From fe929e491c595c20bb358535eaf01ea681910fd8 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Sun, 19 Dec 2021 20:47:17 +0800 Subject: [PATCH] Updated MFMM (markdown) --- MFMM.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/MFMM.md b/MFMM.md index d03336f..6cb14cd 100644 --- a/MFMM.md +++ b/MFMM.md @@ -30,7 +30,7 @@ acc0, acc1, acc2, acc3, acc4, acc5是64位寄存器 (carry3, acc3) = carry2 + acc3 + acc0 * p3 (carry4, acc4) = carry3 + acc4 acc5 = carry4 - + 进位处理后,结果表示成 tmp = acc5 * 2^256 + acc4 * 2^192 + acc3 * 2^128 + acc2 * 2 ^ 64 + acc1 H = high64(acc0*2^32) 超出64位宽部分 , L = low64(acc0*2^32) @@ -43,6 +43,28 @@ acc0, acc1, acc2, acc3, acc4, acc5是64位寄存器 =acc4 * 2^192 + (acc0 * p3 + acc3) * 2^128 + acc2 * 2^64 + acc1 + acc0* 2^32 =acc4 * 2^192 + (acc0 * p3 + acc3) * 2^128 + (acc2 + H(acc0* 2^32))* 2^64 + acc1 + L(acc0* 2^32) + amd64 汇编表示为: + MOVQ acc0, AX + MOVQ acc0, t1 + SHLQ $32, acc0 // L(acc0 * 2^32) + MULQ p256const1<>(SB) // acc0 * p3 = (DX, AX), DX为高64位 + SHRQ $32, t1 // t1 = H(acc0 * 2^32) + ADDQ acc0, acc1 // (carry1, acc1) = acc1 + L(acc0 * 2^32) + ADCQ t1, acc2 // (carry2, acc2) = carry1 + acc2 + H(acc0 * 2^32) + ADCQ AX, acc3 // (carry3, acc3) = carry2 + acc3 + L(acc0 * p3) + ADCQ DX, acc4 // (carry4, acc4) = carry3 + acc4 + H(acc0 * p3) + ADCQ $0, acc5 // acc5 = carry4 + XORQ acc0, acc0 // acc0 = 0 + + arm64 汇编表示为: + ADDS acc0<<32, acc1, acc1 // (carry1, acc1) = acc1 + L(acc0 * 2^32) + LSR $32, acc0, t0 // t0 = H(acc0 * 2^32) + MUL acc0, const1, t1 // t1 = L(acc0 * p3) + UMULH acc0, const1, acc0 // acc0 = H(acc0 * p3) + ADCS t0, acc2 // (carry2, acc2) = carry1 + acc2 + H(acc0 * 2^32) + ADCS t1, acc3 // (carry3, acc3) = carry2 + acc3 + L(acc0 * p3) + ADC $0, acc0 // acc0 = carry3 + H(acc0 * p3), why? + SM2曲线 p = 0x fffffffeffffffff ffffffffffffffff ffffffff00000000 ffffffffffffffff = (2^64 - 2^32 - 1) * 2^192 + (2^64 - 1) * 2^128 + (2^64 - 2^32) * 2^64 + (2^64 - 1)