From 155cc0d85e286d58277ddaaceb420a1be20d6618 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Thu, 22 Feb 2024 14:13:03 +0800 Subject: [PATCH] Updated SM2 MFMM (2) (markdown) --- SM2-MFMM-(2).md | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/SM2-MFMM-(2).md b/SM2-MFMM-(2).md index b83762c..647d1da 100644 --- a/SM2-MFMM-(2).md +++ b/SM2-MFMM-(2).md @@ -123,4 +123,73 @@ $t_0=t_0 - a_1$ 加法:4 减法:4 +## 乘法的模约减优化 +乘法没有和平方一样,先把乘法做完再约减,而是乘法和约减混合在一起做的。 +假设: +$X = x_3 \ast 2^{192} + x_2 \ast 2^{128} + x_1 \ast 2^{64} + x_0$ +$Y = y_3 \ast 2^{192} + y_2 \ast 2^{128} + y_1 \ast 2^{64} + y_0$ +则第一轮先处理 $X \ast y_0$ +$T=(y_0 \ast x_3 \ast 2^{192}) + (y_0 \ast x_2 \ast 2^{128}) + (y_0 \ast x_1 \ast 2^{64}) + y_0 \ast x_0$ +$=t_4 \ast 2^{256} + t_3 \ast 2^{192} + t_2 \ast 2^{128} + t_1 \ast 2^{64} + t_0$ + +### 方案一:(乘法、加法) +这个是最原始方法。 +$T_2=T_1 \ast P=t_0 \ast P= (t_0 \ast p_3) \ast 2^{192} + (t_0 \ast p_2) \ast 2^{128} + (t_0 \ast p_1) \ast 2^{64} + (t_0 \ast p_0)$ +$T_3=T + T_2=t_4 \ast 2^{256} + (t_3+t_0 \ast p_3) \ast 2^{192} + (t_2+t_0 \ast p_2) \ast 2^{128} + (t_1+t_0 \ast p_1) \ast 2^{64} + t_0 \ast 2^{64} $ + +$t_1=t_1 + t_0 \ast 0xFFFFFFFF00000001$ +$t_2=t_2 + t_0 \ast p_2$ +$t_3=t_3 + t_0 \ast p_3$ +$t_4=t_4 + 0$ +$t_5=0 + 0$ + +伪代码: +```asm + MOVQ $0xFFFFFFFF00000001, AX + MULQ t0 + ADDQ AX, t1 + ADCQ $0, DX + MOVQ DX, BX // carry + + MOVQ p2, AX + MULQ t0 + ADDQ BX, t2 + ADCQ $0, DX + ADDQ AX, t2 + ADCQ $0, DX + MOVQ DX, BX // carry + + MOVQ p3, AX + MULQ t0 + ADDQ BX, t3 + ADCQ $0, DX + ADDQ AX, t3 + ADCQ DX, t4 + ADCQ $0, t5 +``` +乘法: 3 +加法:11 + +**使用MULXQ/ADCXQ/ADOXQ**: +```asm + MOVQ t0, DX + XORQ SI, SI + + MULXQ p1, AX, DI + ADOXQ AX, t1 + + MULXQ p2, AX, BX + ADCXQ DI, AX + ADOXQ AX, t2 + + MULXQ p3, AX, DI + ADCXQ BX, AX + ADOXQ AX, t3 + + ADCXQ SI, DI + ADOXQ DI, t4 + ADOXQ SI, t5 +``` +乘法: 3 +加法:8