| blob | 67dc2044438806d1600bcd6ffcd6d2685739a908 |
1 /* mulmod_bnm1.c -- multiplication mod B^n-1.
3 Contributed to the GNU project by Niels Möller, Torbjorn Granlund and
4 Marco Bodrato.
6 THE FUNCTIONS IN THIS FILE ARE INTERNAL WITH MUTABLE INTERFACES. IT IS ONLY
7 SAFE TO REACH THEM THROUGH DOCUMENTED INTERFACES. IN FACT, IT IS ALMOST
8 GUARANTEED THAT THEY WILL CHANGE OR DISAPPEAR IN A FUTURE GNU MP RELEASE.
10 Copyright 2009, 2010, 2012, 2013 Free Software Foundation, Inc.
12 This file is part of the GNU MP Library.
14 The GNU MP Library is free software; you can redistribute it and/or modify
15 it under the terms of either:
17 * the GNU Lesser General Public License as published by the Free
18 Software Foundation; either version 3 of the License, or (at your
19 option) any later version.
21 or
23 * the GNU General Public License as published by the Free Software
24 Foundation; either version 2 of the License, or (at your option) any
25 later version.
27 or both in parallel, as here.
29 The GNU MP Library is distributed in the hope that it will be useful, but
30 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
31 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
32 for more details.
34 You should have received copies of the GNU General Public License and the
35 GNU Lesser General Public License along with the GNU MP Library. If not,
36 see https://www.gnu.org/licenses/. */
43 /* Inputs are {ap,rn} and {bp,rn}; output is {rp,rn}, computation is
44 mod B^rn - 1, and values are semi-normalised; zero is represented
45 as either 0 or B^n - 1. Needs a scratch of 2rn limbs at tp.
46 tp==rp is allowed. */
47 void
49 mp_ptr tp)
50 {
51 mp_limb_t cy;
57 /* If cy == 1, then the value of rp is at most B^rn - 2, so there can
58 * be no overflow when adding in the carry. */
60 }
63 /* Inputs are {ap,rn+1} and {bp,rn+1}; output is {rp,rn+1}, in
64 semi-normalised representation, computation is mod B^rn + 1. Needs
65 a scratch area of 2rn + 2 limbs at tp; tp == rp is allowed.
66 Output is normalised. */
67 static void
69 mp_ptr tp)
70 {
71 mp_limb_t cy;
81 }
84 /* Computes {rp,MIN(rn,an+bn)} <- {ap,an}*{bp,bn} Mod(B^rn-1)
85 *
86 * The result is expected to be ZERO if and only if one of the operand
87 * already is. Otherwise the class [0] Mod(B^rn-1) is represented by
88 * B^rn-1. This should not be a problem if mulmod_bnm1 is used to
89 * combine results and obtain a natural number when one knows in
90 * advance that the final value is less than (B^rn-1).
91 * Moreover it should not be a problem if mulmod_bnm1 is used to
92 * compute the full product with an+bn <= rn, because this condition
93 * implies (B^an-1)(B^bn-1) < (B^rn-1) .
94 *
95 * Requires 0 < bn <= an <= rn and an + bn > rn/2
96 * Scratch need: rn + (need for recursive call OR rn + 4). This gives
97 *
98 * S(n) <= rn + MAX (rn + 4, S(n/2)) <= 2rn + 4
99 */
100 void
101 mpn_mulmod_bnm1 (mp_ptr rp, mp_size_t rn, mp_srcptr ap, mp_size_t an, mp_srcptr bp, mp_size_t bn, mp_ptr tp)
102 {
108 {
110 {
112 {
114 }
115 else
116 {
117 mp_limb_t cy;
121 }
122 }
123 else
125 }
126 else
127 {
128 mp_size_t n;
129 mp_limb_t cy;
130 mp_limb_t hi;
134 /* We need at least an + bn >= n, to be able to fit one of the
135 recursive products at rp. Requiring strict inequality makes
136 the code slightly simpler. If desired, we could avoid this
137 restriction by initially halving rn as long as rn is even and
138 an + bn <= rn/2. */
142 /* Compute xm = a*b mod (B^n - 1), xp = a*b mod (B^n + 1)
143 and crt together as
145 x = -xp * B^n + (B^n + 1) * [ (xp + xm)/2 mod (B^n-1)]
146 */
148 #define a0 ap
149 #define a1 (ap + n)
150 #define b0 bp
151 #define b1 (bp + n)
154 /* am1 maybe in {xp, n} */
155 /* bm1 maybe in {xp + n, n} */
156 #define sp1 (tp + 2*n + 2)
157 /* ap1 maybe in {sp1, n + 1} */
158 /* bp1 maybe in {sp1 + n + 1, n + 1} */
160 {
163 mp_ptr so;
168 {
175 {
181 }
182 }
183 else
184 {
188 }
191 }
193 {
212 }
216 }
220 else
221 {
226 }
230 {
241 }
242 else
244 }
246 /* Here the CRT recomposition begins.
248 xm <- (xp + xm)/2 = (xp + xm)B^n/2 mod (B^n-1)
249 Division by 2 is a bitwise rotation.
251 Assumes xp normalised mod (B^n+1).
253 The residue class [0] is represented by [B^n-1]; except when
254 both input are ZERO.
255 */
257 #if HAVE_NATIVE_mpn_rsh1add_n || HAVE_NATIVE_mpn_rsh1add_nc
258 #if HAVE_NATIVE_mpn_rsh1add_nc
262 /* next update of rp[n-1] will set cy = 1 only if rp[n-1]+=hi
263 overflows, i.e. a further increment will not overflow again. */
268 /* cy = 1 only if xp[n] = 1 i.e. {xp,n} = ZERO, this implies that
269 the rsh1add was a simple rshift: the top bit is 0. cy=1 => hi=0. */
270 #endif
271 #if GMP_NAIL_BITS == 0
273 #else
276 #endif
278 #if HAVE_NATIVE_mpn_add_nc
282 #endif
288 /* We can have cy != 0 only if hi = 0... */
291 /* ... rp[n-1] + cy can not overflow, the following INCR is correct. */
292 #endif
294 /* Next increment can not overflow, read the previous comments about cy. */
298 /* Compute the highest half:
299 ([(xp + xm)/2 mod (B^n-1)] - xp ) * B^n
300 */
302 {
303 /* Note that in this case, the only way the result can equal
304 zero mod B^{rn} - 1 is if one of the inputs is zero, and
305 then the output of both the recursive calls and this CRT
306 reconstruction is zero, not B^{rn} - 1. Which is good,
307 since the latter representation doesn't fit in the output
308 area.*/
311 /* FIXME: This subtraction of the high parts is not really
312 necessary, we do it to get the carry out, and for sanity
313 checking. */
320 }
321 else
322 {
324 /* cy = 1 only if {xp,n+1} is not ZERO, i.e. {rp,n} is not ZERO.
325 DECR will affect _at most_ the lowest n limbs. */
327 }
328 #undef a0
329 #undef a1
330 #undef b0
331 #undef b1
332 #undef xp
333 #undef sp1
334 }
335 }
337 mp_size_t
339 {
340 mp_size_t nh;
355 }