16 const AllEntities& in,
18 const FF& scaling_factor)
27 const auto lagrange_first = View(in.lagrange_first);
28 const auto scalar_sum = View(in.precompute_scalar_sum);
29 const auto scalar_sum_shift = View(in.precompute_scalar_sum_shift);
30 const auto q_transition = View(in.precompute_point_transition);
31 const auto round = View(in.precompute_round);
32 const auto round_shift = View(in.precompute_round_shift);
33 const auto pc = View(in.precompute_pc);
34 const auto pc_shift = View(in.precompute_pc_shift);
35 const auto precompute_select = View(in.precompute_select);
36 const auto precompute_select_shift = View(in.precompute_select_shift);
37 const auto precompute_skew = View(in.precompute_skew);
40 View(in.precompute_s1hi), View(in.precompute_s1lo), View(in.precompute_s2hi), View(in.precompute_s2lo),
41 View(in.precompute_s3hi), View(in.precompute_s3lo), View(in.precompute_s4hi), View(in.precompute_s4lo),
45 const auto range_check_scaled = [scaling_factor](
const View& s,
auto& acc) {
46 const auto s_minus_1 = s -
FF(1);
47 const auto s_minus_2 = s -
FF(2);
48 const auto term1 = s_minus_1.sqr() -
FF(1);
49 const auto term2 = s_minus_2.sqr() -
FF(1);
50 acc += Accumulator(term1) * Accumulator(term2 * scaling_factor);
61 const auto convert_to_wnaf = [](
const View& hi,
const View& lo) {
65 return t + t -
FF(15);
68 const auto scaled_transition_short = q_transition * scaling_factor;
69 const auto scaled_lagrange_first_short = lagrange_first * scaling_factor;
70 const auto scaled_transition_is_zero_short = -scaled_transition_short + scaling_factor;
71 const auto scaled_transition_plus_lagrange_first_short = scaled_transition_short + scaled_lagrange_first_short;
75 const auto s1hi_shift = View(in.precompute_s1hi_shift);
76 const auto s1hi_shift_msb_set = (s1hi_shift -
FF(2)) * (s1hi_shift -
FF(3));
77 const auto first_factor = scaled_transition_plus_lagrange_first_short * precompute_select_shift;
79 Accumulator(first_factor) * Accumulator(s1hi_shift_msb_set);
83 const auto w0 = convert_to_wnaf(slices[0], slices[1]);
84 const auto w1 = convert_to_wnaf(slices[2], slices[3]);
85 const auto w2 = convert_to_wnaf(slices[4], slices[5]);
86 const auto w3 = convert_to_wnaf(slices[6], slices[7]);
89 row_slice += row_slice;
90 row_slice += row_slice;
91 row_slice += row_slice;
92 row_slice += row_slice;
94 row_slice += row_slice;
95 row_slice += row_slice;
96 row_slice += row_slice;
97 row_slice += row_slice;
99 row_slice += row_slice;
100 row_slice += row_slice;
101 row_slice += row_slice;
102 row_slice += row_slice;
107 const auto sum_delta = scalar_sum *
FF(1ULL << 16) + row_slice;
108 const auto check_sum = scalar_sum_shift - sum_delta;
109 const auto factor = precompute_select * scaled_transition_is_zero_short;
115 const auto scaled_lagrange_first_minus_one_short = scaled_lagrange_first_short - scaling_factor;
116 const auto precompute_select_check = precompute_select_shift * (precompute_select -
FF(1));
118 Acc4(scaled_lagrange_first_minus_one_short) * Acc4(precompute_select_check);
123 const auto round_check = round_shift - round -
FF(1);
124 const auto term_a = round - round_check -
FF(7);
125 const auto term_a_mul = term_a * scaled_transition_short;
126 const auto term_b = round_check * scaling_factor;
127 const auto inner = term_a_mul + term_b;
132 const auto precompute_select_transition_plus_lagrange_first_short =
133 precompute_select * scaled_transition_short + scaled_lagrange_first_short;
135 Acc4(precompute_select_transition_plus_lagrange_first_short) * Acc4(round_shift);
137 Acc4(precompute_select_transition_plus_lagrange_first_short) * Acc4(scalar_sum_shift);
141 const auto pc_delta = pc_shift - pc;
142 const auto inner_a = (-pc_delta - pc_delta -
FF(1)) * scaled_transition_short;
143 const auto inner_b = pc_delta * scaling_factor;
144 const auto inner = inner_a + inner_b;
150 const auto skew_quadratic = precompute_skew * (precompute_skew -
FF(7));
155 const auto precompute_select_zero_short = -precompute_select * scaling_factor + scaling_factor;
1.9.8