); let mut x37: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x37, x34, x21, x5); let mut x38: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x38, x34, x23, x7); let mut x39: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x39, x34, x25, x9); let mut x40: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x40, x34, x27, x11); let mut x41: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x41, x34, x29, x13); let mut x42: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x42, x34, x31, x15); out1[0] = x35; out1[1] = x36; out1[2] = x37; out1[3] = x38; out1[4] = x39; out1[5] = x40; out1[6] = x41; out1[7] = x42; } /// The function fiat_secp256k1_montgomery_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_sub(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (arg1[4]), (arg2[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (arg1[5]), (arg2[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (arg1[6]), (arg2[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (arg1[7]), (arg2[7])); let mut x17: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xd0364141)); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xbfd25e8c)); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xaf48a03b)); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0xbaaedce6)); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, (x17 & 0xfffffffe)); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, x17); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_secp256k1_montgomery_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_opp(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x1, &mut x2, 0x0, (0x0 as u32), (arg1[0])); let mut x3: u32 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x3, &mut x4, x2, (0x0 as u32), (arg1[1])); let mut x5: u32 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x5, &mut x6, x4, (0x0 as u32), (arg1[2])); let mut x7: u32 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x7, &mut x8, x6, (0x0 as u32), (arg1[3])); let mut x9: u32 = 0; let mut x10: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x9, &mut x10, x8, (0x0 as u32), (arg1[4])); let mut x11: u32 = 0; let mut x12: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x11, &mut x12, x10, (0x0 as u32), (arg1[5])); let mut x13: u32 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x13, &mut x14, x12, (0x0 as u32), (arg1[6])); let mut x15: u32 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x15, &mut x16, x14, (0x0 as u32), (arg1[7])); let mut x17: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x17, x16, (0x0 as u32), 0xffffffff); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x18, &mut x19, 0x0, x1, (x17 & 0xd0364141)); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x20, &mut x21, x19, x3, (x17 & 0xbfd25e8c)); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x5, (x17 & 0xaf48a03b)); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x7, (x17 & 0xbaaedce6)); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x9, (x17 & 0xfffffffe)); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, x17); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x13, x17); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x15, x17); out1[0] = x18; out1[1] = x20; out1[2] = x22; out1[3] = x24; out1[4] = x26; out1[5] = x28; out1[6] = x30; out1[7] = x32; } /// The function fiat_secp256k1_montgomery_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_from_montgomery(out1: &mut fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u32 = (arg1[0]); let mut x2: u32 = 0; let mut x3: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x2, &mut x3, x1, 0x5588b13f); let mut x4: u32 = 0; let mut x5: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x4, &mut x5, x2, 0xffffffff); let mut x6: u32 = 0; let mut x7: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x6, &mut x7, x2, 0xffffffff); let mut x8: u32 = 0; let mut x9: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x8, &mut x9, x2, 0xffffffff); let mut x10: u32 = 0; let mut x11: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x10, &mut x11, x2, 0xfffffffe); let mut x12: u32 = 0; let mut x13: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x12, &mut x13, x2, 0xbaaedce6); let mut x14: u32 = 0; let mut x15: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x14, &mut x15, x2, 0xaf48a03b); let mut x16: u32 = 0; let mut x17: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x16, &mut x17, x2, 0xbfd25e8c); let mut x18: u32 = 0; let mut x19: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x18, &mut x19, x2, 0xd0364141); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x20, &mut x21, 0x0, x19, x16); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x22, &mut x23, x21, x17, x14); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x24, &mut x25, x23, x15, x12); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x26, &mut x27, x25, x13, x10); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x28, &mut x29, x27, x11, x8); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x30, &mut x31, x29, x9, x6); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x32, &mut x33, x31, x7, x4); let mut x34: u32 = 0; let mut x35: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x34, &mut x35, 0x0, x1, x18); let mut x36: u32 = 0; let mut x37: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x36, &mut x37, x35, (0x0 as u32), x20); let mut x38: u32 = 0; let mut x39: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x38, &mut x39, x37, (0x0 as u32), x22); let mut x40: u32 = 0; let mut x41: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x40, &mut x41, x39, (0x0 as u32), x24); let mut x42: u32 = 0; let mut x43: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x42, &mut x43, x41, (0x0 as u32), x26); let mut x44: u32 = 0; let mut x45: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x44, &mut x45, x43, (0x0 as u32), x28); let mut x46: u32 = 0; let mut x47: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x46, &mut x47, x45, (0x0 as u32), x30); let mut x48: u32 = 0; let mut x49: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x48, &mut x49, x47, (0x0 as u32), x32); let mut x50: u32 = 0; let mut x51: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x50, &mut x51, x49, (0x0 as u32), ((x33 as u32) + x5)); let mut x52: u32 = 0; let mut x53: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x52, &mut x53, 0x0, x36, (arg1[1])); let mut x54: u32 = 0; let mut x55: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x54, &mut x55, x53, x38, (0x0 as u32)); let mut x56: u32 = 0; let mut x57: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x56, &mut x57, x55, x40, (0x0 as u32)); let mut x58: u32 = 0; let mut x59: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x58, &mut x59, x57, x42, (0x0 as u32)); let mut x60: u32 = 0; let mut x61: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x60, &mut x61, x59, x44, (0x0 as u32)); let mut x62: u32 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x62, &mut x63, x61, x46, (0x0 as u32)); let mut x64: u32 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x64, &mut x65, x63, x48, (0x0 as u32)); let mut x66: u32 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x66, &mut x67, x65, x50, (0x0 as u32)); let mut x68: u32 = 0; let mut x69: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x68, &mut x69, x52, 0x5588b13f); let mut x70: u32 = 0; let mut x71: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x70, &mut x71, x68, 0xffffffff); let mut x72: u32 = 0; let mut x73: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x72, &mut x73, x68, 0xffffffff); let mut x74: u32 = 0; let mut x75: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x74, &mut x75, x68, 0xffffffff); let mut x76: u32 = 0; let mut x77: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x76, &mut x77, x68, 0xfffffffe); let mut x78: u32 = 0; let mut x79: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x78, &mut x79, x68, 0xbaaedce6); let mut x80: u32 = 0; let mut x81: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x80, &mut x81, x68, 0xaf48a03b); let mut x82: u32 = 0; let mut x83: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x82, &mut x83, x68, 0xbfd25e8c); let mut x84: u32 = 0; let mut x85: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x84, &mut x85, x68, 0xd0364141); let mut x86: u32 = 0; let mut x87: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x86, &mut x87, 0x0, x85, x82); let mut x88: u32 = 0; let mut x89: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x88, &mut x89, x87, x83, x80); let mut x90: u32 = 0; let mut x91: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x90, &mut x91, x89, x81, x78); let mut x92: u32 = 0; let mut x93: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x92, &mut x93, x91, x79, x76); let mut x94: u32 = 0; let mut x95: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x94, &mut x95, x93, x77, x74); let mut x96: u32 = 0; let mut x97: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x96, &mut x97, x95, x75, x72); let mut x98: u32 = 0; let mut x99: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x98, &mut x99, x97, x73, x70); let mut x100: u32 = 0; let mut x101: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x100, &mut x101, 0x0, x52, x84); let mut x102: u32 = 0; let mut x103: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x102, &mut x103, x101, x54, x86); let mut x104: u32 = 0; let mut x105: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x104, &mut x105, x103, x56, x88); let mut x106: u32 = 0; let mut x107: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x106, &mut x107, x105, x58, x90); let mut x108: u32 = 0; let mut x109: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x108, &mut x109, x107, x60, x92); let mut x110: u32 = 0; let mut x111: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x110, &mut x111, x109, x62, x94); let mut x112: u32 = 0; let mut x113: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x64, x96); let mut x114: u32 = 0; let mut x115: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x66, x98); let mut x116: u32 = 0; let mut x117: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x116, &mut x117, x115, ((x67 as u32) + (x51 as u32)), ((x99 as u32) + x71)); let mut x118: u32 = 0; let mut x119: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x118, &mut x119, 0x0, x102, (arg1[2])); let mut x120: u32 = 0; let mut x121: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x104, (0x0 as u32)); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x106, (0x0 as u32)); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x108, (0x0 as u32)); let mut x126: u32 = 0; let mut x127: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x126, &mut x127, x125, x110, (0x0 as u32)); let mut x128: u32 = 0; let mut x129: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x128, &mut x129, x127, x112, (0x0 as u32)); let mut x130: u32 = 0; let mut x131: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x130, &mut x131, x129, x114, (0x0 as u32)); let mut x132: u32 = 0; let mut x133: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x132, &mut x133, x131, x116, (0x0 as u32)); let mut x134: u32 = 0; let mut x135: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x134, &mut x135, x118, 0x5588b13f); let mut x136: u32 = 0; let mut x137: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x136, &mut x137, x134, 0xffffffff); let mut x138: u32 = 0; let mut x139: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x138, &mut x139, x134, 0xffffffff); let mut x140: u32 = 0; let mut x141: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x140, &mut x141, x134, 0xffffffff); let mut x142: u32 = 0; let mut x143: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x142, &mut x143, x134, 0xfffffffe); let mut x144: u32 = 0; let mut x145: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x144, &mut x145, x134, 0xbaaedce6); let mut x146: u32 = 0; let mut x147: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x146, &mut x147, x134, 0xaf48a03b); let mut x148: u32 = 0; let mut x149: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x148, &mut x149, x134, 0xbfd25e8c); let mut x150: u32 = 0; let mut x151: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x150, &mut x151, x134, 0xd0364141); let mut x152: u32 = 0; let mut x153: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x152, &mut x153, 0x0, x151, x148); let mut x154: u32 = 0; let mut x155: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x149, x146); let mut x156: u32 = 0; let mut x157: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x147, x144); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x145, x142); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x143, x140); let mut x162: u32 = 0; let mut x163: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x162, &mut x163, x161, x141, x138); let mut x164: u32 = 0; let mut x165: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x164, &mut x165, x163, x139, x136); let mut x166: u32 = 0; let mut x167: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x166, &mut x167, 0x0, x118, x150); let mut x168: u32 = 0; let mut x169: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x168, &mut x169, x167, x120, x152); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x170, &mut x171, x169, x122, x154); let mut x172: u32 = 0; let mut x173: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x124, x156); let mut x174: u32 = 0; let mut x175: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x126, x158); let mut x176: u32 = 0; let mut x177: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x128, x160); let mut x178: u32 = 0; let mut x179: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x130, x162); let mut x180: u32 = 0; let mut x181: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x132, x164); let mut x182: u32 = 0; let mut x183: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x182, &mut x183, x181, ((x133 as u32) + (x117 as u32)), ((x165 as u32) + x137)); let mut x184: u32 = 0; let mut x185: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x184, &mut x185, 0x0, x168, (arg1[3])); let mut x186: u32 = 0; let mut x187: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x186, &mut x187, x185, x170, (0x0 as u32)); let mut x188: u32 = 0; let mut x189: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x188, &mut x189, x187, x172, (0x0 as u32)); let mut x190: u32 = 0; let mut x191: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x190, &mut x191, x189, x174, (0x0 as u32)); let mut x192: u32 = 0; let mut x193: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x192, &mut x193, x191, x176, (0x0 as u32)); let mut x194: u32 = 0; let mut x195: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x194, &mut x195, x193, x178, (0x0 as u32)); let mut x196: u32 = 0; let mut x197: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x196, &mut x197, x195, x180, (0x0 as u32)); let mut x198: u32 = 0; let mut x199: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x198, &mut x199, x197, x182, (0x0 as u32)); let mut x200: u32 = 0; let mut x201: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x200, &mut x201, x184, 0x5588b13f); let mut x202: u32 = 0; let mut x203: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x202, &mut x203, x200, 0xffffffff); let mut x204: u32 = 0; let mut x205: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x204, &mut x205, x200, 0xffffffff); let mut x206: u32 = 0; let mut x207: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x206, &mut x207, x200, 0xffffffff); let mut x208: u32 = 0; let mut x209: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x208, &mut x209, x200, 0xfffffffe); let mut x210: u32 = 0; let mut x211: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x210, &mut x211, x200, 0xbaaedce6); let mut x212: u32 = 0; let mut x213: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x212, &mut x213, x200, 0xaf48a03b); let mut x214: u32 = 0; let mut x215: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x214, &mut x215, x200, 0xbfd25e8c); let mut x216: u32 = 0; let mut x217: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x216, &mut x217, x200, 0xd0364141); let mut x218: u32 = 0; let mut x219: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x218, &mut x219, 0x0, x217, x214); let mut x220: u32 = 0; let mut x221: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x220, &mut x221, x219, x215, x212); let mut x222: u32 = 0; let mut x223: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x222, &mut x223, x221, x213, x210); let mut x224: u32 = 0; let mut x225: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x224, &mut x225, x223, x211, x208); let mut x226: u32 = 0; let mut x227: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x226, &mut x227, x225, x209, x206); let mut x228: u32 = 0; let mut x229: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x228, &mut x229, x227, x207, x204); let mut x230: u32 = 0; let mut x231: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x230, &mut x231, x229, x205, x202); let mut x232: u32 = 0; let mut x233: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x232, &mut x233, 0x0, x184, x216); let mut x234: u32 = 0; let mut x235: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x234, &mut x235, x233, x186, x218); let mut x236: u32 = 0; let mut x237: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x236, &mut x237, x235, x188, x220); let mut x238: u32 = 0; let mut x239: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x238, &mut x239, x237, x190, x222); let mut x240: u32 = 0; let mut x241: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x240, &mut x241, x239, x192, x224); let mut x242: u32 = 0; let mut x243: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x242, &mut x243, x241, x194, x226); let mut x244: u32 = 0; let mut x245: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x244, &mut x245, x243, x196, x228); let mut x246: u32 = 0; let mut x247: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x246, &mut x247, x245, x198, x230); let mut x248: u32 = 0; let mut x249: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x248, &mut x249, x247, ((x199 as u32) + (x183 as u32)), ((x231 as u32) + x203)); let mut x250: u32 = 0; let mut x251: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x250, &mut x251, 0x0, x234, (arg1[4])); let mut x252: u32 = 0; let mut x253: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x252, &mut x253, x251, x236, (0x0 as u32)); let mut x254: u32 = 0; let mut x255: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x254, &mut x255, x253, x238, (0x0 as u32)); let mut x256: u32 = 0; let mut x257: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x256, &mut x257, x255, x240, (0x0 as u32)); let mut x258: u32 = 0; let mut x259: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x258, &mut x259, x257, x242, (0x0 as u32)); let mut x260: u32 = 0; let mut x261: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x260, &mut x261, x259, x244, (0x0 as u32)); let mut x262: u32 = 0; let mut x263: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x262, &mut x263, x261, x246, (0x0 as u32)); let mut x264: u32 = 0; let mut x265: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x264, &mut x265, x263, x248, (0x0 as u32)); let mut x266: u32 = 0; let mut x267: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x266, &mut x267, x250, 0x5588b13f); let mut x268: u32 = 0; let mut x269: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x268, &mut x269, x266, 0xffffffff); let mut x270: u32 = 0; let mut x271: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x270, &mut x271, x266, 0xffffffff); let mut x272: u32 = 0; let mut x273: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x272, &mut x273, x266, 0xffffffff); let mut x274: u32 = 0; let mut x275: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x274, &mut x275, x266, 0xfffffffe); let mut x276: u32 = 0; let mut x277: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x276, &mut x277, x266, 0xbaaedce6); let mut x278: u32 = 0; let mut x279: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x278, &mut x279, x266, 0xaf48a03b); let mut x280: u32 = 0; let mut x281: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x280, &mut x281, x266, 0xbfd25e8c); let mut x282: u32 = 0; let mut x283: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x282, &mut x283, x266, 0xd0364141); let mut x284: u32 = 0; let mut x285: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x284, &mut x285, 0x0, x283, x280); let mut x286: u32 = 0; let mut x287: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x286, &mut x287, x285, x281, x278); let mut x288: u32 = 0; let mut x289: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x288, &mut x289, x287, x279, x276); let mut x290: u32 = 0; let mut x291: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x290, &mut x291, x289, x277, x274); let mut x292: u32 = 0; let mut x293: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x292, &mut x293, x291, x275, x272); let mut x294: u32 = 0; let mut x295: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x294, &mut x295, x293, x273, x270); let mut x296: u32 = 0; let mut x297: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x296, &mut x297, x295, x271, x268); let mut x298: u32 = 0; let mut x299: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x298, &mut x299, 0x0, x250, x282); let mut x300: u32 = 0; let mut x301: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x300, &mut x301, x299, x252, x284); let mut x302: u32 = 0; let mut x303: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x302, &mut x303, x301, x254, x286); let mut x304: u32 = 0; let mut x305: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x304, &mut x305, x303, x256, x288); let mut x306: u32 = 0; let mut x307: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x306, &mut x307, x305, x258, x290); let mut x308: u32 = 0; let mut x309: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x308, &mut x309, x307, x260, x292); let mut x310: u32 = 0; let mut x311: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x310, &mut x311, x309, x262, x294); let mut x312: u32 = 0; let mut x313: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x312, &mut x313, x311, x264, x296); let mut x314: u32 = 0; let mut x315: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x314, &mut x315, x313, ((x265 as u32) + (x249 as u32)), ((x297 as u32) + x269)); let mut x316: u32 = 0; let mut x317: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x316, &mut x317, 0x0, x300, (arg1[5])); let mut x318: u32 = 0; let mut x319: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x318, &mut x319, x317, x302, (0x0 as u32)); let mut x320: u32 = 0; let mut x321: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x320, &mut x321, x319, x304, (0x0 as u32)); let mut x322: u32 = 0; let mut x323: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x322, &mut x323, x321, x306, (0x0 as u32)); let mut x324: u32 = 0; let mut x325: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x324, &mut x325, x323, x308, (0x0 as u32)); let mut x326: u32 = 0; let mut x327: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x326, &mut x327, x325, x310, (0x0 as u32)); let mut x328: u32 = 0; let mut x329: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x328, &mut x329, x327, x312, (0x0 as u32)); let mut x330: u32 = 0; let mut x331: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x330, &mut x331, x329, x314, (0x0 as u32)); let mut x332: u32 = 0; let mut x333: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x332, &mut x333, x316, 0x5588b13f); let mut x334: u32 = 0; let mut x335: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x334, &mut x335, x332, 0xffffffff); let mut x336: u32 = 0; let mut x337: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x336, &mut x337, x332, 0xffffffff); let mut x338: u32 = 0; let mut x339: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x338, &mut x339, x332, 0xffffffff); let mut x340: u32 = 0; let mut x341: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x340, &mut x341, x332, 0xfffffffe); let mut x342: u32 = 0; let mut x343: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x342, &mut x343, x332, 0xbaaedce6); let mut x344: u32 = 0; let mut x345: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x344, &mut x345, x332, 0xaf48a03b); let mut x346: u32 = 0; let mut x347: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x346, &mut x347, x332, 0xbfd25e8c); let mut x348: u32 = 0; let mut x349: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x348, &mut x349, x332, 0xd0364141); let mut x350: u32 = 0; let mut x351: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x350, &mut x351, 0x0, x349, x346); let mut x352: u32 = 0; let mut x353: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x352, &mut x353, x351, x347, x344); let mut x354: u32 = 0; let mut x355: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x354, &mut x355, x353, x345, x342); let mut x356: u32 = 0; let mut x357: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x356, &mut x357, x355, x343, x340); let mut x358: u32 = 0; let mut x359: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x358, &mut x359, x357, x341, x338); let mut x360: u32 = 0; let mut x361: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x360, &mut x361, x359, x339, x336); let mut x362: u32 = 0; let mut x363: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x362, &mut x363, x361, x337, x334); let mut x364: u32 = 0; let mut x365: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x364, &mut x365, 0x0, x316, x348); let mut x366: u32 = 0; let mut x367: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x366, &mut x367, x365, x318, x350); let mut x368: u32 = 0; let mut x369: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x368, &mut x369, x367, x320, x352); let mut x370: u32 = 0; let mut x371: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x370, &mut x371, x369, x322, x354); let mut x372: u32 = 0; let mut x373: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x372, &mut x373, x371, x324, x356); let mut x374: u32 = 0; let mut x375: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x374, &mut x375, x373, x326, x358); let mut x376: u32 = 0; let mut x377: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x376, &mut x377, x375, x328, x360); let mut x378: u32 = 0; let mut x379: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x378, &mut x379, x377, x330, x362); let mut x380: u32 = 0; let mut x381: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x380, &mut x381, x379, ((x331 as u32) + (x315 as u32)), ((x363 as u32) + x335)); let mut x382: u32 = 0; let mut x383: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x382, &mut x383, 0x0, x366, (arg1[6])); let mut x384: u32 = 0; let mut x385: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x384, &mut x385, x383, x368, (0x0 as u32)); let mut x386: u32 = 0; let mut x387: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x386, &mut x387, x385, x370, (0x0 as u32)); let mut x388: u32 = 0; let mut x389: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x388, &mut x389, x387, x372, (0x0 as u32)); let mut x390: u32 = 0; let mut x391: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x390, &mut x391, x389, x374, (0x0 as u32)); let mut x392: u32 = 0; let mut x393: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x392, &mut x393, x391, x376, (0x0 as u32)); let mut x394: u32 = 0; let mut x395: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x394, &mut x395, x393, x378, (0x0 as u32)); let mut x396: u32 = 0; let mut x397: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x396, &mut x397, x395, x380, (0x0 as u32)); let mut x398: u32 = 0; let mut x399: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x398, &mut x399, x382, 0x5588b13f); let mut x400: u32 = 0; let mut x401: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x400, &mut x401, x398, 0xffffffff); let mut x402: u32 = 0; let mut x403: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x402, &mut x403, x398, 0xffffffff); let mut x404: u32 = 0; let mut x405: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x404, &mut x405, x398, 0xffffffff); let mut x406: u32 = 0; let mut x407: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x406, &mut x407, x398, 0xfffffffe); let mut x408: u32 = 0; let mut x409: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x408, &mut x409, x398, 0xbaaedce6); let mut x410: u32 = 0; let mut x411: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x410, &mut x411, x398, 0xaf48a03b); let mut x412: u32 = 0; let mut x413: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x412, &mut x413, x398, 0xbfd25e8c); let mut x414: u32 = 0; let mut x415: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x414, &mut x415, x398, 0xd0364141); let mut x416: u32 = 0; let mut x417: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x416, &mut x417, 0x0, x415, x412); let mut x418: u32 = 0; let mut x419: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x418, &mut x419, x417, x413, x410); let mut x420: u32 = 0; let mut x421: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x420, &mut x421, x419, x411, x408); let mut x422: u32 = 0; let mut x423: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x422, &mut x423, x421, x409, x406); let mut x424: u32 = 0; let mut x425: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x424, &mut x425, x423, x407, x404); let mut x426: u32 = 0; let mut x427: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x426, &mut x427, x425, x405, x402); let mut x428: u32 = 0; let mut x429: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x428, &mut x429, x427, x403, x400); let mut x430: u32 = 0; let mut x431: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x430, &mut x431, 0x0, x382, x414); let mut x432: u32 = 0; let mut x433: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x432, &mut x433, x431, x384, x416); let mut x434: u32 = 0; let mut x435: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x434, &mut x435, x433, x386, x418); let mut x436: u32 = 0; let mut x437: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x436, &mut x437, x435, x388, x420); let mut x438: u32 = 0; let mut x439: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x438, &mut x439, x437, x390, x422); let mut x440: u32 = 0; let mut x441: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x440, &mut x441, x439, x392, x424); let mut x442: u32 = 0; let mut x443: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x442, &mut x443, x441, x394, x426); let mut x444: u32 = 0; let mut x445: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x444, &mut x445, x443, x396, x428); let mut x446: u32 = 0; let mut x447: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x446, &mut x447, x445, ((x397 as u32) + (x381 as u32)), ((x429 as u32) + x401)); let mut x448: u32 = 0; let mut x449: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x448, &mut x449, 0x0, x432, (arg1[7])); let mut x450: u32 = 0; let mut x451: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x450, &mut x451, x449, x434, (0x0 as u32)); let mut x452: u32 = 0; let mut x453: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x452, &mut x453, x451, x436, (0x0 as u32)); let mut x454: u32 = 0; let mut x455: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x454, &mut x455, x453, x438, (0x0 as u32)); let mut x456: u32 = 0; let mut x457: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x456, &mut x457, x455, x440, (0x0 as u32)); let mut x458: u32 = 0; let mut x459: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x458, &mut x459, x457, x442, (0x0 as u32)); let mut x460: u32 = 0; let mut x461: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x460, &mut x461, x459, x444, (0x0 as u32)); let mut x462: u32 = 0; let mut x463: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x462, &mut x463, x461, x446, (0x0 as u32)); let mut x464: u32 = 0; let mut x465: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x464, &mut x465, x448, 0x5588b13f); let mut x466: u32 = 0; let mut x467: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x466, &mut x467, x464, 0xffffffff); let mut x468: u32 = 0; let mut x469: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x468, &mut x469, x464, 0xffffffff); let mut x470: u32 = 0; let mut x471: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x470, &mut x471, x464, 0xffffffff); let mut x472: u32 = 0; let mut x473: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x472, &mut x473, x464, 0xfffffffe); let mut x474: u32 = 0; let mut x475: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x474, &mut x475, x464, 0xbaaedce6); let mut x476: u32 = 0; let mut x477: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x476, &mut x477, x464, 0xaf48a03b); let mut x478: u32 = 0; let mut x479: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x478, &mut x479, x464, 0xbfd25e8c); let mut x480: u32 = 0; let mut x481: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x480, &mut x481, x464, 0xd0364141); let mut x482: u32 = 0; let mut x483: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x482, &mut x483, 0x0, x481, x478); let mut x484: u32 = 0; let mut x485: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x484, &mut x485, x483, x479, x476); let mut x486: u32 = 0; let mut x487: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x486, &mut x487, x485, x477, x474); let mut x488: u32 = 0; let mut x489: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x488, &mut x489, x487, x475, x472); let mut x490: u32 = 0; let mut x491: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x490, &mut x491, x489, x473, x470); let mut x492: u32 = 0; let mut x493: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x492, &mut x493, x491, x471, x468); let mut x494: u32 = 0; let mut x495: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x494, &mut x495, x493, x469, x466); let mut x496: u32 = 0; let mut x497: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x496, &mut x497, 0x0, x448, x480); let mut x498: u32 = 0; let mut x499: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x498, &mut x499, x497, x450, x482); let mut x500: u32 = 0; let mut x501: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x500, &mut x501, x499, x452, x484); let mut x502: u32 = 0; let mut x503: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x502, &mut x503, x501, x454, x486); let mut x504: u32 = 0; let mut x505: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x504, &mut x505, x503, x456, x488); let mut x506: u32 = 0; let mut x507: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x506, &mut x507, x505, x458, x490); let mut x508: u32 = 0; let mut x509: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x508, &mut x509, x507, x460, x492); let mut x510: u32 = 0; let mut x511: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x510, &mut x511, x509, x462, x494); let mut x512: u32 = 0; let mut x513: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x512, &mut x513, x511, ((x463 as u32) + (x447 as u32)), ((x495 as u32) + x467)); let mut x514: u32 = 0; let mut x515: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x514, &mut x515, 0x0, x498, 0xd0364141); let mut x516: u32 = 0; let mut x517: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x516, &mut x517, x515, x500, 0xbfd25e8c); let mut x518: u32 = 0; let mut x519: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x518, &mut x519, x517, x502, 0xaf48a03b); let mut x520: u32 = 0; let mut x521: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x520, &mut x521, x519, x504, 0xbaaedce6); let mut x522: u32 = 0; let mut x523: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x522, &mut x523, x521, x506, 0xfffffffe); let mut x524: u32 = 0; let mut x525: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x524, &mut x525, x523, x508, 0xffffffff); let mut x526: u32 = 0; let mut x527: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x526, &mut x527, x525, x510, 0xffffffff); let mut x528: u32 = 0; let mut x529: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x528, &mut x529, x527, x512, 0xffffffff); let mut x530: u32 = 0; let mut x531: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x530, &mut x531, x529, (x513 as u32), (0x0 as u32)); let mut x532: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x532, x531, x514, x498); let mut x533: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x533, x531, x516, x500); let mut x534: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x534, x531, x518, x502); let mut x535: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x535, x531, x520, x504); let mut x536: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x536, x531, x522, x506); let mut x537: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x537, x531, x524, x508); let mut x538: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x538, x531, x526, x510); let mut x539: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x539, x531, x528, x512); out1[0] = x532; out1[1] = x533; out1[2] = x534; out1[3] = x535; out1[4] = x536; out1[5] = x537; out1[6] = x538; out1[7] = x539; } /// The function fiat_secp256k1_montgomery_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_to_montgomery(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element) { let x1: u32 = (arg1[1]); let x2: u32 = (arg1[2]); let x3: u32 = (arg1[3]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[5]); let x6: u32 = (arg1[6]); let x7: u32 = (arg1[7]); let x8: u32 = (arg1[0]); let mut x9: u32 = 0; let mut x10: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x9, &mut x10, x8, 0x9d671cd5); let mut x11: u32 = 0; let mut x12: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x11, &mut x12, x8, 0x81c69bc5); let mut x13: u32 = 0; let mut x14: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x13, &mut x14, x8, 0xe697f5e4); let mut x15: u32 = 0; let mut x16: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x15, &mut x16, x8, 0x5bcd07c6); let mut x17: u32 = 0; let mut x18: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x17, &mut x18, x8, 0x741496c2); let mut x19: u32 = 0; let mut x20: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x19, &mut x20, x8, 0xe7cf878); let mut x21: u32 = 0; let mut x22: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x21, &mut x22, x8, 0x896cf214); let mut x23: u32 = 0; let mut x24: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x23, &mut x24, x8, 0x67d7d140); let mut x25: u32 = 0; let mut x26: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x25, &mut x26, 0x0, x24, x21); let mut x27: u32 = 0; let mut x28: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x27, &mut x28, x26, x22, x19); let mut x29: u32 = 0; let mut x30: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x29, &mut x30, x28, x20, x17); let mut x31: u32 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x31, &mut x32, x30, x18, x15); let mut x33: u32 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x33, &mut x34, x32, x16, x13); let mut x35: u32 = 0; let mut x36: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x35, &mut x36, x34, x14, x11); let mut x37: u32 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x37, &mut x38, x36, x12, x9); let mut x39: u32 = 0; let mut x40: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x39, &mut x40, x23, 0x5588b13f); let mut x41: u32 = 0; let mut x42: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x41, &mut x42, x39, 0xffffffff); let mut x43: u32 = 0; let mut x44: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x43, &mut x44, x39, 0xffffffff); let mut x45: u32 = 0; let mut x46: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x45, &mut x46, x39, 0xffffffff); let mut x47: u32 = 0; let mut x48: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x47, &mut x48, x39, 0xfffffffe); let mut x49: u32 = 0; let mut x50: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x49, &mut x50, x39, 0xbaaedce6); let mut x51: u32 = 0; let mut x52: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x51, &mut x52, x39, 0xaf48a03b); let mut x53: u32 = 0; let mut x54: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x53, &mut x54, x39, 0xbfd25e8c); let mut x55: u32 = 0; let mut x56: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x55, &mut x56, x39, 0xd0364141); let mut x57: u32 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x57, &mut x58, 0x0, x56, x53); let mut x59: u32 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x54, x51); let mut x61: u32 = 0; let mut x62: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x52, x49); let mut x63: u32 = 0; let mut x64: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x50, x47); let mut x65: u32 = 0; let mut x66: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x48, x45); let mut x67: u32 = 0; let mut x68: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x67, &mut x68, x66, x46, x43); let mut x69: u32 = 0; let mut x70: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x69, &mut x70, x68, x44, x41); let mut x71: u32 = 0; let mut x72: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x71, &mut x72, 0x0, x23, x55); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x73, &mut x74, x72, x25, x57); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x75, &mut x76, x74, x27, x59); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x77, &mut x78, x76, x29, x61); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x79, &mut x80, x78, x31, x63); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x81, &mut x82, x80, x33, x65); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x83, &mut x84, x82, x35, x67); let mut x85: u32 = 0; let mut x86: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x85, &mut x86, x84, x37, x69); let mut x87: u32 = 0; let mut x88: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x87, &mut x88, x86, ((x38 as u32) + x10), ((x70 as u32) + x42)); let mut x89: u32 = 0; let mut x90: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x89, &mut x90, x1, 0x9d671cd5); let mut x91: u32 = 0; let mut x92: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x91, &mut x92, x1, 0x81c69bc5); let mut x93: u32 = 0; let mut x94: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x93, &mut x94, x1, 0xe697f5e4); let mut x95: u32 = 0; let mut x96: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x95, &mut x96, x1, 0x5bcd07c6); let mut x97: u32 = 0; let mut x98: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x97, &mut x98, x1, 0x741496c2); let mut x99: u32 = 0; let mut x100: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x99, &mut x100, x1, 0xe7cf878); let mut x101: u32 = 0; let mut x102: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x101, &mut x102, x1, 0x896cf214); let mut x103: u32 = 0; let mut x104: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x103, &mut x104, x1, 0x67d7d140); let mut x105: u32 = 0; let mut x106: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x105, &mut x106, 0x0, x104, x101); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x107, &mut x108, x106, x102, x99); let mut x109: u32 = 0; let mut x110: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x109, &mut x110, x108, x100, x97); let mut x111: u32 = 0; let mut x112: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x111, &mut x112, x110, x98, x95); let mut x113: u32 = 0; let mut x114: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x113, &mut x114, x112, x96, x93); let mut x115: u32 = 0; let mut x116: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x115, &mut x116, x114, x94, x91); let mut x117: u32 = 0; let mut x118: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x117, &mut x118, x116, x92, x89); let mut x119: u32 = 0; let mut x120: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x119, &mut x120, 0x0, x73, x103); let mut x121: u32 = 0; let mut x122: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x121, &mut x122, x120, x75, x105); let mut x123: u32 = 0; let mut x124: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x123, &mut x124, x122, x77, x107); let mut x125: u32 = 0; let mut x126: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x125, &mut x126, x124, x79, x109); let mut x127: u32 = 0; let mut x128: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x127, &mut x128, x126, x81, x111); let mut x129: u32 = 0; let mut x130: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x129, &mut x130, x128, x83, x113); let mut x131: u32 = 0; let mut x132: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x131, &mut x132, x130, x85, x115); let mut x133: u32 = 0; let mut x134: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x133, &mut x134, x132, x87, x117); let mut x135: u32 = 0; let mut x136: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x135, &mut x136, x119, 0x5588b13f); let mut x137: u32 = 0; let mut x138: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x137, &mut x138, x135, 0xffffffff); let mut x139: u32 = 0; let mut x140: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x139, &mut x140, x135, 0xffffffff); let mut x141: u32 = 0; let mut x142: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x141, &mut x142, x135, 0xffffffff); let mut x143: u32 = 0; let mut x144: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x143, &mut x144, x135, 0xfffffffe); let mut x145: u32 = 0; let mut x146: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x145, &mut x146, x135, 0xbaaedce6); let mut x147: u32 = 0; let mut x148: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x147, &mut x148, x135, 0xaf48a03b); let mut x149: u32 = 0; let mut x150: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x149, &mut x150, x135, 0xbfd25e8c); let mut x151: u32 = 0; let mut x152: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x151, &mut x152, x135, 0xd0364141); let mut x153: u32 = 0; let mut x154: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x153, &mut x154, 0x0, x152, x149); let mut x155: u32 = 0; let mut x156: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x155, &mut x156, x154, x150, x147); let mut x157: u32 = 0; let mut x158: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x157, &mut x158, x156, x148, x145); let mut x159: u32 = 0; let mut x160: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x159, &mut x160, x158, x146, x143); let mut x161: u32 = 0; let mut x162: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x161, &mut x162, x160, x144, x141); let mut x163: u32 = 0; let mut x164: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x163, &mut x164, x162, x142, x139); let mut x165: u32 = 0; let mut x166: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x165, &mut x166, x164, x140, x137); let mut x167: u32 = 0; let mut x168: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x167, &mut x168, 0x0, x119, x151); let mut x169: u32 = 0; let mut x170: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x169, &mut x170, x168, x121, x153); let mut x171: u32 = 0; let mut x172: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x171, &mut x172, x170, x123, x155); let mut x173: u32 = 0; let mut x174: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x173, &mut x174, x172, x125, x157); let mut x175: u32 = 0; let mut x176: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x175, &mut x176, x174, x127, x159); let mut x177: u32 = 0; let mut x178: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x177, &mut x178, x176, x129, x161); let mut x179: u32 = 0; let mut x180: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x179, &mut x180, x178, x131, x163); let mut x181: u32 = 0; let mut x182: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x181, &mut x182, x180, x133, x165); let mut x183: u32 = 0; let mut x184: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x183, &mut x184, x182, (((x134 as u32) + (x88 as u32)) + ((x118 as u32) + x90)), ((x166 as u32) + x138)); let mut x185: u32 = 0; let mut x186: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x185, &mut x186, x2, 0x9d671cd5); let mut x187: u32 = 0; let mut x188: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x187, &mut x188, x2, 0x81c69bc5); let mut x189: u32 = 0; let mut x190: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x189, &mut x190, x2, 0xe697f5e4); let mut x191: u32 = 0; let mut x192: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x191, &mut x192, x2, 0x5bcd07c6); let mut x193: u32 = 0; let mut x194: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x193, &mut x194, x2, 0x741496c2); let mut x195: u32 = 0; let mut x196: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x195, &mut x196, x2, 0xe7cf878); let mut x197: u32 = 0; let mut x198: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x197, &mut x198, x2, 0x896cf214); let mut x199: u32 = 0; let mut x200: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x199, &mut x200, x2, 0x67d7d140); let mut x201: u32 = 0; let mut x202: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x201, &mut x202, 0x0, x200, x197); let mut x203: u32 = 0; let mut x204: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x203, &mut x204, x202, x198, x195); let mut x205: u32 = 0; let mut x206: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x205, &mut x206, x204, x196, x193); let mut x207: u32 = 0; let mut x208: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x207, &mut x208, x206, x194, x191); let mut x209: u32 = 0; let mut x210: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x209, &mut x210, x208, x192, x189); let mut x211: u32 = 0; let mut x212: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x211, &mut x212, x210, x190, x187); let mut x213: u32 = 0; let mut x214: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x213, &mut x214, x212, x188, x185); let mut x215: u32 = 0; let mut x216: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x215, &mut x216, 0x0, x169, x199); let mut x217: u32 = 0; let mut x218: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x217, &mut x218, x216, x171, x201); let mut x219: u32 = 0; let mut x220: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x219, &mut x220, x218, x173, x203); let mut x221: u32 = 0; let mut x222: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x221, &mut x222, x220, x175, x205); let mut x223: u32 = 0; let mut x224: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x223, &mut x224, x222, x177, x207); let mut x225: u32 = 0; let mut x226: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x225, &mut x226, x224, x179, x209); let mut x227: u32 = 0; let mut x228: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x227, &mut x228, x226, x181, x211); let mut x229: u32 = 0; let mut x230: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x229, &mut x230, x228, x183, x213); let mut x231: u32 = 0; let mut x232: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x231, &mut x232, x215, 0x5588b13f); let mut x233: u32 = 0; let mut x234: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x233, &mut x234, x231, 0xffffffff); let mut x235: u32 = 0; let mut x236: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x235, &mut x236, x231, 0xffffffff); let mut x237: u32 = 0; let mut x238: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x237, &mut x238, x231, 0xffffffff); let mut x239: u32 = 0; let mut x240: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x239, &mut x240, x231, 0xfffffffe); let mut x241: u32 = 0; let mut x242: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x241, &mut x242, x231, 0xbaaedce6); let mut x243: u32 = 0; let mut x244: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x243, &mut x244, x231, 0xaf48a03b); let mut x245: u32 = 0; let mut x246: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x245, &mut x246, x231, 0xbfd25e8c); let mut x247: u32 = 0; let mut x248: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x247, &mut x248, x231, 0xd0364141); let mut x249: u32 = 0; let mut x250: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x249, &mut x250, 0x0, x248, x245); let mut x251: u32 = 0; let mut x252: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x251, &mut x252, x250, x246, x243); let mut x253: u32 = 0; let mut x254: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x253, &mut x254, x252, x244, x241); let mut x255: u32 = 0; let mut x256: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x255, &mut x256, x254, x242, x239); let mut x257: u32 = 0; let mut x258: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x257, &mut x258, x256, x240, x237); let mut x259: u32 = 0; let mut x260: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x259, &mut x260, x258, x238, x235); let mut x261: u32 = 0; let mut x262: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x261, &mut x262, x260, x236, x233); let mut x263: u32 = 0; let mut x264: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x263, &mut x264, 0x0, x215, x247); let mut x265: u32 = 0; let mut x266: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x265, &mut x266, x264, x217, x249); let mut x267: u32 = 0; let mut x268: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x267, &mut x268, x266, x219, x251); let mut x269: u32 = 0; let mut x270: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x269, &mut x270, x268, x221, x253); let mut x271: u32 = 0; let mut x272: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x271, &mut x272, x270, x223, x255); let mut x273: u32 = 0; let mut x274: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x273, &mut x274, x272, x225, x257); let mut x275: u32 = 0; let mut x276: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x275, &mut x276, x274, x227, x259); let mut x277: u32 = 0; let mut x278: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x277, &mut x278, x276, x229, x261); let mut x279: u32 = 0; let mut x280: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x279, &mut x280, x278, (((x230 as u32) + (x184 as u32)) + ((x214 as u32) + x186)), ((x262 as u32) + x234)); let mut x281: u32 = 0; let mut x282: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x281, &mut x282, x3, 0x9d671cd5); let mut x283: u32 = 0; let mut x284: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x283, &mut x284, x3, 0x81c69bc5); let mut x285: u32 = 0; let mut x286: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x285, &mut x286, x3, 0xe697f5e4); let mut x287: u32 = 0; let mut x288: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x287, &mut x288, x3, 0x5bcd07c6); let mut x289: u32 = 0; let mut x290: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x289, &mut x290, x3, 0x741496c2); let mut x291: u32 = 0; let mut x292: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x291, &mut x292, x3, 0xe7cf878); let mut x293: u32 = 0; let mut x294: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x293, &mut x294, x3, 0x896cf214); let mut x295: u32 = 0; let mut x296: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x295, &mut x296, x3, 0x67d7d140); let mut x297: u32 = 0; let mut x298: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x297, &mut x298, 0x0, x296, x293); let mut x299: u32 = 0; let mut x300: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x299, &mut x300, x298, x294, x291); let mut x301: u32 = 0; let mut x302: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x301, &mut x302, x300, x292, x289); let mut x303: u32 = 0; let mut x304: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x303, &mut x304, x302, x290, x287); let mut x305: u32 = 0; let mut x306: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x305, &mut x306, x304, x288, x285); let mut x307: u32 = 0; let mut x308: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x307, &mut x308, x306, x286, x283); let mut x309: u32 = 0; let mut x310: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x309, &mut x310, x308, x284, x281); let mut x311: u32 = 0; let mut x312: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x311, &mut x312, 0x0, x265, x295); let mut x313: u32 = 0; let mut x314: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x313, &mut x314, x312, x267, x297); let mut x315: u32 = 0; let mut x316: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x315, &mut x316, x314, x269, x299); let mut x317: u32 = 0; let mut x318: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x317, &mut x318, x316, x271, x301); let mut x319: u32 = 0; let mut x320: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x319, &mut x320, x318, x273, x303); let mut x321: u32 = 0; let mut x322: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x321, &mut x322, x320, x275, x305); let mut x323: u32 = 0; let mut x324: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x323, &mut x324, x322, x277, x307); let mut x325: u32 = 0; let mut x326: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x325, &mut x326, x324, x279, x309); let mut x327: u32 = 0; let mut x328: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x327, &mut x328, x311, 0x5588b13f); let mut x329: u32 = 0; let mut x330: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x329, &mut x330, x327, 0xffffffff); let mut x331: u32 = 0; let mut x332: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x331, &mut x332, x327, 0xffffffff); let mut x333: u32 = 0; let mut x334: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x333, &mut x334, x327, 0xffffffff); let mut x335: u32 = 0; let mut x336: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x335, &mut x336, x327, 0xfffffffe); let mut x337: u32 = 0; let mut x338: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x337, &mut x338, x327, 0xbaaedce6); let mut x339: u32 = 0; let mut x340: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x339, &mut x340, x327, 0xaf48a03b); let mut x341: u32 = 0; let mut x342: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x341, &mut x342, x327, 0xbfd25e8c); let mut x343: u32 = 0; let mut x344: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x343, &mut x344, x327, 0xd0364141); let mut x345: u32 = 0; let mut x346: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x345, &mut x346, 0x0, x344, x341); let mut x347: u32 = 0; let mut x348: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x347, &mut x348, x346, x342, x339); let mut x349: u32 = 0; let mut x350: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x349, &mut x350, x348, x340, x337); let mut x351: u32 = 0; let mut x352: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x351, &mut x352, x350, x338, x335); let mut x353: u32 = 0; let mut x354: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x353, &mut x354, x352, x336, x333); let mut x355: u32 = 0; let mut x356: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x355, &mut x356, x354, x334, x331); let mut x357: u32 = 0; let mut x358: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x357, &mut x358, x356, x332, x329); let mut x359: u32 = 0; let mut x360: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x359, &mut x360, 0x0, x311, x343); let mut x361: u32 = 0; let mut x362: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x361, &mut x362, x360, x313, x345); let mut x363: u32 = 0; let mut x364: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x363, &mut x364, x362, x315, x347); let mut x365: u32 = 0; let mut x366: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x365, &mut x366, x364, x317, x349); let mut x367: u32 = 0; let mut x368: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x367, &mut x368, x366, x319, x351); let mut x369: u32 = 0; let mut x370: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x369, &mut x370, x368, x321, x353); let mut x371: u32 = 0; let mut x372: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x371, &mut x372, x370, x323, x355); let mut x373: u32 = 0; let mut x374: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x373, &mut x374, x372, x325, x357); let mut x375: u32 = 0; let mut x376: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x375, &mut x376, x374, (((x326 as u32) + (x280 as u32)) + ((x310 as u32) + x282)), ((x358 as u32) + x330)); let mut x377: u32 = 0; let mut x378: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x377, &mut x378, x4, 0x9d671cd5); let mut x379: u32 = 0; let mut x380: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x379, &mut x380, x4, 0x81c69bc5); let mut x381: u32 = 0; let mut x382: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x381, &mut x382, x4, 0xe697f5e4); let mut x383: u32 = 0; let mut x384: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x383, &mut x384, x4, 0x5bcd07c6); let mut x385: u32 = 0; let mut x386: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x385, &mut x386, x4, 0x741496c2); let mut x387: u32 = 0; let mut x388: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x387, &mut x388, x4, 0xe7cf878); let mut x389: u32 = 0; let mut x390: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x389, &mut x390, x4, 0x896cf214); let mut x391: u32 = 0; let mut x392: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x391, &mut x392, x4, 0x67d7d140); let mut x393: u32 = 0; let mut x394: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x393, &mut x394, 0x0, x392, x389); let mut x395: u32 = 0; let mut x396: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x395, &mut x396, x394, x390, x387); let mut x397: u32 = 0; let mut x398: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x397, &mut x398, x396, x388, x385); let mut x399: u32 = 0; let mut x400: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x399, &mut x400, x398, x386, x383); let mut x401: u32 = 0; let mut x402: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x401, &mut x402, x400, x384, x381); let mut x403: u32 = 0; let mut x404: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x403, &mut x404, x402, x382, x379); let mut x405: u32 = 0; let mut x406: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x405, &mut x406, x404, x380, x377); let mut x407: u32 = 0; let mut x408: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x407, &mut x408, 0x0, x361, x391); let mut x409: u32 = 0; let mut x410: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x409, &mut x410, x408, x363, x393); let mut x411: u32 = 0; let mut x412: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x411, &mut x412, x410, x365, x395); let mut x413: u32 = 0; let mut x414: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x413, &mut x414, x412, x367, x397); let mut x415: u32 = 0; let mut x416: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x415, &mut x416, x414, x369, x399); let mut x417: u32 = 0; let mut x418: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x417, &mut x418, x416, x371, x401); let mut x419: u32 = 0; let mut x420: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x419, &mut x420, x418, x373, x403); let mut x421: u32 = 0; let mut x422: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x421, &mut x422, x420, x375, x405); let mut x423: u32 = 0; let mut x424: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x423, &mut x424, x407, 0x5588b13f); let mut x425: u32 = 0; let mut x426: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x425, &mut x426, x423, 0xffffffff); let mut x427: u32 = 0; let mut x428: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x427, &mut x428, x423, 0xffffffff); let mut x429: u32 = 0; let mut x430: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x429, &mut x430, x423, 0xffffffff); let mut x431: u32 = 0; let mut x432: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x431, &mut x432, x423, 0xfffffffe); let mut x433: u32 = 0; let mut x434: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x433, &mut x434, x423, 0xbaaedce6); let mut x435: u32 = 0; let mut x436: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x435, &mut x436, x423, 0xaf48a03b); let mut x437: u32 = 0; let mut x438: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x437, &mut x438, x423, 0xbfd25e8c); let mut x439: u32 = 0; let mut x440: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x439, &mut x440, x423, 0xd0364141); let mut x441: u32 = 0; let mut x442: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x441, &mut x442, 0x0, x440, x437); let mut x443: u32 = 0; let mut x444: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x443, &mut x444, x442, x438, x435); let mut x445: u32 = 0; let mut x446: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x445, &mut x446, x444, x436, x433); let mut x447: u32 = 0; let mut x448: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x447, &mut x448, x446, x434, x431); let mut x449: u32 = 0; let mut x450: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x449, &mut x450, x448, x432, x429); let mut x451: u32 = 0; let mut x452: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x451, &mut x452, x450, x430, x427); let mut x453: u32 = 0; let mut x454: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x453, &mut x454, x452, x428, x425); let mut x455: u32 = 0; let mut x456: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x455, &mut x456, 0x0, x407, x439); let mut x457: u32 = 0; let mut x458: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x457, &mut x458, x456, x409, x441); let mut x459: u32 = 0; let mut x460: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x459, &mut x460, x458, x411, x443); let mut x461: u32 = 0; let mut x462: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x461, &mut x462, x460, x413, x445); let mut x463: u32 = 0; let mut x464: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x463, &mut x464, x462, x415, x447); let mut x465: u32 = 0; let mut x466: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x465, &mut x466, x464, x417, x449); let mut x467: u32 = 0; let mut x468: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x467, &mut x468, x466, x419, x451); let mut x469: u32 = 0; let mut x470: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x469, &mut x470, x468, x421, x453); let mut x471: u32 = 0; let mut x472: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x471, &mut x472, x470, (((x422 as u32) + (x376 as u32)) + ((x406 as u32) + x378)), ((x454 as u32) + x426)); let mut x473: u32 = 0; let mut x474: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x473, &mut x474, x5, 0x9d671cd5); let mut x475: u32 = 0; let mut x476: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x475, &mut x476, x5, 0x81c69bc5); let mut x477: u32 = 0; let mut x478: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x477, &mut x478, x5, 0xe697f5e4); let mut x479: u32 = 0; let mut x480: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x479, &mut x480, x5, 0x5bcd07c6); let mut x481: u32 = 0; let mut x482: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x481, &mut x482, x5, 0x741496c2); let mut x483: u32 = 0; let mut x484: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x483, &mut x484, x5, 0xe7cf878); let mut x485: u32 = 0; let mut x486: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x485, &mut x486, x5, 0x896cf214); let mut x487: u32 = 0; let mut x488: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x487, &mut x488, x5, 0x67d7d140); let mut x489: u32 = 0; let mut x490: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x489, &mut x490, 0x0, x488, x485); let mut x491: u32 = 0; let mut x492: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x491, &mut x492, x490, x486, x483); let mut x493: u32 = 0; let mut x494: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x493, &mut x494, x492, x484, x481); let mut x495: u32 = 0; let mut x496: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x495, &mut x496, x494, x482, x479); let mut x497: u32 = 0; let mut x498: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x497, &mut x498, x496, x480, x477); let mut x499: u32 = 0; let mut x500: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x499, &mut x500, x498, x478, x475); let mut x501: u32 = 0; let mut x502: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x501, &mut x502, x500, x476, x473); let mut x503: u32 = 0; let mut x504: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x503, &mut x504, 0x0, x457, x487); let mut x505: u32 = 0; let mut x506: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x505, &mut x506, x504, x459, x489); let mut x507: u32 = 0; let mut x508: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x507, &mut x508, x506, x461, x491); let mut x509: u32 = 0; let mut x510: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x509, &mut x510, x508, x463, x493); let mut x511: u32 = 0; let mut x512: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x511, &mut x512, x510, x465, x495); let mut x513: u32 = 0; let mut x514: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x513, &mut x514, x512, x467, x497); let mut x515: u32 = 0; let mut x516: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x515, &mut x516, x514, x469, x499); let mut x517: u32 = 0; let mut x518: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x517, &mut x518, x516, x471, x501); let mut x519: u32 = 0; let mut x520: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x519, &mut x520, x503, 0x5588b13f); let mut x521: u32 = 0; let mut x522: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x521, &mut x522, x519, 0xffffffff); let mut x523: u32 = 0; let mut x524: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x523, &mut x524, x519, 0xffffffff); let mut x525: u32 = 0; let mut x526: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x525, &mut x526, x519, 0xffffffff); let mut x527: u32 = 0; let mut x528: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x527, &mut x528, x519, 0xfffffffe); let mut x529: u32 = 0; let mut x530: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x529, &mut x530, x519, 0xbaaedce6); let mut x531: u32 = 0; let mut x532: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x531, &mut x532, x519, 0xaf48a03b); let mut x533: u32 = 0; let mut x534: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x533, &mut x534, x519, 0xbfd25e8c); let mut x535: u32 = 0; let mut x536: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x535, &mut x536, x519, 0xd0364141); let mut x537: u32 = 0; let mut x538: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x537, &mut x538, 0x0, x536, x533); let mut x539: u32 = 0; let mut x540: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x539, &mut x540, x538, x534, x531); let mut x541: u32 = 0; let mut x542: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x541, &mut x542, x540, x532, x529); let mut x543: u32 = 0; let mut x544: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x543, &mut x544, x542, x530, x527); let mut x545: u32 = 0; let mut x546: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x545, &mut x546, x544, x528, x525); let mut x547: u32 = 0; let mut x548: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x547, &mut x548, x546, x526, x523); let mut x549: u32 = 0; let mut x550: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x549, &mut x550, x548, x524, x521); let mut x551: u32 = 0; let mut x552: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x551, &mut x552, 0x0, x503, x535); let mut x553: u32 = 0; let mut x554: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x553, &mut x554, x552, x505, x537); let mut x555: u32 = 0; let mut x556: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x555, &mut x556, x554, x507, x539); let mut x557: u32 = 0; let mut x558: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x557, &mut x558, x556, x509, x541); let mut x559: u32 = 0; let mut x560: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x559, &mut x560, x558, x511, x543); let mut x561: u32 = 0; let mut x562: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x561, &mut x562, x560, x513, x545); let mut x563: u32 = 0; let mut x564: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x563, &mut x564, x562, x515, x547); let mut x565: u32 = 0; let mut x566: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x565, &mut x566, x564, x517, x549); let mut x567: u32 = 0; let mut x568: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x567, &mut x568, x566, (((x518 as u32) + (x472 as u32)) + ((x502 as u32) + x474)), ((x550 as u32) + x522)); let mut x569: u32 = 0; let mut x570: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x569, &mut x570, x6, 0x9d671cd5); let mut x571: u32 = 0; let mut x572: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x571, &mut x572, x6, 0x81c69bc5); let mut x573: u32 = 0; let mut x574: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x573, &mut x574, x6, 0xe697f5e4); let mut x575: u32 = 0; let mut x576: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x575, &mut x576, x6, 0x5bcd07c6); let mut x577: u32 = 0; let mut x578: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x577, &mut x578, x6, 0x741496c2); let mut x579: u32 = 0; let mut x580: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x579, &mut x580, x6, 0xe7cf878); let mut x581: u32 = 0; let mut x582: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x581, &mut x582, x6, 0x896cf214); let mut x583: u32 = 0; let mut x584: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x583, &mut x584, x6, 0x67d7d140); let mut x585: u32 = 0; let mut x586: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x585, &mut x586, 0x0, x584, x581); let mut x587: u32 = 0; let mut x588: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x587, &mut x588, x586, x582, x579); let mut x589: u32 = 0; let mut x590: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x589, &mut x590, x588, x580, x577); let mut x591: u32 = 0; let mut x592: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x591, &mut x592, x590, x578, x575); let mut x593: u32 = 0; let mut x594: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x593, &mut x594, x592, x576, x573); let mut x595: u32 = 0; let mut x596: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x595, &mut x596, x594, x574, x571); let mut x597: u32 = 0; let mut x598: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x597, &mut x598, x596, x572, x569); let mut x599: u32 = 0; let mut x600: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x599, &mut x600, 0x0, x553, x583); let mut x601: u32 = 0; let mut x602: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x601, &mut x602, x600, x555, x585); let mut x603: u32 = 0; let mut x604: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x603, &mut x604, x602, x557, x587); let mut x605: u32 = 0; let mut x606: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x605, &mut x606, x604, x559, x589); let mut x607: u32 = 0; let mut x608: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x607, &mut x608, x606, x561, x591); let mut x609: u32 = 0; let mut x610: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x609, &mut x610, x608, x563, x593); let mut x611: u32 = 0; let mut x612: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x611, &mut x612, x610, x565, x595); let mut x613: u32 = 0; let mut x614: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x613, &mut x614, x612, x567, x597); let mut x615: u32 = 0; let mut x616: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x615, &mut x616, x599, 0x5588b13f); let mut x617: u32 = 0; let mut x618: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x617, &mut x618, x615, 0xffffffff); let mut x619: u32 = 0; let mut x620: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x619, &mut x620, x615, 0xffffffff); let mut x621: u32 = 0; let mut x622: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x621, &mut x622, x615, 0xffffffff); let mut x623: u32 = 0; let mut x624: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x623, &mut x624, x615, 0xfffffffe); let mut x625: u32 = 0; let mut x626: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x625, &mut x626, x615, 0xbaaedce6); let mut x627: u32 = 0; let mut x628: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x627, &mut x628, x615, 0xaf48a03b); let mut x629: u32 = 0; let mut x630: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x629, &mut x630, x615, 0xbfd25e8c); let mut x631: u32 = 0; let mut x632: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x631, &mut x632, x615, 0xd0364141); let mut x633: u32 = 0; let mut x634: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x633, &mut x634, 0x0, x632, x629); let mut x635: u32 = 0; let mut x636: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x635, &mut x636, x634, x630, x627); let mut x637: u32 = 0; let mut x638: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x637, &mut x638, x636, x628, x625); let mut x639: u32 = 0; let mut x640: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x639, &mut x640, x638, x626, x623); let mut x641: u32 = 0; let mut x642: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x641, &mut x642, x640, x624, x621); let mut x643: u32 = 0; let mut x644: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x643, &mut x644, x642, x622, x619); let mut x645: u32 = 0; let mut x646: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x645, &mut x646, x644, x620, x617); let mut x647: u32 = 0; let mut x648: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x647, &mut x648, 0x0, x599, x631); let mut x649: u32 = 0; let mut x650: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x649, &mut x650, x648, x601, x633); let mut x651: u32 = 0; let mut x652: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x651, &mut x652, x650, x603, x635); let mut x653: u32 = 0; let mut x654: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x653, &mut x654, x652, x605, x637); let mut x655: u32 = 0; let mut x656: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x655, &mut x656, x654, x607, x639); let mut x657: u32 = 0; let mut x658: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x657, &mut x658, x656, x609, x641); let mut x659: u32 = 0; let mut x660: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x659, &mut x660, x658, x611, x643); let mut x661: u32 = 0; let mut x662: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x661, &mut x662, x660, x613, x645); let mut x663: u32 = 0; let mut x664: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x663, &mut x664, x662, (((x614 as u32) + (x568 as u32)) + ((x598 as u32) + x570)), ((x646 as u32) + x618)); let mut x665: u32 = 0; let mut x666: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x665, &mut x666, x7, 0x9d671cd5); let mut x667: u32 = 0; let mut x668: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x667, &mut x668, x7, 0x81c69bc5); let mut x669: u32 = 0; let mut x670: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x669, &mut x670, x7, 0xe697f5e4); let mut x671: u32 = 0; let mut x672: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x671, &mut x672, x7, 0x5bcd07c6); let mut x673: u32 = 0; let mut x674: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x673, &mut x674, x7, 0x741496c2); let mut x675: u32 = 0; let mut x676: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x675, &mut x676, x7, 0xe7cf878); let mut x677: u32 = 0; let mut x678: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x677, &mut x678, x7, 0x896cf214); let mut x679: u32 = 0; let mut x680: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x679, &mut x680, x7, 0x67d7d140); let mut x681: u32 = 0; let mut x682: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x681, &mut x682, 0x0, x680, x677); let mut x683: u32 = 0; let mut x684: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x683, &mut x684, x682, x678, x675); let mut x685: u32 = 0; let mut x686: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x685, &mut x686, x684, x676, x673); let mut x687: u32 = 0; let mut x688: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x687, &mut x688, x686, x674, x671); let mut x689: u32 = 0; let mut x690: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x689, &mut x690, x688, x672, x669); let mut x691: u32 = 0; let mut x692: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x691, &mut x692, x690, x670, x667); let mut x693: u32 = 0; let mut x694: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x693, &mut x694, x692, x668, x665); let mut x695: u32 = 0; let mut x696: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x695, &mut x696, 0x0, x649, x679); let mut x697: u32 = 0; let mut x698: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x697, &mut x698, x696, x651, x681); let mut x699: u32 = 0; let mut x700: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x699, &mut x700, x698, x653, x683); let mut x701: u32 = 0; let mut x702: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x701, &mut x702, x700, x655, x685); let mut x703: u32 = 0; let mut x704: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x703, &mut x704, x702, x657, x687); let mut x705: u32 = 0; let mut x706: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x705, &mut x706, x704, x659, x689); let mut x707: u32 = 0; let mut x708: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x707, &mut x708, x706, x661, x691); let mut x709: u32 = 0; let mut x710: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x709, &mut x710, x708, x663, x693); let mut x711: u32 = 0; let mut x712: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x711, &mut x712, x695, 0x5588b13f); let mut x713: u32 = 0; let mut x714: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x713, &mut x714, x711, 0xffffffff); let mut x715: u32 = 0; let mut x716: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x715, &mut x716, x711, 0xffffffff); let mut x717: u32 = 0; let mut x718: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x717, &mut x718, x711, 0xffffffff); let mut x719: u32 = 0; let mut x720: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x719, &mut x720, x711, 0xfffffffe); let mut x721: u32 = 0; let mut x722: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x721, &mut x722, x711, 0xbaaedce6); let mut x723: u32 = 0; let mut x724: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x723, &mut x724, x711, 0xaf48a03b); let mut x725: u32 = 0; let mut x726: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x725, &mut x726, x711, 0xbfd25e8c); let mut x727: u32 = 0; let mut x728: u32 = 0; fiat_secp256k1_montgomery_scalar_mulx_u32(&mut x727, &mut x728, x711, 0xd0364141); let mut x729: u32 = 0; let mut x730: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x729, &mut x730, 0x0, x728, x725); let mut x731: u32 = 0; let mut x732: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x731, &mut x732, x730, x726, x723); let mut x733: u32 = 0; let mut x734: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x733, &mut x734, x732, x724, x721); let mut x735: u32 = 0; let mut x736: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x735, &mut x736, x734, x722, x719); let mut x737: u32 = 0; let mut x738: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x737, &mut x738, x736, x720, x717); let mut x739: u32 = 0; let mut x740: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x739, &mut x740, x738, x718, x715); let mut x741: u32 = 0; let mut x742: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x741, &mut x742, x740, x716, x713); let mut x743: u32 = 0; let mut x744: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x743, &mut x744, 0x0, x695, x727); let mut x745: u32 = 0; let mut x746: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x745, &mut x746, x744, x697, x729); let mut x747: u32 = 0; let mut x748: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x747, &mut x748, x746, x699, x731); let mut x749: u32 = 0; let mut x750: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x749, &mut x750, x748, x701, x733); let mut x751: u32 = 0; let mut x752: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x751, &mut x752, x750, x703, x735); let mut x753: u32 = 0; let mut x754: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x753, &mut x754, x752, x705, x737); let mut x755: u32 = 0; let mut x756: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x755, &mut x756, x754, x707, x739); let mut x757: u32 = 0; let mut x758: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x757, &mut x758, x756, x709, x741); let mut x759: u32 = 0; let mut x760: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x759, &mut x760, x758, (((x710 as u32) + (x664 as u32)) + ((x694 as u32) + x666)), ((x742 as u32) + x714)); let mut x761: u32 = 0; let mut x762: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x761, &mut x762, 0x0, x745, 0xd0364141); let mut x763: u32 = 0; let mut x764: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x763, &mut x764, x762, x747, 0xbfd25e8c); let mut x765: u32 = 0; let mut x766: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x765, &mut x766, x764, x749, 0xaf48a03b); let mut x767: u32 = 0; let mut x768: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x767, &mut x768, x766, x751, 0xbaaedce6); let mut x769: u32 = 0; let mut x770: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x769, &mut x770, x768, x753, 0xfffffffe); let mut x771: u32 = 0; let mut x772: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x771, &mut x772, x770, x755, 0xffffffff); let mut x773: u32 = 0; let mut x774: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x773, &mut x774, x772, x757, 0xffffffff); let mut x775: u32 = 0; let mut x776: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x775, &mut x776, x774, x759, 0xffffffff); let mut x777: u32 = 0; let mut x778: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x777, &mut x778, x776, (x760 as u32), (0x0 as u32)); let mut x779: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x779, x778, x761, x745); let mut x780: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x780, x778, x763, x747); let mut x781: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x781, x778, x765, x749); let mut x782: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x782, x778, x767, x751); let mut x783: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x783, x778, x769, x753); let mut x784: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x784, x778, x771, x755); let mut x785: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x785, x778, x773, x757); let mut x786: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x786, x778, x775, x759); out1[0] = x779; out1[1] = x780; out1[2] = x781; out1[3] = x782; out1[4] = x783; out1[5] = x784; out1[6] = x785; out1[7] = x786; } /// The function fiat_secp256k1_montgomery_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_nonzero(out1: &mut u32, arg1: &[u32; 8]) { let x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); *out1 = x1; } /// The function fiat_secp256k1_montgomery_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_selectznz(out1: &mut [u32; 8], arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: &[u32; 8], arg3: &[u32; 8]) { let mut x1: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x4, arg1, (arg2[3]), (arg3[3])); let mut x5: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x5, arg1, (arg2[4]), (arg3[4])); let mut x6: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x6, arg1, (arg2[5]), (arg3[5])); let mut x7: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x7, arg1, (arg2[6]), (arg3[6])); let mut x8: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x8, arg1, (arg2[7]), (arg3[7])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; } /// The function fiat_secp256k1_montgomery_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u32; 8]) { let x1: u32 = (arg1[7]); let x2: u32 = (arg1[6]); let x3: u32 = (arg1[5]); let x4: u32 = (arg1[4]); let x5: u32 = (arg1[3]); let x6: u32 = (arg1[2]); let x7: u32 = (arg1[1]); let x8: u32 = (arg1[0]); let x9: u8 = ((x8 & (0xff as u32)) as u8); let x10: u32 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u32)) as u8); let x12: u32 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u32)) as u8); let x14: u8 = ((x12 >> 8) as u8); let x15: u8 = ((x7 & (0xff as u32)) as u8); let x16: u32 = (x7 >> 8); let x17: u8 = ((x16 & (0xff as u32)) as u8); let x18: u32 = (x16 >> 8); let x19: u8 = ((x18 & (0xff as u32)) as u8); let x20: u8 = ((x18 >> 8) as u8); let x21: u8 = ((x6 & (0xff as u32)) as u8); let x22: u32 = (x6 >> 8); let x23: u8 = ((x22 & (0xff as u32)) as u8); let x24: u32 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u32)) as u8); let x26: u8 = ((x24 >> 8) as u8); let x27: u8 = ((x5 & (0xff as u32)) as u8); let x28: u32 = (x5 >> 8); let x29: u8 = ((x28 & (0xff as u32)) as u8); let x30: u32 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u32)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x4 & (0xff as u32)) as u8); let x34: u32 = (x4 >> 8); let x35: u8 = ((x34 & (0xff as u32)) as u8); let x36: u32 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u32)) as u8); let x38: u8 = ((x36 >> 8) as u8); let x39: u8 = ((x3 & (0xff as u32)) as u8); let x40: u32 = (x3 >> 8); let x41: u8 = ((x40 & (0xff as u32)) as u8); let x42: u32 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u32)) as u8); let x44: u8 = ((x42 >> 8) as u8); let x45: u8 = ((x2 & (0xff as u32)) as u8); let x46: u32 = (x2 >> 8); let x47: u8 = ((x46 & (0xff as u32)) as u8); let x48: u32 = (x46 >> 8); let x49: u8 = ((x48 & (0xff as u32)) as u8); let x50: u8 = ((x48 >> 8) as u8); let x51: u8 = ((x1 & (0xff as u32)) as u8); let x52: u32 = (x1 >> 8); let x53: u8 = ((x52 & (0xff as u32)) as u8); let x54: u32 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u32)) as u8); let x56: u8 = ((x54 >> 8) as u8); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; out1[4] = x15; out1[5] = x17; out1[6] = x19; out1[7] = x20; out1[8] = x21; out1[9] = x23; out1[10] = x25; out1[11] = x26; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x38; out1[20] = x39; out1[21] = x41; out1[22] = x43; out1[23] = x44; out1[24] = x45; out1[25] = x47; out1[26] = x49; out1[27] = x50; out1[28] = x51; out1[29] = x53; out1[30] = x55; out1[31] = x56; } /// The function fiat_secp256k1_montgomery_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_from_bytes(out1: &mut [u32; 8], arg1: &[u8; 32]) { let x1: u32 = (((arg1[31]) as u32) << 24); let x2: u32 = (((arg1[30]) as u32) << 16); let x3: u32 = (((arg1[29]) as u32) << 8); let x4: u8 = (arg1[28]); let x5: u32 = (((arg1[27]) as u32) << 24); let x6: u32 = (((arg1[26]) as u32) << 16); let x7: u32 = (((arg1[25]) as u32) << 8); let x8: u8 = (arg1[24]); let x9: u32 = (((arg1[23]) as u32) << 24); let x10: u32 = (((arg1[22]) as u32) << 16); let x11: u32 = (((arg1[21]) as u32) << 8); let x12: u8 = (arg1[20]); let x13: u32 = (((arg1[19]) as u32) << 24); let x14: u32 = (((arg1[18]) as u32) << 16); let x15: u32 = (((arg1[17]) as u32) << 8); let x16: u8 = (arg1[16]); let x17: u32 = (((arg1[15]) as u32) << 24); let x18: u32 = (((arg1[14]) as u32) << 16); let x19: u32 = (((arg1[13]) as u32) << 8); let x20: u8 = (arg1[12]); let x21: u32 = (((arg1[11]) as u32) << 24); let x22: u32 = (((arg1[10]) as u32) << 16); let x23: u32 = (((arg1[9]) as u32) << 8); let x24: u8 = (arg1[8]); let x25: u32 = (((arg1[7]) as u32) << 24); let x26: u32 = (((arg1[6]) as u32) << 16); let x27: u32 = (((arg1[5]) as u32) << 8); let x28: u8 = (arg1[4]); let x29: u32 = (((arg1[3]) as u32) << 24); let x30: u32 = (((arg1[2]) as u32) << 16); let x31: u32 = (((arg1[1]) as u32) << 8); let x32: u8 = (arg1[0]); let x33: u32 = (x31 + (x32 as u32)); let x34: u32 = (x30 + x33); let x35: u32 = (x29 + x34); let x36: u32 = (x27 + (x28 as u32)); let x37: u32 = (x26 + x36); let x38: u32 = (x25 + x37); let x39: u32 = (x23 + (x24 as u32)); let x40: u32 = (x22 + x39); let x41: u32 = (x21 + x40); let x42: u32 = (x19 + (x20 as u32)); let x43: u32 = (x18 + x42); let x44: u32 = (x17 + x43); let x45: u32 = (x15 + (x16 as u32)); let x46: u32 = (x14 + x45); let x47: u32 = (x13 + x46); let x48: u32 = (x11 + (x12 as u32)); let x49: u32 = (x10 + x48); let x50: u32 = (x9 + x49); let x51: u32 = (x7 + (x8 as u32)); let x52: u32 = (x6 + x51); let x53: u32 = (x5 + x52); let x54: u32 = (x3 + (x4 as u32)); let x55: u32 = (x2 + x54); let x56: u32 = (x1 + x55); out1[0] = x35; out1[1] = x38; out1[2] = x41; out1[3] = x44; out1[4] = x47; out1[5] = x50; out1[6] = x53; out1[7] = x56; } /// The function fiat_secp256k1_montgomery_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_set_one(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { out1[0] = 0x2fc9bebf; out1[1] = 0x402da173; out1[2] = 0x50b75fc4; out1[3] = 0x45512319; out1[4] = (0x1 as u32); out1[5] = (0x0 as u32); out1[6] = (0x0 as u32); out1[7] = (0x0 as u32); } /// The function fiat_secp256k1_montgomery_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_msat(out1: &mut [u32; 9]) { out1[0] = 0xd0364141; out1[1] = 0xbfd25e8c; out1[2] = 0xaf48a03b; out1[3] = 0xbaaedce6; out1[4] = 0xfffffffe; out1[5] = 0xffffffff; out1[6] = 0xffffffff; out1[7] = 0xffffffff; out1[8] = (0x0 as u32); } /// The function fiat_secp256k1_montgomery_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffff] /// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffff] /// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] /// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_divstep(out1: &mut u32, out2: &mut [u32; 9], out3: &mut [u32; 9], out4: &mut [u32; 8], out5: &mut [u32; 8], arg1: u32, arg2: &[u32; 9], arg3: &[u32; 9], arg4: &[u32; 8], arg5: &[u32; 8]) { let mut x1: u32 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u32)); let x3: fiat_secp256k1_montgomery_scalar_u1 = (((x1 >> 31) as fiat_secp256k1_montgomery_scalar_u1) & (((arg3[0]) & (0x1 as u32)) as fiat_secp256k1_montgomery_scalar_u1)); let mut x4: u32 = 0; let mut x5: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u32)); let mut x6: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x6, x3, arg1, x4); let mut x7: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x12, x3, (arg2[5]), (arg3[5])); let mut x13: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x13, x3, (arg2[6]), (arg3[6])); let mut x14: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x14, x3, (arg2[7]), (arg3[7])); let mut x15: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x15, x3, (arg2[8]), (arg3[8])); let mut x16: u32 = 0; let mut x17: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x16, &mut x17, 0x0, (0x1 as u32), (!(arg2[0]))); let mut x18: u32 = 0; let mut x19: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x18, &mut x19, x17, (0x0 as u32), (!(arg2[1]))); let mut x20: u32 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x20, &mut x21, x19, (0x0 as u32), (!(arg2[2]))); let mut x22: u32 = 0; let mut x23: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x22, &mut x23, x21, (0x0 as u32), (!(arg2[3]))); let mut x24: u32 = 0; let mut x25: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x24, &mut x25, x23, (0x0 as u32), (!(arg2[4]))); let mut x26: u32 = 0; let mut x27: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x26, &mut x27, x25, (0x0 as u32), (!(arg2[5]))); let mut x28: u32 = 0; let mut x29: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x28, &mut x29, x27, (0x0 as u32), (!(arg2[6]))); let mut x30: u32 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x30, &mut x31, x29, (0x0 as u32), (!(arg2[7]))); let mut x32: u32 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x32, &mut x33, x31, (0x0 as u32), (!(arg2[8]))); let mut x34: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x34, x3, (arg3[0]), x16); let mut x35: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x35, x3, (arg3[1]), x18); let mut x36: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x36, x3, (arg3[2]), x20); let mut x37: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x37, x3, (arg3[3]), x22); let mut x38: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x38, x3, (arg3[4]), x24); let mut x39: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x39, x3, (arg3[5]), x26); let mut x40: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x40, x3, (arg3[6]), x28); let mut x41: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x41, x3, (arg3[7]), x30); let mut x42: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x42, x3, (arg3[8]), x32); let mut x43: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x43, x3, (arg4[0]), (arg5[0])); let mut x44: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x44, x3, (arg4[1]), (arg5[1])); let mut x45: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x45, x3, (arg4[2]), (arg5[2])); let mut x46: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x46, x3, (arg4[3]), (arg5[3])); let mut x47: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x47, x3, (arg4[4]), (arg5[4])); let mut x48: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x48, x3, (arg4[5]), (arg5[5])); let mut x49: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x49, x3, (arg4[6]), (arg5[6])); let mut x50: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x50, x3, (arg4[7]), (arg5[7])); let mut x51: u32 = 0; let mut x52: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x51, &mut x52, 0x0, x43, x43); let mut x53: u32 = 0; let mut x54: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x53, &mut x54, x52, x44, x44); let mut x55: u32 = 0; let mut x56: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x55, &mut x56, x54, x45, x45); let mut x57: u32 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x57, &mut x58, x56, x46, x46); let mut x59: u32 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x59, &mut x60, x58, x47, x47); let mut x61: u32 = 0; let mut x62: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x61, &mut x62, x60, x48, x48); let mut x63: u32 = 0; let mut x64: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x63, &mut x64, x62, x49, x49); let mut x65: u32 = 0; let mut x66: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x65, &mut x66, x64, x50, x50); let mut x67: u32 = 0; let mut x68: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x67, &mut x68, 0x0, x51, 0xd0364141); let mut x69: u32 = 0; let mut x70: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x69, &mut x70, x68, x53, 0xbfd25e8c); let mut x71: u32 = 0; let mut x72: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x71, &mut x72, x70, x55, 0xaf48a03b); let mut x73: u32 = 0; let mut x74: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x73, &mut x74, x72, x57, 0xbaaedce6); let mut x75: u32 = 0; let mut x76: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x75, &mut x76, x74, x59, 0xfffffffe); let mut x77: u32 = 0; let mut x78: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x77, &mut x78, x76, x61, 0xffffffff); let mut x79: u32 = 0; let mut x80: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x79, &mut x80, x78, x63, 0xffffffff); let mut x81: u32 = 0; let mut x82: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x81, &mut x82, x80, x65, 0xffffffff); let mut x83: u32 = 0; let mut x84: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x83, &mut x84, x82, (x66 as u32), (0x0 as u32)); let x85: u32 = (arg4[7]); let x86: u32 = (arg4[6]); let x87: u32 = (arg4[5]); let x88: u32 = (arg4[4]); let x89: u32 = (arg4[3]); let x90: u32 = (arg4[2]); let x91: u32 = (arg4[1]); let x92: u32 = (arg4[0]); let mut x93: u32 = 0; let mut x94: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x93, &mut x94, 0x0, (0x0 as u32), x92); let mut x95: u32 = 0; let mut x96: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x95, &mut x96, x94, (0x0 as u32), x91); let mut x97: u32 = 0; let mut x98: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x97, &mut x98, x96, (0x0 as u32), x90); let mut x99: u32 = 0; let mut x100: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x99, &mut x100, x98, (0x0 as u32), x89); let mut x101: u32 = 0; let mut x102: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x101, &mut x102, x100, (0x0 as u32), x88); let mut x103: u32 = 0; let mut x104: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x103, &mut x104, x102, (0x0 as u32), x87); let mut x105: u32 = 0; let mut x106: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x105, &mut x106, x104, (0x0 as u32), x86); let mut x107: u32 = 0; let mut x108: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x107, &mut x108, x106, (0x0 as u32), x85); let mut x109: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x109, x108, (0x0 as u32), 0xffffffff); let mut x110: u32 = 0; let mut x111: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x110, &mut x111, 0x0, x93, (x109 & 0xd0364141)); let mut x112: u32 = 0; let mut x113: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x112, &mut x113, x111, x95, (x109 & 0xbfd25e8c)); let mut x114: u32 = 0; let mut x115: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x114, &mut x115, x113, x97, (x109 & 0xaf48a03b)); let mut x116: u32 = 0; let mut x117: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x116, &mut x117, x115, x99, (x109 & 0xbaaedce6)); let mut x118: u32 = 0; let mut x119: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x118, &mut x119, x117, x101, (x109 & 0xfffffffe)); let mut x120: u32 = 0; let mut x121: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x120, &mut x121, x119, x103, x109); let mut x122: u32 = 0; let mut x123: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x122, &mut x123, x121, x105, x109); let mut x124: u32 = 0; let mut x125: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x124, &mut x125, x123, x107, x109); let mut x126: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x126, x3, (arg5[0]), x110); let mut x127: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x127, x3, (arg5[1]), x112); let mut x128: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x128, x3, (arg5[2]), x114); let mut x129: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x129, x3, (arg5[3]), x116); let mut x130: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x130, x3, (arg5[4]), x118); let mut x131: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x131, x3, (arg5[5]), x120); let mut x132: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x132, x3, (arg5[6]), x122); let mut x133: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x133, x3, (arg5[7]), x124); let x134: fiat_secp256k1_montgomery_scalar_u1 = ((x34 & (0x1 as u32)) as fiat_secp256k1_montgomery_scalar_u1); let mut x135: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x135, x134, (0x0 as u32), x7); let mut x136: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x136, x134, (0x0 as u32), x8); let mut x137: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x137, x134, (0x0 as u32), x9); let mut x138: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x138, x134, (0x0 as u32), x10); let mut x139: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x139, x134, (0x0 as u32), x11); let mut x140: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x140, x134, (0x0 as u32), x12); let mut x141: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x141, x134, (0x0 as u32), x13); let mut x142: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x142, x134, (0x0 as u32), x14); let mut x143: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x143, x134, (0x0 as u32), x15); let mut x144: u32 = 0; let mut x145: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x144, &mut x145, 0x0, x34, x135); let mut x146: u32 = 0; let mut x147: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x146, &mut x147, x145, x35, x136); let mut x148: u32 = 0; let mut x149: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x148, &mut x149, x147, x36, x137); let mut x150: u32 = 0; let mut x151: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x150, &mut x151, x149, x37, x138); let mut x152: u32 = 0; let mut x153: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x152, &mut x153, x151, x38, x139); let mut x154: u32 = 0; let mut x155: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x154, &mut x155, x153, x39, x140); let mut x156: u32 = 0; let mut x157: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x156, &mut x157, x155, x40, x141); let mut x158: u32 = 0; let mut x159: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x158, &mut x159, x157, x41, x142); let mut x160: u32 = 0; let mut x161: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x160, &mut x161, x159, x42, x143); let mut x162: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x162, x134, (0x0 as u32), x43); let mut x163: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x163, x134, (0x0 as u32), x44); let mut x164: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x164, x134, (0x0 as u32), x45); let mut x165: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x165, x134, (0x0 as u32), x46); let mut x166: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x166, x134, (0x0 as u32), x47); let mut x167: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x167, x134, (0x0 as u32), x48); let mut x168: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x168, x134, (0x0 as u32), x49); let mut x169: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x169, x134, (0x0 as u32), x50); let mut x170: u32 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x170, &mut x171, 0x0, x126, x162); let mut x172: u32 = 0; let mut x173: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x172, &mut x173, x171, x127, x163); let mut x174: u32 = 0; let mut x175: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x174, &mut x175, x173, x128, x164); let mut x176: u32 = 0; let mut x177: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x176, &mut x177, x175, x129, x165); let mut x178: u32 = 0; let mut x179: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x178, &mut x179, x177, x130, x166); let mut x180: u32 = 0; let mut x181: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x180, &mut x181, x179, x131, x167); let mut x182: u32 = 0; let mut x183: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x182, &mut x183, x181, x132, x168); let mut x184: u32 = 0; let mut x185: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x184, &mut x185, x183, x133, x169); let mut x186: u32 = 0; let mut x187: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x186, &mut x187, 0x0, x170, 0xd0364141); let mut x188: u32 = 0; let mut x189: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x188, &mut x189, x187, x172, 0xbfd25e8c); let mut x190: u32 = 0; let mut x191: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x190, &mut x191, x189, x174, 0xaf48a03b); let mut x192: u32 = 0; let mut x193: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x192, &mut x193, x191, x176, 0xbaaedce6); let mut x194: u32 = 0; let mut x195: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x194, &mut x195, x193, x178, 0xfffffffe); let mut x196: u32 = 0; let mut x197: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x196, &mut x197, x195, x180, 0xffffffff); let mut x198: u32 = 0; let mut x199: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x198, &mut x199, x197, x182, 0xffffffff); let mut x200: u32 = 0; let mut x201: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x200, &mut x201, x199, x184, 0xffffffff); let mut x202: u32 = 0; let mut x203: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u32(&mut x202, &mut x203, x201, (x185 as u32), (0x0 as u32)); let mut x204: u32 = 0; let mut x205: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u32(&mut x204, &mut x205, 0x0, x6, (0x1 as u32)); let x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); let x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); let x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); let x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); let x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); let x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); let x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); let x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); let x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); let mut x215: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x215, x84, x67, x51); let mut x216: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x216, x84, x69, x53); let mut x217: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x217, x84, x71, x55); let mut x218: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x218, x84, x73, x57); let mut x219: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x219, x84, x75, x59); let mut x220: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x220, x84, x77, x61); let mut x221: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x221, x84, x79, x63); let mut x222: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x222, x84, x81, x65); let mut x223: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x223, x203, x186, x170); let mut x224: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x224, x203, x188, x172); let mut x225: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x225, x203, x190, x174); let mut x226: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x226, x203, x192, x176); let mut x227: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x227, x203, x194, x178); let mut x228: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x228, x203, x196, x180); let mut x229: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x229, x203, x198, x182); let mut x230: u32 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u32(&mut x230, x203, x200, x184); *out1 = x204; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out2[5] = x12; out2[6] = x13; out2[7] = x14; out2[8] = x15; out3[0] = x206; out3[1] = x207; out3[2] = x208; out3[3] = x209; out3[4] = x210; out3[5] = x211; out3[6] = x212; out3[7] = x213; out3[8] = x214; out4[0] = x215; out4[1] = x216; out4[2] = x217; out4[3] = x218; out4[4] = x219; out4[5] = x220; out4[6] = x221; out4[7] = x222; out5[0] = x223; out5[1] = x224; out5[2] = x225; out5[3] = x226; out5[4] = x227; out5[5] = x228; out5[6] = x229; out5[7] = x230; } /// The function fiat_secp256k1_montgomery_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_divstep_precomp(out1: &mut [u32; 8]) { out1[0] = 0x2b9cb4e9; out1[1] = 0xd7431a4d; out1[2] = 0x32d9c503; out1[3] = 0xab67d35a; out1[4] = 0x859ce35f; out1[5] = 0xadf6c7e5; out1[6] = 0x1df6c379; out1[7] = 0x61544145; } fiat-crypto-0.2.2/src/secp256k1_montgomery_scalar_64.rs000064400000000000000000003122311046102023000207660ustar 00000000000000//! Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Rust --inline secp256k1_montgomery_scalar 64 '2^256 - 432420386565659656852420866394968145599' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp //! curve description: secp256k1_montgomery_scalar //! machine_wordsize = 64 (from "64") //! requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp //! m = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 (from "2^256 - 432420386565659656852420866394968145599") //! //! NOTE: In addition to the bounds specified above each function, all //! functions synthesized for this Montgomery arithmetic require the //! input to be strictly less than the prime modulus (m), and also //! require the input to be in the unique saturated representation. //! All functions also ensure that these two properties are true of //! return values. //! //! Computed values: //! eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) //! bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) //! twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in //! if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 #![allow(unused_parens)] #![allow(non_camel_case_types)] pub type fiat_secp256k1_montgomery_scalar_u1 = u8; pub type fiat_secp256k1_montgomery_scalar_i1 = i8; pub type fiat_secp256k1_montgomery_scalar_u2 = u8; pub type fiat_secp256k1_montgomery_scalar_i2 = i8; /** The type fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element is a field element in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /** The type fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */ /** Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */ #[derive(Clone, Copy)] pub struct fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element(pub [u64; 4]); impl core::ops::Index for fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element { type Output = u64; #[inline] fn index(&self, index: usize) -> &Self::Output { &self.0[index] } } impl core::ops::IndexMut for fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element { #[inline] fn index_mut(&mut self, index: usize) -> &mut Self::Output { &mut self.0[index] } } /// The function fiat_secp256k1_montgomery_scalar_addcarryx_u64 is an addition with carry. /// /// Postconditions: /// out1 = (arg1 + arg2 + arg3) mod 2^64 /// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_scalar_addcarryx_u64(out1: &mut u64, out2: &mut fiat_secp256k1_montgomery_scalar_u1, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u64, arg3: u64) { let x1: u128 = (((arg1 as u128) + (arg2 as u128)) + (arg3 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: fiat_secp256k1_montgomery_scalar_u1 = ((x1 >> 64) as fiat_secp256k1_montgomery_scalar_u1); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_scalar_subborrowx_u64 is a subtraction with borrow. /// /// Postconditions: /// out1 = (-arg1 + arg2 + -arg3) mod 2^64 /// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0x1] #[inline] pub fn fiat_secp256k1_montgomery_scalar_subborrowx_u64(out1: &mut u64, out2: &mut fiat_secp256k1_montgomery_scalar_u1, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u64, arg3: u64) { let x1: i128 = (((arg2 as i128) - (arg1 as i128)) - (arg3 as i128)); let x2: fiat_secp256k1_montgomery_scalar_i1 = ((x1 >> 64) as fiat_secp256k1_montgomery_scalar_i1); let x3: u64 = ((x1 & (0xffffffffffffffff as i128)) as u64); *out1 = x3; *out2 = (((0x0 as fiat_secp256k1_montgomery_scalar_i2) - (x2 as fiat_secp256k1_montgomery_scalar_i2)) as fiat_secp256k1_montgomery_scalar_u1); } /// The function fiat_secp256k1_montgomery_scalar_mulx_u64 is a multiplication, returning the full double-width result. /// /// Postconditions: /// out1 = (arg1 * arg2) mod 2^64 /// out2 = ⌊arg1 * arg2 / 2^64⌋ /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_mulx_u64(out1: &mut u64, out2: &mut u64, arg1: u64, arg2: u64) { let x1: u128 = ((arg1 as u128) * (arg2 as u128)); let x2: u64 = ((x1 & (0xffffffffffffffff as u128)) as u64); let x3: u64 = ((x1 >> 64) as u64); *out1 = x2; *out2 = x3; } /// The function fiat_secp256k1_montgomery_scalar_cmovznz_u64 is a single-word conditional move. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [0x0 ~> 0xffffffffffffffff] /// arg3: [0x0 ~> 0xffffffffffffffff] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_cmovznz_u64(out1: &mut u64, arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: u64, arg3: u64) { let x1: fiat_secp256k1_montgomery_scalar_u1 = (!(!arg1)); let x2: u64 = ((((((0x0 as fiat_secp256k1_montgomery_scalar_i2) - (x1 as fiat_secp256k1_montgomery_scalar_i2)) as fiat_secp256k1_montgomery_scalar_i1) as i128) & (0xffffffffffffffff as i128)) as u64); let x3: u64 = ((x2 & arg3) | ((!x2) & arg2)); *out1 = x3; } /// The function fiat_secp256k1_montgomery_scalar_mul multiplies two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_mul(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg2[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg2[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg2[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg2[0])); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x20, &mut x21, x11, 0x4b0dff665588b13f); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x22, &mut x23, x20, 0xffffffffffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x24, &mut x25, x20, 0xfffffffffffffffe); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x26, &mut x27, x20, 0xbaaedce6af48a03b); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x28, &mut x29, x20, 0xbfd25e8cd0364141); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg2[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x49, &mut x50, x1, (arg2[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x51, &mut x52, x1, (arg2[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x53, &mut x54, x1, (arg2[0])); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x72, &mut x73, x62, 0x4b0dff665588b13f); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x74, &mut x75, x72, 0xffffffffffffffff); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x76, &mut x77, x72, 0xfffffffffffffffe); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x78, &mut x79, x72, 0xbaaedce6af48a03b); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x80, &mut x81, x72, 0xbfd25e8cd0364141); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x100, &mut x101, x2, (arg2[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x102, &mut x103, x2, (arg2[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x104, &mut x105, x2, (arg2[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x106, &mut x107, x2, (arg2[0])); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x125, &mut x126, x115, 0x4b0dff665588b13f); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x127, &mut x128, x125, 0xffffffffffffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x129, &mut x130, x125, 0xfffffffffffffffe); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x131, &mut x132, x125, 0xbaaedce6af48a03b); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x133, &mut x134, x125, 0xbfd25e8cd0364141); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x153, &mut x154, x3, (arg2[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x155, &mut x156, x3, (arg2[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x157, &mut x158, x3, (arg2[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x159, &mut x160, x3, (arg2[0])); let mut x161: u64 = 0; let mut x162: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x178, &mut x179, x168, 0x4b0dff665588b13f); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x180, &mut x181, x178, 0xffffffffffffffff); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x182, &mut x183, x178, 0xfffffffffffffffe); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x184, &mut x185, x178, 0xbaaedce6af48a03b); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x186, &mut x187, x178, 0xbfd25e8cd0364141); let mut x188: u64 = 0; let mut x189: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xbfd25e8cd0364141); let mut x208: u64 = 0; let mut x209: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xbaaedce6af48a03b); let mut x210: u64 = 0; let mut x211: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xfffffffffffffffe); let mut x212: u64 = 0; let mut x213: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffffffffffff); let mut x214: u64 = 0; let mut x215: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_secp256k1_montgomery_scalar_square squares a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_square(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x5, &mut x6, x4, (arg1[3])); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x7, &mut x8, x4, (arg1[2])); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x9, &mut x10, x4, (arg1[1])); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x11, &mut x12, x4, (arg1[0])); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let x19: u64 = ((x18 as u64) + x6); let mut x20: u64 = 0; let mut x21: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x20, &mut x21, x11, 0x4b0dff665588b13f); let mut x22: u64 = 0; let mut x23: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x22, &mut x23, x20, 0xffffffffffffffff); let mut x24: u64 = 0; let mut x25: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x24, &mut x25, x20, 0xfffffffffffffffe); let mut x26: u64 = 0; let mut x27: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x26, &mut x27, x20, 0xbaaedce6af48a03b); let mut x28: u64 = 0; let mut x29: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x28, &mut x29, x20, 0xbfd25e8cd0364141); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x30, &mut x31, 0x0, x29, x26); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x27, x24); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x25, x22); let x36: u64 = ((x35 as u64) + x23); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x37, &mut x38, 0x0, x11, x28); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x13, x30); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x15, x32); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x43, &mut x44, x42, x17, x34); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x45, &mut x46, x44, x19, x36); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x47, &mut x48, x1, (arg1[3])); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x49, &mut x50, x1, (arg1[2])); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x51, &mut x52, x1, (arg1[1])); let mut x53: u64 = 0; let mut x54: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x53, &mut x54, x1, (arg1[0])); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x55, &mut x56, 0x0, x54, x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x52, x49); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x59, &mut x60, x58, x50, x47); let x61: u64 = ((x60 as u64) + x48); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x39, x53); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x41, x55); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x43, x57); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x45, x59); let mut x70: u64 = 0; let mut x71: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x70, &mut x71, x69, (x46 as u64), x61); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x72, &mut x73, x62, 0x4b0dff665588b13f); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x74, &mut x75, x72, 0xffffffffffffffff); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x76, &mut x77, x72, 0xfffffffffffffffe); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x78, &mut x79, x72, 0xbaaedce6af48a03b); let mut x80: u64 = 0; let mut x81: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x80, &mut x81, x72, 0xbfd25e8cd0364141); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x82, &mut x83, 0x0, x81, x78); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x79, x76); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x77, x74); let x88: u64 = ((x87 as u64) + x75); let mut x89: u64 = 0; let mut x90: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x89, &mut x90, 0x0, x62, x80); let mut x91: u64 = 0; let mut x92: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x91, &mut x92, x90, x64, x82); let mut x93: u64 = 0; let mut x94: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x93, &mut x94, x92, x66, x84); let mut x95: u64 = 0; let mut x96: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x95, &mut x96, x94, x68, x86); let mut x97: u64 = 0; let mut x98: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x97, &mut x98, x96, x70, x88); let x99: u64 = ((x98 as u64) + (x71 as u64)); let mut x100: u64 = 0; let mut x101: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x100, &mut x101, x2, (arg1[3])); let mut x102: u64 = 0; let mut x103: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x102, &mut x103, x2, (arg1[2])); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x104, &mut x105, x2, (arg1[1])); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x106, &mut x107, x2, (arg1[0])); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x108, &mut x109, 0x0, x107, x104); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x110, &mut x111, x109, x105, x102); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x112, &mut x113, x111, x103, x100); let x114: u64 = ((x113 as u64) + x101); let mut x115: u64 = 0; let mut x116: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x115, &mut x116, 0x0, x91, x106); let mut x117: u64 = 0; let mut x118: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x117, &mut x118, x116, x93, x108); let mut x119: u64 = 0; let mut x120: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x119, &mut x120, x118, x95, x110); let mut x121: u64 = 0; let mut x122: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x121, &mut x122, x120, x97, x112); let mut x123: u64 = 0; let mut x124: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x123, &mut x124, x122, x99, x114); let mut x125: u64 = 0; let mut x126: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x125, &mut x126, x115, 0x4b0dff665588b13f); let mut x127: u64 = 0; let mut x128: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x127, &mut x128, x125, 0xffffffffffffffff); let mut x129: u64 = 0; let mut x130: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x129, &mut x130, x125, 0xfffffffffffffffe); let mut x131: u64 = 0; let mut x132: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x131, &mut x132, x125, 0xbaaedce6af48a03b); let mut x133: u64 = 0; let mut x134: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x133, &mut x134, x125, 0xbfd25e8cd0364141); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x135, &mut x136, 0x0, x134, x131); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x132, x129); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x139, &mut x140, x138, x130, x127); let x141: u64 = ((x140 as u64) + x128); let mut x142: u64 = 0; let mut x143: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x142, &mut x143, 0x0, x115, x133); let mut x144: u64 = 0; let mut x145: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x144, &mut x145, x143, x117, x135); let mut x146: u64 = 0; let mut x147: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x146, &mut x147, x145, x119, x137); let mut x148: u64 = 0; let mut x149: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x148, &mut x149, x147, x121, x139); let mut x150: u64 = 0; let mut x151: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x150, &mut x151, x149, x123, x141); let x152: u64 = ((x151 as u64) + (x124 as u64)); let mut x153: u64 = 0; let mut x154: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x153, &mut x154, x3, (arg1[3])); let mut x155: u64 = 0; let mut x156: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x155, &mut x156, x3, (arg1[2])); let mut x157: u64 = 0; let mut x158: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x157, &mut x158, x3, (arg1[1])); let mut x159: u64 = 0; let mut x160: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x159, &mut x160, x3, (arg1[0])); let mut x161: u64 = 0; let mut x162: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x161, &mut x162, 0x0, x160, x157); let mut x163: u64 = 0; let mut x164: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x163, &mut x164, x162, x158, x155); let mut x165: u64 = 0; let mut x166: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x165, &mut x166, x164, x156, x153); let x167: u64 = ((x166 as u64) + x154); let mut x168: u64 = 0; let mut x169: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x168, &mut x169, 0x0, x144, x159); let mut x170: u64 = 0; let mut x171: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x170, &mut x171, x169, x146, x161); let mut x172: u64 = 0; let mut x173: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x172, &mut x173, x171, x148, x163); let mut x174: u64 = 0; let mut x175: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x174, &mut x175, x173, x150, x165); let mut x176: u64 = 0; let mut x177: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x176, &mut x177, x175, x152, x167); let mut x178: u64 = 0; let mut x179: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x178, &mut x179, x168, 0x4b0dff665588b13f); let mut x180: u64 = 0; let mut x181: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x180, &mut x181, x178, 0xffffffffffffffff); let mut x182: u64 = 0; let mut x183: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x182, &mut x183, x178, 0xfffffffffffffffe); let mut x184: u64 = 0; let mut x185: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x184, &mut x185, x178, 0xbaaedce6af48a03b); let mut x186: u64 = 0; let mut x187: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x186, &mut x187, x178, 0xbfd25e8cd0364141); let mut x188: u64 = 0; let mut x189: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x188, &mut x189, 0x0, x187, x184); let mut x190: u64 = 0; let mut x191: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x190, &mut x191, x189, x185, x182); let mut x192: u64 = 0; let mut x193: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x192, &mut x193, x191, x183, x180); let x194: u64 = ((x193 as u64) + x181); let mut x195: u64 = 0; let mut x196: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x195, &mut x196, 0x0, x168, x186); let mut x197: u64 = 0; let mut x198: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x197, &mut x198, x196, x170, x188); let mut x199: u64 = 0; let mut x200: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x199, &mut x200, x198, x172, x190); let mut x201: u64 = 0; let mut x202: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x201, &mut x202, x200, x174, x192); let mut x203: u64 = 0; let mut x204: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x203, &mut x204, x202, x176, x194); let x205: u64 = ((x204 as u64) + (x177 as u64)); let mut x206: u64 = 0; let mut x207: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x206, &mut x207, 0x0, x197, 0xbfd25e8cd0364141); let mut x208: u64 = 0; let mut x209: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x208, &mut x209, x207, x199, 0xbaaedce6af48a03b); let mut x210: u64 = 0; let mut x211: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x210, &mut x211, x209, x201, 0xfffffffffffffffe); let mut x212: u64 = 0; let mut x213: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x212, &mut x213, x211, x203, 0xffffffffffffffff); let mut x214: u64 = 0; let mut x215: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x214, &mut x215, x213, x205, (0x0 as u64)); let mut x216: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x216, x215, x206, x197); let mut x217: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x217, x215, x208, x199); let mut x218: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x218, x215, x210, x201); let mut x219: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x219, x215, x212, x203); out1[0] = x216; out1[1] = x217; out1[2] = x218; out1[3] = x219; } /// The function fiat_secp256k1_montgomery_scalar_add adds two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_add(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; let mut x10: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x9, &mut x10, 0x0, x1, 0xbfd25e8cd0364141); let mut x11: u64 = 0; let mut x12: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x11, &mut x12, x10, x3, 0xbaaedce6af48a03b); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x13, &mut x14, x12, x5, 0xfffffffffffffffe); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x15, &mut x16, x14, x7, 0xffffffffffffffff); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x17, &mut x18, x16, (x8 as u64), (0x0 as u64)); let mut x19: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x19, x18, x9, x1); let mut x20: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x20, x18, x11, x3); let mut x21: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x21, x18, x13, x5); let mut x22: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x22, x18, x15, x7); out1[0] = x19; out1[1] = x20; out1[2] = x21; out1[3] = x22; } /// The function fiat_secp256k1_montgomery_scalar_sub subtracts two field elements in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// 0 ≤ eval arg2 < m /// Postconditions: /// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_sub(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg2: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (arg1[0]), (arg2[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (arg1[1]), (arg2[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (arg1[2]), (arg2[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (arg1[3]), (arg2[3])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xbfd25e8cd0364141)); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xbaaedce6af48a03b)); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, (x9 & 0xfffffffffffffffe)); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, x9); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_secp256k1_montgomery_scalar_opp negates a field element in the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_opp(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x1, &mut x2, 0x0, (0x0 as u64), (arg1[0])); let mut x3: u64 = 0; let mut x4: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x3, &mut x4, x2, (0x0 as u64), (arg1[1])); let mut x5: u64 = 0; let mut x6: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x5, &mut x6, x4, (0x0 as u64), (arg1[2])); let mut x7: u64 = 0; let mut x8: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x7, &mut x8, x6, (0x0 as u64), (arg1[3])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x9, x8, (0x0 as u64), 0xffffffffffffffff); let mut x10: u64 = 0; let mut x11: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x10, &mut x11, 0x0, x1, (x9 & 0xbfd25e8cd0364141)); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x12, &mut x13, x11, x3, (x9 & 0xbaaedce6af48a03b)); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x5, (x9 & 0xfffffffffffffffe)); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, x9); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x16; } /// The function fiat_secp256k1_montgomery_scalar_from_montgomery translates a field element out of the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_from_montgomery(out1: &mut fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { let x1: u64 = (arg1[0]); let mut x2: u64 = 0; let mut x3: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x2, &mut x3, x1, 0x4b0dff665588b13f); let mut x4: u64 = 0; let mut x5: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x4, &mut x5, x2, 0xffffffffffffffff); let mut x6: u64 = 0; let mut x7: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x6, &mut x7, x2, 0xfffffffffffffffe); let mut x8: u64 = 0; let mut x9: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x8, &mut x9, x2, 0xbaaedce6af48a03b); let mut x10: u64 = 0; let mut x11: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x10, &mut x11, x2, 0xbfd25e8cd0364141); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, x11, x8); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x14, &mut x15, x13, x9, x6); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x16, &mut x17, x15, x7, x4); let mut x18: u64 = 0; let mut x19: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x18, &mut x19, 0x0, x1, x10); let mut x20: u64 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), x12); let mut x22: u64 = 0; let mut x23: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x22, &mut x23, x21, (0x0 as u64), x14); let mut x24: u64 = 0; let mut x25: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x24, &mut x25, x23, (0x0 as u64), x16); let mut x26: u64 = 0; let mut x27: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x26, &mut x27, x25, (0x0 as u64), ((x17 as u64) + x5)); let mut x28: u64 = 0; let mut x29: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x28, &mut x29, 0x0, x20, (arg1[1])); let mut x30: u64 = 0; let mut x31: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x30, &mut x31, x29, x22, (0x0 as u64)); let mut x32: u64 = 0; let mut x33: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x32, &mut x33, x31, x24, (0x0 as u64)); let mut x34: u64 = 0; let mut x35: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x34, &mut x35, x33, x26, (0x0 as u64)); let mut x36: u64 = 0; let mut x37: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x36, &mut x37, x28, 0x4b0dff665588b13f); let mut x38: u64 = 0; let mut x39: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x38, &mut x39, x36, 0xffffffffffffffff); let mut x40: u64 = 0; let mut x41: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x40, &mut x41, x36, 0xfffffffffffffffe); let mut x42: u64 = 0; let mut x43: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x42, &mut x43, x36, 0xbaaedce6af48a03b); let mut x44: u64 = 0; let mut x45: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x44, &mut x45, x36, 0xbfd25e8cd0364141); let mut x46: u64 = 0; let mut x47: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x46, &mut x47, 0x0, x45, x42); let mut x48: u64 = 0; let mut x49: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x48, &mut x49, x47, x43, x40); let mut x50: u64 = 0; let mut x51: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x50, &mut x51, x49, x41, x38); let mut x52: u64 = 0; let mut x53: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x52, &mut x53, 0x0, x28, x44); let mut x54: u64 = 0; let mut x55: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x54, &mut x55, x53, x30, x46); let mut x56: u64 = 0; let mut x57: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x56, &mut x57, x55, x32, x48); let mut x58: u64 = 0; let mut x59: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x58, &mut x59, x57, x34, x50); let mut x60: u64 = 0; let mut x61: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x60, &mut x61, x59, ((x35 as u64) + (x27 as u64)), ((x51 as u64) + x39)); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x54, (arg1[2])); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x56, (0x0 as u64)); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x58, (0x0 as u64)); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x60, (0x0 as u64)); let mut x70: u64 = 0; let mut x71: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x70, &mut x71, x62, 0x4b0dff665588b13f); let mut x72: u64 = 0; let mut x73: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x72, &mut x73, x70, 0xffffffffffffffff); let mut x74: u64 = 0; let mut x75: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x74, &mut x75, x70, 0xfffffffffffffffe); let mut x76: u64 = 0; let mut x77: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x76, &mut x77, x70, 0xbaaedce6af48a03b); let mut x78: u64 = 0; let mut x79: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x78, &mut x79, x70, 0xbfd25e8cd0364141); let mut x80: u64 = 0; let mut x81: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x80, &mut x81, 0x0, x79, x76); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x77, x74); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x75, x72); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x86, &mut x87, 0x0, x62, x78); let mut x88: u64 = 0; let mut x89: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x64, x80); let mut x90: u64 = 0; let mut x91: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x90, &mut x91, x89, x66, x82); let mut x92: u64 = 0; let mut x93: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x92, &mut x93, x91, x68, x84); let mut x94: u64 = 0; let mut x95: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x94, &mut x95, x93, ((x69 as u64) + (x61 as u64)), ((x85 as u64) + x73)); let mut x96: u64 = 0; let mut x97: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x96, &mut x97, 0x0, x88, (arg1[3])); let mut x98: u64 = 0; let mut x99: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x90, (0x0 as u64)); let mut x100: u64 = 0; let mut x101: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x92, (0x0 as u64)); let mut x102: u64 = 0; let mut x103: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x102, &mut x103, x101, x94, (0x0 as u64)); let mut x104: u64 = 0; let mut x105: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x104, &mut x105, x96, 0x4b0dff665588b13f); let mut x106: u64 = 0; let mut x107: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x106, &mut x107, x104, 0xffffffffffffffff); let mut x108: u64 = 0; let mut x109: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x108, &mut x109, x104, 0xfffffffffffffffe); let mut x110: u64 = 0; let mut x111: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x110, &mut x111, x104, 0xbaaedce6af48a03b); let mut x112: u64 = 0; let mut x113: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x112, &mut x113, x104, 0xbfd25e8cd0364141); let mut x114: u64 = 0; let mut x115: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x114, &mut x115, 0x0, x113, x110); let mut x116: u64 = 0; let mut x117: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x116, &mut x117, x115, x111, x108); let mut x118: u64 = 0; let mut x119: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x118, &mut x119, x117, x109, x106); let mut x120: u64 = 0; let mut x121: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x120, &mut x121, 0x0, x96, x112); let mut x122: u64 = 0; let mut x123: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x122, &mut x123, x121, x98, x114); let mut x124: u64 = 0; let mut x125: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x124, &mut x125, x123, x100, x116); let mut x126: u64 = 0; let mut x127: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x126, &mut x127, x125, x102, x118); let mut x128: u64 = 0; let mut x129: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x128, &mut x129, x127, ((x103 as u64) + (x95 as u64)), ((x119 as u64) + x107)); let mut x130: u64 = 0; let mut x131: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x130, &mut x131, 0x0, x122, 0xbfd25e8cd0364141); let mut x132: u64 = 0; let mut x133: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x132, &mut x133, x131, x124, 0xbaaedce6af48a03b); let mut x134: u64 = 0; let mut x135: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x134, &mut x135, x133, x126, 0xfffffffffffffffe); let mut x136: u64 = 0; let mut x137: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x136, &mut x137, x135, x128, 0xffffffffffffffff); let mut x138: u64 = 0; let mut x139: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x138, &mut x139, x137, (x129 as u64), (0x0 as u64)); let mut x140: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x140, x139, x130, x122); let mut x141: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x141, x139, x132, x124); let mut x142: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x142, x139, x134, x126); let mut x143: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x143, x139, x136, x128); out1[0] = x140; out1[1] = x141; out1[2] = x142; out1[3] = x143; } /// The function fiat_secp256k1_montgomery_scalar_to_montgomery translates a field element into the Montgomery domain. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// eval (from_montgomery out1) mod m = eval arg1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_to_montgomery(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element, arg1: &fiat_secp256k1_montgomery_scalar_non_montgomery_domain_field_element) { let x1: u64 = (arg1[1]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[3]); let x4: u64 = (arg1[0]); let mut x5: u64 = 0; let mut x6: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x5, &mut x6, x4, 0x9d671cd581c69bc5); let mut x7: u64 = 0; let mut x8: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x7, &mut x8, x4, 0xe697f5e45bcd07c6); let mut x9: u64 = 0; let mut x10: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x9, &mut x10, x4, 0x741496c20e7cf878); let mut x11: u64 = 0; let mut x12: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x11, &mut x12, x4, 0x896cf21467d7d140); let mut x13: u64 = 0; let mut x14: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x13, &mut x14, 0x0, x12, x9); let mut x15: u64 = 0; let mut x16: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x15, &mut x16, x14, x10, x7); let mut x17: u64 = 0; let mut x18: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x17, &mut x18, x16, x8, x5); let mut x19: u64 = 0; let mut x20: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x19, &mut x20, x11, 0x4b0dff665588b13f); let mut x21: u64 = 0; let mut x22: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x21, &mut x22, x19, 0xffffffffffffffff); let mut x23: u64 = 0; let mut x24: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x23, &mut x24, x19, 0xfffffffffffffffe); let mut x25: u64 = 0; let mut x26: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x25, &mut x26, x19, 0xbaaedce6af48a03b); let mut x27: u64 = 0; let mut x28: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x27, &mut x28, x19, 0xbfd25e8cd0364141); let mut x29: u64 = 0; let mut x30: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x29, &mut x30, 0x0, x28, x25); let mut x31: u64 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x31, &mut x32, x30, x26, x23); let mut x33: u64 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x24, x21); let mut x35: u64 = 0; let mut x36: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x35, &mut x36, 0x0, x11, x27); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x13, x29); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x39, &mut x40, x38, x15, x31); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x41, &mut x42, x40, x17, x33); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x43, &mut x44, x42, ((x18 as u64) + x6), ((x34 as u64) + x22)); let mut x45: u64 = 0; let mut x46: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x45, &mut x46, x1, 0x9d671cd581c69bc5); let mut x47: u64 = 0; let mut x48: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x47, &mut x48, x1, 0xe697f5e45bcd07c6); let mut x49: u64 = 0; let mut x50: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x49, &mut x50, x1, 0x741496c20e7cf878); let mut x51: u64 = 0; let mut x52: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x51, &mut x52, x1, 0x896cf21467d7d140); let mut x53: u64 = 0; let mut x54: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x53, &mut x54, 0x0, x52, x49); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x55, &mut x56, x54, x50, x47); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x57, &mut x58, x56, x48, x45); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x59, &mut x60, 0x0, x37, x51); let mut x61: u64 = 0; let mut x62: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x61, &mut x62, x60, x39, x53); let mut x63: u64 = 0; let mut x64: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x63, &mut x64, x62, x41, x55); let mut x65: u64 = 0; let mut x66: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x65, &mut x66, x64, x43, x57); let mut x67: u64 = 0; let mut x68: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x67, &mut x68, x59, 0x4b0dff665588b13f); let mut x69: u64 = 0; let mut x70: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x69, &mut x70, x67, 0xffffffffffffffff); let mut x71: u64 = 0; let mut x72: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x71, &mut x72, x67, 0xfffffffffffffffe); let mut x73: u64 = 0; let mut x74: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x73, &mut x74, x67, 0xbaaedce6af48a03b); let mut x75: u64 = 0; let mut x76: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x75, &mut x76, x67, 0xbfd25e8cd0364141); let mut x77: u64 = 0; let mut x78: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x77, &mut x78, 0x0, x76, x73); let mut x79: u64 = 0; let mut x80: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x79, &mut x80, x78, x74, x71); let mut x81: u64 = 0; let mut x82: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x81, &mut x82, x80, x72, x69); let mut x83: u64 = 0; let mut x84: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x83, &mut x84, 0x0, x59, x75); let mut x85: u64 = 0; let mut x86: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x85, &mut x86, x84, x61, x77); let mut x87: u64 = 0; let mut x88: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x87, &mut x88, x86, x63, x79); let mut x89: u64 = 0; let mut x90: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x89, &mut x90, x88, x65, x81); let mut x91: u64 = 0; let mut x92: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x91, &mut x92, x90, (((x66 as u64) + (x44 as u64)) + ((x58 as u64) + x46)), ((x82 as u64) + x70)); let mut x93: u64 = 0; let mut x94: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x93, &mut x94, x2, 0x9d671cd581c69bc5); let mut x95: u64 = 0; let mut x96: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x95, &mut x96, x2, 0xe697f5e45bcd07c6); let mut x97: u64 = 0; let mut x98: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x97, &mut x98, x2, 0x741496c20e7cf878); let mut x99: u64 = 0; let mut x100: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x99, &mut x100, x2, 0x896cf21467d7d140); let mut x101: u64 = 0; let mut x102: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x101, &mut x102, 0x0, x100, x97); let mut x103: u64 = 0; let mut x104: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x103, &mut x104, x102, x98, x95); let mut x105: u64 = 0; let mut x106: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x105, &mut x106, x104, x96, x93); let mut x107: u64 = 0; let mut x108: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x107, &mut x108, 0x0, x85, x99); let mut x109: u64 = 0; let mut x110: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x109, &mut x110, x108, x87, x101); let mut x111: u64 = 0; let mut x112: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x111, &mut x112, x110, x89, x103); let mut x113: u64 = 0; let mut x114: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x113, &mut x114, x112, x91, x105); let mut x115: u64 = 0; let mut x116: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x115, &mut x116, x107, 0x4b0dff665588b13f); let mut x117: u64 = 0; let mut x118: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x117, &mut x118, x115, 0xffffffffffffffff); let mut x119: u64 = 0; let mut x120: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x119, &mut x120, x115, 0xfffffffffffffffe); let mut x121: u64 = 0; let mut x122: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x121, &mut x122, x115, 0xbaaedce6af48a03b); let mut x123: u64 = 0; let mut x124: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x123, &mut x124, x115, 0xbfd25e8cd0364141); let mut x125: u64 = 0; let mut x126: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x125, &mut x126, 0x0, x124, x121); let mut x127: u64 = 0; let mut x128: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x127, &mut x128, x126, x122, x119); let mut x129: u64 = 0; let mut x130: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x129, &mut x130, x128, x120, x117); let mut x131: u64 = 0; let mut x132: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x131, &mut x132, 0x0, x107, x123); let mut x133: u64 = 0; let mut x134: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x133, &mut x134, x132, x109, x125); let mut x135: u64 = 0; let mut x136: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x135, &mut x136, x134, x111, x127); let mut x137: u64 = 0; let mut x138: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x137, &mut x138, x136, x113, x129); let mut x139: u64 = 0; let mut x140: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x139, &mut x140, x138, (((x114 as u64) + (x92 as u64)) + ((x106 as u64) + x94)), ((x130 as u64) + x118)); let mut x141: u64 = 0; let mut x142: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x141, &mut x142, x3, 0x9d671cd581c69bc5); let mut x143: u64 = 0; let mut x144: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x143, &mut x144, x3, 0xe697f5e45bcd07c6); let mut x145: u64 = 0; let mut x146: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x145, &mut x146, x3, 0x741496c20e7cf878); let mut x147: u64 = 0; let mut x148: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x147, &mut x148, x3, 0x896cf21467d7d140); let mut x149: u64 = 0; let mut x150: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x149, &mut x150, 0x0, x148, x145); let mut x151: u64 = 0; let mut x152: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x151, &mut x152, x150, x146, x143); let mut x153: u64 = 0; let mut x154: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x153, &mut x154, x152, x144, x141); let mut x155: u64 = 0; let mut x156: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x155, &mut x156, 0x0, x133, x147); let mut x157: u64 = 0; let mut x158: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x157, &mut x158, x156, x135, x149); let mut x159: u64 = 0; let mut x160: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x159, &mut x160, x158, x137, x151); let mut x161: u64 = 0; let mut x162: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x161, &mut x162, x160, x139, x153); let mut x163: u64 = 0; let mut x164: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x163, &mut x164, x155, 0x4b0dff665588b13f); let mut x165: u64 = 0; let mut x166: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x165, &mut x166, x163, 0xffffffffffffffff); let mut x167: u64 = 0; let mut x168: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x167, &mut x168, x163, 0xfffffffffffffffe); let mut x169: u64 = 0; let mut x170: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x169, &mut x170, x163, 0xbaaedce6af48a03b); let mut x171: u64 = 0; let mut x172: u64 = 0; fiat_secp256k1_montgomery_scalar_mulx_u64(&mut x171, &mut x172, x163, 0xbfd25e8cd0364141); let mut x173: u64 = 0; let mut x174: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x173, &mut x174, 0x0, x172, x169); let mut x175: u64 = 0; let mut x176: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x175, &mut x176, x174, x170, x167); let mut x177: u64 = 0; let mut x178: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x177, &mut x178, x176, x168, x165); let mut x179: u64 = 0; let mut x180: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x179, &mut x180, 0x0, x155, x171); let mut x181: u64 = 0; let mut x182: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x181, &mut x182, x180, x157, x173); let mut x183: u64 = 0; let mut x184: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x183, &mut x184, x182, x159, x175); let mut x185: u64 = 0; let mut x186: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x185, &mut x186, x184, x161, x177); let mut x187: u64 = 0; let mut x188: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x187, &mut x188, x186, (((x162 as u64) + (x140 as u64)) + ((x154 as u64) + x142)), ((x178 as u64) + x166)); let mut x189: u64 = 0; let mut x190: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x189, &mut x190, 0x0, x181, 0xbfd25e8cd0364141); let mut x191: u64 = 0; let mut x192: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x191, &mut x192, x190, x183, 0xbaaedce6af48a03b); let mut x193: u64 = 0; let mut x194: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x193, &mut x194, x192, x185, 0xfffffffffffffffe); let mut x195: u64 = 0; let mut x196: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x195, &mut x196, x194, x187, 0xffffffffffffffff); let mut x197: u64 = 0; let mut x198: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x197, &mut x198, x196, (x188 as u64), (0x0 as u64)); let mut x199: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x199, x198, x189, x181); let mut x200: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x200, x198, x191, x183); let mut x201: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x201, x198, x193, x185); let mut x202: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x202, x198, x195, x187); out1[0] = x199; out1[1] = x200; out1[2] = x201; out1[3] = x202; } /// The function fiat_secp256k1_montgomery_scalar_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] #[inline] pub fn fiat_secp256k1_montgomery_scalar_nonzero(out1: &mut u64, arg1: &[u64; 4]) { let x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); *out1 = x1; } /// The function fiat_secp256k1_montgomery_scalar_selectznz is a multi-limb conditional select. /// /// Postconditions: /// out1 = (if arg1 = 0 then arg2 else arg3) /// /// Input Bounds: /// arg1: [0x0 ~> 0x1] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_selectznz(out1: &mut [u64; 4], arg1: fiat_secp256k1_montgomery_scalar_u1, arg2: &[u64; 4], arg3: &[u64; 4]) { let mut x1: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x1, arg1, (arg2[0]), (arg3[0])); let mut x2: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x2, arg1, (arg2[1]), (arg3[1])); let mut x3: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x3, arg1, (arg2[2]), (arg3[2])); let mut x4: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x4, arg1, (arg2[3]), (arg3[3])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; } /// The function fiat_secp256k1_montgomery_scalar_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. /// /// Preconditions: /// 0 ≤ eval arg1 < m /// Postconditions: /// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] /// /// Input Bounds: /// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_to_bytes(out1: &mut [u8; 32], arg1: &[u64; 4]) { let x1: u64 = (arg1[3]); let x2: u64 = (arg1[2]); let x3: u64 = (arg1[1]); let x4: u64 = (arg1[0]); let x5: u8 = ((x4 & (0xff as u64)) as u8); let x6: u64 = (x4 >> 8); let x7: u8 = ((x6 & (0xff as u64)) as u8); let x8: u64 = (x6 >> 8); let x9: u8 = ((x8 & (0xff as u64)) as u8); let x10: u64 = (x8 >> 8); let x11: u8 = ((x10 & (0xff as u64)) as u8); let x12: u64 = (x10 >> 8); let x13: u8 = ((x12 & (0xff as u64)) as u8); let x14: u64 = (x12 >> 8); let x15: u8 = ((x14 & (0xff as u64)) as u8); let x16: u64 = (x14 >> 8); let x17: u8 = ((x16 & (0xff as u64)) as u8); let x18: u8 = ((x16 >> 8) as u8); let x19: u8 = ((x3 & (0xff as u64)) as u8); let x20: u64 = (x3 >> 8); let x21: u8 = ((x20 & (0xff as u64)) as u8); let x22: u64 = (x20 >> 8); let x23: u8 = ((x22 & (0xff as u64)) as u8); let x24: u64 = (x22 >> 8); let x25: u8 = ((x24 & (0xff as u64)) as u8); let x26: u64 = (x24 >> 8); let x27: u8 = ((x26 & (0xff as u64)) as u8); let x28: u64 = (x26 >> 8); let x29: u8 = ((x28 & (0xff as u64)) as u8); let x30: u64 = (x28 >> 8); let x31: u8 = ((x30 & (0xff as u64)) as u8); let x32: u8 = ((x30 >> 8) as u8); let x33: u8 = ((x2 & (0xff as u64)) as u8); let x34: u64 = (x2 >> 8); let x35: u8 = ((x34 & (0xff as u64)) as u8); let x36: u64 = (x34 >> 8); let x37: u8 = ((x36 & (0xff as u64)) as u8); let x38: u64 = (x36 >> 8); let x39: u8 = ((x38 & (0xff as u64)) as u8); let x40: u64 = (x38 >> 8); let x41: u8 = ((x40 & (0xff as u64)) as u8); let x42: u64 = (x40 >> 8); let x43: u8 = ((x42 & (0xff as u64)) as u8); let x44: u64 = (x42 >> 8); let x45: u8 = ((x44 & (0xff as u64)) as u8); let x46: u8 = ((x44 >> 8) as u8); let x47: u8 = ((x1 & (0xff as u64)) as u8); let x48: u64 = (x1 >> 8); let x49: u8 = ((x48 & (0xff as u64)) as u8); let x50: u64 = (x48 >> 8); let x51: u8 = ((x50 & (0xff as u64)) as u8); let x52: u64 = (x50 >> 8); let x53: u8 = ((x52 & (0xff as u64)) as u8); let x54: u64 = (x52 >> 8); let x55: u8 = ((x54 & (0xff as u64)) as u8); let x56: u64 = (x54 >> 8); let x57: u8 = ((x56 & (0xff as u64)) as u8); let x58: u64 = (x56 >> 8); let x59: u8 = ((x58 & (0xff as u64)) as u8); let x60: u8 = ((x58 >> 8) as u8); out1[0] = x5; out1[1] = x7; out1[2] = x9; out1[3] = x11; out1[4] = x13; out1[5] = x15; out1[6] = x17; out1[7] = x18; out1[8] = x19; out1[9] = x21; out1[10] = x23; out1[11] = x25; out1[12] = x27; out1[13] = x29; out1[14] = x31; out1[15] = x32; out1[16] = x33; out1[17] = x35; out1[18] = x37; out1[19] = x39; out1[20] = x41; out1[21] = x43; out1[22] = x45; out1[23] = x46; out1[24] = x47; out1[25] = x49; out1[26] = x51; out1[27] = x53; out1[28] = x55; out1[29] = x57; out1[30] = x59; out1[31] = x60; } /// The function fiat_secp256k1_montgomery_scalar_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. /// /// Preconditions: /// 0 ≤ bytes_eval arg1 < m /// Postconditions: /// eval out1 mod m = bytes_eval arg1 mod m /// 0 ≤ eval out1 < m /// /// Input Bounds: /// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_from_bytes(out1: &mut [u64; 4], arg1: &[u8; 32]) { let x1: u64 = (((arg1[31]) as u64) << 56); let x2: u64 = (((arg1[30]) as u64) << 48); let x3: u64 = (((arg1[29]) as u64) << 40); let x4: u64 = (((arg1[28]) as u64) << 32); let x5: u64 = (((arg1[27]) as u64) << 24); let x6: u64 = (((arg1[26]) as u64) << 16); let x7: u64 = (((arg1[25]) as u64) << 8); let x8: u8 = (arg1[24]); let x9: u64 = (((arg1[23]) as u64) << 56); let x10: u64 = (((arg1[22]) as u64) << 48); let x11: u64 = (((arg1[21]) as u64) << 40); let x12: u64 = (((arg1[20]) as u64) << 32); let x13: u64 = (((arg1[19]) as u64) << 24); let x14: u64 = (((arg1[18]) as u64) << 16); let x15: u64 = (((arg1[17]) as u64) << 8); let x16: u8 = (arg1[16]); let x17: u64 = (((arg1[15]) as u64) << 56); let x18: u64 = (((arg1[14]) as u64) << 48); let x19: u64 = (((arg1[13]) as u64) << 40); let x20: u64 = (((arg1[12]) as u64) << 32); let x21: u64 = (((arg1[11]) as u64) << 24); let x22: u64 = (((arg1[10]) as u64) << 16); let x23: u64 = (((arg1[9]) as u64) << 8); let x24: u8 = (arg1[8]); let x25: u64 = (((arg1[7]) as u64) << 56); let x26: u64 = (((arg1[6]) as u64) << 48); let x27: u64 = (((arg1[5]) as u64) << 40); let x28: u64 = (((arg1[4]) as u64) << 32); let x29: u64 = (((arg1[3]) as u64) << 24); let x30: u64 = (((arg1[2]) as u64) << 16); let x31: u64 = (((arg1[1]) as u64) << 8); let x32: u8 = (arg1[0]); let x33: u64 = (x31 + (x32 as u64)); let x34: u64 = (x30 + x33); let x35: u64 = (x29 + x34); let x36: u64 = (x28 + x35); let x37: u64 = (x27 + x36); let x38: u64 = (x26 + x37); let x39: u64 = (x25 + x38); let x40: u64 = (x23 + (x24 as u64)); let x41: u64 = (x22 + x40); let x42: u64 = (x21 + x41); let x43: u64 = (x20 + x42); let x44: u64 = (x19 + x43); let x45: u64 = (x18 + x44); let x46: u64 = (x17 + x45); let x47: u64 = (x15 + (x16 as u64)); let x48: u64 = (x14 + x47); let x49: u64 = (x13 + x48); let x50: u64 = (x12 + x49); let x51: u64 = (x11 + x50); let x52: u64 = (x10 + x51); let x53: u64 = (x9 + x52); let x54: u64 = (x7 + (x8 as u64)); let x55: u64 = (x6 + x54); let x56: u64 = (x5 + x55); let x57: u64 = (x4 + x56); let x58: u64 = (x3 + x57); let x59: u64 = (x2 + x58); let x60: u64 = (x1 + x59); out1[0] = x39; out1[1] = x46; out1[2] = x53; out1[3] = x60; } /// The function fiat_secp256k1_montgomery_scalar_set_one returns the field element one in the Montgomery domain. /// /// Postconditions: /// eval (from_montgomery out1) mod m = 1 mod m /// 0 ≤ eval out1 < m /// #[inline] pub fn fiat_secp256k1_montgomery_scalar_set_one(out1: &mut fiat_secp256k1_montgomery_scalar_montgomery_domain_field_element) { out1[0] = 0x402da1732fc9bebf; out1[1] = 0x4551231950b75fc4; out1[2] = (0x1 as u64); out1[3] = (0x0 as u64); } /// The function fiat_secp256k1_montgomery_scalar_msat returns the saturated representation of the prime modulus. /// /// Postconditions: /// twos_complement_eval out1 = m /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_msat(out1: &mut [u64; 5]) { out1[0] = 0xbfd25e8cd0364141; out1[1] = 0xbaaedce6af48a03b; out1[2] = 0xfffffffffffffffe; out1[3] = 0xffffffffffffffff; out1[4] = (0x0 as u64); } /// The function fiat_secp256k1_montgomery_scalar_divstep computes a divstep. /// /// Preconditions: /// 0 ≤ eval arg4 < m /// 0 ≤ eval arg5 < m /// Postconditions: /// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) /// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) /// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) /// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) /// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) /// 0 ≤ eval out5 < m /// 0 ≤ eval out5 < m /// 0 ≤ eval out2 < m /// 0 ≤ eval out3 < m /// /// Input Bounds: /// arg1: [0x0 ~> 0xffffffffffffffff] /// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// Output Bounds: /// out1: [0x0 ~> 0xffffffffffffffff] /// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] /// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_divstep(out1: &mut u64, out2: &mut [u64; 5], out3: &mut [u64; 5], out4: &mut [u64; 4], out5: &mut [u64; 4], arg1: u64, arg2: &[u64; 5], arg3: &[u64; 5], arg4: &[u64; 4], arg5: &[u64; 4]) { let mut x1: u64 = 0; let mut x2: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x1, &mut x2, 0x0, (!arg1), (0x1 as u64)); let x3: fiat_secp256k1_montgomery_scalar_u1 = (((x1 >> 63) as fiat_secp256k1_montgomery_scalar_u1) & (((arg3[0]) & (0x1 as u64)) as fiat_secp256k1_montgomery_scalar_u1)); let mut x4: u64 = 0; let mut x5: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x4, &mut x5, 0x0, (!arg1), (0x1 as u64)); let mut x6: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x6, x3, arg1, x4); let mut x7: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x7, x3, (arg2[0]), (arg3[0])); let mut x8: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x8, x3, (arg2[1]), (arg3[1])); let mut x9: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x9, x3, (arg2[2]), (arg3[2])); let mut x10: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x10, x3, (arg2[3]), (arg3[3])); let mut x11: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x11, x3, (arg2[4]), (arg3[4])); let mut x12: u64 = 0; let mut x13: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x12, &mut x13, 0x0, (0x1 as u64), (!(arg2[0]))); let mut x14: u64 = 0; let mut x15: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x14, &mut x15, x13, (0x0 as u64), (!(arg2[1]))); let mut x16: u64 = 0; let mut x17: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x16, &mut x17, x15, (0x0 as u64), (!(arg2[2]))); let mut x18: u64 = 0; let mut x19: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x18, &mut x19, x17, (0x0 as u64), (!(arg2[3]))); let mut x20: u64 = 0; let mut x21: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x20, &mut x21, x19, (0x0 as u64), (!(arg2[4]))); let mut x22: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x22, x3, (arg3[0]), x12); let mut x23: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x23, x3, (arg3[1]), x14); let mut x24: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x24, x3, (arg3[2]), x16); let mut x25: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x25, x3, (arg3[3]), x18); let mut x26: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x26, x3, (arg3[4]), x20); let mut x27: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x27, x3, (arg4[0]), (arg5[0])); let mut x28: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x28, x3, (arg4[1]), (arg5[1])); let mut x29: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x29, x3, (arg4[2]), (arg5[2])); let mut x30: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x30, x3, (arg4[3]), (arg5[3])); let mut x31: u64 = 0; let mut x32: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x31, &mut x32, 0x0, x27, x27); let mut x33: u64 = 0; let mut x34: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x33, &mut x34, x32, x28, x28); let mut x35: u64 = 0; let mut x36: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x35, &mut x36, x34, x29, x29); let mut x37: u64 = 0; let mut x38: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x37, &mut x38, x36, x30, x30); let mut x39: u64 = 0; let mut x40: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x39, &mut x40, 0x0, x31, 0xbfd25e8cd0364141); let mut x41: u64 = 0; let mut x42: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x41, &mut x42, x40, x33, 0xbaaedce6af48a03b); let mut x43: u64 = 0; let mut x44: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x43, &mut x44, x42, x35, 0xfffffffffffffffe); let mut x45: u64 = 0; let mut x46: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x45, &mut x46, x44, x37, 0xffffffffffffffff); let mut x47: u64 = 0; let mut x48: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x47, &mut x48, x46, (x38 as u64), (0x0 as u64)); let x49: u64 = (arg4[3]); let x50: u64 = (arg4[2]); let x51: u64 = (arg4[1]); let x52: u64 = (arg4[0]); let mut x53: u64 = 0; let mut x54: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x53, &mut x54, 0x0, (0x0 as u64), x52); let mut x55: u64 = 0; let mut x56: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x55, &mut x56, x54, (0x0 as u64), x51); let mut x57: u64 = 0; let mut x58: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x57, &mut x58, x56, (0x0 as u64), x50); let mut x59: u64 = 0; let mut x60: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x59, &mut x60, x58, (0x0 as u64), x49); let mut x61: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x61, x60, (0x0 as u64), 0xffffffffffffffff); let mut x62: u64 = 0; let mut x63: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x62, &mut x63, 0x0, x53, (x61 & 0xbfd25e8cd0364141)); let mut x64: u64 = 0; let mut x65: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x64, &mut x65, x63, x55, (x61 & 0xbaaedce6af48a03b)); let mut x66: u64 = 0; let mut x67: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x66, &mut x67, x65, x57, (x61 & 0xfffffffffffffffe)); let mut x68: u64 = 0; let mut x69: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x68, &mut x69, x67, x59, x61); let mut x70: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x70, x3, (arg5[0]), x62); let mut x71: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x71, x3, (arg5[1]), x64); let mut x72: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x72, x3, (arg5[2]), x66); let mut x73: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x73, x3, (arg5[3]), x68); let x74: fiat_secp256k1_montgomery_scalar_u1 = ((x22 & (0x1 as u64)) as fiat_secp256k1_montgomery_scalar_u1); let mut x75: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x75, x74, (0x0 as u64), x7); let mut x76: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x76, x74, (0x0 as u64), x8); let mut x77: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x77, x74, (0x0 as u64), x9); let mut x78: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x78, x74, (0x0 as u64), x10); let mut x79: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x79, x74, (0x0 as u64), x11); let mut x80: u64 = 0; let mut x81: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x80, &mut x81, 0x0, x22, x75); let mut x82: u64 = 0; let mut x83: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x82, &mut x83, x81, x23, x76); let mut x84: u64 = 0; let mut x85: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x84, &mut x85, x83, x24, x77); let mut x86: u64 = 0; let mut x87: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x86, &mut x87, x85, x25, x78); let mut x88: u64 = 0; let mut x89: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x88, &mut x89, x87, x26, x79); let mut x90: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x90, x74, (0x0 as u64), x27); let mut x91: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x91, x74, (0x0 as u64), x28); let mut x92: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x92, x74, (0x0 as u64), x29); let mut x93: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x93, x74, (0x0 as u64), x30); let mut x94: u64 = 0; let mut x95: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x94, &mut x95, 0x0, x70, x90); let mut x96: u64 = 0; let mut x97: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x96, &mut x97, x95, x71, x91); let mut x98: u64 = 0; let mut x99: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x98, &mut x99, x97, x72, x92); let mut x100: u64 = 0; let mut x101: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x100, &mut x101, x99, x73, x93); let mut x102: u64 = 0; let mut x103: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x102, &mut x103, 0x0, x94, 0xbfd25e8cd0364141); let mut x104: u64 = 0; let mut x105: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x104, &mut x105, x103, x96, 0xbaaedce6af48a03b); let mut x106: u64 = 0; let mut x107: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x106, &mut x107, x105, x98, 0xfffffffffffffffe); let mut x108: u64 = 0; let mut x109: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x108, &mut x109, x107, x100, 0xffffffffffffffff); let mut x110: u64 = 0; let mut x111: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_subborrowx_u64(&mut x110, &mut x111, x109, (x101 as u64), (0x0 as u64)); let mut x112: u64 = 0; let mut x113: fiat_secp256k1_montgomery_scalar_u1 = 0; fiat_secp256k1_montgomery_scalar_addcarryx_u64(&mut x112, &mut x113, 0x0, x6, (0x1 as u64)); let x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); let x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); let x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); let x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); let x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); let mut x119: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x119, x48, x39, x31); let mut x120: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x120, x48, x41, x33); let mut x121: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x121, x48, x43, x35); let mut x122: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x122, x48, x45, x37); let mut x123: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x123, x111, x102, x94); let mut x124: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x124, x111, x104, x96); let mut x125: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x125, x111, x106, x98); let mut x126: u64 = 0; fiat_secp256k1_montgomery_scalar_cmovznz_u64(&mut x126, x111, x108, x100); *out1 = x112; out2[0] = x7; out2[1] = x8; out2[2] = x9; out2[3] = x10; out2[4] = x11; out3[0] = x114; out3[1] = x115; out3[2] = x116; out3[3] = x117; out3[4] = x118; out4[0] = x119; out4[1] = x120; out4[2] = x121; out4[3] = x122; out5[0] = x123; out5[1] = x124; out5[2] = x125; out5[3] = x126; } /// The function fiat_secp256k1_montgomery_scalar_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). /// /// Postconditions: /// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋) /// 0 ≤ eval out1 < m /// /// Output Bounds: /// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] #[inline] pub fn fiat_secp256k1_montgomery_scalar_divstep_precomp(out1: &mut [u64; 4]) { out1[0] = 0xd7431a4d2b9cb4e9; out1[1] = 0xab67d35a32d9c503; out1[2] = 0xadf6c7e5859ce35f; out1[3] = 0x615441451df6c379; }