mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-09-18 21:03:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated MFMM (markdown)

Sun Yimin 2024-02-21 17:39:11 +08:00
parent 1aa9dfcce9
commit ec94141df0
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
MFMM.md

@ -283,7 +283,7 @@ acc0, acc1, acc2, acc3, acc4, acc5是64位寄存器
PASS PASS
ok github.com/emmansun/gmsm/sm2 4.753s ok github.com/emmansun/gmsm/sm2 4.753s
### 续 ### 续1平方的模约减优化
SM2 256 的素数P=0xfffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff也可以表示为 SM2 256 的素数P=0xfffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff也可以表示为
$P = 2^{256}-(2^{32} \ast 2^{192} + 0 \ast 2^{128} + (2^{32} - 1) \ast 2^{64} + 1)$ $P = 2^{256}-(2^{32} \ast 2^{192} + 0 \ast 2^{128} + (2^{32} - 1) \ast 2^{64} + 1)$
@ -301,3 +301,16 @@ $T_2=t_0 \ast 2^{256} - t_0 \ast 2^{32} \ast 2^{192} - t_0 \ast (2^{32} - 1) \as
$T_3=T + T_2=t_7 \ast 2^{448} + t_6 \ast 2^{384} + t_5 \ast 2^{320} + t_4 \ast 2^{256} + t_3 \ast 2^{192} + t_2 \ast 2^{128} + t_1 \ast 2^{64} + t_0 \ast 2^{256} - t_0 \ast 2^{32} \ast 2^{192} - t_0 \ast (2^{32} - 1) \ast 2^{64} - t_0 $ $T_3=T + T_2=t_7 \ast 2^{448} + t_6 \ast 2^{384} + t_5 \ast 2^{320} + t_4 \ast 2^{256} + t_3 \ast 2^{192} + t_2 \ast 2^{128} + t_1 \ast 2^{64} + t_0 \ast 2^{256} - t_0 \ast 2^{32} \ast 2^{192} - t_0 \ast (2^{32} - 1) \ast 2^{64} - t_0 $
$T_3=t_7 \ast 2^{448} + t_6 \ast 2^{384} + t_5 \ast 2^{320} + (t_4+t_0) \ast 2^{256}+(t_3 - t_0 \ast 2^{32}) \ast 2^{192} + t_2 \ast 2^{128} + (t_1 + t_0 - t_0 \ast 2^{32}) \ast 2^{64} $ $T_3=t_7 \ast 2^{448} + t_6 \ast 2^{384} + t_5 \ast 2^{320} + (t_4+t_0) \ast 2^{256}+(t_3 - t_0 \ast 2^{32}) \ast 2^{192} + t_2 \ast 2^{128} + (t_1 + t_0 - t_0 \ast 2^{32}) \ast 2^{64} $
先处理加法,后处理减法,后三个加法是带进位加法
$t_1=t_0 + t_1$
$t_2=t_2 + 0$
$t_3=t_3 + 0$
$t_0=t_0 + 0$
t<sub>0</sub>会不会是0xffffffffffffffff呢显然不会因为T是某个数的平方而这个数的取值范围是[0, P-1]。
接着处理减法假定a<sub>0</sub>是 $t_0 \ast 2^{32}$ 的低64位a<sub>1</sub>是 $t_0 \ast 2^{32}$ 的高64位
$t_1=t_1 - a_0$
$t_2=t_2 - a_1$
$t_3=t_3 - a_0$
$t_0=t_0 - a_1$
t<sub>0</sub>会不会不够减呢?