aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/shen_ed25519_ref
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2015-08-24 19:34:10 +0200
committerRiccardo Spagni <ric@spagni.net>2015-10-26 18:00:53 +0200
commitbb0c161e7d4bff0e70b59c2f4267da96f34742af (patch)
tree6218bba2ad3cdaa4a8c0be027587db736a2cc946 /src/crypto/shen_ed25519_ref
parentMerge pull request #448 (diff)
downloadmonero-bb0c161e7d4bff0e70b59c2f4267da96f34742af.tar.xz
renamed folder
Diffstat (limited to 'src/crypto/shen_ed25519_ref')
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/Makefile10
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/api.h2
-rw-r--r--src/crypto/shen_ed25519_ref/crypto-ops-data.c872
-rw-r--r--src/crypto/shen_ed25519_ref/crypto-ops-old.c3008
-rw-r--r--src/crypto/shen_ed25519_ref/crypto-ops.h148
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/crypto_int32.h6
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/crypto_sign.h13
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/crypto_uint32.h6
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/crypto_verify_32.h7
-rw-r--r--src/crypto/shen_ed25519_ref/ietf.txt1402
-rw-r--r--src/crypto/shen_ed25519_ref/include/Makefile.am62
-rw-r--r--src/crypto/shen_ed25519_ref/include/libsodium_LICENSE16
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium.h50
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_int32.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_int64.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_uint16.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_uint32.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_uint64.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_uint8.h8
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/crypto_verify_32.h22
-rw-r--r--src/crypto/shen_ed25519_ref/include/sodium/randombytes.h58
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/randombytes.c52
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/Makefile41
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/api.h4
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/base.h1344
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/base.py65
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/base2.h40
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/base2.py60
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/d.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/d.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/d2.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/d2.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/description2
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/designers5
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe.h56
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_0.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_1.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_add.c57
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_cmov.c63
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_copy.c29
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_frombytes.c73
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_invert.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_isnegative.c16
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_isnonzero.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_mul.c253
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_neg.c45
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_pow22523.c13
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_sq.c149
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_sq2.c160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_sub.c57
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/fe_tobytes.c119
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge.h95
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_add.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_add.h97
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_add.q49
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_double_scalarmult.c96
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_frombytes.c50
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_madd.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_madd.h88
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_madd.q46
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_msub.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_msub.h88
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_msub.q46
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p2.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p3.c13
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p2_0.c8
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.h73
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.q41
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p3_0.c9
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p3_dbl.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p3_to_cached.c17
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p3_to_p2.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_p3_tobytes.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_precomp_0.c8
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_scalarmult_base.c105
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_sub.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_sub.h97
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_sub.q49
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/ge_tobytes.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/keypair.c23
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/open.c48
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/pow22523.h160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/pow22523.q61
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/pow225521.h160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/pow225521.q61
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/q2h.sh4
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sc.h15
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sc_muladd.c368
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sc_reduce.c275
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sign.c41
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sqrtm1.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10/sqrtm1.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/MakeCryptoOps.py261
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/api.h4
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.h1344
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.py65
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.h40
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.py60
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.c4830
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.h145
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/description7
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/designers9
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe.h56
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_0.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_1.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_add.c57
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_cmov.c63
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_copy.c29
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_frombytes.c73
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_invert.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnegative.c16
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnonzero.c19
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_mul.c253
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_neg.c45
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_pow22523.c13
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq.c149
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq2.c160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sub.c57
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_tobytes.c119
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge.h95
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.h97
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.q49
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_double_scalarmult.c96
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_frombytes.c50
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.h88
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.q46
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.h88
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.q46
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p2.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p3.c13
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_0.c8
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.h73
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.q41
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_0.c9
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_dbl.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_cached.c17
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_p2.c12
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_tobytes.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_precomp_0.c8
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_scalarmult_base.c105
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.c11
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.h97
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.q49
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_tobytes.c14
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/keypair.c23
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/open.c48
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.h160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.q61
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.h160
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.q61
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/q2h.sh4
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc.h15
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_muladd.c368
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_reduce.c275
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_sub.xmr.c504
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/scrap.txt53
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sign.c41
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.h1
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.py28
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/test.py5
-rw-r--r--src/crypto/shen_ed25519_ref/ref10CommentedCombined/xmrSpecificOld.c776
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/sha512-blocks.c239
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/sha512-hash.c72
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/sha512.h4
-rwxr-xr-xsrc/crypto/shen_ed25519_ref/verify.c40
174 files changed, 0 insertions, 23117 deletions
diff --git a/src/crypto/shen_ed25519_ref/Makefile b/src/crypto/shen_ed25519_ref/Makefile
deleted file mode 100755
index 69b0d3ba3..000000000
--- a/src/crypto/shen_ed25519_ref/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-
-CC=gcc
-CFLAGS=-O2 -Wall
-
-OBJS= fe25519.o ge25519.o sc25519.o sha512-blocks.o sha512-hash.o ed25519.o randombytes.o verify.o
-test: test.o $(OBJS)
- gcc -o $@ $^
-
-clean:
- rm -f *.o test
diff --git a/src/crypto/shen_ed25519_ref/api.h b/src/crypto/shen_ed25519_ref/api.h
deleted file mode 100755
index 60339596d..000000000
--- a/src/crypto/shen_ed25519_ref/api.h
+++ /dev/null
@@ -1,2 +0,0 @@
-#define CRYPTO_BYTES 32
-#define CRYPTO_SCALARBYTES 32
diff --git a/src/crypto/shen_ed25519_ref/crypto-ops-data.c b/src/crypto/shen_ed25519_ref/crypto-ops-data.c
deleted file mode 100644
index c26abacca..000000000
--- a/src/crypto/shen_ed25519_ref/crypto-ops-data.c
+++ /dev/null
@@ -1,872 +0,0 @@
-// Copyright (c) 2014-2015, The Monero Project
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-// of conditions and the following disclaimer in the documentation and/or other
-// materials provided with the distribution.
-//
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-// used to endorse or promote products derived from this software without specific
-// prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-#include <stdint.h>
-
-#include "crypto-ops.h"
-
-/* sqrt(x) is such an integer y that 0 <= y <= p - 1, y % 2 = 0, and y^2 = x (mod p). */
-/* d = -121665 / 121666 */
-const fe fe_d = {-10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116}; /* d */
-const fe fe_sqrtm1 = {-32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482}; /* sqrt(-1) */
-const fe fe_d2 = {-21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199}; /* 2 * d */
-
-/* base[i][j] = (j+1)*256^i*B */
-const ge_precomp ge_base[32][8] = {
- {
- {{25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605},
- {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378},
- {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546}},
- {{-12815894, -12976347, -21581243, 11784320, -25355658, -2750717, -11717903, -3814571, -358445, -10211303},
- {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005, -15616551, 11189268, -26829678, -5319081},
- {26966642, 11152617, 32442495, 15396054, 14353839, -12752335, -3128826, -9541118, -15472047, -4166697}},
- {{15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024},
- {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574},
- {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357}},
- {{-17036878, 13921892, 10945806, -6033431, 27105052, -16084379, -28926210, 15006023, 3284568, -6276540},
- {23599295, -8306047, -11193664, -7687416, 13236774, 10506355, 7464579, 9656445, 13059162, 10374397},
- {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, -3839045, -641708, -101325}},
- {{10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380},
- {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306},
- {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942}},
- {{-15371964, -12862754, 32573250, 4720197, -26436522, 5875511, -19188627, -15224819, -9818940, -12085777},
- {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, -15689887, 1762328, 14866737},
- {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101, -28236412, 3959421, 27914454, 4383652}},
- {{5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766},
- {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701},
- {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300}},
- {{14499471, -2729599, -33191113, -4254652, 28494862, 14271267, 30290735, 10876454, -33154098, 2381726},
- {-7195431, -2655363, -14730155, 462251, -27724326, 3941372, -6236617, 3696005, -32300832, 15351955},
- {27431194, 8222322, 16448760, -3907995, -18707002, 11938355, -32961401, -2970515, 29551813, 10109425}}
- }, {
- {{-13657040, -13155431, -31283750, 11777098, 21447386, 6519384, -2378284, -1627556, 10092783, -4764171},
- {27939166, 14210322, 4677035, 16277044, -22964462, -12398139, -32508754, 12005538, -17810127, 12803510},
- {17228999, -15661624, -1233527, 300140, -1224870, -11714777, 30364213, -9038194, 18016357, 4397660}},
- {{-10958843, -7690207, 4776341, -14954238, 27850028, -15602212, -26619106, 14544525, -17477504, 982639},
- {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, -4120128, -21047696, 9934963},
- {5793303, 16271923, -24131614, -10116404, 29188560, 1206517, -14747930, 4559895, -30123922, -10897950}},
- {{-27643952, -11493006, 16282657, -11036493, 28414021, -15012264, 24191034, 4541697, -13338309, 5500568},
- {12650548, -1497113, 9052871, 11355358, -17680037, -8400164, -17430592, 12264343, 10874051, 13524335},
- {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, 5080568, -22528059, 5376628}},
- {{-26088264, -4011052, -17013699, -3537628, -6726793, 1920897, -22321305, -9447443, 4535768, 1569007},
- {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819, -30494562, 3044290, 31848280, 12543772},
- {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203, -27377195, -2062731, 7718482, 14474653}},
- {{2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, -7236665, 24316168, -5253567},
- {13741529, 10911568, -33233417, -8603737, -20177830, -1033297, 33040651, -13424532, -20729456, 8321686},
- {21060490, -2212744, 15712757, -4336099, 1639040, 10656336, 23845965, -11874838, -9984458, 608372}},
- {{-13672732, -15087586, -10889693, -7557059, -6036909, 11305547, 1123968, -6780577, 27229399, 23887},
- {-23244140, -294205, -11744728, 14712571, -29465699, -2029617, 12797024, -6440308, -1633405, 16678954},
- {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805, -1508144, -4795045, -17169265, 4904953}},
- {{24059557, 14617003, 19037157, -15039908, 19766093, -14906429, 5169211, 16191880, 2128236, -4326833},
- {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247, -29806336, 916033, -6882542, -2986532},
- {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175, 285431, 2763829, 15736322, 4143876}},
- {{2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, -14594663, 23527084, -16458268},
- {33431127, -11130478, -17838966, -15626900, 8909499, 8376530, -32625340, 4087881, -15188911, -14416214},
- {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, 4357868, -4774191, -16323038}}
- }, {
- {{6721966, 13833823, -23523388, -1551314, 26354293, -11863321, 23365147, -3949732, 7390890, 2759800},
- {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, -4264057, 1244380, -12919645},
- {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, 9208236, 15886429, 16489664}},
- {{1996075, 10375649, 14346367, 13311202, -6874135, -16438411, -13693198, 398369, -30606455, -712933},
- {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363, 13348553, 12076947, -30836462, 5113182},
- {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344, -30341101, -7336386, 13847711, 5387222}},
- {{-18582163, -3416217, 17824843, -2340966, 22744343, -10442611, 8763061, 3617786, -19600662, 10370991},
- {20246567, -14369378, 22358229, -543712, 18507283, -10413996, 14554437, -8746092, 32232924, 16763880},
- {9648505, 10094563, 26416693, 14745928, -30374318, -6472621, 11094161, 15689506, 3140038, -16510092}},
- {{-16160072, 5472695, 31895588, 4744994, 8823515, 10365685, -27224800, 9448613, -28774454, 366295},
- {19153450, 11523972, -11096490, -6503142, -24647631, 5420647, 28344573, 8041113, 719605, 11671788},
- {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, -15266516, 27000813, -10195553}},
- {{-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, 5336097, 6750977, -14521026},
- {11836410, -3979488, 26297894, 16080799, 23455045, 15735944, 1695823, -8819122, 8169720, 16220347},
- {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763, -11144307, -2627664, -5990708, -14166033}},
- {{-23308498, -10968312, 15213228, -10081214, -30853605, -11050004, 27884329, 2847284, 2655861, 1738395},
- {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821, 21651608, -3239336, -19087449, -11005278},
- {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, 10478196, 8544890}},
- {{32173121, -16129311, 24896207, 3921497, 22579056, -3410854, 19270449, 12217473, 17789017, -3395995},
- {-30552961, -2228401, -15578829, -10147201, 13243889, 517024, 15479401, -3853233, 30460520, 1052596},
- {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687, 27491595, -4612359, 3179268, -9478891}},
- {{31947069, -14366651, -4640583, -15339921, -15125977, -6039709, -14756777, -16411740, 19072640, -9511060},
- {11685058, 11822410, 3158003, -13952594, 33402194, -4165066, 5977896, -5215017, 473099, 5040608},
- {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760, 28326862, 1721092, -19558642, -3131606}}
- }, {
- {{7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, 8076149, -27868496, 11538389},
- {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211, 8754525, 7446702, -5676054, 5797016},
- {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199, 2014099, -9050574, -2369172, -5877341}},
- {{-22472376, -11568741, -27682020, 1146375, 18956691, 16640559, 1192730, -3714199, 15123619, 10811505},
- {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, 15776356, -28886779, -11974553},
- {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569, -20654173, -16484855, 4714547, -9600655}},
- {{15200332, 8368572, 19679101, 15970074, -31872674, 1959451, 24611599, -4543832, -11745876, 12340220},
- {12876937, -10480056, 33134381, 6590940, -6307776, 14872440, 9613953, 8241152, 15370987, 9608631},
- {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, 15866074, -28210621, -8814099}},
- {{26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, 858697, 20571223, 8420556},
- {14620715, 13067227, -15447274, 8264467, 14106269, 15080814, 33531827, 12516406, -21574435, -12476749},
- {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, 7256740, 8791136, 15069930}},
- {{1276410, -9371918, 22949635, -16322807, -23493039, -5702186, 14711875, 4874229, -30663140, -2331391},
- {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, -7912378, -33069337, 9234253},
- {20590503, -9018988, 31529744, -7352666, -2706834, 10650548, 31559055, -11609587, 18979186, 13396066}},
- {{24474287, 4968103, 22267082, 4407354, 24063882, -8325180, -18816887, 13594782, 33514650, 7021958},
- {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421, -25948728, -3916677, -21480480, 12868082},
- {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208, -21446107, 2244500, -12455797, -8089383}},
- {{-30595528, 13793479, -5852820, 319136, -25723172, -6263899, 33086546, 8957937, -15233648, 5540521},
- {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908, -23710744, -1568984, -16128528, -14962807},
- {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, 892185, -11513277, -15205948}},
- {{9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, 4763127, -19179614, 5867134},
- {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500, 27846559, 5931263, -29749703, -16108455},
- {27461885, -2977536, 22380810, 1815854, -23033753, -3031938, 7283490, -15148073, -19526700, 7734629}}
- }, {
- {{-8010264, -9590817, -11120403, 6196038, 29344158, -13430885, 7585295, -3176626, 18549497, 15302069},
- {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381, 10458790, -6418461, -8872242, 8424746},
- {24687205, 8613276, -30667046, -3233545, 1863892, -1830544, 19206234, 7134917, -11284482, -828919}},
- {{11334899, -9218022, 8025293, 12707519, 17523892, -10476071, 10243738, -14685461, -5066034, 16498837},
- {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, -14124238, 6536641, 10543906},
- {-28946384, 15479763, -17466835, 568876, -1497683, 11223454, -2669190, -16625574, -27235709, 8876771}},
- {{-25742899, -12566864, -15649966, -846607, -33026686, -796288, -33481822, 15824474, -604426, -9039817},
- {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, -4890037, 1657394, 3084098},
- {10477963, -7470260, 12119566, -13250805, 29016247, -5365589, 31280319, 14396151, -30233575, 15272409}},
- {{-12288309, 3169463, 28813183, 16658753, 25116432, -5630466, -25173957, -12636138, -25014757, 1950504},
- {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630, -8384306, -8767532, 15341279, 8373727},
- {28685821, 7759505, -14378516, -12002860, -31971820, 4079242, 298136, -10232602, -2878207, 15190420}},
- {{-32932876, 13806336, -14337485, -15794431, -24004620, 10940928, 8669718, 2742393, -26033313, -6875003},
- {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854, 9291594, -16247779, -12154742, 6048605},
- {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, 11213262, 9168384}},
- {{-26280513, 11007847, 19408960, -940758, -18592965, -4328580, -5088060, -11105150, 20470157, -16398701},
- {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560, -22783952, 14461608, 14042978, 5230683},
- {29969567, -2741594, -16711867, -8552442, 9175486, -2468974, 21556951, 3506042, -5933891, -12449708}},
- {{-3144746, 8744661, 19704003, 4581278, -20430686, 6830683, -21284170, 8971513, -28539189, 15326563},
- {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669, -15523050, 15300988, -20514118, 9168260},
- {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939, -28948358, 9601605, 33087103, -9011387}},
- {{-19443170, -15512900, -20797467, -12445323, -29824447, 10229461, -27444329, -15000531, -5996870, 15664672},
- {23294591, -16632613, -22650781, -8470978, 27844204, 11461195, 13099750, -2460356, 18151676, 13417686},
- {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065, 1661597, -12551441, 15271676, -15452665}}
- }, {
- {{11433042, -13228665, 8239631, -5279517, -1985436, -725718, -18698764, 2167544, -6921301, -13440182},
- {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379, -9917708, -8638997, 12215110, 12028277},
- {14098400, 6555944, 23007258, 5757252, -15427832, -12950502, 30123440, 4617780, -16900089, -655628}},
- {{-4026201, -15240835, 11893168, 13718664, -14809462, 1847385, -15819999, 10154009, 23973261, -12684474},
- {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355, 18341390, -11419951, 32013174, -10103539},
- {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104, 21911214, 6354752, 4425632, -837822}},
- {{-10433389, -14612966, 22229858, -3091047, -13191166, 776729, -17415375, -12020462, 4725005, 14044970},
- {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, -1411784, -19522291, -16109756},
- {-24864089, 12986008, -10898878, -5558584, -11312371, -148526, 19541418, 8180106, 9282262, 10282508}},
- {{-26205082, 4428547, -8661196, -13194263, 4098402, -14165257, 15522535, 8372215, 5542595, -10702683},
- {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360, -2781891, 6993761, -18093885, 10114655},
- {-20107055, -929418, 31422704, 10427861, -7110749, 6150669, -29091755, -11529146, 25953725, -106158}},
- {{-4234397, -8039292, -9119125, 3046000, 2101609, -12607294, 19390020, 6094296, -3315279, 12831125},
- {-15998678, 7578152, 5310217, 14408357, -33548620, -224739, 31575954, 6326196, 7381791, -2421839},
- {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640, 6295303, 8082724, -15362489, 12339664}},
- {{27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, 15768922, 25091167, 14856294},
- {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, -12695493, -22182473, -9012899},
- {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039, -27260765, 13866390, 30146206, 9142070}},
- {{3924129, -15307516, -13817122, -10054960, 12291820, -668366, -27702774, 9326384, -8237858, 4171294},
- {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944, 26396185, 3731949, 345228, -5462949},
- {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387, 2031539, -12391231, -16253183, -13582083}},
- {{31016211, -16722429, 26371392, -14451233, -5027349, 14854137, 17477601, 3842657, 28012650, -16405420},
- {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560, -9189873, 16292057, -8867157, 3507940},
- {29439664, 3537914, 23333589, 6997794, -17555561, -11018068, -15209202, -15051267, -9164929, 6580396}}
- }, {
- {{-12185861, -7679788, 16438269, 10826160, -8696817, -6235611, 17860444, -9273846, -2095802, 9304567},
- {20714564, -4336911, 29088195, 7406487, 11426967, -5095705, 14792667, -14608617, 5289421, -477127},
- {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462, 17271490, 12349094, 26939669, -3752294}},
- {{-12889898, 9373458, 31595848, 16374215, 21471720, 13221525, -27283495, -12348559, -3698806, 117887},
- {22263325, -6560050, 3984570, -11174646, -15114008, -566785, 28311253, 5358056, -23319780, 541964},
- {16259219, 3261970, 2309254, -15534474, -16885711, -4581916, 24134070, -16705829, -13337066, -13552195}},
- {{9378160, -13140186, -22845982, -12745264, 28198281, -7244098, -2399684, -717351, 690426, 14876244},
- {24977353, -314384, -8223969, -13465086, 28432343, -1176353, -13068804, -12297348, -22380984, 6618999},
- {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193, 8044829, -13817328, 32239829, -5652762}},
- {{-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, -10350059, 32779359, 5095274},
- {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423, -24601656, 14506724, 21639561, -2630236},
- {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318, -1289502, -6863535, 17874574, 558605}},
- {{-13600129, 10240081, 9171883, 16131053, -20869254, 9599700, 33499487, 5080151, 2085892, 5119761},
- {-22205145, -2519528, -16381601, 414691, -25019550, 2170430, 30634760, -8363614, -31999993, -5759884},
- {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256, 27534430, -7192145, -22351378, 12961482}},
- {{-24492060, -9570771, 10368194, 11582341, -23397293, -2245287, 16533930, 8206996, -30194652, -5159638},
- {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, 7031275, 7589640, 8945490},
- {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393, 7251489, -11182180, 24099109, -14456170}},
- {{5019558, -7907470, 4244127, -14714356, -26933272, 6453165, -19118182, -13289025, -6231896, -10280736},
- {10853594, 10721687, 26480089, 5861829, -22995819, 1972175, -1866647, -10557898, -3363451, -6441124},
- {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, -2008168, -13866408, 7421392}},
- {{8139927, -6546497, 32257646, -5890546, 30375719, 1886181, -21175108, 15441252, 28826358, -4123029},
- {6267086, 9695052, 7709135, -16603597, -32869068, -1886135, 14795160, -7840124, 13746021, -1742048},
- {28584902, 7787108, -6732942, -15050729, 22846041, -7571236, -3181936, -363524, 4771362, -8419958}}
- }, {
- {{24949256, 6376279, -27466481, -8174608, -18646154, -9930606, 33543569, -12141695, 3569627, 11342593},
- {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, 4608608, 7325975, -14801071},
- {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312, -27400540, 10258390, -17646694, -8186692}},
- {{11431204, 15823007, 26570245, 14329124, 18029990, 4796082, -31446179, 15580664, 9280358, -3973687},
- {-160783, -10326257, -22855316, -4304997, -20861367, -13621002, -32810901, -11181622, -15545091, 4387441},
- {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370, -24513992, 8548137, 20617071, -7482001}},
- {{-938825, -3930586, -8714311, 16124718, 24603125, -6225393, -13775352, -11875822, 24345683, 10325460},
- {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528, 16318175, -1010689, 4766743, 3552007},
- {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, 14481909, 10988822, -3994762}},
- {{15564307, -14311570, 3101243, 5684148, 30446780, -8051356, 12677127, -6505343, -8295852, 13296005},
- {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379, 31521204, 9614054, -30000824, 12074674},
- {4771191, -135239, 14290749, -13089852, 27992298, 14998318, -1413936, -1556716, 29832613, -16391035}},
- {{7064884, -7541174, -19161962, -5067537, -18891269, -2912736, 25825242, 5293297, -27122660, 13101590},
- {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445, 32512469, -5317593, -30356070, -4190957},
- {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044, 14413974, 9515896, 19568978, 9628812}},
- {{33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, -6106839, -6291786, 3437740},
- {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290, -22961733, 70104, 7463304, 4176122},
- {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117, -32719404, -5322751, 24216882, 5944158}},
- {{8894125, 7450974, -2664149, -9765752, -28080517, -12389115, 19345746, 14680796, 11632993, 5847885},
- {26942781, -2315317, 9129564, -4906607, 26024105, 11769399, -11518837, 6367194, -9727230, 4782140},
- {19916461, -4828410, -22910704, -11414391, 25606324, -5972441, 33253853, 8220911, 6358847, -1873857}},
- {{801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, -4480480, -13538503, 1387155},
- {19646058, 5720633, -11416706, 12814209, 11607948, 12749789, 14147075, 15156355, -21866831, 11835260},
- {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, -26560550, 5052483}}
- }, {
- {{-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, -12618185, 12228557, -7003677},
- {32944382, 14922211, -22844894, 5188528, 21913450, -8719943, 4001465, 13238564, -6114803, 8653815},
- {22865569, -4652735, 27603668, -12545395, 14348958, 8234005, 24808405, 5719875, 28483275, 2841751}},
- {{-16420968, -1113305, -327719, -12107856, 21886282, -15552774, -1887966, -315658, 19932058, -12739203},
- {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912, 3999228, 13239134, -4777469, -13910208},
- {1382174, -11694719, 17266790, 9194690, -13324356, 9720081, 20403944, 11284705, -14013818, 3093230}},
- {{16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, 16271225, -24049421, -6691850},
- {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293, 24123614, 15193618, -21652117, -16739389},
- {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484, 31870908, 14690798, 17361620, 11864968}},
- {{-11307610, 6210372, 13206574, 5806320, -29017692, -13967200, -12331205, -7486601, -25578460, -16240689},
- {14668462, -12270235, 26039039, 15305210, 25515617, 4542480, 10453892, 6577524, 9145645, -6443880},
- {5974874, 3053895, -9433049, -10385191, -31865124, 3225009, -7972642, 3936128, -5652273, -3050304}},
- {{30625386, -4729400, -25555961, -12792866, -20484575, 7695099, 17097188, -16303496, -27999779, 1803632},
- {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700, 14911344, 12196514, -21405489, 7047412},
- {20093277, 9920966, -11138194, -5343857, 13161587, 12044805, -32856851, 4124601, -32343828, -10257566}},
- {{-20788824, 14084654, -13531713, 7842147, 19119038, -13822605, 4752377, -8714640, -21679658, 2288038},
- {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457, 29457502, 14625692, -24819617, 12570232},
- {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109, -21159943, -3498680, -11974704, 4724943}},
- {{17960970, -11775534, -4140968, -9702530, -8876562, -1410617, -12907383, -8659932, -29576300, 1903856},
- {23134274, -14279132, -10681997, -1611936, 20684485, 15770816, -12989750, 3190296, 26955097, 14109738},
- {15308788, 5320727, -30113809, -14318877, 22902008, 7767164, 29425325, -11277562, 31960942, 11934971}},
- {{-27395711, 8435796, 4109644, 12222639, -24627868, 14818669, 20638173, 4875028, 10491392, 1379718},
- {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801, 33518459, 16176658, 21432314, 12180697},
- {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205, 1465425, 12689540, -10301319, -13872883}}
- }, {
- {{5414091, -15386041, -21007664, 9643570, 12834970, 1186149, -2622916, -1342231, 26128231, 6032912},
- {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156, 3604025, 8316894, -25875034, -10437358},
- {3296484, 6223048, 24680646, -12246460, -23052020, 5903205, -8862297, -4639164, 12376617, 3188849}},
- {{29190488, -14659046, 27549113, -1183516, 3520066, -10697301, 32049515, -7309113, -16109234, -9852307},
- {-14744486, -9309156, 735818, -598978, -20407687, -5057904, 25246078, -15795669, 18640741, -960977},
- {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252, -31638386, -494430, 10530747, 1053335}},
- {{-29265967, -14186805, -13538216, -12117373, -19457059, -10655384, -31462369, -2948985, 24018831, 15026644},
- {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631, 25310643, 13003497, -2314791, -15145616},
- {-27419985, -603321, -8043984, -1669117, -26092265, 13987819, -27297622, 187899, -23166419, -2531735}},
- {{-21744398, -13810475, 1844840, 5021428, -10434399, -15911473, 9716667, 16266922, -5070217, 726099},
- {29370922, -6053998, 7334071, -15342259, 9385287, 2247707, -13661962, -4839461, 30007388, -15823341},
- {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, 730663, 9835848, 4555336}},
- {{-23376435, 1410446, -22253753, -12899614, 30867635, 15826977, 17693930, 544696, -11985298, 12422646},
- {31117226, -12215734, -13502838, 6561947, -9876867, -12757670, -5118685, -4096706, 29120153, 13924425},
- {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820, -9383939, -11317700, 7240931, -237388}},
- {{-31361739, -11346780, -15007447, -5856218, -22453340, -12152771, 1222336, 4389483, 3293637, -15551743},
- {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533, -24319580, 7733547, 12796905, -6335822},
- {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811, -28253339, 3647836, 3222231, -11160462}},
- {{18606113, 1693100, -25448386, -15170272, 4112353, 10045021, 23603893, -2048234, -7550776, 2484985},
- {9255317, -3131197, -12156162, -1004256, 13098013, -9214866, 16377220, -2102812, -19802075, -3034702},
- {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502, -31718148, 9936966, -30097688, -10618797}},
- {{21878590, -5001297, 4338336, 13643897, -3036865, 13160960, 19708896, 5415497, -7360503, -4109293},
- {27736861, 10103576, 12500508, 8502413, -3413016, -9633558, 10436918, -1550276, -23659143, -8132100},
- {19492550, -12104365, -29681976, -852630, -3208171, 12403437, 30066266, 8367329, 13243957, 8709688}}
- }, {
- {{12015105, 2801261, 28198131, 10151021, 24818120, -4743133, -11194191, -5645734, 5150968, 7274186},
- {2831366, -12492146, 1478975, 6122054, 23825128, -12733586, 31097299, 6083058, 31021603, -9793610},
- {-2529932, -2229646, 445613, 10720828, -13849527, -11505937, -23507731, 16354465, 15067285, -14147707}},
- {{7840942, 14037873, -33364863, 15934016, -728213, -3642706, 21403988, 1057586, -19379462, -12403220},
- {915865, -16469274, 15608285, -8789130, -24357026, 6060030, -17371319, 8410997, -7220461, 16527025},
- {32922597, -556987, 20336074, -16184568, 10903705, -5384487, 16957574, 52992, 23834301, 6588044}},
- {{32752030, 11232950, 3381995, -8714866, 22652988, -10744103, 17159699, 16689107, -20314580, -1305992},
- {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943, 7924251, -2752281, 1976123, -7249027},
- {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, -3371252, 12331345, -8237197}},
- {{8651614, -4477032, -16085636, -4996994, 13002507, 2950805, 29054427, -5106970, 10008136, -4667901},
- {31486080, 15114593, -14261250, 12951354, 14369431, -7387845, 16347321, -13662089, 8684155, -10532952},
- {19443825, 11385320, 24468943, -9659068, -23919258, 2187569, -26263207, -6086921, 31316348, 14219878}},
- {{-28594490, 1193785, 32245219, 11392485, 31092169, 15722801, 27146014, 6992409, 29126555, 9207390},
- {32382935, 1110093, 18477781, 11028262, -27411763, -7548111, -4980517, 10843782, -7957600, -14435730},
- {2814918, 7836403, 27519878, -7868156, -20894015, -11553689, -21494559, 8550130, 28346258, 1994730}},
- {{-19578299, 8085545, -14000519, -3948622, 2785838, -16231307, -19516951, 7174894, 22628102, 8115180},
- {-30405132, 955511, -11133838, -15078069, -32447087, -13278079, -25651578, 3317160, -9943017, 930272},
- {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177, 24091212, -1388970, -22765376, -10650715}},
- {{-22751231, -5303997, -12907607, -12768866, -15811511, -7797053, -14839018, -16554220, -1867018, 8398970},
- {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670, 22981545, -6291273, 18009408, -15772772},
- {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469, 29551787, -3727419, 19288549, 1325865}},
- {{15100157, -15835752, -23923978, -1005098, -26450192, 15509408, 12376730, -3479146, 33166107, -8042750},
- {20909231, 13023121, -9209752, 16251778, -5778415, -8094914, 12412151, 10018715, 2213263, -13878373},
- {32529814, -11074689, 30361439, -16689753, -9135940, 1513226, 22922121, 6382134, -5766928, 8371348}}
- }, {
- {{9923462, 11271500, 12616794, 3544722, -29998368, -1721626, 12891687, -8193132, -26442943, 10486144},
- {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, 2610596, -23921530, -11455195},
- {5408411, -1136691, -4969122, 10561668, 24145918, 14240566, 31319731, -4235541, 19985175, -3436086}},
- {{-13994457, 16616821, 14549246, 3341099, 32155958, 13648976, -17577068, 8849297, 65030, 8370684},
- {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277, -19442942, 6922164, 12743482, -9800518},
- {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717, 23783145, 11038569, 18800704, 255233}},
- {{-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, 9066957, 19258688, -14753793},
- {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541, -31934921, 2209390, -1524053, 2055794},
- {580882, 16705327, 5468415, -2683018, -30926419, -14696000, -7203346, -8994389, -30021019, 7394435}},
- {{23838809, 1822728, -15738443, 15242727, 8318092, -3733104, -21672180, -3492205, -4821741, 14799921},
- {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, 13496856, -9056018, 7402518},
- {2286874, -4435931, -20042458, -2008336, -13696227, 5038122, 11006906, -15760352, 8205061, 1607563}},
- {{14414086, -8002132, 3331830, -3208217, 22249151, -5594188, 18364661, -2906958, 30019587, -9029278},
- {-27688051, 1585953, -10775053, 931069, -29120221, -11002319, -14410829, 12029093, 9944378, 8024},
- {4368715, -3709630, 29874200, -15022983, -20230386, -11410704, -16114594, -999085, -8142388, 5640030}},
- {{10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, -16694564, 15219798, -14327783},
- {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, -1173195, -18342183, 9742717},
- {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, 7406442, 12420155, 1994844}},
- {{14012521, -5024720, -18384453, -9578469, -26485342, -3936439, -13033478, -10909803, 24319929, -6446333},
- {16412690, -4507367, 10772641, 15929391, -17068788, -4658621, 10555945, -10484049, -30102368, -4739048},
- {22397382, -7767684, -9293161, -12792868, 17166287, -9755136, -27333065, 6199366, 21880021, -12250760}},
- {{-4283307, 5368523, -31117018, 8163389, -30323063, 3209128, 16557151, 8890729, 8840445, 4957760},
- {-15447727, 709327, -6919446, -10870178, -29777922, 6522332, -21720181, 12130072, -14796503, 5005757},
- {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752, 10183197, -13239326, -16395286, -2176112}}
- }, {
- {{-19025756, 1632005, 13466291, -7995100, -23640451, 16573537, -32013908, -3057104, 22208662, 2000468},
- {3065073, -1412761, -25598674, -361432, -17683065, -5703415, -8164212, 11248527, -3691214, -7414184},
- {10379208, -6045554, 8877319, 1473647, -29291284, -12507580, 16690915, 2553332, -3132688, 16400289}},
- {{15716668, 1254266, -18472690, 7446274, -8448918, 6344164, -22097271, -7285580, 26894937, 9132066},
- {24158887, 12938817, 11085297, -8177598, -28063478, -4457083, -30576463, 64452, -6817084, -2692882},
- {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, -3418511, -4688006, 2364226}},
- {{16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, -11697457, 15445875, -7798101},
- {29004207, -7867081, 28661402, -640412, -12794003, -7943086, 31863255, -4135540, -278050, -15759279},
- {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829, 10343412, -6976290, -29828287, -10815811}},
- {{27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, 15372179, 17293797, 960709},
- {20263915, 11434237, -5765435, 11236810, 13505955, -10857102, -16111345, 6493122, -19384511, 7639714},
- {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699, 18006287, -16043750, 29994677, -15808121}},
- {{9769828, 5202651, -24157398, -13631392, -28051003, -11561624, -24613141, -13860782, -31184575, 709464},
- {12286395, 13076066, -21775189, -1176622, -25003198, 4057652, -32018128, -8890874, 16102007, 13205847},
- {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, 8525972, 10151379, 10394400}},
- {{4024660, -16137551, 22436262, 12276534, -9099015, -2686099, 19698229, 11743039, -33302334, 8934414},
- {-15879800, -4525240, -8580747, -2934061, 14634845, -698278, -9449077, 3137094, -11536886, 11721158},
- {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, 8835153, -9205489, -1280045}},
- {{-461409, -7830014, 20614118, 16688288, -7514766, -4807119, 22300304, 505429, 6108462, -6183415},
- {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642, 29880583, -13483331, -26898490, -7867459},
- {-31975283, 5726539, 26934134, 10237677, -3173717, -605053, 24199304, 3795095, 7592688, -14992079}},
- {{21594432, -14964228, 17466408, -4077222, 32537084, 2739898, 6407723, 12018833, -28256052, 4298412},
- {-20650503, -11961496, -27236275, 570498, 3767144, -1717540, 13891942, -1569194, 13717174, 10805743},
- {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568, -796431, 14860609, -26938930, -5863836}}
- }, {
- {{12962541, 5311799, -10060768, 11658280, 18855286, -7954201, 13286263, -12808704, -4381056, 9882022},
- {18512079, 11319350, -20123124, 15090309, 18818594, 5271736, -22727904, 3666879, -23967430, -3299429},
- {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114, -10084880, -6661110, -2403099, 5276065}},
- {{30169808, -5317648, 26306206, -11750859, 27814964, 7069267, 7152851, 3684982, 1449224, 13082861},
- {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, -21016438, -8202000},
- {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665, -26171976, 6482814, -10300080, -11060101}},
- {{32869458, -5408545, 25609743, 15678670, -10687769, -15471071, 26112421, 2521008, -22664288, 6904815},
- {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, 3841096, -29003639, -6657642},
- {10340844, -6630377, -18656632, -2278430, 12621151, -13339055, 30878497, -11824370, -25584551, 5181966}},
- {{25940115, -12658025, 17324188, -10307374, -8671468, 15029094, 24396252, -16450922, -2322852, -12388574},
- {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, 12641087, 20603771, -6561742},
- {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874, 1925523, 11914390, 4662781, 7820689}},
- {{12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, 12172924, 16136752, 15264020},
- {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780, 10658213, 6671822, 19012087, 3772772},
- {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, -15762884, 20527771, 12988982}},
- {{-14822485, -5797269, -3707987, 12689773, -898983, -10914866, -24183046, -10564943, 3299665, -12424953},
- {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, 6461331, -25583147, 8991218},
- {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991, -32948145, 7417950, -30242287, 1507265}},
- {{29692663, 6829891, -10498800, 4334896, 20945975, -11906496, -28887608, 8209391, 14606362, -10647073},
- {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, 9761487, 4170404, -2085325},
- {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046, 22186522, 16002000, -14276837, -8400798}},
- {{-4811456, 13761029, -31703877, -2483919, -3312471, 7869047, -7113572, -9620092, 13240845, 10965870},
- {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166, 4498947, 14147411, 29514390, 4302863},
- {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368, -5061276, -2144373, 17846988, -13971927}}
- }, {
- {{-2244452, -754728, -4597030, -1066309, -6247172, 1455299, -21647728, -9214789, -5222701, 12650267},
- {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, 13770293, -19134326, 10958663},
- {22470984, 12369526, 23446014, -5441109, -21520802, -9698723, -11772496, -11574455, -25083830, 4271862}},
- {{-25169565, -10053642, -19909332, 15361595, -5984358, 2159192, 75375, -4278529, -32526221, 8469673},
- {15854970, 4148314, -8893890, 7259002, 11666551, 13824734, -30531198, 2697372, 24154791, -9460943},
- {15446137, -15806644, 29759747, 14019369, 30811221, -9610191, -31582008, 12840104, 24913809, 9815020}},
- {{-4709286, -5614269, -31841498, -12288893, -14443537, 10799414, -9103676, 13438769, 18735128, 9466238},
- {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, -10896103, -22728655, 16199064},
- {14576810, 379472, -26786533, -8317236, -29426508, -10812974, -102766, 1876699, 30801119, 2164795}},
- {{15995086, 3199873, 13672555, 13712240, -19378835, -4647646, -13081610, -15496269, -13492807, 1268052},
- {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475, -3470338, -12600221, -17055369, 3565904},
- {29210088, -9419337, -5919792, -4952785, 10834811, -13327726, -16512102, -10820713, -27162222, -14030531}},
- {{-13161890, 15508588, 16663704, -8156150, -28349942, 9019123, -29183421, -3769423, 2244111, -14001979},
- {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434, -25673088, -16180800, 13491506, 4641841},
- {10813417, 643330, -19188515, -728916, 30292062, -16600078, 27548447, -7721242, 14476989, -12767431}},
- {{10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, -1644259, -27912810, 12651324},
- {-31185513, -813383, 22271204, 11835308, 10201545, 15351028, 17099662, 3988035, 21721536, -3148940},
- {10202177, -6545839, -31373232, -9574638, -32150642, -8119683, -12906320, 3852694, 13216206, 14842320}},
- {{-15815640, -10601066, -6538952, -7258995, -6984659, -6581778, -31500847, 13765824, -27434397, 9900184},
- {14465505, -13833331, -32133984, -14738873, -27443187, 12990492, 33046193, 15796406, -7051866, -8040114},
- {30924417, -8279620, 6359016, -12816335, 16508377, 9071735, -25488601, 15413635, 9524356, -7018878}},
- {{12274201, -13175547, 32627641, -1785326, 6736625, 13267305, 5237659, -5109483, 15663516, 4035784},
- {-2951309, 8903985, 17349946, 601635, -16432815, -4612556, -13732739, -15889334, -22258478, 4659091},
- {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498, 5736189, 15026997, -2178256, -13455585}}
- }, {
- {{-8858980, -2219056, 28571666, -10155518, -474467, -10105698, -3801496, 278095, 23440562, -290208},
- {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, 11551483, -16571960, -7442864},
- {17932739, -12437276, -24039557, 10749060, 11316803, 7535897, 22503767, 5561594, -3646624, 3898661}},
- {{7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, 7152530, 21831162, 1245233},
- {26958459, -14658026, 4314586, 8346991, -5677764, 11960072, -32589295, -620035, -30402091, -16716212},
- {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, -22338025, 13987525}},
- {{-24349909, 7778775, 21116000, 15572597, -4833266, -5357778, -4300898, -5124639, -7469781, -2858068},
- {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, 6439245, -14581012, 4091397},
- {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623, -19622683, 12092163, 29077877, -14741988}},
- {{5269168, -6859726, -13230211, -8020715, 25932563, 1763552, -5606110, -5505881, -20017847, 2357889},
- {32264008, -15407652, -5387735, -1160093, -2091322, -3946900, 23104804, -12869908, 5727338, 189038},
- {14609123, -8954470, -6000566, -16622781, -14577387, -7743898, -26745169, 10942115, -25888931, -14884697}},
- {{20513500, 5557931, -15604613, 7829531, 26413943, -2019404, -21378968, 7471781, 13913677, -5137875},
- {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227, -8940970, 14059180, 12878652, 8511905},
- {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908, -30223418, 6812974, 5568676, -3127656}},
- {{11630004, 12144454, 2116339, 13606037, 27378885, 15676917, -17408753, -13504373, -14395196, 8070818},
- {27117696, -10007378, -31282771, -5570088, 1127282, 12772488, -29845906, 10483306, -11552749, -1028714},
- {10637467, -5688064, 5674781, 1072708, -26343588, -6982302, -1683975, 9177853, -27493162, 15431203}},
- {{20525145, 10892566, -12742472, 12779443, -29493034, 16150075, -28240519, 14943142, -15056790, -7935931},
- {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, -3239766, -3356550, 9594024},
- {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, -6492290, 13352335, -10977084}},
- {{-1931799, -5407458, 3304649, -12884869, 17015806, -4877091, -29783850, -7752482, -13215537, -319204},
- {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, 15077870, -22750759, 14523817},
- {27406042, -6041657, 27423596, -4497394, 4996214, 10002360, -28842031, -4545494, -30172742, -4805667}}
- }, {
- {{11374242, 12660715, 17861383, -12540833, 10935568, 1099227, -13886076, -9091740, -27727044, 11358504},
- {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702, 32676003, 11149336, -26123651, 4985768},
- {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, 13794114, -19414307, -15621255}},
- {{6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, 6970005, -1691065, -9004790},
- {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, -5475723, -16796596, -5031438},
- {-22273315, -13524424, -64685, -4334223, -18605636, -10921968, -20571065, -7007978, -99853, -10237333}},
- {{17747465, 10039260, 19368299, -4050591, -20630635, -16041286, 31992683, -15857976, -29260363, -5511971},
- {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, -3744247, 4882242, -10626905},
- {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, 3272828, -5190932, -4162409}},
- {{12501286, 4044383, -8612957, -13392385, -32430052, 5136599, -19230378, -3529697, 330070, -3659409},
- {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, -8573892, -271295, 12071499},
- {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927, -32769618, 1936675, -5159697, 3829363}},
- {{28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, -6567787, 26333140, 14267664},
- {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312, 10004786, -8709488, -21761224, 8930324},
- {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919, 1541940, 4757911, -26491501, -16408940}},
- {{13537262, -7759490, -20604840, 10961927, -5922820, -13218065, -13156584, 6217254, -15943699, 13814990},
- {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, 9257833, -1956526, -1776914},
- {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556, -29171540, 12361135, -18685978, 4578290}},
- {{24579768, 3711570, 1342322, -11180126, -27005135, 14124956, -22544529, 14074919, 21964432, 8235257},
- {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420, -2981514, -1669206, 13006806, 2355433},
- {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083, 27202044, 1719366, 1141648, -12796236}},
- {{-12863944, -13219986, -8318266, -11018091, -6810145, -4843894, 13475066, -3133972, 32674895, 13715045},
- {11423335, -5468059, 32344216, 8962751, 24989809, 9241752, -13265253, 16086212, -28740881, -15642093},
- {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160, -11709148, 7791794, -27245943, 4383347}}
- }, {
- {{-28970898, 5271447, -1266009, -9736989, -12455236, 16732599, -4862407, -4906449, 27193557, 6245191},
- {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, 3260492, 22510453, 8577507},
- {-12632451, 11257346, -32692994, 13548177, -721004, 10879011, 31168030, 13952092, -29571492, -3635906}},
- {{3877321, -9572739, 32416692, 5405324, -11004407, -13656635, 3759769, 11935320, 5611860, 8164018},
- {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718, 32003002, -8832289, 5773085, -8422109},
- {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, 12376320, 31632953, 190926}},
- {{-24593607, -16138885, -8423991, 13378746, 14162407, 6901328, -8288749, 4508564, -25341555, -3627528},
- {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, -14786005, -1672488, 827625},
- {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080, -1800575, -14108036, -24878478, 1541286}},
- {{2901347, -1117687, 3880376, -10059388, -17620940, -3612781, -21802117, -3567481, 20456845, -1885033},
- {27019610, 12299467, -13658288, -1603234, -12861660, -4861471, -19540150, -5016058, 29439641, 15138866},
- {21536104, -6626420, -32447818, -10690208, -22408077, 5175814, -5420040, -16361163, 7779328, 109896}},
- {{30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, 12180118, 23177719, -554075},
- {26572847, 3405927, -31701700, 12890905, -19265668, 5335866, -6493768, 2378492, 4439158, -13279347},
- {-22716706, 3489070, -9225266, -332753, 18875722, -1140095, 14819434, -12731527, -17717757, -5461437}},
- {{-5056483, 16566551, 15953661, 3767752, -10436499, 15627060, -820954, 2177225, 8550082, -15114165},
- {-18473302, 16596775, -381660, 15663611, 22860960, 15585581, -27844109, -3582739, -23260460, -8428588},
- {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815, -22725137, 15860482, -21902570, 1494193}},
- {{-19562091, -14087393, -25583872, -9299552, 13127842, 759709, 21923482, 16529112, 8742704, 12967017},
- {-28464899, 1553205, 32536856, -10473729, -24691605, -406174, -8914625, -2933896, -29903758, 15553883},
- {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, 14513274, 19375923, -12647961}},
- {{8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, -6222716, 2862653, 9455043},
- {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, -2990080, 15511449, 4789663},
- {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736, -5754762, 108893, 23513200, 16652362}}
- }, {
- {{-33256173, 4144782, -4476029, -6579123, 10770039, -7155542, -6650416, -12936300, -18319198, 10212860},
- {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, 2600940, -9988298, -12506466},
- {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657, 11344424, 864440, -2499677, -16710063}},
- {{-26432803, 6148329, -17184412, -14474154, 18782929, -275997, -22561534, 211300, 2719757, 4940997},
- {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207, 21690126, 8518463, 26699843, 5276295},
- {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, 149635, -15452774, 7159369}},
- {{9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, 8312176, 22477218, -8403385},
- {18155857, -16504990, 19744716, 9006923, 15154154, -10538976, 24256460, -4864995, -22548173, 9334109},
- {2986088, -4911893, 10776628, -3473844, 10620590, -7083203, -21413845, 14253545, -22587149, 536906}},
- {{4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, 10589625, 10838060, -15420424},
- {-19342404, 867880, 9277171, -3218459, -14431572, -1986443, 19295826, -15796950, 6378260, 699185},
- {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, 15693155, -5045064, -13373962}},
- {{-7737563, -5869402, -14566319, -7406919, 11385654, 13201616, 31730678, -10962840, -3918636, -9669325},
- {10188286, -15770834, -7336361, 13427543, 22223443, 14896287, 30743455, 7116568, -21786507, 5427593},
- {696102, 13206899, 27047647, -10632082, 15285305, -9853179, 10798490, -4578720, 19236243, 12477404}},
- {{-11229439, 11243796, -17054270, -8040865, -788228, -8167967, -3897669, 11180504, -23169516, 7733644},
- {17800790, -14036179, -27000429, -11766671, 23887827, 3149671, 23466177, -10538171, 10322027, 15313801},
- {26246234, 11968874, 32263343, -5468728, 6830755, -13323031, -15794704, -101982, -24449242, 10890804}},
- {{-31365647, 10271363, -12660625, -6267268, 16690207, -13062544, -14982212, 16484931, 25180797, -5334884},
- {-586574, 10376444, -32586414, -11286356, 19801893, 10997610, 2276632, 9482883, 316878, 13820577},
- {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996, 30756178, -7515054, 30696930, -3712849}},
- {{32988917, -9603412, 12499366, 7910787, -10617257, -11931514, -7342816, -9985397, -32349517, 7392473},
- {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781, -30409476, -9134995, 25112947, -2926644},
- {-2504044, -436966, 25621774, -5678772, 15085042, -5479877, -24884878, -13526194, 5537438, -13914319}}
- }, {
- {{-11225584, 2320285, -9584280, 10149187, -33444663, 5808648, -14876251, -1729667, 31234590, 6090599},
- {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, 15878753, -6970405, -9034768},
- {-27757857, 247744, -15194774, -9002551, 23288161, -10011936, -23869595, 6503646, 20650474, 1804084}},
- {{-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, -10329713, 27842616, -202328},
- {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, -11375082, 12714369},
- {20807691, -7270825, 29286141, 11421711, -27876523, -13868230, -21227475, 1035546, -19733229, 12796920}},
- {{12076899, -14301286, -8785001, -11848922, -25012791, 16400684, -17591495, -12899438, 3480665, -15182815},
- {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545, -24363064, -15921875, -33374054, 2771025},
- {-21389266, 421932, 26597266, 6860826, 22486084, -6737172, -17137485, -4210226, -24552282, 15673397}},
- {{-20184622, 2338216, 19788685, -9620956, -4001265, -8740893, -20271184, 4733254, 3727144, -12934448},
- {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, 7975683, 31123697, -10958981},
- {30069250, -11435332, 30434654, 2958439, 18399564, -976289, 12296869, 9204260, -16432438, 9648165}},
- {{32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, 5248604, -26008332, -11377501},
- {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, 15298639, 2662509, -16297073},
- {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326, 32087529, -1222777, 32247248, -14389861}},
- {{14312628, 1221556, 17395390, -8700143, -4945741, -8684635, -28197744, -9637817, -16027623, -13378845},
- {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, 9803137, 17597934, 2346211},
- {18510800, 15337574, 26171504, 981392, -22241552, 7827556, -23491134, -11323352, 3059833, -11782870}},
- {{10141598, 6082907, 17829293, -1947643, 9830092, 13613136, -25556636, -5544586, -33502212, 3592096},
- {33114168, -15889352, -26525686, -13343397, 33076705, 8716171, 1151462, 1521897, -982665, -6837803},
- {-32939165, -4255815, 23947181, -324178, -33072974, -12305637, -16637686, 3891704, 26353178, 693168}},
- {{30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, -400668, 31375464, 14369965},
- {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728, 32732230, -13108839, 17901441, 16011505},
- {18171223, -11934626, -12500402, 15197122, -11038147, -15230035, -19172240, -16046376, 8764035, 12309598}}
- }, {
- {{5975908, -5243188, -19459362, -9681747, -11541277, 14015782, -23665757, 1228319, 17544096, -10593782},
- {5811932, -1715293, 3442887, -2269310, -18367348, -8359541, -18044043, -15410127, -5565381, 12348900},
- {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274, -24849353, 8141295, -10632534, -585479}},
- {{-12675304, 694026, -5076145, 13300344, 14015258, -14451394, -9698672, -11329050, 30944593, 1130208},
- {8247766, -6710942, -26562381, -7709309, -14401939, -14648910, 4652152, 2488540, 23550156, -271232},
- {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, -5908146, -408818, -137719}},
- {{16091085, -16253926, 18599252, 7340678, 2137637, -1221657, -3364161, 14550936, 3260525, -7166271},
- {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596, -23028869, -13204905, -12748722, 2701326},
- {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432, -10018363, 9276971, 11329923, 1862132}},
- {{14763076, -15903608, -30918270, 3689867, 3511892, 10313526, -21951088, 12219231, -9037963, -940300},
- {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, -2909717, -15438168, 11595570},
- {15214962, 3537601, -26238722, -14058872, 4418657, -15230761, 13947276, 10730794, -13489462, -4363670}},
- {{-2538306, 7682793, 32759013, 263109, -29984731, -7955452, -22332124, -10188635, 977108, 699994},
- {-12466472, 4195084, -9211532, 550904, -15565337, 12917920, 19118110, -439841, -30534533, -14337913},
- {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, -10051775, 12493932, -5409317}},
- {{-25680606, 5260744, -19235809, -6284470, -3695942, 16566087, 27218280, 2607121, 29375955, 6024730},
- {842132, -2794693, -4763381, -8722815, 26332018, -12405641, 11831880, 6985184, -9940361, 2854096},
- {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, 960770, 12121869, 16648078}},
- {{-15218652, 14667096, -13336229, 2013717, 30598287, -464137, -31504922, -7882064, 20237806, 2838411},
- {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604, 12544294, -13470457, 1068881, -12499905},
- {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596, -8486907, -2630053, 12521378, 4845654}},
- {{-28198521, 10744108, -2958380, 10199664, 7759311, -13088600, 3409348, -873400, -6482306, -12885870},
- {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172, 10477734, -1240216, -3113227, 13974498},
- {12966261, 15550616, -32038948, -1615346, 21025980, -629444, 5642325, 7188737, 18895762, 12629579}}
- }, {
- {{14741879, -14946887, 22177208, -11721237, 1279741, 8058600, 11758140, 789443, 32195181, 3895677},
- {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, -3566119, -8982069, 4429647},
- {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220, -7135870, -11642895, 18047436, -15281743}},
- {{-25173001, -11307165, 29759956, 11776784, -22262383, -15820455, 10993114, -12850837, -17620701, -9408468},
- {21987233, 700364, -24505048, 14972008, -7774265, -5718395, 32155026, 2581431, -29958985, 8773375},
- {-25568350, 454463, -13211935, 16126715, 25240068, 8594567, 20656846, 12017935, -7874389, -13920155}},
- {{6028182, 6263078, -31011806, -11301710, -818919, 2461772, -31841174, -5468042, -1721788, -2776725},
- {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, -4166698, 28408820, 6816612},
- {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817, 20613181, 13982702, -10339570, 5067943}},
- {{-30505967, -3821767, 12074681, 13582412, -19877972, 2443951, -19719286, 12746132, 5331210, -10105944},
- {30528811, 3601899, -1957090, 4619785, -27361822, -15436388, 24180793, -12570394, 27679908, -1648928},
- {9402404, -13957065, 32834043, 10838634, -26580150, -13237195, 26653274, -8685565, 22611444, -12715406}},
- {{22190590, 1118029, 22736441, 15130463, -30460692, -5991321, 19189625, -4648942, 4854859, 6622139},
- {-8310738, -2953450, -8262579, -3388049, -10401731, -271929, 13424426, -3567227, 26404409, 13001963},
- {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670, -26064365, -11621720, -15405155, 11020693}},
- {{1866042, -7949489, -7898649, -10301010, 12483315, 13477547, 3175636, -12424163, 28761762, 1406734},
- {-448555, -1777666, 13018551, 3194501, -9580420, -11161737, 24760585, -4347088, 25577411, -13378680},
- {-24290378, 4759345, -690653, -1852816, 2066747, 10693769, -29595790, 9884936, -9368926, 4745410}},
- {{-9141284, 6049714, -19531061, -4341411, -31260798, 9944276, -15462008, -11311852, 10931924, -11931931},
- {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606, -22853429, 10856641, -20470770, 13434654},
- {22759489, -10073434, -16766264, -1871422, 13637442, -10168091, 1765144, -12654326, 28445307, -5364710}},
- {{29875063, 12493613, 2795536, -3786330, 1710620, 15181182, -10195717, -8788675, 9074234, 1167180},
- {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294, -18716888, -9535498, 3843903, 9367684},
- {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, 8601684, -139197, 4242895}}
- }, {
- {{22092954, -13191123, -2042793, -11968512, 32186753, -11517388, -6574341, 2470660, -27417366, 16625501},
- {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, 2602725, -27351616, 14247413},
- {6314175, -10264892, -32772502, 15957557, -10157730, 168750, -8618807, 14290061, 27108877, -1180880}},
- {{-8586597, -7170966, 13241782, 10960156, -32991015, -13794596, 33547976, -11058889, -27148451, 981874},
- {22833440, 9293594, -32649448, -13618667, -9136966, 14756819, -22928859, -13970780, -10479804, -16197962},
- {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060, 22680049, 13906969, -15933690, 3797899}},
- {{21721356, -4212746, -12206123, 9310182, -3882239, -13653110, 23740224, -2709232, 20491983, -8042152},
- {9209270, -15135055, -13256557, -6167798, -731016, 15289673, 25947805, 15286587, 30997318, -6703063},
- {7392032, 16618386, 23946583, -8039892, -13265164, -1533858, -14197445, -2321576, 17649998, -250080}},
- {{-9301088, -14193827, 30609526, -3049543, -25175069, -1283752, -15241566, -9525724, -2233253, 7662146},
- {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295, 7335080, -8472199, -3174674, 3440183},
- {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957, 40450, -4431835, 4862400, 1133}},
- {{-32856209, -7873957, -5422389, 14860950, -16319031, 7956142, 7258061, 311861, -30594991, -7379421},
- {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, 16527196, 18278453, 15405622},
- {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970, -13313598, 843523, -21875062, 13626197}},
- {{2281448, -13487055, -10915418, -2609910, 1879358, 16164207, -10783882, 3953792, 13340839, 15928663},
- {31727126, -7179855, -18437503, -8283652, 2875793, -16390330, -25269894, -7014826, -23452306, 5964753},
- {4100420, -5959452, -17179337, 6017714, -18705837, 12227141, -26684835, 11344144, 2538215, -7570755}},
- {{-9433605, 6123113, 11159803, -2156608, 30016280, 14966241, -20474983, 1485421, -629256, -15958862},
- {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492, -20205425, -13191288, 11659922, -11115118},
- {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, -10170080, 33100372, -1306171}},
- {{15121113, -5201871, -10389905, 15427821, -27509937, -15992507, 21670947, 4486675, -5931810, -14466380},
- {16166486, -9483733, -11104130, 6023908, -31926798, -1364923, 2340060, -16254968, -10735770, -10039824},
- {28042865, -3557089, -12126526, 12259706, -3717498, -6945899, 6766453, -8689599, 18036436, 5803270}}
- }, {
- {{-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, 4598332, -6159431, -14117438},
- {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183, 696309, 50292, -20095739, 11763584},
- {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, -12613632, -19773211, -10713562}},
- {{30464590, -11262872, -4127476, -12734478, 19835327, -7105613, -24396175, 2075773, -17020157, 992471},
- {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, 8080033, -11574335, -10601610},
- {19598397, 10334610, 12555054, 2555664, 18821899, -10339780, 21873263, 16014234, 26224780, 16452269}},
- {{-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, -7618186, -20533829, 3698650},
- {14187449, 3448569, -10636236, -10810935, -22663880, -3433596, 7268410, -10890444, 27394301, 12015369},
- {19695761, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, -1312777, -13259127, -3402461}},
- {{30860103, 12735208, -1888245, -4699734, -16974906, 2256940, -8166013, 12298312, -8550524, -10393462},
- {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760, -5789354, -15118654, -4976164, 12651793},
- {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089, -13118820, -16517902, 9768698, -2533218}},
- {{-24719459, 1894651, -287698, -4704085, 15348719, -8156530, 32767513, 12765450, 4940095, 10678226},
- {18860224, 15980149, -18987240, -1562570, -26233012, -11071856, -7843882, 13944024, -24372348, 16582019},
- {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756, -11704054, 15444560, -11003761, 7989037}},
- {{31490452, 5568061, -2412803, 2182383, -32336847, 4531686, -32078269, 6200206, -19686113, -14800171},
- {-17308668, -15879940, -31522777, -2831, -32887382, 16375549, 8680158, -16371713, 28550068, -6857132},
- {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016, -30039981, 4364038, 1155602, 5988841}},
- {{21890435, -13272907, -12624011, 12154349, -7831873, 15300496, 23148983, -4470481, 24618407, 8283181},
- {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536, 3070187, -7025928, 1466169, 10740210},
- {-1509399, -15488185, -13503385, -10655916, 32799044, 909394, -13938903, -5779719, -32164649, -15327040}},
- {{3960823, -14267803, -28026090, -15918051, -19404858, 13146868, 15567327, 951507, -3260321, -573935},
- {24740841, 5052253, -30094131, 8961361, 25877428, 6165135, -24368180, 14397372, -7380369, -6144105},
- {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454, -15441463, -14453128, -1625486, -6494814}}
- }, {
- {{793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, -4885251, -9906200, -621852},
- {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, 1468826, -6171428, -15186581},
- {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288, -30404353, -9871238, -1558923, -9863646}},
- {{10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, 14783338, -30581476, -15757844},
- {10566929, 12612572, -31944212, 11118703, -12633376, 12362879, 21752402, 8822496, 24003793, 14264025},
- {27713862, -7355973, -11008240, 9227530, 27050101, 2504721, 23886875, -13117525, 13958495, -5732453}},
- {{-23481610, 4867226, -27247128, 3900521, 29838369, -8212291, -31889399, -10041781, 7340521, -15410068},
- {4646514, -8011124, -22766023, -11532654, 23184553, 8566613, 31366726, -1381061, -15066784, -10375192},
- {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576, 27584817, 3093888, -8843694, 3849921}},
- {{-9064912, 2103172, 25561640, -15125738, -5239824, 9582958, 32477045, -9017955, 5002294, -15550259},
- {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708, 16489530, 13378448, -25845716, 12741426},
- {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677, 24306472, 15852464, 28834118, -7646072}},
- {{-17335748, -9107057, -24531279, 9434953, -8472084, -583362, -13090771, 455841, 20461858, 5491305},
- {13669248, -16095482, -12481974, -10203039, -14569770, -11893198, -24995986, 11293807, -28588204, -9421832},
- {28497928, 6272777, -33022994, 14470570, 8906179, -1225630, 18504674, -14165166, 29867745, -8795943}},
- {{-16207023, 13517196, -27799630, -13697798, 24009064, -6373891, -6367600, -13175392, 22853429, -4012011},
- {24191378, 16712145, -13931797, 15217831, 14542237, 1646131, 18603514, -11037887, 12876623, -2112447},
- {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, 608397, 16031844, 3723494}},
- {{-28632773, 12763728, -20446446, 7577504, 33001348, -13017745, 17558842, -7872890, 23896954, -4314245},
- {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, 7229064, -9919646, -8826859},
- {28816045, 298879, -28165016, -15920938, 19000928, -1665890, -12680833, -2949325, -18051778, -2082915}},
- {{16000882, -344896, 3493092, -11447198, -29504595, -13159789, 12577740, 16041268, -19715240, 7847707},
- {10151868, 10572098, 27312476, 7922682, 14825339, 4723128, -32855931, -6519018, -10020567, 3852848},
- {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598, 16514493, -15932110, 29330899, -15076224}}
- }, {
- {{-25499735, -4378794, -15222908, -6901211, 16615731, 2051784, 3303702, 15490, -27548796, 12314391},
- {15683520, -6003043, 18109120, -9980648, 15337968, -5997823, -16717435, 15921866, 16103996, -3731215},
- {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929, -19273607, 5402699, -29815713, -9841101}},
- {{23190676, 2384583, -32714340, 3462154, -29903655, -1529132, -11266856, 8911517, -25205859, 2739713},
- {21374101, -3554250, -33524649, 9874411, 15377179, 11831242, -33529904, 6134907, 4931255, 11987849},
- {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, 13861388, -30076310, 10117930}},
- {{-29501170, -10744872, -26163768, 13051539, -25625564, 5089643, -6325503, 6704079, 12890019, 15728940},
- {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, -10428139, 12885167, 8311031},
- {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191, 26423267, 4384730, 1888765, -5435404}},
- {{-25817338, -3107312, -13494599, -3182506, 30896459, -13921729, -32251644, -12707869, -19464434, -3340243},
- {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, 14845197, 17151279, -9854116},
- {-24830458, -12733720, -15165978, 10367250, -29530908, -265356, 22825805, -7087279, -16866484, 16176525}},
- {{-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, -10363426, -28746253, -10197509},
- {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229, 23632037, -1940610, 32808310, 1099883},
- {15030977, 5768825, -27451236, -2887299, -6427378, -15361371, -15277896, -6809350, 2051441, -15225865}},
- {{-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, -14154188, -22686354, 16633660},
- {4577086, -16752288, 13249841, -15304328, 19958763, -14537274, 18559670, -10759549, 8402478, -9864273},
- {-28406330, -1051581, -26790155, -907698, -17212414, -11030789, 9453451, -14980072, 17983010, 9967138}},
- {{-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, 7806337, 17507396, 3651560},
- {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010, 26556809, -5574557, -18553322, -11357135},
- {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, 8459447, -5605463, -7621941}},
- {{-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, -849066, 17258084, -7977739},
- {18164541, -10595176, -17154882, -1542417, 19237078, -9745295, 23357533, -15217008, 26908270, 12150756},
- {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, -5537701, -32302074, 16215819}}
- }, {
- {{-6898905, 9824394, -12304779, -4401089, -31397141, -6276835, 32574489, 12532905, -7503072, -8675347},
- {-27343522, -16515468, -27151524, -10722951, 946346, 16291093, 254968, 7168080, 21676107, -1943028},
- {21260961, -8424752, -16831886, -11920822, -23677961, 3968121, -3651949, -6215466, -3556191, -7913075}},
- {{16544754, 13250366, -16804428, 15546242, -4583003, 12757258, -2462308, -8680336, -18907032, -9662799},
- {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564, 26820651, 16690659, 25459437, -4564609},
- {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224, 9142795, -2391602, -6432418, -1644817}},
- {{-23104652, 6253476, 16964147, -3768872, -25113972, -12296437, -27457225, -16344658, 6335692, 7249989},
- {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693, -30272269, 2682242, 25993170, -12478523},
- {4364628, 5930691, 32304656, -10044554, -8054781, 15091131, 22857016, -10598955, 31820368, 15075278}},
- {{31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, -9650886, -17970238, 12833045},
- {19073683, 14851414, -24403169, -11860168, 7625278, 11091125, -19619190, 2074449, -9413939, 14905377},
- {24483667, -11935567, -2518866, -11547418, -1553130, 15355506, -25282080, 9253129, 27628530, -7555480}},
- {{17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, -9157582, -14110875, 15297016},
- {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, -11864220, 8683221, 2921426},
- {18606791, 11874196, 27155355, -5281482, -24031742, 6265446, -25178240, -1278924, 4674690, 13890525}},
- {{13609624, 13069022, -27372361, -13055908, 24360586, 9592974, 14977157, 9835105, 4389687, 288396},
- {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, 8317628, 23388070, 16052080},
- {12720016, 11937594, -31970060, -5028689, 26900120, 8561328, -20155687, -11632979, -14754271, -10812892}},
- {{15961858, 14150409, 26716931, -665832, -22794328, 13603569, 11829573, 7467844, -28822128, 929275},
- {11038231, -11582396, -27310482, -7316562, -10498527, -16307831, -23479533, -9371869, -21393143, 2465074},
- {20017163, -4323226, 27915242, 1529148, 12396362, 15675764, 13817261, -9658066, 2463391, -4622140}},
- {{-16358878, -12663911, -12065183, 4996454, -1256422, 1073572, 9583558, 12851107, 4003896, 12673717},
- {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325, 14741514, -9103726, 7903886, 2348101},
- {24536016, -16515207, 12715592, -3862155, 1511293, 10047386, -3842346, -7129159, -28377538, 10048127}}
- }, {
- {{-12622226, -6204820, 30718825, 2591312, -10617028, 12192840, 18873298, -7297090, -32297756, 15221632},
- {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409, -21343950, 2095755, 29769758, 6593415},
- {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, -6118678, 30958054, 8292160}},
- {{31429822, -13959116, 29173532, 15632448, 12174511, -2760094, 32808831, 3977186, 26143136, -3148876},
- {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, -1674433, -3758243, -2304625},
- {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029, -1612713, -1535569, -16664475, 8194478}},
- {{27338066, -7507420, -7414224, 10140405, -19026427, -6589889, 27277191, 8855376, 28572286, 3005164},
- {26287124, 4821776, 25476601, -4145903, -3764513, -15788984, -18008582, 1182479, -26094821, -13079595},
- {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192, -21876275, -13982627, 32208683, -1198248}},
- {{-16657702, 2817643, -10286362, 14811298, 6024667, 13349505, -27315504, -10497842, -27672585, -11539858},
- {15941029, -9405932, -21367050, 8062055, 31876073, -238629, -15278393, -1444429, 15397331, -4130193},
- {8934485, -13485467, -23286397, -13423241, -32446090, 14047986, 31170398, -1441021, -27505566, 15087184}},
- {{-18357243, -2156491, 24524913, -16677868, 15520427, -6360776, -15502406, 11461896, 16788528, -5868942},
- {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433, -3770287, -10323320, 31322514, -11615635},
- {21426655, -5650218, -13648287, -5347537, -28812189, -4920970, -18275391, -14621414, 13040862, -12112948}},
- {{11293895, 12478086, -27136401, 15083750, -29307421, 14748872, 14555558, -13417103, 1613711, 4896935},
- {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460, 2825960, -4897045, -23971776, -11267415},
- {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618, 20615400, 12405433, -23753030, -8436416}},
- {{-7091295, 12556208, -20191352, 9025187, -17072479, 4333801, 4378436, 2432030, 23097949, -566018},
- {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, 10103221, -18512313, 2424778},
- {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, 1344109, -3642553, 12412659}},
- {{-24001791, 7690286, 14929416, -168257, -32210835, -13412986, 24162697, -15326504, -3141501, 11179385},
- {18289522, -14724954, 8056945, 16430056, -21729724, 7842514, -6001441, -1486897, -18684645, -11443503},
- {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, 13403813, 11052904, 5219329}}
- }, {
- {{20678546, -8375738, -32671898, 8849123, -5009758, 14574752, 31186971, -3973730, 9014762, -8579056},
- {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600, -33102500, 9160280, 8473550, -3256838},
- {24900749, 14435722, 17209120, -15292541, -22592275, 9878983, -7689309, -16335821, -24568481, 11788948}},
- {{-3118155, -11395194, -13802089, 14797441, 9652448, -6845904, -20037437, 10410733, -24568470, -1458691},
- {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911, 11871841, -12505194, -18513325, 8464118},
- {-23400612, 8348507, -14585951, -861714, -3950205, -6373419, 14325289, 8628612, 33313881, -8370517}},
- {{-20186973, -4967935, 22367356, 5271547, -1097117, -4788838, -24805667, -10236854, -8940735, -5818269},
- {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245, 15989197, -12838188, 28358192, -4253904},
- {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267, -16637684, 4072016, -5351664, 5596589}},
- {{-28236598, -3390048, 12312896, 6213178, 3117142, 16078565, 29266239, 2557221, 1768301, 15373193},
- {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, -4504991, -24660491, 3442910},
- {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093, 22597931, 7176455, -18585478, 13365930}},
- {{-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, -8570186, -9689599, -3031667},
- {25008904, -10771599, -4305031, -9638010, 16265036, 15721635, 683793, -11823784, 15723479, -15163481},
- {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514, 11879682, 5400171, 519526, -1235876}},
- {{22258397, -16332233, -7869817, 14613016, -22520255, -2950923, -20353881, 7315967, 16648397, 7605640},
- {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212, 23994942, -5281555, -9468848, 4763278},
- {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390, 31088447, -7764523, -11356529, 728112}},
- {{26047220, -11751471, -6900323, -16521798, 24092068, 9158119, -4273545, -12555558, -29365436, -5498272},
- {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, 12327945, 10750447, 10014012},
- {-10312768, 3936952, 9156313, -8897683, 16498692, -994647, -27481051, -666732, 3424691, 7540221}},
- {{30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, -16317219, -9244265, 15258046},
- {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, 2711395, 1062915, -5136345},
- {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411, -6066489, 12194497, 32960380, 1459310}}
- }, {
- {{19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, -6101885, 18638003, -11174937},
- {31395534, 15098109, 26581030, 8030562, -16527914, -5007134, 9012486, -7584354, -6643087, -5442636},
- {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, 9677543, -32294889, -6456008}},
- {{-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, -7839692, -7852844, -8138429},
- {-15236356, -15433509, 7766470, 746860, 26346930, -10221762, -27333451, 10754588, -9431476, 5203576},
- {31834314, 14135496, -770007, 5159118, 20917671, -16768096, -7467973, -7337524, 31809243, 7347066}},
- {{-9606723, -11874240, 20414459, 13033986, 13716524, -11691881, 19797970, -12211255, 15192876, -2087490},
- {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091, 10609330, 12694420, 33473243, -13382104},
- {33184999, 11180355, 15832085, -11385430, -1633671, 225884, 15089336, -11023903, -6135662, 14480053}},
- {{31308717, -5619998, 31030840, -1897099, 15674547, -6582883, 5496208, 13685227, 27595050, 8737275},
- {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022, -31008351, -12610604, 26498114, 66511},
- {22644454, -8761729, -16671776, 4884562, -3105614, -13559366, 30540766, -4286747, -13327787, -7515095}},
- {{-28017847, 9834845, 18617207, -2681312, -3401956, -13307506, 8205540, 13585437, -17127465, 15115439},
- {23711543, -672915, 31206561, -8362711, 6164647, -9709987, -33535882, -1426096, 8236921, 16492939},
- {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270, 19574902, 10071562, 6708380, -6222424}},
- {{2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, 9328700, 29955601, -11678310},
- {3096359, 9271816, -21620864, -15521844, -14847996, -7592937, -25892142, -12635595, -9917575, 6216608},
- {-32615849, 338663, -25195611, 2510422, -29213566, -13820213, 24822830, -6146567, -26767480, 7525079}},
- {{-23066649, -13985623, 16133487, -7896178, -3389565, 778788, -910336, -2782495, -19386633, 11994101},
- {21691500, -13624626, -641331, -14367021, 3285881, -3483596, -25064666, 9718258, -7477437, 13381418},
- {18445390, -4202236, 14979846, 11622458, -1727110, -3582980, 23111648, -6375247, 28535282, 15779576}},
- {{30098053, 3089662, -9234387, 16662135, -21306940, 11308411, -14068454, 12021730, 9955285, -16303356},
- {9734894, -14576830, -7473633, -9138735, 2060392, 11313496, -18426029, 9924399, 20194861, 13380996},
- {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792, -1984914, 15707771, 26342023, 10146099}}
- }, {
- {{-26016874, -219943, 21339191, -41388, 19745256, -2878700, -29637280, 2227040, 21612326, -545728},
- {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714, 25764461, 12243797, -20856566, 11649658},
- {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, 6114064, 33514190, 2333242}},
- {{-21433588, -12421821, 8119782, 7219913, -21830522, -9016134, -6679750, -12670638, 24350578, -13450001},
- {-4116307, -11271533, -23886186, 4843615, -30088339, 690623, -31536088, -10406836, 8317860, 12352766},
- {18200138, -14475911, -33087759, -2696619, -23702521, -9102511, -23552096, -2287550, 20712163, 6719373}},
- {{26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, -3763210, 26224235, -3297458},
- {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420, 21728352, 9493610, 18620611, -16428628},
- {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965, -5269471, -9725556, -30701573, -16479657}},
- {{-23860538, -11233159, 26961357, 1640861, -32413112, -16737940, 12248509, -5240639, 13735342, 1934062},
- {25089769, 6742589, 17081145, -13406266, 21909293, -16067981, -15136294, -3765346, -21277997, 5473616},
- {31883677, -7961101, 1083432, -11572403, 22828471, 13290673, -7125085, 12469656, 29111212, -5451014}},
- {{24244947, -15050407, -26262976, 2791540, -14997599, 16666678, 24367466, 6388839, -10295587, 452383},
- {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269, -24236251, -5915248, 15766062, 8407814},
- {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495, -8917023, -4388953, -8067909, 2276718}},
- {{30157918, 12924066, -17712050, 9245753, 19895028, 3368142, -23827587, 5096219, 22740376, -7303417},
- {2041139, -14256350, 7783687, 13876377, -25946985, -13352459, 24051124, 13742383, -15637599, 13295222},
- {33338237, -8505733, 12532113, 7977527, 9106186, -1715251, -17720195, -4612972, -4451357, -14669444}},
- {{-20045281, 5454097, -14346548, 6447146, 28862071, 1883651, -2469266, -4141880, 7770569, 9620597},
- {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, -1694323, -33502340, -14767970},
- {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, 1220118, 30494170, -11440799}},
- {{-5037580, -13028295, -2970559, -3061767, 15640974, -6701666, -26739026, 926050, -1684339, -13333647},
- {13908495, -3549272, 30919928, -6273825, -21521863, 7989039, 9021034, 9078865, 3353509, 4033511},
- {-29663431, -15113610, 32259991, -344482, 24295849, -12912123, 23161163, 8839127, 27485041, 7356032}}
- }, {
- {{9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, 2625015, 28431036, -16771834},
- {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183, -22545972, 14150565, 15970762, 4099461},
- {29262576, 16756590, 26350592, -8793563, 8529671, -11208050, 13617293, -9937143, 11465739, 8317062}},
- {{-25493081, -6962928, 32500200, -9419051, -23038724, -2302222, 14898637, 3848455, 20969334, -5157516},
- {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114, -21610826, -3649888, 11177095, 14989547},
- {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771, 13515641, 2581286, -28487508, 9930240}},
- {{-17751622, -2097826, 16544300, -13009300, -15914807, -14949081, 18345767, -13403753, 16291481, -5314038},
- {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, 6957617, 4368891, 9788741},
- {16660756, 7281060, -10830758, 12911820, 20108584, -8101676, -21722536, -8613148, 16250552, -11111103}},
- {{-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, 10604807, -30190403, 4782747},
- {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590, -9981571, 4383045, 22546403, 437323},
- {31665577, -12180464, -16186830, 1491339, -18368625, 3294682, 27343084, 2786261, -30633590, -14097016}},
- {{-14467279, -683715, -33374107, 7448552, 19294360, 14334329, -19690631, 2355319, -19284671, -6114373},
- {15121312, -15796162, 6377020, -6031361, -10798111, -12957845, 18952177, 15496498, -29380133, 11754228},
- {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493, 7141596, 11724556, 22761615, -10134141}},
- {{16918416, 11729663, -18083579, 3022987, -31015732, -13339659, -28741185, -12227393, 32851222, 11717399},
- {11166634, 7338049, -6722523, 4531520, -29468672, -7302055, 31474879, 3483633, -1193175, -4030831},
- {-185635, 9921305, 31456609, -13536438, -12013818, 13348923, 33142652, 6546660, -19985279, -3948376}},
- {{-32460596, 11266712, -11197107, -7899103, 31703694, 3855903, -8537131, -12833048, -30772034, -15486313},
- {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425, -31135347, -16049879, 10928917, 3011958},
- {-6957757, -15594337, 31696059, 334240, 29576716, 14796075, -30831056, -12805180, 18008031, 10258577}},
- {{-22448644, 15655569, 7018479, -4410003, -30314266, -1201591, -1853465, 1367120, 25127874, 6671743},
- {29701166, -14373934, -10878120, 9279288, -17568, 13127210, 21382910, 11042292, 25838796, 4642684},
- {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470, 30468147, -13900640, 18423289, 4177476}}
- }
-};
-
-const ge_precomp ge_Bi[8] = {
- {{25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605},
- {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378},
- {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546}}, {{15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024},
- {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574},
- {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357}}, {{10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380},
- {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306},
- {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942}}, {{5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766},
- {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701},
- {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300}}, {{-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877},
- {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951},
- {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784}}, {{-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436},
- {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918},
- {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877}}, {{-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800},
- {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305},
- {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300}}, {{-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876},
- {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619},
- {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683}}
-};
-
-/* A = 2 * (1 - d) / (1 + d) = 486662 */
-const fe fe_ma2 = {-12721188, -3529, 0, 0, 0, 0, 0, 0, 0, 0}; /* -A^2 */
-const fe fe_ma = {-486662, 0, 0, 0, 0, 0, 0, 0, 0, 0}; /* -A */
-const fe fe_fffb1 = {-31702527, -2466483, -26106795, -12203692, -12169197, -321052, 14850977, -10296299, -16929438, -407568}; /* sqrt(-2 * A * (A + 2)) */
-const fe fe_fffb2 = {8166131, -6741800, -17040804, 3154616, 21461005, 1466302, -30876704, -6368709, 10503587, -13363080}; /* sqrt(2 * A * (A + 2)) */
-const fe fe_fffb3 = {-13620103, 14639558, 4532995, 7679154, 16815101, -15883539, -22863840, -14813421, 13716513, -6477756}; /* sqrt(-sqrt(-1) * A * (A + 2)) */
-const fe fe_fffb4 = {-21786234, -12173074, 21573800, 4524538, -4645904, 16204591, 8012863, -8444712, 3212926, 6885324}; /* sqrt(sqrt(-1) * A * (A + 2)) */
diff --git a/src/crypto/shen_ed25519_ref/crypto-ops-old.c b/src/crypto/shen_ed25519_ref/crypto-ops-old.c
deleted file mode 100644
index 88e6c09ac..000000000
--- a/src/crypto/shen_ed25519_ref/crypto-ops-old.c
+++ /dev/null
@@ -1,3008 +0,0 @@
-// Copyright (c) 2014-2015, The Monero Project
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-// of conditions and the following disclaimer in the documentation and/or other
-// materials provided with the distribution.
-//
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-// used to endorse or promote products derived from this software without specific
-// prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-
-#include <stdint.h> //standard
-#include <assert.h> //standard
-
-//#include "warnings.h" //where is this??
-#include "crypto-ops.h" //fine
-
-//DISABLE_VS_WARNINGS(4146 4244)
-
-/* Predeclarations */
-
-static void fe_mul(fe, const fe, const fe);
-static void fe_sq(fe, const fe);
-static void fe_tobytes(unsigned char *, const fe);
-static void ge_madd(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
-static void ge_msub(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
-static void ge_p2_0(ge_p2 *);
-static void ge_p3_dbl(ge_p1p1 *, const ge_p3 *);
-static void ge_sub(ge_p1p1 *, const ge_p3 *, const ge_cached *);
-static void fe_divpowm1(fe, const fe, const fe);
-
-/* Common functions */
-
-//x
-//u
-static uint64_t load_3(const unsigned char *in) {
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- return result;
-}
-
-//x
-//u
-static uint64_t load_4(const unsigned char *in)
-{
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- result |= ((uint64_t) in[3]) << 24;
- return result;
-}
-
-/* From fe_0.c */
-
-/*
-h = 0
-*/
-
-//x
-static void fe_0(fe h) {
- h[0] = 0;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-/* From fe_1.c */
-
-/*
-h = 1
-*/
-
-//x
-static void fe_1(fe h) {
- h[0] = 1;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-/* From fe_add.c */
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-static void fe_add(fe h, const fe f, const fe g) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 + g0;
- int32_t h1 = f1 + g1;
- int32_t h2 = f2 + g2;
- int32_t h3 = f3 + g3;
- int32_t h4 = f4 + g4;
- int32_t h5 = f5 + g5;
- int32_t h6 = f6 + g6;
- int32_t h7 = f7 + g7;
- int32_t h8 = f8 + g8;
- int32_t h9 = f9 + g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_cmov.c */
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-//x
-static void fe_cmov(fe f, const fe g, unsigned int b) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t x0 = f0 ^ g0;
- int32_t x1 = f1 ^ g1;
- int32_t x2 = f2 ^ g2;
- int32_t x3 = f3 ^ g3;
- int32_t x4 = f4 ^ g4;
- int32_t x5 = f5 ^ g5;
- int32_t x6 = f6 ^ g6;
- int32_t x7 = f7 ^ g7;
- int32_t x8 = f8 ^ g8;
- int32_t x9 = f9 ^ g9;
- assert((((b - 1) & ~b) | ((b - 2) & ~(b - 1))) == (unsigned int) -1);
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
-
-/* From fe_copy.c */
-
-/*
-h = f
-*/
-
-//x
-static void fe_copy(fe h, const fe f) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
-
-/* From fe_invert.c */
-
-//x using fermat
-static void fe_invert(fe out, const fe z) {
- fe t0;
- fe t1;
- fe t2;
- fe t3;
- int i;
-
- fe_sq(t0, z);
- fe_sq(t1, t0);
- fe_sq(t1, t1);
- fe_mul(t1, z, t1);
- fe_mul(t0, t0, t1);
- fe_sq(t2, t0);
- fe_mul(t1, t1, t2);
- fe_sq(t2, t1);
- for (i = 0; i < 4; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- fe_sq(t2, t1);
- for (i = 0; i < 9; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t2, t2, t1);
- fe_sq(t3, t2);
- for (i = 0; i < 19; ++i) {
- fe_sq(t3, t3);
- }
- fe_mul(t2, t3, t2);
- fe_sq(t2, t2);
- for (i = 0; i < 9; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- fe_sq(t2, t1);
- for (i = 0; i < 49; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t2, t2, t1);
- fe_sq(t3, t2);
- for (i = 0; i < 99; ++i) {
- fe_sq(t3, t3);
- }
- fe_mul(t2, t3, t2);
- fe_sq(t2, t2);
- for (i = 0; i < 49; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- fe_sq(t1, t1);
- for (i = 0; i < 4; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(out, t1, t0);
-
- return;
-}
-
-/* From fe_isnegative.c */
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-//x
-static int fe_isnegative(const fe f) {
- unsigned char s[32];
- fe_tobytes(s, f);
- return s[0] & 1;
-}
-
-/* From fe_isnonzero.c, modified */
-
-//x
-static int fe_isnonzero(const fe f) {
- unsigned char s[32];
- fe_tobytes(s, f);
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
-
-/* From fe_mul.c */
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-static void fe_mul(fe h, const fe f, const fe g) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
- int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- int32_t g3_19 = 19 * g3;
- int32_t g4_19 = 19 * g4;
- int32_t g5_19 = 19 * g5;
- int32_t g6_19 = 19 * g6;
- int32_t g7_19 = 19 * g7;
- int32_t g8_19 = 19 * g8;
- int32_t g9_19 = 19 * g9;
- int32_t f1_2 = 2 * f1;
- int32_t f3_2 = 2 * f3;
- int32_t f5_2 = 2 * f5;
- int32_t f7_2 = 2 * f7;
- int32_t f9_2 = 2 * f9;
- int64_t f0g0 = f0 * (int64_t) g0;
- int64_t f0g1 = f0 * (int64_t) g1;
- int64_t f0g2 = f0 * (int64_t) g2;
- int64_t f0g3 = f0 * (int64_t) g3;
- int64_t f0g4 = f0 * (int64_t) g4;
- int64_t f0g5 = f0 * (int64_t) g5;
- int64_t f0g6 = f0 * (int64_t) g6;
- int64_t f0g7 = f0 * (int64_t) g7;
- int64_t f0g8 = f0 * (int64_t) g8;
- int64_t f0g9 = f0 * (int64_t) g9;
- int64_t f1g0 = f1 * (int64_t) g0;
- int64_t f1g1_2 = f1_2 * (int64_t) g1;
- int64_t f1g2 = f1 * (int64_t) g2;
- int64_t f1g3_2 = f1_2 * (int64_t) g3;
- int64_t f1g4 = f1 * (int64_t) g4;
- int64_t f1g5_2 = f1_2 * (int64_t) g5;
- int64_t f1g6 = f1 * (int64_t) g6;
- int64_t f1g7_2 = f1_2 * (int64_t) g7;
- int64_t f1g8 = f1 * (int64_t) g8;
- int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
- int64_t f2g0 = f2 * (int64_t) g0;
- int64_t f2g1 = f2 * (int64_t) g1;
- int64_t f2g2 = f2 * (int64_t) g2;
- int64_t f2g3 = f2 * (int64_t) g3;
- int64_t f2g4 = f2 * (int64_t) g4;
- int64_t f2g5 = f2 * (int64_t) g5;
- int64_t f2g6 = f2 * (int64_t) g6;
- int64_t f2g7 = f2 * (int64_t) g7;
- int64_t f2g8_19 = f2 * (int64_t) g8_19;
- int64_t f2g9_19 = f2 * (int64_t) g9_19;
- int64_t f3g0 = f3 * (int64_t) g0;
- int64_t f3g1_2 = f3_2 * (int64_t) g1;
- int64_t f3g2 = f3 * (int64_t) g2;
- int64_t f3g3_2 = f3_2 * (int64_t) g3;
- int64_t f3g4 = f3 * (int64_t) g4;
- int64_t f3g5_2 = f3_2 * (int64_t) g5;
- int64_t f3g6 = f3 * (int64_t) g6;
- int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
- int64_t f3g8_19 = f3 * (int64_t) g8_19;
- int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
- int64_t f4g0 = f4 * (int64_t) g0;
- int64_t f4g1 = f4 * (int64_t) g1;
- int64_t f4g2 = f4 * (int64_t) g2;
- int64_t f4g3 = f4 * (int64_t) g3;
- int64_t f4g4 = f4 * (int64_t) g4;
- int64_t f4g5 = f4 * (int64_t) g5;
- int64_t f4g6_19 = f4 * (int64_t) g6_19;
- int64_t f4g7_19 = f4 * (int64_t) g7_19;
- int64_t f4g8_19 = f4 * (int64_t) g8_19;
- int64_t f4g9_19 = f4 * (int64_t) g9_19;
- int64_t f5g0 = f5 * (int64_t) g0;
- int64_t f5g1_2 = f5_2 * (int64_t) g1;
- int64_t f5g2 = f5 * (int64_t) g2;
- int64_t f5g3_2 = f5_2 * (int64_t) g3;
- int64_t f5g4 = f5 * (int64_t) g4;
- int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
- int64_t f5g6_19 = f5 * (int64_t) g6_19;
- int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
- int64_t f5g8_19 = f5 * (int64_t) g8_19;
- int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
- int64_t f6g0 = f6 * (int64_t) g0;
- int64_t f6g1 = f6 * (int64_t) g1;
- int64_t f6g2 = f6 * (int64_t) g2;
- int64_t f6g3 = f6 * (int64_t) g3;
- int64_t f6g4_19 = f6 * (int64_t) g4_19;
- int64_t f6g5_19 = f6 * (int64_t) g5_19;
- int64_t f6g6_19 = f6 * (int64_t) g6_19;
- int64_t f6g7_19 = f6 * (int64_t) g7_19;
- int64_t f6g8_19 = f6 * (int64_t) g8_19;
- int64_t f6g9_19 = f6 * (int64_t) g9_19;
- int64_t f7g0 = f7 * (int64_t) g0;
- int64_t f7g1_2 = f7_2 * (int64_t) g1;
- int64_t f7g2 = f7 * (int64_t) g2;
- int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
- int64_t f7g4_19 = f7 * (int64_t) g4_19;
- int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
- int64_t f7g6_19 = f7 * (int64_t) g6_19;
- int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
- int64_t f7g8_19 = f7 * (int64_t) g8_19;
- int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
- int64_t f8g0 = f8 * (int64_t) g0;
- int64_t f8g1 = f8 * (int64_t) g1;
- int64_t f8g2_19 = f8 * (int64_t) g2_19;
- int64_t f8g3_19 = f8 * (int64_t) g3_19;
- int64_t f8g4_19 = f8 * (int64_t) g4_19;
- int64_t f8g5_19 = f8 * (int64_t) g5_19;
- int64_t f8g6_19 = f8 * (int64_t) g6_19;
- int64_t f8g7_19 = f8 * (int64_t) g7_19;
- int64_t f8g8_19 = f8 * (int64_t) g8_19;
- int64_t f8g9_19 = f8 * (int64_t) g9_19;
- int64_t f9g0 = f9 * (int64_t) g0;
- int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
- int64_t f9g2_19 = f9 * (int64_t) g2_19;
- int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
- int64_t f9g4_19 = f9 * (int64_t) g4_19;
- int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
- int64_t f9g6_19 = f9 * (int64_t) g6_19;
- int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
- int64_t f9g8_19 = f9 * (int64_t) g8_19;
- int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
- int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
- int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
- int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
- int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
- int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
- int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
- int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38;
- int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
- int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
- int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_neg.c */
-
-/*
-h = -f
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-//x
-static void fe_neg(fe h, const fe f) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t h0 = -f0;
- int32_t h1 = -f1;
- int32_t h2 = -f2;
- int32_t h3 = -f3;
- int32_t h4 = -f4;
- int32_t h5 = -f5;
- int32_t h6 = -f6;
- int32_t h7 = -f7;
- int32_t h8 = -f8;
- int32_t h9 = -f9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_sq.c */
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-static void fe_sq(fe h, const fe f) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_sq2.c */
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-static void fe_sq2(fe h, const fe f) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_sub.c */
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-//x
-static void fe_sub(fe h, const fe f, const fe g) {
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 - g0;
- int32_t h1 = f1 - g1;
- int32_t h2 = f2 - g2;
- int32_t h3 = f3 - g3;
- int32_t h4 = f4 - g4;
- int32_t h5 = f5 - g5;
- int32_t h6 = f6 - g6;
- int32_t h7 = f7 - g7;
- int32_t h8 = f8 - g8;
- int32_t h9 = f9 - g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/* From fe_tobytes.c */
-
-/*
-Preconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
- Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
- Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
- Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
- Then 0<y<1.
-
- Write r=h-pq.
- Have 0<=r<=p-1=2^255-20.
- Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
- Write x=r+19(2^-255)r+y.
- Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
- Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-static void fe_tobytes(unsigned char *s, const fe h) {
- int32_t h0 = h[0];
- int32_t h1 = h[1];
- int32_t h2 = h[2];
- int32_t h3 = h[3];
- int32_t h4 = h[4];
- int32_t h5 = h[5];
- int32_t h6 = h[6];
- int32_t h7 = h[7];
- int32_t h8 = h[8];
- int32_t h9 = h[9];
- int32_t q;
- int32_t carry0;
- int32_t carry1;
- int32_t carry2;
- int32_t carry3;
- int32_t carry4;
- int32_t carry5;
- int32_t carry6;
- int32_t carry7;
- int32_t carry8;
- int32_t carry9;
-
- q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
- q = (h0 + q) >> 26;
- q = (h1 + q) >> 25;
- q = (h2 + q) >> 26;
- q = (h3 + q) >> 25;
- q = (h4 + q) >> 26;
- q = (h5 + q) >> 25;
- q = (h6 + q) >> 26;
- q = (h7 + q) >> 25;
- q = (h8 + q) >> 26;
- q = (h9 + q) >> 25;
-
- /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
- h0 += 19 * q;
- /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
- carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
- carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
- carry9 = h9 >> 25; h9 -= carry9 << 25;
- /* h10 = carry9 */
-
- /*
- Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- Have h0+...+2^230 h9 between 0 and 2^255-1;
- evidently 2^255 h10-2^255 q = 0.
- Goal: Output h0+...+2^230 h9.
- */
-
- s[0] = h0 >> 0;
- s[1] = h0 >> 8;
- s[2] = h0 >> 16;
- s[3] = (h0 >> 24) | (h1 << 2);
- s[4] = h1 >> 6;
- s[5] = h1 >> 14;
- s[6] = (h1 >> 22) | (h2 << 3);
- s[7] = h2 >> 5;
- s[8] = h2 >> 13;
- s[9] = (h2 >> 21) | (h3 << 5);
- s[10] = h3 >> 3;
- s[11] = h3 >> 11;
- s[12] = (h3 >> 19) | (h4 << 6);
- s[13] = h4 >> 2;
- s[14] = h4 >> 10;
- s[15] = h4 >> 18;
- s[16] = h5 >> 0;
- s[17] = h5 >> 8;
- s[18] = h5 >> 16;
- s[19] = (h5 >> 24) | (h6 << 1);
- s[20] = h6 >> 7;
- s[21] = h6 >> 15;
- s[22] = (h6 >> 23) | (h7 << 3);
- s[23] = h7 >> 5;
- s[24] = h7 >> 13;
- s[25] = (h7 >> 21) | (h8 << 4);
- s[26] = h8 >> 4;
- s[27] = h8 >> 12;
- s[28] = (h8 >> 20) | (h9 << 6);
- s[29] = h9 >> 2;
- s[30] = h9 >> 10;
- s[31] = h9 >> 18;
-}
-
-/* From ge_add.c */
-
-//x
-void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
- fe t0;
- fe_add(r->X, p->Y, p->X);
- fe_sub(r->Y, p->Y, p->X);
- fe_mul(r->Z, r->X, q->YplusX);
- fe_mul(r->Y, r->Y, q->YminusX);
- fe_mul(r->T, q->T2d, p->T);
- fe_mul(r->X, p->Z, q->Z);
- fe_add(t0, r->X, r->X);
- fe_sub(r->X, r->Z, r->Y);
- fe_add(r->Y, r->Z, r->Y);
- fe_add(r->Z, t0, r->T);
- fe_sub(r->T, t0, r->T);
-}
-
-/* From ge_double_scalarmult.c, modified */
-
-static void slide(signed char *r, const unsigned char *a) {
- int i;
- int b;
- int k;
-
- //this loop just makes a binary string out of a
- //e.g. a = {3, 0, 0, ...} then r = 110000....
- for (i = 0; i < 256; ++i) {
- r[i] = 1 & (a[i >> 3] >> (i & 7));
- }
-
- for (i = 0; i < 256; ++i) {
- if (r[i]) {
- for (b = 1; b <= 6 && i + b < 256; ++b) {
- if (r[i + b]) {
- if (r[i] + (r[i + b] << b) <= 15) {
- r[i] += r[i + b] << b; r[i + b] = 0;
- } else if (r[i] - (r[i + b] << b) >= -15) {
- r[i] -= r[i + b] << b;
- for (k = i + b; k < 256; ++k) {
- if (!r[k]) {
- r[k] = 1;
- break;
- }
- r[k] = 0;
- }
- } else
- break;
- }
- }
- }
- }
-}
-
-//double scalar mult precomp
-void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s) {
- ge_p1p1 t;
- ge_p3 s2, u;
- ge_p3_to_cached(&r[0], s);
- ge_p3_dbl(&t, s); ge_p1p1_to_p3(&s2, &t);
- ge_add(&t, &s2, &r[0]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[1], &u);
- ge_add(&t, &s2, &r[1]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[2], &u);
- ge_add(&t, &s2, &r[2]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[3], &u);
- ge_add(&t, &s2, &r[3]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[4], &u);
- ge_add(&t, &s2, &r[4]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[5], &u);
- ge_add(&t, &s2, &r[5]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[6], &u);
- ge_add(&t, &s2, &r[6]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[7], &u);
-}
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-
-//this is a really simple alg. actually
-void ge_double_scalarmult_base_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);/* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- //so this gets us to the highest i such that both have a nonzero
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);//simple double and add
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_madd(&t, &u, &ge_Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_msub(&t, &u, &ge_Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-/* From ge_frombytes.c, modified */
-//this is like xrecover ..
-//x
-int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) {
- fe u;
- fe v;
- fe vxx;
- fe check;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = (load_3(s + 29) & 8388607) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /* Validate the number to be canonical */
- if (h9 == 33554428 && h8 == 268435440 && h7 == 536870880 && h6 == 2147483520 &&
- h5 == 4294967295 && h4 == 67108860 && h3 == 134217720 && h2 == 536870880 &&
- h1 == 1073741760 && h0 >= 4294967277) {
- return -1;
- }
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h->Y[0] = h0;
- h->Y[1] = h1;
- h->Y[2] = h2;
- h->Y[3] = h3;
- h->Y[4] = h4;
- h->Y[5] = h5;
- h->Y[6] = h6;
- h->Y[7] = h7;
- h->Y[8] = h8;
- h->Y[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_1(h->Z);
- fe_sq(u, h->Y);
- fe_mul(v, u, fe_d);
- fe_sub(u, u, h->Z); /* u = y^2-1 */
- fe_add(v, v, h->Z); /* v = dy^2+1 */
-
- fe_divpowm1(h->X, u, v); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx, h->X);
- fe_mul(vxx, vxx, v);
- fe_sub(check, vxx, u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check, vxx, u); /* vx^2+u */
- if (fe_isnonzero(check)) {
- return -1;
- }
- fe_mul(h->X, h->X, fe_sqrtm1); //this is mapping X to X * sqrt(-1) c.f. 3.1 in hisil, dong, etc.
- }
-
- if (fe_isnegative(h->X) != (s[31] >> 7)) {
- /* If x = 0, the sign must be positive */
- if (!fe_isnonzero(h->X)) {
- return -1;
- }
- fe_neg(h->X, h->X);
- }
-
- fe_mul(h->T, h->X, h->Y);
- return 0;
-}
-
-/* From ge_madd.c */
-
-/*
-r = p + q
-*/
-
-//x
-static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
- fe t0;
- fe_add(r->X, p->Y, p->X);
- fe_sub(r->Y, p->Y, p->X);
- fe_mul(r->Z, r->X, q->yplusx);
- fe_mul(r->Y, r->Y, q->yminusx);
- fe_mul(r->T, q->xy2d, p->T);
- fe_add(t0, p->Z, p->Z);
- fe_sub(r->X, r->Z, r->Y);
- fe_add(r->Y, r->Z, r->Y);
- fe_add(r->Z, t0, r->T);
- fe_sub(r->T, t0, r->T);
-}
-
-/* From ge_msub.c */
-
-/*
-r = p - q
-*/
-
-//x
-static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
- fe t0;
- fe_add(r->X, p->Y, p->X);
- fe_sub(r->Y, p->Y, p->X);
- fe_mul(r->Z, r->X, q->yminusx);
- fe_mul(r->Y, r->Y, q->yplusx);
- fe_mul(r->T, q->xy2d, p->T);
- fe_add(t0, p->Z, p->Z);
- fe_sub(r->X, r->Z, r->Y);
- fe_add(r->Y, r->Z, r->Y);
- fe_sub(r->Z, t0, r->T);
- fe_add(r->T, t0, r->T);
-}
-
-/* From ge_p1p1_to_p2.c */
-
-/*
-r = p
-*/
-
-//x
-void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
- fe_mul(r->X, p->X, p->T);
- fe_mul(r->Y, p->Y, p->Z);
- fe_mul(r->Z, p->Z, p->T);
-}
-
-/* From ge_p1p1_to_p3.c */
-
-/*
-r = p
-*/
-
-//x
-void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
- fe_mul(r->X, p->X, p->T);
- fe_mul(r->Y, p->Y, p->Z);
- fe_mul(r->Z, p->Z, p->T);
- fe_mul(r->T, p->X, p->Y);
-}
-
-/* From ge_p2_0.c */
-
-//x
-static void ge_p2_0(ge_p2 *h) {
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
-}
-
-/* From ge_p2_dbl.c */
-
-/*
-r = 2 * p
-*/
-
-//x
-void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
- fe t0;
- fe_sq(r->X, p->X);
- fe_sq(r->Z, p->Y);
- fe_sq2(r->T, p->Z);
- fe_add(r->Y, p->X, p->Y);
- fe_sq(t0, r->Y);
- fe_add(r->Y, r->Z, r->X);
- fe_sub(r->Z, r->Z, r->X);
- fe_sub(r->X, t0, r->Y);
- fe_sub(r->T, r->T, r->Z);
-}
-
-/* From ge_p3_0.c */
-
-//x
-static void ge_p3_0(ge_p3 *h) {
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
- fe_0(h->T);
-}
-
-/* From ge_p3_dbl.c */
-
-/*
-r = 2 * p
-*/
-
-//x
-static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
- ge_p2 q;
- ge_p3_to_p2(&q, p);
- ge_p2_dbl(r, &q);
-}
-
-/* From ge_p3_to_cached.c */
-
-/*
-r = p
-*/
-
-//x
-void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
- fe_add(r->YplusX, p->Y, p->X);
- fe_sub(r->YminusX, p->Y, p->X);
- fe_copy(r->Z, p->Z);
- fe_mul(r->T2d, p->T, fe_d2);
-}
-
-/* From ge_p3_to_p2.c */
-
-/*
-r = p
-*/
-
-//x
-void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
- fe_copy(r->X, p->X);
- fe_copy(r->Y, p->Y);
- fe_copy(r->Z, p->Z);
-}
-
-/* From ge_p3_tobytes.c */
-
-//x
-void ge_p3_tobytes(unsigned char *s, const ge_p3 *h) {
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip, h->Z);
- fe_mul(x, h->X, recip);
- fe_mul(y, h->Y, recip);
- fe_tobytes(s, y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-
-/* From ge_precomp_0.c */
-
-//x
-static void ge_precomp_0(ge_precomp *h) {
- fe_1(h->yplusx);
- fe_1(h->yminusx);
- fe_0(h->xy2d);
-}
-
-/* From ge_scalarmult_base.c */
-
-//x
-static unsigned char equal(signed char b, signed char c) {
- unsigned char ub = b;
- unsigned char uc = c;
- unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
- uint32_t y = x; /* 0: yes; 1..255: no */
- y -= 1; /* 4294967295: yes; 0..254: no */
- y >>= 31; /* 1: yes; 0: no */
- return y;
-}
-
-static unsigned char negative(signed char b) {
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
- x >>= 63; /* 1: yes; 0: no */
- return x;
-}
-
-static void ge_precomp_cmov(ge_precomp *t, const ge_precomp *u, unsigned char b) {
- fe_cmov(t->yplusx, u->yplusx, b);
- fe_cmov(t->yminusx, u->yminusx, b);
- fe_cmov(t->xy2d, u->xy2d, b);
-}
-
-static void select(ge_precomp *t, int pos, signed char b) {
- ge_precomp minust;
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
-
- ge_precomp_0(t);
- ge_precomp_cmov(t, &ge_base[pos][0], equal(babs, 1));
- ge_precomp_cmov(t, &ge_base[pos][1], equal(babs, 2));
- ge_precomp_cmov(t, &ge_base[pos][2], equal(babs, 3));
- ge_precomp_cmov(t, &ge_base[pos][3], equal(babs, 4));
- ge_precomp_cmov(t, &ge_base[pos][4], equal(babs, 5));
- ge_precomp_cmov(t, &ge_base[pos][5], equal(babs, 6));
- ge_precomp_cmov(t, &ge_base[pos][6], equal(babs, 7));
- ge_precomp_cmov(t, &ge_base[pos][7], equal(babs, 8));
- fe_copy(minust.yplusx, t->yminusx);
- fe_copy(minust.yminusx, t->yplusx);
- fe_neg(minust.xy2d, t->xy2d);
- ge_precomp_cmov(t, &minust, bnegative);
-}
-
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-
-Preconditions:
- a[31] <= 127
-*/
-
-void ge_scalarmult_base(ge_p3 *h, const unsigned char *a) {
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
- ge_p2 s;
- ge_precomp t;
- int i;
-
- for (i = 0; i < 32; ++i) {
- e[2 * i + 0] = (a[i] >> 0) & 15;
- e[2 * i + 1] = (a[i] >> 4) & 15;
- }
- /* each e[i] is between 0 and 15 */
- /* e[63] is between 0 and 7 */
-
- carry = 0;
- for (i = 0; i < 63; ++i) {
- e[i] += carry;
- carry = e[i] + 8;
- carry >>= 4;
- e[i] -= carry << 4;
- }
- e[63] += carry;
- /* each e[i] is between -8 and 8 */
-
- ge_p3_0(h);
- //note, these are indexing from 1, 3, 5, etc.
- for (i = 1; i < 64; i += 2) {
- select(&t, i / 2, e[i]); //here's where you grab multiples of the basepoint ..
- //so must be doing e P = (e[0] (2^4)^0 P + e[1] (2^4)^1 P + e[2] (2^4)^2 P + ...)
- //except, probably writing in big-endian to make more sense..
- //and the e[i] P are going to be pre-computed...
- //so have to wonder if by precomputing more, if can save time??
- ge_madd(&r, h, &t); ge_p1p1_to_p3(h, &r);
- }
-
- ge_p3_dbl(&r, h); ge_p1p1_to_p2(&s, &r);
- ge_p2_dbl(&r, &s); ge_p1p1_to_p2(&s, &r);
- ge_p2_dbl(&r, &s); ge_p1p1_to_p2(&s, &r);
- ge_p2_dbl(&r, &s); ge_p1p1_to_p3(h, &r);
-
- //note, these are indexing from 0, 2, 4, etc.
- for (i = 0; i < 64; i += 2) {
- select(&t, i / 2, e[i]);
- ge_madd(&r, h, &t); ge_p1p1_to_p3(h, &r);
- }
-}
-
-/* From ge_sub.c */
-
-/*
-r = p - q
-*/
-
-//x
-static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
- fe t0;
- fe_add(r->X, p->Y, p->X);
- fe_sub(r->Y, p->Y, p->X);
- fe_mul(r->Z, r->X, q->YminusX);
- fe_mul(r->Y, r->Y, q->YplusX);
- fe_mul(r->T, q->T2d, p->T);
- fe_mul(r->X, p->Z, q->Z);
- fe_add(t0, r->X, r->X);
- fe_sub(r->X, r->Z, r->Y);
- fe_add(r->Y, r->Z, r->Y);
- fe_sub(r->Z, t0, r->T);
- fe_add(r->T, t0, r->T);
-}
-
-/* From ge_tobytes.c */
-
-//x
-void ge_tobytes(unsigned char *s, const ge_p2 *h) {
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip, h->Z);
- fe_mul(x, h->X, recip);
- fe_mul(y, h->Y, recip);
- fe_tobytes(s, y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-
-/* From sc_reduce.c */
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-
-//x
-void sc_reduce(unsigned char *s) {
- //the point is to load in 21 bits at a time..
- //Mininero should give you the ints 2097151, the shifts below, and either load 3 or 4
- int64_t s0 = 2097151 & load_3(s); //2097151 is 21 1's in binary, so there are possible 5 bits left over..
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5); //now you start at 2^16, so you have to move right 5 bits to 2^21.., the 2 comes from the fact that you loaded 3 last time..
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2); //in last one you had bits 22 ->42, you are starting at (2^8)^5 = 2^40, so need to move right 2 bits...
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7); //etc...
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4); //ahh, these are "int 64;s"
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1); //not uint 64s
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
- int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
- int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
- int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
- int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
- int64_t s16 = 2097151 & load_3(s + 42);
- int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
- int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
- int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
- int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
- int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
- int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
- int64_t s23 = (load_4(s + 60) >> 3); //note no &2097151 here ..
- //so rather than doing 24 = 512
- //we've done 23 = 504
- //so curve size rather than
- //size of s
- //this should be handled
- //at the end with those
- //two extra reductions
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- //17 carries because 11, 12, ... 16 = #digits in l
-
- //reduce first 105 bits.. to go from 504 to 399
- //Note that 683901 * 2^(5*21) - 136657 * 2^(4 * 21) + ... - 66643 = 27742317777372353535851937790883648493, which is c in the curve order..
- s11 += s23 * 666643; // =1430509 - 2 ^ 21 //note there is a 12 step difference, 12^21 = 252
- //so you subtract q 12^21 and then add c at each step..
- //just have to be careful of the carries ..
- //If you are using unsigned int's, you had better carry at each step
- //so the first step is to factorize 252 and whatever radix
- //must be in those factors..
- s12 += s23 * 470296; // = 1626855 - 2^21 - 1
- s13 += s23 * 654183; // = 1442968 - 2 ^ 21 - 1?
- s14 -= s23 * 997805; //note the negative ones are same as result from toDigits
- s15 += s23 * 136657; // 1960495 - 2 ** 21
- s16 -= s23 * 683901; //note negative ones are same
-
- s10 += s22 * 666643; //22 - 10 = 12, 12 * 21 = 252
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
-
- s9 += s21 * 666643; //21 - 9 = 12
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- //so we repeat this until we get down to s11
- //note that 11 * 21 = 231
-
- //1st carry...
- //note span = 6 here
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;//take parts that are more than 21 bits in new s6 and add to s7..
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- //span = 5 here
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- //reduce 105 bits to go from 399 to 294
- s5 += s17 * 666643; //17 - 5 = 12 = 252/21
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
-
- s0 += s12 * 666643; //12 - 0 = 12..
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- //2nd carry
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- //reduce another 21 bits... go from 294 to 273
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- //3rd carry
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- //reduce last 21 bits to go from 273 to get to 2^252..
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- //carry
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- //go from 2^[256/12]'s to 2^[256/32]'s
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5); // | since there is no overlap
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/* New code */
-/* (u / v)^(m + 1) */
-static void fe_divpowm1(fe r, const fe u, const fe v) {
- fe v3, uv7, t0, t1, t2;
- int i;
-
- fe_sq(v3, v);
- fe_mul(v3, v3, v); /* v3 = v^3 */
- fe_sq(uv7, v3);
- fe_mul(uv7, uv7, v);
- fe_mul(uv7, uv7, u); /* uv7 = uv^7 */
-
- /*fe_pow22523(uv7, uv7);*/
-
- /* From fe_pow22523.c */
-
- fe_sq(t0, uv7);
- fe_sq(t1, t0);
- fe_sq(t1, t1);
- fe_mul(t1, uv7, t1);
- fe_mul(t0, t0, t1);
- fe_sq(t0, t0);
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 4; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 9; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 19; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 10; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 49; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 99; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 50; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t0, t0);
- fe_sq(t0, t0);
- fe_mul(t0, t0, uv7);
-
- /* End fe_pow22523.c */
- /* t0 = (uv^7)^((q-5)/8) */
- fe_mul(t0, t0, v3);
- fe_mul(r, t0, u); /* u^(m+1)v^(-(m+1)) */
-}
-
-static void ge_cached_0(ge_cached *r) {
- fe_1(r->YplusX);
- fe_1(r->YminusX);
- fe_1(r->Z);
- fe_0(r->T2d);
-}
-
-static void ge_cached_cmov(ge_cached *t, const ge_cached *u, unsigned char b) {
- fe_cmov(t->YplusX, u->YplusX, b);
- fe_cmov(t->YminusX, u->YminusX, b);
- fe_cmov(t->Z, u->Z, b);
- fe_cmov(t->T2d, u->T2d, b);
-}
-
-/* Assumes that a[31] <= 127 */
-void ge_scalarmult(ge_p2 *r, const unsigned char *a, const ge_p3 *A) {
- signed char e[64];
- int carry, carry2, i;
- ge_cached Ai[8]; /* 1 * A, 2 * A, ..., 8 * A */
- ge_p1p1 t;
- ge_p3 u;
-
- carry = 0; /* 0..1 */
- for (i = 0; i < 31; i++) {
- carry += a[i]; /* 0..256 */
- carry2 = (carry + 8) >> 4; /* 0..16 */
- e[2 * i] = carry - (carry2 << 4); /* -8..7 */
- carry = (carry2 + 8) >> 4; /* 0..1 */
- e[2 * i + 1] = carry2 - (carry << 4); /* -8..7 */
- }
- carry += a[31]; /* 0..128 */
- carry2 = (carry + 8) >> 4; /* 0..8 */
- e[62] = carry - (carry2 << 4); /* -8..7 */
- e[63] = carry2; /* 0..8 */
-
- ge_p3_to_cached(&Ai[0], A);
- for (i = 0; i < 7; i++) {
- ge_add(&t, A, &Ai[i]);
- ge_p1p1_to_p3(&u, &t);
- ge_p3_to_cached(&Ai[i + 1], &u);
- }
-
- ge_p2_0(r);
- for (i = 63; i >= 0; i--) {
- signed char b = e[i];
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
- ge_cached cur, minuscur;
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p3(&u, &t);
- ge_cached_0(&cur);
- ge_cached_cmov(&cur, &Ai[0], equal(babs, 1));
- ge_cached_cmov(&cur, &Ai[1], equal(babs, 2));
- ge_cached_cmov(&cur, &Ai[2], equal(babs, 3));
- ge_cached_cmov(&cur, &Ai[3], equal(babs, 4));
- ge_cached_cmov(&cur, &Ai[4], equal(babs, 5));
- ge_cached_cmov(&cur, &Ai[5], equal(babs, 6));
- ge_cached_cmov(&cur, &Ai[6], equal(babs, 7));
- ge_cached_cmov(&cur, &Ai[7], equal(babs, 8));
- fe_copy(minuscur.YplusX, cur.YminusX);
- fe_copy(minuscur.YminusX, cur.YplusX);
- fe_copy(minuscur.Z, cur.Z);
- fe_neg(minuscur.T2d, cur.T2d);
- ge_cached_cmov(&cur, &minuscur, bnegative);
- ge_add(&t, &u, &cur);
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//assume Bi has precomputed multiples
-void ge_double_scalarmult_precomp_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b, const ge_dsmp Bi) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */ //precomps
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//x
-void ge_mul8(ge_p1p1 *r, const ge_p2 *t) {
- ge_p2 u;
- ge_p2_dbl(r, t);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
-}
-
-//x
-void ge_fromfe_frombytes_vartime(ge_p2 *r, const unsigned char *s) {
- fe u, v, w, x, y, z;
- unsigned char sign;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = load_3(s + 29) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- u[0] = h0;
- u[1] = h1;
- u[2] = h2;
- u[3] = h3;
- u[4] = h4;
- u[5] = h5;
- u[6] = h6;
- u[7] = h7;
- u[8] = h8;
- u[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_sq2(v, u); /* 2 * u^2 */
- fe_1(w);
- fe_add(w, v, w); /* w = 2 * u^2 + 1 */
- fe_sq(x, w); /* w^2 */
- fe_mul(y, fe_ma2, v); /* -2 * A^2 * u^2 */
- fe_add(x, x, y); /* x = w^2 - 2 * A^2 * u^2 */
- fe_divpowm1(r->X, w, x); /* (w / x)^(m + 1) */
- fe_sq(y, r->X);
- fe_mul(x, y, x);
- fe_sub(y, w, x);
- fe_copy(z, fe_ma);
- if (fe_isnonzero(y)) {
- fe_add(y, w, x);
- if (fe_isnonzero(y)) {
- goto negative;
- } else {
- fe_mul(r->X, r->X, fe_fffb1);
- }
- } else {
- fe_mul(r->X, r->X, fe_fffb2);
- }
- fe_mul(r->X, r->X, u); /* u * sqrt(2 * A * (A + 2) * w / x) */
- fe_mul(z, z, v); /* -2 * A * u^2 */
- sign = 0;
- goto setsign;
-negative:
- fe_mul(x, x, fe_sqrtm1);
- fe_sub(y, w, x);
- if (fe_isnonzero(y)) {
- assert((fe_add(y, w, x), !fe_isnonzero(y)));
- fe_mul(r->X, r->X, fe_fffb3);
- } else {
- fe_mul(r->X, r->X, fe_fffb4);
- }
- /* r->X = sqrt(A * (A + 2) * w / x) */
- /* z = -A */
- sign = 1;
-setsign:
- if (fe_isnegative(r->X) != sign) {
- assert(fe_isnonzero(r->X));
- fe_neg(r->X, r->X);
- }
- fe_add(r->Z, z, w);
- fe_sub(r->Y, z, w);
- fe_mul(r->X, r->X, r->Z);
-#if !defined(NDEBUG)
- {
- fe check_x, check_y, check_iz, check_v;
- fe_invert(check_iz, r->Z);
- fe_mul(check_x, r->X, check_iz);
- fe_mul(check_y, r->Y, check_iz);
- fe_sq(check_x, check_x);
- fe_sq(check_y, check_y);
- fe_mul(check_v, check_x, check_y);
- fe_mul(check_v, fe_d, check_v);
- fe_add(check_v, check_v, check_x);
- fe_sub(check_v, check_v, check_y);
- fe_1(check_x);
- fe_add(check_v, check_v, check_x);
- assert(!fe_isnonzero(check_v));
- }
-#endif
-}
-
-//x
-void sc_0(unsigned char *s) {
- int i;
- for (i = 0; i < 32; i++) {
- s[i] = 0;
- }
-}
-
-//x
-void sc_reduce32(unsigned char *s) {
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = (load_4(s + 28) >> 7);
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-//x
-void sc_add(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 + b0;
- int64_t s1 = a1 + b1;
- int64_t s2 = a2 + b2;
- int64_t s3 = a3 + b3;
- int64_t s4 = a4 + b4;
- int64_t s5 = a5 + b5;
- int64_t s6 = a6 + b6;
- int64_t s7 = a7 + b7;
- int64_t s8 = a8 + b8;
- int64_t s9 = a9 + b9;
- int64_t s10 = a10 + b10;
- int64_t s11 = a11 + b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-//x
-void sc_sub(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 - b0;
- int64_t s1 = a1 - b1;
- int64_t s2 = a2 - b2;
- int64_t s3 = a3 - b3;
- int64_t s4 = a4 - b4;
- int64_t s5 = a5 - b5;
- int64_t s6 = a6 - b6;
- int64_t s7 = a7 - b7;
- int64_t s8 = a8 - b8;
- int64_t s9 = a9 - b9;
- int64_t s10 = a10 - b10;
- int64_t s11 = a11 - b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (c-ab) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-//x
-void sc_mulsub(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 - a0*b0;
- s1 = c1 - (a0*b1 + a1*b0);
- s2 = c2 - (a0*b2 + a1*b1 + a2*b0);
- s3 = c3 - (a0*b3 + a1*b2 + a2*b1 + a3*b0);
- s4 = c4 - (a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0);
- s5 = c5 - (a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0);
- s6 = c6 - (a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0);
- s7 = c7 - (a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0);
- s8 = c8 - (a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0);
- s9 = c9 - (a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0);
- s10 = c10 - (a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0);
- s11 = c11 - (a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0);
- s12 = -(a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1);
- s13 = -(a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2);
- s14 = -(a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3);
- s15 = -(a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4);
- s16 = -(a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5);
- s17 = -(a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6);
- s18 = -(a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7);
- s19 = -(a8*b11 + a9*b10 + a10*b9 + a11*b8);
- s20 = -(a9*b11 + a10*b10 + a11*b9);
- s21 = -(a10*b11 + a11*b10);
- s22 = -a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/* Assumes that a != INT64_MIN */
-//x c.f. lt in 32 bit ref
-static int64_t signum(int64_t a) {
- return (a >> 63) - ((-a) >> 63);
-}
-
-//x
-int sc_check(const unsigned char *s) {
- int64_t s0 = load_4(s);
- int64_t s1 = load_4(s + 4);
- int64_t s2 = load_4(s + 8);
- int64_t s3 = load_4(s + 12);
- int64_t s4 = load_4(s + 16);
- int64_t s5 = load_4(s + 20);
- int64_t s6 = load_4(s + 24);
- int64_t s7 = load_4(s + 28);
- return (signum(1559614444 - s0) + (signum(1477600026 - s1) << 1) + (signum(2734136534 - s2) << 2) + (signum(350157278 - s3) << 3) + (signum(-s4) << 4) + (signum(-s5) << 5) + (signum(-s6) << 6) + (signum(268435456 - s7) << 7)) >> 8;
-}
-
-//x
-int sc_isnonzero(const unsigned char *s) {
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
diff --git a/src/crypto/shen_ed25519_ref/crypto-ops.h b/src/crypto/shen_ed25519_ref/crypto-ops.h
deleted file mode 100644
index 6e1eb19a1..000000000
--- a/src/crypto/shen_ed25519_ref/crypto-ops.h
+++ /dev/null
@@ -1,148 +0,0 @@
-// Copyright (c) 2014-2015, The Monero Project
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-// of conditions and the following disclaimer in the documentation and/or other
-// materials provided with the distribution.
-//
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-// used to endorse or promote products derived from this software without specific
-// prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-#include <stdint.h>
-
-#pragma once
-
-
-/* From fe.h */
-
-//this guy may throw errors in windows
-typedef int32_t fe[10];
-
-/* From ge.h */
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
-} ge_p2;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p3;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p1p1;
-
-typedef struct {
- fe yplusx;
- fe yminusx;
- fe xy2d;
-} ge_precomp;
-
-typedef struct {
- fe YplusX;
- fe YminusX;
- fe Z;
- fe T2d;
-} ge_cached;
-
-/* From ge_add.c */
-
-void ge_add(ge_p1p1 *, const ge_p3 *, const ge_cached *);
-
-/* From ge_double_scalarmult.c, modified */
-
-typedef ge_cached ge_dsmp[8];
-extern const ge_precomp ge_Bi[8];
-void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s);
-void ge_double_scalarmult_base_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *);
-
-/* From ge_frombytes.c, modified */
-
-extern const fe fe_sqrtm1;
-extern const fe fe_d;
-int ge_frombytes_vartime(ge_p3 *, const unsigned char *);
-
-/* From ge_p1p1_to_p2.c */
-
-void ge_p1p1_to_p2(ge_p2 *, const ge_p1p1 *);
-
-/* From ge_p1p1_to_p3.c */
-
-void ge_p1p1_to_p3(ge_p3 *, const ge_p1p1 *);
-
-/* From ge_p2_dbl.c */
-
-void ge_p2_dbl(ge_p1p1 *, const ge_p2 *);
-
-/* From ge_p3_to_cached.c */
-
-extern const fe fe_d2;
-void ge_p3_to_cached(ge_cached *, const ge_p3 *);
-
-/* From ge_p3_to_p2.c */
-
-void ge_p3_to_p2(ge_p2 *, const ge_p3 *);
-
-/* From ge_p3_tobytes.c */
-
-void ge_p3_tobytes(unsigned char *, const ge_p3 *);
-
-/* From ge_scalarmult_base.c */
-
-extern const ge_precomp ge_base[32][8];
-void ge_scalarmult_base(ge_p3 *, const unsigned char *);
-
-/* From ge_tobytes.c */
-
-void ge_tobytes(unsigned char *, const ge_p2 *);
-
-/* From sc_reduce.c */
-
-void sc_reduce(unsigned char *);
-
-/* New code */
-
-void ge_scalarmult(ge_p2 *, const unsigned char *, const ge_p3 *);
-void ge_double_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *, const ge_dsmp);
-void ge_mul8(ge_p1p1 *, const ge_p2 *);
-extern const fe fe_ma2;
-extern const fe fe_ma;
-extern const fe fe_fffb1;
-extern const fe fe_fffb2;
-extern const fe fe_fffb3;
-extern const fe fe_fffb4;
-void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
-void sc_0(unsigned char *);
-void sc_reduce32(unsigned char *);
-void sc_add(unsigned char *, const unsigned char *, const unsigned char *);
-void sc_sub(unsigned char *, const unsigned char *, const unsigned char *);
-void sc_mulsub(unsigned char *, const unsigned char *, const unsigned char *, const unsigned char *);
-int sc_check(const unsigned char *);
-int sc_isnonzero(const unsigned char *); /* Doesn't normalize */
diff --git a/src/crypto/shen_ed25519_ref/crypto_int32.h b/src/crypto/shen_ed25519_ref/crypto_int32.h
deleted file mode 100755
index cae135e6e..000000000
--- a/src/crypto/shen_ed25519_ref/crypto_int32.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef crypto_int32_h
-#define crypto_int32_h
-
-typedef int crypto_int32;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/crypto_sign.h b/src/crypto/shen_ed25519_ref/crypto_sign.h
deleted file mode 100755
index afed20821..000000000
--- a/src/crypto/shen_ed25519_ref/crypto_sign.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef crypto_sign_edwards25519sha512batch_H
-#define crypto_sign_edwards25519sha512batch_H
-
-#define SECRETKEYBYTES 64
-#define PUBLICKEYBYTES 32
-#define SIGNATUREBYTES 64
-
-extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
-extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
-extern int crypto_sign_keypair(unsigned char *,unsigned char *);
-extern int crypto_sign_publickey(unsigned char *pk, unsigned char *sk, unsigned char *seed);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/crypto_uint32.h b/src/crypto/shen_ed25519_ref/crypto_uint32.h
deleted file mode 100755
index 21020d7b5..000000000
--- a/src/crypto/shen_ed25519_ref/crypto_uint32.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef crypto_uint32_h
-#define crypto_uint32_h
-
-typedef unsigned int crypto_uint32;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/crypto_verify_32.h b/src/crypto/shen_ed25519_ref/crypto_verify_32.h
deleted file mode 100755
index ad265c7a3..000000000
--- a/src/crypto/shen_ed25519_ref/crypto_verify_32.h
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef crypto_verify_32_H
-#define crypto_verify_32_H
-
-#define crypto_verify_32_ref_BYTES 32
-extern int crypto_verify_32(const unsigned char *,const unsigned char *);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ietf.txt b/src/crypto/shen_ed25519_ref/ietf.txt
deleted file mode 100644
index 0736f71ec..000000000
--- a/src/crypto/shen_ed25519_ref/ietf.txt
+++ /dev/null
@@ -1,1402 +0,0 @@
-
-
-[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]
-
-Versions: 00 01 02
-
-Network Working Group S. Josefsson
-Internet-Draft SJD AB
-Intended status: Informational N. Moeller
-Expires: August 26, 2015
- February 22, 2015
-
-
- EdDSA and Ed25519
-
- draft-josefsson-eddsa-ed25519-02
-
-
-Abstract
-
- The elliptic curve signature scheme EdDSA and one instance of it
- called Ed25519 is described. An example implementation and test
- vectors are provided.
-
-Status of This Memo
-
- This Internet-Draft is submitted in full conformance with the
- provisions of BCP 78 and BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF). Note that other groups may also distribute
- working documents as Internet-Drafts. The list of current Internet-
- Drafts is at http://datatracker.ietf.org/drafts/current/.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- This Internet-Draft will expire on August 26, 2015.
-
-Copyright Notice
-
- Copyright (c) 2015 IETF Trust and the persons identified as the
- document authors. All rights reserved.
-
- This document is subject to BCP 78 and the IETF Trust's Legal
- Provisions Relating to IETF Documents
- (http://trustee.ietf.org/license-info) in effect on the date of
- publication of this document. Please review these documents
- carefully, as they describe your rights and restrictions with respect
- to this document. Code Components extracted from this document must
- include Simplified BSD License text as described in Section 4.e of
- the Trust Legal Provisions and are provided without warranty as
- described in the Simplified BSD License.
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 1]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
- 2. Notation . . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 4. EdDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
- 4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 4
- 4.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 4.3. Sign . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 4.4. Verify . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 5. Ed25519 . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 5.1. Modular arithmetic . . . . . . . . . . . . . . . . . . . 6
- 5.2. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 6
- 5.3. Decoding . . . . . . . . . . . . . . . . . . . . . . . . 6
- 5.4. Point addition . . . . . . . . . . . . . . . . . . . . . 7
- 5.5. Key Generation . . . . . . . . . . . . . . . . . . . . . 8
- 5.6. Sign . . . . . . . . . . . . . . . . . . . . . . . . . . 8
- 5.7. Verify . . . . . . . . . . . . . . . . . . . . . . . . . 9
- 5.8. Python illustration . . . . . . . . . . . . . . . . . . . 9
- 6. Test Vectors for Ed25519 . . . . . . . . . . . . . . . . . . 14
- 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17
- 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
- 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
- 9.1. Side-channel leaks . . . . . . . . . . . . . . . . . . . 18
- 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
- 10.1. Normative References . . . . . . . . . . . . . . . . . . 18
- 10.2. Informative References . . . . . . . . . . . . . . . . . 18
- Appendix A. Ed25519 Python Library . . . . . . . . . . . . . . . 19
- Appendix B. Library driver . . . . . . . . . . . . . . . . . . . 23
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24
-
-1. Introduction
-
-
- The Edwards-curve Digital Signature Algorithm (EdDSA) is a variant of
- Schnorr's signature system with Twisted Edwards curves. EdDSA needs
- to be instantiated with certain parameters and this document describe
- Ed25519 - an instantiation of EdDSA in a curve over GF(2^255-19). To
- facilitate adoption in the Internet community of Ed25519, this
- document describe the signature scheme in an implementation-oriented
- way, and we provide sample code and test vectors.
-
- The advantages with EdDSA and Ed25519 include:
-
- 1. High-performance on a variety of platforms.
-
- 2. Does not require the use of a unique random number for each
- signature.
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 2]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- 3. More resilient to side-channel attacks.
-
- 4. Small public keys (32 bytes) and signatures (64 bytes).
-
- 5. The formulas are "strongly unified", i.e., they are valid for all
- points on the curve, with no exceptions. This obviates the need
- for EdDSA to perform expensive point validation on untrusted
- public values.
-
- 6. Collision resilience, meaning that hash-function collisions do
- not break this system.
-
- For further background, see the original EdDSA paper [EDDSA].
-
-2. Notation
-
-
- The following notation is used throughout the document:
-
- GF(p) finite field with p elements
-
- x^y x multiplied by itself y times
-
- B generator of the group or subgroup of interest
-
- n B B added to itself n times.
-
- h_i the i'th bit of h
-
- a || b (bit-)string a concatenated with (bit-)string b
-
-3. Background
-
-
- EdDSA is defined using an elliptic curve over GF(p) of the form
-
- -x^2 + y^2 = 1 + d x^2 y^2
-
- In general, p could be a prime power, but it is usually chosen as a
- prime number. It is required that p = 1 modulo 4 (which implies that
- -1 is a square modulo p) and that d is a non-square modulo p. For
- Ed25519, the curve used is equivalent to Curve25519 [CURVE25519],
- under a change of coordinates, which means that the difficulty of the
- discrete logarithm problem is the same as for Curve25519.
-
- Points on this curve form a group under addition, (x3, y3) = (x1, y1)
- + (x2, y2), with the formulas
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 3]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- x1 y2 + x2 y1 y1 y2 + x1 x2
- x3 = -------------------, y3 = -------------------
- 1 + d x1 x2 y1 y2 1 - d x1 x2 y1 y2
-
- The neutral element in the group is (0, 1).
-
- Unlike manyy other curves used for cryptographic applications, these
- formulas are "strongly unified": they are valid for all points on the
- curve, with no exceptions. In particular, the denominators are non-
- zero for all input points.
-
- There are more efficient formulas, which are still strongly unified,
- which use homogeneous coordinates to avoid the expensive modulo p
- inversions. See [Faster-ECC] and [Edwards-revisited].
-
-4. EdDSA
-
-
- EdDSA is a digital signature system with several parameters. The
- generic EdDSA digital signature system is normally not implemented
- directly, but instead a particular instance of EdDSA (like Ed25519)
- is implemented. A precise explanation of the generic EdDSA is thus
- not particulary useful for implementers, but for background and
- completeness, a succint description of the generic EdDSA algorithm is
- given here.
-
- EdDSA has seven parameters:
-
- 1. an integer b >= 10.
-
- 2. a cryptographic hash function H producing 2b-bit outputs.
-
- 3. a prime power p congruent to 1 modulo 4.
-
- 4. a (b-1)-bit encoding of elements of the finite field GF(p).
-
- 5. a non-square element d of GF(p)
-
- 6. an element B != (0,1) of the set E = { (x,y) is a member of GF(p)
- x GF(p) such that -x^2 + y^2 = 1 + dx^2y^2 }.
-
- 7. a prime q, of size b-3 bits, such that qB = (0, 1), i.e., q is
- the order of B or a multiple thereof.
-
-4.1. Encoding
-
-
- An element (x,y) of E is encoded as a b-bit string called ENC(x,y)
- which is the (b-1)-bit encoding of y concatenated with one bit that
- is 1 if x is negative and 0 if x is not negative. Negative elements
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 4]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- of GF(q) are those x which the (b-1)-bit encoding of x is
- lexicographically larger than the (b-1)-bit encoding of -x.
-
-4.2. Keys
-
-
- An EdDSA secret key is a b-bit string k. Let the hash H(k) = (h_0,
- h_1, ..., h_(2b-1)) determine an integer a which is 2^(b-2) plus the
- sum of m = 2^i * h_i for all i equal or larger than 3 and equal to or
- less than b-3 such that m is a member of the set { 2^(b-2), 2^(b-2) +
- 8, ..., 2^(b-1) - 8 }. The EdDSA public key is ENC(A) = ENC(aB).
- The bits h_b, ..., h_(2b-1) is used below during signing.
-
-4.3. Sign
-
-
- The signature of a message M under a secret key k is the 2b-bit
- string ENC(R) || ENC'(S), where ENC'(S) is defined as the b-bit
- little-endian encoding of S. R and S are derived as follows. First
- define r = H(h_b, ... h_(2b-1)), M) interpreting 2b-bit strings in
- little-endian form as integers in {0, 1, ..., 2^(2b)-1}. Let R=rB
- and S=(r+H(ENC(R) || ENC(A) || M)a) mod l.
-
-4.4. Verify
-
-
- To verify a signature ENC(R) || ENC'(S) on a message M under a public
- key ENC(A), proceed as follows. Parse the inputs so that A and R is
- an element of E, and S is a member of the set {0, 1, ..., l-1 }.
- Compute H' = H(ENC(R) || ENC(A) || M) and check the group equation
- 8SB = 8R + 8H'A in E. Verification is rejected if parsing fails or
- the group equation does not hold.
-
-5. Ed25519
-
-
- Theoretically, Ed25519 is EdDSA instantiated with b=256, H being
- SHA-512 [RFC4634], p is the prime 2^255-19, the 255-bit encoding of
- GF(2^255-19) being the little-endian encoding of {0, 1, ...,
- 2^255-20}, q is the prime 2^252 + 0x14def9dea2f79cd65812631a5cf5d3ed,
- d = -121665/121666 which is a member of GF(p), and B is the unique
- point (x, 4/5) in E for which x is "positive", which with the
- encoding used simply means that the least significant bit of x is 0.
- The curve p, prime q, d and B follows from [I-D.irtf-cfrg-curves].
-
- Written out explicitly, B is the point (15112221349535400772501151409
- 588531511454012693041857206046113283949847762202, 4631683569492647816
- 9428394003475163141307993866256225615783033603165251855960).
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 5]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-5.1. Modular arithmetic
-
-
- For advise on how to implement arithmetic modulo p = 2^255 - 1
- efficiently and securely, see Curve25519 [CURVE25519]. For inversion
- modulo p, it is recommended to use the identity x^-1 = x^(p-2) (mod
- p).
-
- For point decoding or "decompression", square roots modulo p are
- needed. They can be computed using the Tonelli-Shanks algorithm, or
- the special case for p = 5 (mod 8). To find a square root of a,
- first compute the candidate root x = a^((p+3)/8) (mod p). Then there
- are three cases:
-
- x^2 = a (mod p). Then x is a square root.
-
- x^2 = -a (mod p). Then 2^((p-1)/4) x is a square root.
-
- a is not a square modulo p.
-
-5.2. Encoding
-
-
- All values are coded as octet strings, and integers are coded using
- little endian convention. I.e., a 32-octet string h h[0],...h[31]
- represents the integer h[0] + 2^8 h[1] + ... + 2^248 h[31].
-
- A curve point (x,y), with coordiantes in the range 0 <= x,y < p, is
- coded as follows. First encode the y-coordinate as a little-endian
- string of 32 octets. The most significant bit of the final octet is
- always zero. To form the encoding of the point, copy the least
- significant bit of the x-coordinate to the most significant bit of
- the final octet.
-
-5.3. Decoding
-
-
- Decoding a point, given as a 32-octet string, is a little more
- complicated.
-
- 1. First interpret the string as an integer in little-endian
- representation. Bit 255 of this number is the least significant
- bit of the x-coordinate, and denote this value x_0. The
- y-coordinate is recovered simply by clearing this bit. If the
- resulting value is >= p, decoding fails.
-
- 2. To recover the x coordinate, the curve equation implies x^2 =
- (y^2 - 1) / (d y^2 + 1) (mod p). Since d is a non-square and -1
- is a square, the numerator, (d y^2 + 1), is always invertible
- modulo p. Let u = y^2 - 1 and v = d y^2 + 1. To compute the
- square root of (u/v), the first step is to compute the candidate
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 6]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- root x = (u/v)^((p+3)/8). This can be done using the following
- trick, to use a single modular powering for both the inversion of
- v and the square root:
-
- (p+3)/8 3 (p-5)/8
- x = (u/v) = u v (u v^7) (mod p)
-
- 3. Again, there are three cases:
-
- 1. If v x^2 = u (mod p), x is a square root.
-
- 2. If v x^2 = -u (mod p), set x <-- x 2^((p-1)/4), which is a
- square root.
-
- 3. Otherwise, no square root exists modulo p, and decoding
- fails.
-
- 4. Finally, use the x_0 bit to select the right square root. If x =
- 0, and x_0 = 1, decoding fails. Otherwise, if x_0 != x mod 2,
- set x <-- p - x. Return the decoded point (x,y).
-
-5.4. Point addition
-
-
- For point addition, the following method is recommended. A point
- (x,y) is represented in extended homogeneous coordinates (X, Y, Z,
- T), with x = X/Z, y = Y/Z, x y = T/Z.
-
- The following formulas for adding two points, (x3,y3) =
- (x1,y1)+(x2,y2) are described in [Edwards-revisited], section 3.1.
- They are strongly unified, i.e., they work for any pair of valid
- input points.
-
- A = (Y1-X1)*(Y2-X2)
- B = (Y1+X1)*(Y2+X2)
- C = T1*2*d*T2
- D = Z1*2*Z2
- E = B-A
- F = D-C
- G = D+C
- H = B+A
- X3 = E*F
- Y3 = G*H
- T3 = E*H
- Z3 = F*G
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 7]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-5.5. Key Generation
-
-
- The secret is 32 octets (256 bits, corresponding to b) of
- cryptographically-secure random data. See [RFC4086] for a discussion
- about randomness.
-
- The 32-byte public key is generated by the following steps.
-
- 1. Hash the 32-byte secret using SHA-512, storing the digest in a
- 64-octet large buffer, denoted h. Only the lower 32 bytes are
- used for generating the public key.
-
- 2. Prune the buffer. In C terminology:
-
- h[0] &= ~0x07;
- h[31] &= 0x7F;
- h[31] |= 0x40;
-
- 3. Interpret the buffer as the little-endian integer, forming a
- secret scalar a. Perform a known-base-point scalar
- multiplication a B.
-
- 4. The public key A is the encoding of the point aB. First encode
- the y coordinate (in the range 0 <= y < p) as a little-endian
- string of 32 octets. The most significant bit of the final octet
- is always zero. To form the encoding of the point aB, copy the
- least significant bit of the x coordinate to the most significant
- bit of the final octet. The result is the public key.
-
-5.6. Sign
-
-
- The imputs to the signing procedure is the secret key, a 32-octet
- string, and a message M of arbitrary size.
-
- 1. Hash the secret key, 32-octets, using SHA-512. Let h denote the
- resulting digest. Construct the secret scalar a from the first
- half of the digest, and the corresponding public key A, as
- described in the previous section. Let prefix denote the second
- half of the hash digest, h[32],...,h[63].
-
- 2. Compute SHA-512(prefix || M), where M is the message to be
- signed. Interpret the 64-octet digest as a little-endian integer
- r.
-
- 3. Compute the point rB. For efficiency, do this by first reducing
- r modulo q, the group order of B. Let the string R be the
- encoding of this point.
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 8]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- 4. Compute SHA512(R || A || M), and interpret the 64-octet digest as
- a little-endian integer k.
-
- 5. Compute s = (r + k a) mod q. For efficiency, again reduce k
- modulo q first.
-
- 6. Form the signature of the concatenation of R (32 octets) and the
- little-endian encoding of s (32 octets, three most significant
- bits of the final octets always zero).
-
-5.7. Verify
-
-
- 1. To verify a signature on a message M, first split the signature
- into two 32-octet halves. Decode the first half as a point R,
- and the second half as an integer s, in the range 0 <= s < q. If
- the decoding fails, the signature is invalid.
-
- 2. Compute SHA512(R || A || M), and interpret the 64-octet digest as
- a little-endian integer k.
-
- 3. Check the group equation 8s B = 8 R + 8k A. It's sufficient, but
- not required, to instead check s B = R + k A.
-
-5.8. Python illustration
-
-
- The rest of this section describes how Ed25519 can be implemented in
- Python (version 3.2 or later) for illustration. See appendix A for
- the complete implementation and appendix B for a test-driver to run
- it through some test vectors.
-
- First some preliminaries that will be needed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 9]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- import hashlib
-
- def sha512(s):
- return hashlib.sha512(s).digest()
-
- # Base field Z_p
- p = 2**255 - 19
-
- def modp_inv(x):
- return pow(x, p-2, p)
-
- # Curve constant
- d = -121665 * modp_inv(121666) % p
-
- # Group order
- q = 2**252 + 27742317777372353535851937790883648493
-
- def sha512_modq(s):
- return int.from_bytes(sha512(s), "little") % q
-
- Then follows functions to perform point operations.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 10]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-# Points are represented as tuples (X, Y, Z, T) of extended coordinates,
-# with x = X/Z, y = Y/Z, x*y = T/Z
-
-def point_add(P, Q):
- A = (P[1]-P[0])*(Q[1]-Q[0]) % p
- B = (P[1]+P[0])*(Q[1]+Q[0]) % p
- C = 2 * P[3] * Q[3] * d % p
- D = 2 * P[2] * Q[2] % p
- E = B-A
- F = D-C
- G = D+C
- H = B+A
- return (E*F, G*H, F*G, E*H)
-
-# Computes Q = s * Q
-def point_mul(s, P):
- Q = (0, 1, 1, 0) # Neutral element
- while s > 0:
- # Is there any bit-set predicate?
- if s & 1:
- Q = point_add(Q, P)
- P = point_add(P, P)
- s >>= 1
- return Q
-
-def point_equal(P, Q):
- # x1 / z1 == x2 / z2 <==> x1 * z2 == x2 * z1
- if (P[0] * Q[2] - Q[0] * P[2]) % p != 0:
- return False
- if (P[1] * Q[2] - Q[1] * P[2]) % p != 0:
- return False
- return True
-
- Now follows functions for point compression.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 11]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-# Square root of -1
-modp_sqrt_m1 = pow(2, (p-1) // 4, p)
-
-# Compute corresponding x coordinate, with low bit corresponding to sign,
-# or return None on failure
-def recover_x(y, sign):
- x2 = (y*y-1) * modp_inv(d*y*y+1)
- if x2 == 0:
- if sign:
- return None
- else:
- return 0
-
- # Compute square root of x2
- x = pow(x2, (p+3) // 8, p)
- if (x*x - x2) % p != 0:
- x = x * modp_sqrt_m1 % p
- if (x*x - x2) % p != 0:
- return None
-
- if (x & 1) != sign:
- x = p - x
- return x
-
-# Base point
-g_y = 4 * modp_inv(5) % p
-g_x = recover_x(g_y, 0)
-G = (g_x, g_y, 1, g_x * g_y % p)
-
-def point_compress(P):
- zinv = modp_inv(P[2])
- x = P[0] * zinv % p
- y = P[1] * zinv % p
- return int.to_bytes(y | ((x & 1) << 255), 32, "little")
-
-def point_decompress(s):
- if len(s) != 32:
- raise Exception("Invalid input length for decompression")
- y = int.from_bytes(s, "little")
- sign = y >> 255
- y &= (1 << 255) - 1
-
- x = recover_x(y, sign)
- if x is None:
- return None
- else:
- return (x, y, 1, x*y % p)
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 12]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- These are functions for manipulating the secret.
-
- def secret_expand(secret):
- if len(secret) != 32:
- raise Exception("Bad size of private key")
- h = sha512(secret)
- a = int.from_bytes(h[:32], "little")
- a &= (1 << 254) - 8
- a |= (1 << 254)
- return (a, h[32:])
-
- def secret_to_public(secret):
- (a, dummy) = secret_expand(secret)
- return point_compress(point_mul(a, G))
-
- The signature function works as below.
-
- def sign(secret, msg):
- a, prefix = secret_expand(secret)
- A = point_compress(point_mul(a, G))
- r = sha512_modq(prefix + msg)
- R = point_mul(r, G)
- Rs = point_compress(R)
- h = sha512_modq(Rs + A + msg)
- s = (r + h * a) % q
- return Rs + int.to_bytes(s, 32, "little")
-
- And finally the verification function.
-
- def verify(public, msg, signature):
- if len(public) != 32:
- raise Exception("Bad public-key length")
- if len(signature) != 64:
- Exception("Bad signature length")
- A = point_decompress(public)
- if not A:
- return False
- Rs = signature[:32]
- R = point_decompress(Rs)
- if not R:
- return False
- s = int.from_bytes(signature[32:], "little")
- h = sha512_modq(Rs + public + msg)
- sB = point_mul(s, G)
- hA = point_mul(h, A)
- return point_equal(sB, point_add(R, hA))
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 13]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-6. Test Vectors for Ed25519
-
-
- Below is a sequence of octets with test vectors for the the Ed25519
- signature algorithm. The octets are hex encoded and whitespace is
- inserted for readability. Private keys are 64 bytes, public keys 32
- bytes, message of arbitrary length, and signatures are 64 bytes. The
- test vectors are taken from [ED25519-TEST-VECTORS] (but we removed
- the public key as a suffix of the secret key, and removed the message
- from the signature) and [ED25519-LIBGCRYPT-TEST-VECTORS].
-
- -----TEST 1
- SECRET KEY:
- 9d61b19deffd5a60ba844af492ec2cc4
- 4449c5697b326919703bac031cae7f60
-
- PUBLIC KEY:
- d75a980182b10ab7d54bfed3c964073a
- 0ee172f3daa62325af021a68f707511a
-
- MESSAGE (length 0 bytes):
-
- SIGNATURE:
- e5564300c360ac729086e2cc806e828a
- 84877f1eb8e5d974d873e06522490155
- 5fb8821590a33bacc61e39701cf9b46b
- d25bf5f0595bbe24655141438e7a100b
-
- -----TEST 2
- SECRET KEY:
- 4ccd089b28ff96da9db6c346ec114e0f
- 5b8a319f35aba624da8cf6ed4fb8a6fb
-
- PUBLIC KEY:
- 3d4017c3e843895a92b70aa74d1b7ebc
- 9c982ccf2ec4968cc0cd55f12af4660c
-
- MESSAGE (length 1 byte):
- 72
-
- SIGNATURE:
- 92a009a9f0d4cab8720e820b5f642540
- a2b27b5416503f8fb3762223ebdb69da
- 085ac1e43e15996e458f3613d0f11d8c
- 387b2eaeb4302aeeb00d291612bb0c00
-
- -----TEST 3
- SECRET KEY:
- c5aa8df43f9f837bedb7442f31dcb7b1
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 14]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- 66d38535076f094b85ce3a2e0b4458f7
-
- PUBLIC KEY:
- fc51cd8e6218a1a38da47ed00230f058
- 0816ed13ba3303ac5deb911548908025
-
- MESSAGE (length 2 bytes):
- af82
-
- SIGNATURE:
- 6291d657deec24024827e69c3abe01a3
- 0ce548a284743a445e3680d7db5ac3ac
- 18ff9b538d16f290ae67f760984dc659
- 4a7c15e9716ed28dc027beceea1ec40a
-
- -----TEST 1024
- SECRET KEY:
- f5e5767cf153319517630f226876b86c
- 8160cc583bc013744c6bf255f5cc0ee5
-
- PUBLIC KEY:
- 278117fc144c72340f67d0f2316e8386
- ceffbf2b2428c9c51fef7c597f1d426e
-
- MESSAGE:
- 08b8b2b733424243760fe426a4b54908
- 632110a66c2f6591eabd3345e3e4eb98
- fa6e264bf09efe12ee50f8f54e9f77b1
- e355f6c50544e23fb1433ddf73be84d8
- 79de7c0046dc4996d9e773f4bc9efe57
- 38829adb26c81b37c93a1b270b20329d
- 658675fc6ea534e0810a4432826bf58c
- 941efb65d57a338bbd2e26640f89ffbc
- 1a858efcb8550ee3a5e1998bd177e93a
- 7363c344fe6b199ee5d02e82d522c4fe
- ba15452f80288a821a579116ec6dad2b
- 3b310da903401aa62100ab5d1a36553e
- 06203b33890cc9b832f79ef80560ccb9
- a39ce767967ed628c6ad573cb116dbef
- efd75499da96bd68a8a97b928a8bbc10
- 3b6621fcde2beca1231d206be6cd9ec7
- aff6f6c94fcd7204ed3455c68c83f4a4
- 1da4af2b74ef5c53f1d8ac70bdcb7ed1
- 85ce81bd84359d44254d95629e9855a9
- 4a7c1958d1f8ada5d0532ed8a5aa3fb2
- d17ba70eb6248e594e1a2297acbbb39d
- 502f1a8c6eb6f1ce22b3de1a1f40cc24
- 554119a831a9aad6079cad88425de6bd
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 15]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- e1a9187ebb6092cf67bf2b13fd65f270
- 88d78b7e883c8759d2c4f5c65adb7553
- 878ad575f9fad878e80a0c9ba63bcbcc
- 2732e69485bbc9c90bfbd62481d9089b
- eccf80cfe2df16a2cf65bd92dd597b07
- 07e0917af48bbb75fed413d238f5555a
- 7a569d80c3414a8d0859dc65a46128ba
- b27af87a71314f318c782b23ebfe808b
- 82b0ce26401d2e22f04d83d1255dc51a
- ddd3b75a2b1ae0784504df543af8969b
- e3ea7082ff7fc9888c144da2af58429e
- c96031dbcad3dad9af0dcbaaaf268cb8
- fcffead94f3c7ca495e056a9b47acdb7
- 51fb73e666c6c655ade8297297d07ad1
- ba5e43f1bca32301651339e22904cc8c
- 42f58c30c04aafdb038dda0847dd988d
- cda6f3bfd15c4b4c4525004aa06eeff8
- ca61783aacec57fb3d1f92b0fe2fd1a8
- 5f6724517b65e614ad6808d6f6ee34df
- f7310fdc82aebfd904b01e1dc54b2927
- 094b2db68d6f903b68401adebf5a7e08
- d78ff4ef5d63653a65040cf9bfd4aca7
- 984a74d37145986780fc0b16ac451649
- de6188a7dbdf191f64b5fc5e2ab47b57
- f7f7276cd419c17a3ca8e1b939ae49e4
- 88acba6b965610b5480109c8b17b80e1
- b7b750dfc7598d5d5011fd2dcc5600a3
- 2ef5b52a1ecc820e308aa342721aac09
- 43bf6686b64b2579376504ccc493d97e
- 6aed3fb0f9cd71a43dd497f01f17c0e2
- cb3797aa2a2f256656168e6c496afc5f
- b93246f6b1116398a346f1a641f3b041
- e989f7914f90cc2c7fff357876e506b5
- 0d334ba77c225bc307ba537152f3f161
- 0e4eafe595f6d9d90d11faa933a15ef1
- 369546868a7f3a45a96768d40fd9d034
- 12c091c6315cf4fde7cb68606937380d
- b2eaaa707b4c4185c32eddcdd306705e
- 4dc1ffc872eeee475a64dfac86aba41c
- 0618983f8741c5ef68d3a101e8a3b8ca
- c60c905c15fc910840b94c00a0b9d0
-
- SIGNATURE:
- 0aab4c900501b3e24d7cdf4663326a3a
- 87df5e4843b2cbdb67cbf6e460fec350
- aa5371b1508f9f4528ecea23c436d94b
- 5e8fcd4f681e30a6ac00a9704a188a03
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 16]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- -----TEST 1A
- -----An additional test with the data from test 1 but using an
- -----uncompressed public key.
- SECRET KEY:
- 9d61b19deffd5a60ba844af492ec2cc4
- 4449c5697b326919703bac031cae7f60
-
- PUBLIC KEY:
- 0455d0e09a2b9d34292297e08d60d0f6
- 20c513d47253187c24b12786bd777645
- ce1a5107f7681a02af2523a6daf372e1
- 0e3a0764c9d3fe4bd5b70ab18201985a
- d7
-
- MSG (length 0 bytes):
-
- SIGNATURE:
- e5564300c360ac729086e2cc806e828a
- 84877f1eb8e5d974d873e06522490155
- 5fb8821590a33bacc61e39701cf9b46b
- d25bf5f0595bbe24655141438e7a100b
-
- -----TEST 1B
- -----An additional test with the data from test 1 but using an
- -----compressed prefix.
- SECRET KEY:
- 9d61b19deffd5a60ba844af492ec2cc4
- 4449c5697b326919703bac031cae7f60
-
- PUBLIC KEY:
- 40d75a980182b10ab7d54bfed3c96407
- 3a0ee172f3daa62325af021a68f70751
- 1a
-
- MESSAGE (length 0 bytes):
-
- SIGNATURE:
- e5564300c360ac729086e2cc806e828a
- 84877f1eb8e5d974d873e06522490155
- 5fb8821590a33bacc61e39701cf9b46b
- d25bf5f0595bbe24655141438e7a100b
- -----
-
-7. Acknowledgements
-
-
- Feedback on this document was received from Werner Koch and Damien
- Miller.
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 17]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-8. IANA Considerations
-
-
- None.
-
-9. Security Considerations
-
-
-9.1. Side-channel leaks
-
-
- For implementations performing signatures, secrecy of the key is
- fundamental. It is possible to protect against some side-channel
- attacks by ensuring that the implementation executes exactly the same
- sequence of instructions and performs exactly the same memory
- accesses, for any value of the secret key.
-
- To make an implementation side-channel silent in this way, the modulo
- p arithmetic must not use any data-dependent branches, e.g., related
- to carry propagation. Side channel-silent point addition is
- straight-forward, thanks to the unified formulas.
-
- Scalar multiplication, multiplying a point by an integer, needs some
- additional effort to implement in a side-channel silent manner. One
- simple approach is to implement a side-channel silent conditional
- assignment, and use together with the binary algorithm to examine one
- bit of the integer at a time.
-
- Note that the example implementation in this document does not
- attempt to be side-channel silent.
-
-10. References
-
-
-10.1. Normative References
-
-
- [RFC4634] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
- (SHA and HMAC-SHA)", RFC 4634, July 2006.
-
- [I-D.irtf-cfrg-curves]
- Langley, A., Salz, R., and S. Turner, "Elliptic Curves for
- Security", draft-irtf-cfrg-curves-01 (work in progress),
- January 2015.
-
-10.2. Informative References
-
-
- [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
- Requirements for Security", BCP 106, RFC 4086, June 2005.
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 18]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- [EDDSA] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B.
- Yang, "High-speed high-security signatures", WWW
- http://ed25519.cr.yp.to/ed25519-20110926.pdf, September
- 2011.
-
- [Faster-ECC]
- Bernstein, D. and T. Lange, "Faster addition and doubling
- on elliptic curves", WWW http://eprint.iacr.org/2007/286,
- July 2007.
-
- [Edwards-revisited]
- Hisil, H., Wong, K., Carter, G., and E. Dawson, "Twisted
- Edwards Curves Revisited", WWW
- http://eprint.iacr.org/2008/522, December 2008.
-
- [CURVE25519]
- Bernstein, D., "Curve25519: new Diffie-Hellman speed
- records", WWW http://cr.yp.to/ecdh.html, February 2006.
-
- [ED25519-TEST-VECTORS]
- Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B.
- Yang, "Ed25519 test vectors", WWW
- http://ed25519.cr.yp.to/python/sign.input, July 2011.
-
- [ED25519-LIBGCRYPT-TEST-VECTORS]
- Koch, W., "Ed25519 Libgcrypt test vectors", WWW
- http://git.gnupg.org/cgi-
- bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=tests/t-ed25519.in
- p;h=e13566f826321eece65e02c593bc7d885b3dbe23;hb=refs/
- heads/master, July 2014.
-
-Appendix A. Ed25519 Python Library
-
-
- Below is an example implementation of Ed25519 written in Python,
- version 3.2 or higher is required.
-
-# Loosely based on the public domain code at
-# http://ed25519.cr.yp.to/software.html
-#
-# Needs python-3.2
-
-import hashlib
-
-
-def sha512(s):
- return hashlib.sha512(s).digest()
-
-# Base field Z_p
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 19]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
-p = 2**255 - 19
-
-
-def modp_inv(x):
- return pow(x, p-2, p)
-
-# Curve constant
-d = -121665 * modp_inv(121666) % p
-
-# Group order
-q = 2**252 + 27742317777372353535851937790883648493
-
-
-def sha512_modq(s):
- return int.from_bytes(sha512(s), "little") % q
-
-# Points are represented as tuples (X, Y, Z, T) of extended coordinates,
-# with x = X/Z, y = Y/Z, x*y = T/Z
-
-
-def point_add(P, Q):
- A = (P[1]-P[0])*(Q[1]-Q[0]) % p
- B = (P[1]+P[0])*(Q[1]+Q[0]) % p
- C = 2 * P[3] * Q[3] * d % p
- D = 2 * P[2] * Q[2] % p
- E = B-A
- F = D-C
- G = D+C
- H = B+A
- return (E*F, G*H, F*G, E*H)
-
-
-# Computes Q = s * Q
-def point_mul(s, P):
- Q = (0, 1, 1, 0) # Neutral element
- while s > 0:
- # Is there any bit-set predicate?
- if s & 1:
- Q = point_add(Q, P)
- P = point_add(P, P)
- s >>= 1
- return Q
-
-
-def point_equal(P, Q):
- # x1 / z1 == x2 / z2 <==> x1 * z2 == x2 * z1
- if (P[0] * Q[2] - Q[0] * P[2]) % p != 0:
- return False
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 20]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- if (P[1] * Q[2] - Q[1] * P[2]) % p != 0:
- return False
- return True
-
-# Square root of -1
-modp_sqrt_m1 = pow(2, (p-1) // 4, p)
-
-
-# Compute corresponding x coordinate, with low bit corresponding to sign,
-# or return None on failure
-def recover_x(y, sign):
- x2 = (y*y-1) * modp_inv(d*y*y+1)
- if x2 == 0:
- if sign:
- return None
- else:
- return 0
-
- # Compute square root of x2
- x = pow(x2, (p+3) // 8, p)
- if (x*x - x2) % p != 0:
- x = x * modp_sqrt_m1 % p
- if (x*x - x2) % p != 0:
- return None
-
- if (x & 1) != sign:
- x = p - x
- return x
-
-# Base point
-g_y = 4 * modp_inv(5) % p
-g_x = recover_x(g_y, 0)
-G = (g_x, g_y, 1, g_x * g_y % p)
-
-
-def point_compress(P):
- zinv = modp_inv(P[2])
- x = P[0] * zinv % p
- y = P[1] * zinv % p
- return int.to_bytes(y | ((x & 1) << 255), 32, "little")
-
-
-def point_decompress(s):
- if len(s) != 32:
- raise Exception("Invalid input length for decompression")
- y = int.from_bytes(s, "little")
- sign = y >> 255
- y &= (1 << 255) - 1
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 21]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- x = recover_x(y, sign)
- if x is None:
- return None
- else:
- return (x, y, 1, x*y % p)
-
-
-def secret_expand(secret):
- if len(secret) != 32:
- raise Exception("Bad size of private key")
- h = sha512(secret)
- a = int.from_bytes(h[:32], "little")
- a &= (1 << 254) - 8
- a |= (1 << 254)
- return (a, h[32:])
-
-
-def secret_to_public(secret):
- (a, dummy) = secret_expand(secret)
- return point_compress(point_mul(a, G))
-
-
-def sign(secret, msg):
- a, prefix = secret_expand(secret)
- A = point_compress(point_mul(a, G))
- r = sha512_modq(prefix + msg)
- R = point_mul(r, G)
- Rs = point_compress(R)
- h = sha512_modq(Rs + A + msg)
- s = (r + h * a) % q
- return Rs + int.to_bytes(s, 32, "little")
-
-
-def verify(public, msg, signature):
- if len(public) != 32:
- raise Exception("Bad public-key length")
- if len(signature) != 64:
- Exception("Bad signature length")
- A = point_decompress(public)
- if not A:
- return False
- Rs = signature[:32]
- R = point_decompress(Rs)
- if not R:
- return False
- s = int.from_bytes(signature[32:], "little")
- h = sha512_modq(Rs + public + msg)
- sB = point_mul(s, G)
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 22]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- hA = point_mul(h, A)
- return point_equal(sB, point_add(R, hA))
-
-Appendix B. Library driver
-
-
- Below is a command-line tool that uses the library above to perform
- computations, for interactive use or for self-checking.
-
- import sys
- import binascii
-
- from ed25519 import *
-
- def point_valid(P):
- zinv = modp_inv(P[2])
- x = P[0] * zinv % p
- y = P[1] * zinv % p
- assert (x*y - P[3]*zinv) % p == 0
- return (-x*x + y*y - 1 - d*x*x*y*y) % p == 0
-
- assert point_valid(G)
- Z = (0, 1, 1, 0)
- assert point_valid(Z)
-
- assert point_equal(Z, point_add(Z, Z))
- assert point_equal(G, point_add(Z, G))
- assert point_equal(Z, point_mul(0, G))
- assert point_equal(G, point_mul(1, G))
- assert point_equal(point_add(G, G), point_mul(2, G))
- for i in range(0, 100):
- assert point_valid(point_mul(i, G))
- assert point_equal(Z, point_mul(q, G))
-
- def munge_string(s, pos, change):
- return (s[:pos] +
- int.to_bytes(s[pos] ^ change, 1, "little") +
- s[pos+1:])
-
- # Read a file in the format of
- # http://ed25519.cr.yp.to/python/sign.input
- lineno = 0
- while True:
- line = sys.stdin.readline()
- if not line:
- break
- lineno = lineno + 1
- print(lineno)
- fields = line.split(":")
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 23]
-
-
-Internet-Draft EdDSA & Ed25519 February 2015
-
-
- secret = (binascii.unhexlify(fields[0]))[:32]
- public = binascii.unhexlify(fields[1])
- msg = binascii.unhexlify(fields[2])
- signature = binascii.unhexlify(fields[3])[:64]
-
- assert public == secret_to_public(secret)
- assert signature == sign(secret, msg)
- assert verify(public, msg, signature)
- if len(msg) == 0:
- bad_msg = b"x"
- else:
- bad_msg = munge_string(msg, len(msg) // 3, 4)
- assert not verify(public, bad_msg, signature)
- bad_signature = munge_string(signature, 20, 8)
- assert not verify(public, msg, bad_signature)
- bad_signature = munge_string(signature, 40, 16)
- assert not verify(public, msg, bad_signature)
-
-Authors' Addresses
-
- Simon Josefsson
- SJD AB
-
- Email: simon@josefsson.org
- URI: http://josefsson.org/
-
-
- Niels Moeller
-
- Email: nisse@lysator.liu.se
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Josefsson & Moeller Expires August 26, 2015 [Page 24]
-
-
-
-Html markup produced by rfcmarkup 1.113, available from https://tools.ietf.org/tools/rfcmarkup/
diff --git a/src/crypto/shen_ed25519_ref/include/Makefile.am b/src/crypto/shen_ed25519_ref/include/Makefile.am
deleted file mode 100644
index 894c371a3..000000000
--- a/src/crypto/shen_ed25519_ref/include/Makefile.am
+++ /dev/null
@@ -1,62 +0,0 @@
-
-SODIUM_EXPORT = \
- sodium.h \
- sodium/core.h \
- sodium/crypto_aead_chacha20poly1305.h \
- sodium/crypto_auth.h \
- sodium/crypto_auth_hmacsha256.h \
- sodium/crypto_auth_hmacsha512.h \
- sodium/crypto_auth_hmacsha512256.h \
- sodium/crypto_box.h \
- sodium/crypto_box_curve25519xsalsa20poly1305.h \
- sodium/crypto_core_hsalsa20.h \
- sodium/crypto_core_salsa20.h \
- sodium/crypto_core_salsa2012.h \
- sodium/crypto_core_salsa208.h \
- sodium/crypto_generichash.h \
- sodium/crypto_generichash_blake2b.h \
- sodium/crypto_hash.h \
- sodium/crypto_hash_sha256.h \
- sodium/crypto_hash_sha512.h \
- sodium/crypto_onetimeauth.h \
- sodium/crypto_onetimeauth_poly1305.h \
- sodium/crypto_pwhash_scryptsalsa208sha256.h \
- sodium/crypto_scalarmult.h \
- sodium/crypto_scalarmult_curve25519.h \
- sodium/crypto_secretbox.h \
- sodium/crypto_secretbox_xsalsa20poly1305.h \
- sodium/crypto_shorthash.h \
- sodium/crypto_shorthash_siphash24.h \
- sodium/crypto_sign.h \
- sodium/crypto_sign_ed25519.h \
- sodium/crypto_sign_edwards25519sha512batch.h \
- sodium/crypto_stream.h \
- sodium/crypto_stream_aes128ctr.h \
- sodium/crypto_stream_chacha20.h \
- sodium/crypto_stream_salsa20.h \
- sodium/crypto_stream_salsa2012.h \
- sodium/crypto_stream_salsa208.h \
- sodium/crypto_stream_xsalsa20.h \
- sodium/crypto_int32.h \
- sodium/crypto_int64.h \
- sodium/crypto_uint16.h \
- sodium/crypto_uint32.h \
- sodium/crypto_uint64.h \
- sodium/crypto_uint8.h \
- sodium/crypto_verify_16.h \
- sodium/crypto_verify_32.h \
- sodium/crypto_verify_64.h \
- sodium/export.h \
- sodium/randombytes.h \
- sodium/randombytes_salsa20_random.h \
- sodium/randombytes_sysrandom.h \
- sodium/runtime.h \
- sodium/utils.h
-
-EXTRA_SRC = $(SODIUM_EXPORT) \
- sodium/version.h.in
-
-nobase_include_HEADERS = $(SODIUM_EXPORT)
-
-nobase_nodist_include_HEADERS = \
- sodium/version.h
diff --git a/src/crypto/shen_ed25519_ref/include/libsodium_LICENSE b/src/crypto/shen_ed25519_ref/include/libsodium_LICENSE
deleted file mode 100644
index 3edb000f6..000000000
--- a/src/crypto/shen_ed25519_ref/include/libsodium_LICENSE
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * Copyright (c) 2013-2015
- * Frank Denis <j at pureftpd dot org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
diff --git a/src/crypto/shen_ed25519_ref/include/sodium.h b/src/crypto/shen_ed25519_ref/include/sodium.h
deleted file mode 100644
index 207bdedeb..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium.h
+++ /dev/null
@@ -1,50 +0,0 @@
-
-#ifndef sodium_H
-#define sodium_H
-
-#include "sodium/core.h"
-#include "sodium/crypto_aead_chacha20poly1305.h"
-#include "sodium/crypto_auth.h"
-#include "sodium/crypto_auth_hmacsha256.h"
-#include "sodium/crypto_auth_hmacsha512.h"
-#include "sodium/crypto_auth_hmacsha512256.h"
-#include "sodium/crypto_box.h"
-#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
-#include "sodium/crypto_core_hsalsa20.h"
-#include "sodium/crypto_core_salsa20.h"
-#include "sodium/crypto_core_salsa2012.h"
-#include "sodium/crypto_core_salsa208.h"
-#include "sodium/crypto_generichash.h"
-#include "sodium/crypto_generichash_blake2b.h"
-#include "sodium/crypto_hash.h"
-#include "sodium/crypto_hash_sha256.h"
-#include "sodium/crypto_hash_sha512.h"
-#include "sodium/crypto_onetimeauth.h"
-#include "sodium/crypto_onetimeauth_poly1305.h"
-#include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
-#include "sodium/crypto_scalarmult.h"
-#include "sodium/crypto_scalarmult_curve25519.h"
-#include "sodium/crypto_secretbox.h"
-#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
-#include "sodium/crypto_shorthash.h"
-#include "sodium/crypto_shorthash_siphash24.h"
-#include "sodium/crypto_sign.h"
-#include "sodium/crypto_sign_ed25519.h"
-#include "sodium/crypto_stream.h"
-#include "sodium/crypto_stream_aes128ctr.h"
-#include "sodium/crypto_stream_chacha20.h"
-#include "sodium/crypto_stream_salsa20.h"
-#include "sodium/crypto_stream_salsa2012.h"
-#include "sodium/crypto_stream_salsa208.h"
-#include "sodium/crypto_stream_xsalsa20.h"
-#include "sodium/crypto_verify_16.h"
-#include "sodium/crypto_verify_32.h"
-#include "sodium/crypto_verify_64.h"
-#include "sodium/randombytes.h"
-#include "sodium/randombytes_salsa20_random.h"
-#include "sodium/randombytes_sysrandom.h"
-#include "sodium/runtime.h"
-#include "sodium/utils.h"
-#include "sodium/version.h"
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_int32.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_int32.h
deleted file mode 100644
index a22019d87..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_int32.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_int32_H
-#define crypto_int32_H
-
-#include <stdint.h>
-
-typedef int32_t crypto_int32;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_int64.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_int64.h
deleted file mode 100644
index f68a28361..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_int64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_int64_H
-#define crypto_int64_H
-
-#include <stdint.h>
-
-typedef int64_t crypto_int64;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint16.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint16.h
deleted file mode 100644
index 6be4e347c..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint16.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_uint16_H
-#define crypto_uint16_H
-
-#include <stdint.h>
-
-typedef uint16_t crypto_uint16;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint32.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint32.h
deleted file mode 100644
index ba66cecc6..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint32.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_uint32_H
-#define crypto_uint32_H
-
-#include <stdint.h>
-
-typedef uint32_t crypto_uint32;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint64.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint64.h
deleted file mode 100644
index 98b3f6d34..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_uint64_H
-#define crypto_uint64_H
-
-#include <stdint.h>
-
-typedef uint64_t crypto_uint64;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint8.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint8.h
deleted file mode 100644
index 789613ba5..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_uint8.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef crypto_uint8_H
-#define crypto_uint8_H
-
-#include <stdint.h>
-
-typedef uint8_t crypto_uint8;
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/crypto_verify_32.h b/src/crypto/shen_ed25519_ref/include/sodium/crypto_verify_32.h
deleted file mode 100644
index 58e4d0e82..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/crypto_verify_32.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef crypto_verify_32_H
-#define crypto_verify_32_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_verify_32_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_verify_32_bytes(void);
-
-SODIUM_EXPORT
-int crypto_verify_32(const unsigned char *x, const unsigned char *y);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/include/sodium/randombytes.h b/src/crypto/shen_ed25519_ref/include/sodium/randombytes.h
deleted file mode 100644
index 08aff0525..000000000
--- a/src/crypto/shen_ed25519_ref/include/sodium/randombytes.h
+++ /dev/null
@@ -1,58 +0,0 @@
-
-#ifndef randombytes_H
-#define randombytes_H
-
-#include <sys/types.h>
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# if __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef struct randombytes_implementation {
- const char *(*implementation_name)(void); /* required */
- uint32_t (*random)(void); /* required */
- void (*stir)(void); /* optional */
- uint32_t (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
- void (*buf)(void * const buf, const size_t size); /* required */
- int (*close)(void); /* optional */
-} randombytes_implementation;
-
-SODIUM_EXPORT
-void randombytes_buf(void * const buf, const size_t size);
-
-SODIUM_EXPORT
-uint32_t randombytes_random(void);
-
-SODIUM_EXPORT
-uint32_t randombytes_uniform(const uint32_t upper_bound);
-
-SODIUM_EXPORT
-void randombytes_stir(void);
-
-SODIUM_EXPORT
-int randombytes_close(void);
-
-SODIUM_EXPORT
-int randombytes_set_implementation(randombytes_implementation *impl);
-
-SODIUM_EXPORT
-const char *randombytes_implementation_name(void);
-
-/* -- NaCl compatibility interface -- */
-
-SODIUM_EXPORT
-void randombytes(unsigned char * const buf, const unsigned long long buf_len);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/randombytes.c b/src/crypto/shen_ed25519_ref/randombytes.c
deleted file mode 100755
index fa7d42149..000000000
--- a/src/crypto/shen_ed25519_ref/randombytes.c
+++ /dev/null
@@ -1,52 +0,0 @@
-#ifndef _WIN32
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-/* it's really stupid that there isn't a syscall for this */
-
-static int ed25519_random_fd = -1;
-
-static inline void ed25519_randombytes(unsigned char *x,unsigned long long xlen)
-{
- int i;
-
- if (ed25519_random_fd == -1) {
- for (;;) {
- ed25519_random_fd = open("/dev/urandom",O_RDONLY);
- if (ed25519_random_fd != -1) break;
- sleep(1);
- }
- }
-
- while (xlen > 0) {
- if (xlen < 1048576) i = xlen; else i = 1048576;
-
- i = read(ed25519_random_fd,x,i);
- if (i < 1) {
- sleep(1);
- continue;
- }
-
- x += i;
- xlen -= i;
- }
-}
-
-#else
-#include <windows.h>
-#include <wincrypt.h>
-
-static inline void ed25519_randombytes(unsigned char *x,unsigned long long xlen)
-{
- HCRYPTPROV prov = 0;
-
- CryptAcquireContextW(&prov, NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
-
- CryptGenRandom(prov, xlen, x);
- CryptReleaseContext(prov, 0);
-}
-
-#endif /* _WIN32 */
diff --git a/src/crypto/shen_ed25519_ref/ref10/Makefile b/src/crypto/shen_ed25519_ref/ref10/Makefile
deleted file mode 100644
index 9b0ba7ad4..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-all: d.h d2.h sqrtm1.h base.h base2.h \
-ge_add.h ge_sub.h \
-ge_madd.h ge_msub.h \
-ge_p2_dbl.h \
-pow225521.h pow22523.h
-
-d.h: d.py
- python d.py > d.h
-
-d2.h: d2.py
- python d2.py > d2.h
-
-sqrtm1.h: sqrtm1.py
- python sqrtm1.py > sqrtm1.h
-
-base.h: base.py
- python base.py > base.h
-
-base2.h: base2.py
- python base2.py > base2.h
-
-ge_add.h: ge_add.q q2h.sh
- ./q2h.sh < ge_add.q > ge_add.h
-
-ge_sub.h: ge_sub.q q2h.sh
- ./q2h.sh < ge_sub.q > ge_sub.h
-
-ge_madd.h: ge_madd.q q2h.sh
- ./q2h.sh < ge_madd.q > ge_madd.h
-
-ge_msub.h: ge_msub.q q2h.sh
- ./q2h.sh < ge_msub.q > ge_msub.h
-
-ge_p2_dbl.h: ge_p2_dbl.q q2h.sh
- ./q2h.sh < ge_p2_dbl.q > ge_p2_dbl.h
-
-pow22523.h: pow22523.q q2h.sh
- ./q2h.sh < pow22523.q > pow22523.h
-
-pow225521.h: pow225521.q q2h.sh
- ./q2h.sh < pow225521.q > pow225521.h
diff --git a/src/crypto/shen_ed25519_ref/ref10/api.h b/src/crypto/shen_ed25519_ref/ref10/api.h
deleted file mode 100644
index d88dae0c3..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/api.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#define CRYPTO_SECRETKEYBYTES 64
-#define CRYPTO_PUBLICKEYBYTES 32
-#define CRYPTO_BYTES 64
-#define CRYPTO_DETERMINISTIC 1
diff --git a/src/crypto/shen_ed25519_ref/ref10/base.h b/src/crypto/shen_ed25519_ref/ref10/base.h
deleted file mode 100644
index 573bd8a05..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/base.h
+++ /dev/null
@@ -1,1344 +0,0 @@
-{
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
- { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
- { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
- { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
- { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
- { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
- { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
- { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
- { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
- },
-},
-{
- {
- { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
- { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
- { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
- },
- {
- { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
- { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
- { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
- },
- {
- { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
- { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
- { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
- },
- {
- { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
- { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
- { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
- },
- {
- { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
- { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
- { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
- },
- {
- { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
- { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
- { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
- },
- {
- { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
- { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
- { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
- },
- {
- { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
- { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
- { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
- },
-},
-{
- {
- { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
- { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
- { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
- },
- {
- { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
- { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
- { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
- },
- {
- { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
- { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
- { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
- },
- {
- { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
- { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
- { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
- },
- {
- { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
- { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
- { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
- },
- {
- { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
- { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
- { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
- },
- {
- { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
- { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
- { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
- },
- {
- { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
- { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
- { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
- },
-},
-{
- {
- { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
- { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
- { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
- },
- {
- { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
- { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
- { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
- },
- {
- { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
- { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
- { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
- },
- {
- { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
- { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
- { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
- },
- {
- { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
- { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
- { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
- },
- {
- { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
- { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
- { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
- },
- {
- { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
- { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
- { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
- },
- {
- { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
- { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
- { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
- },
-},
-{
- {
- { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
- { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
- { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
- },
- {
- { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
- { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
- { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
- },
- {
- { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
- { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
- { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
- },
- {
- { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
- { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
- { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
- },
- {
- { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
- { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
- { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
- },
- {
- { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
- { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
- { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
- },
- {
- { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
- { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
- { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
- },
- {
- { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
- { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
- { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
- },
-},
-{
- {
- { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
- { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
- { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
- },
- {
- { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
- { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
- { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
- },
- {
- { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
- { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
- { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
- },
- {
- { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
- { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
- { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
- },
- {
- { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
- { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
- { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
- },
- {
- { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
- { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
- { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
- },
- {
- { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
- { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
- { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
- },
- {
- { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
- { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
- { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
- },
-},
-{
- {
- { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
- { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
- { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
- },
- {
- { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
- { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
- { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
- },
- {
- { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
- { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
- { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
- },
- {
- { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
- { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
- { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
- },
- {
- { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
- { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
- { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
- },
- {
- { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
- { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
- { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
- },
- {
- { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
- { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
- { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
- },
- {
- { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
- { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
- { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
- },
-},
-{
- {
- { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
- { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
- { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
- },
- {
- { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
- { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
- { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
- },
- {
- { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
- { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
- { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
- },
- {
- { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
- { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
- { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
- },
- {
- { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
- { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
- { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
- },
- {
- { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
- { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
- { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
- },
- {
- { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
- { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
- { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
- },
- {
- { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
- { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
- { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
- },
-},
-{
- {
- { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
- { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
- { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
- },
- {
- { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
- { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
- { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
- },
- {
- { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
- { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
- { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
- },
- {
- { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
- { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
- { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
- },
- {
- { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
- { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
- { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
- },
- {
- { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
- { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
- { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
- },
- {
- { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
- { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
- { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
- },
- {
- { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
- { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
- { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
- },
-},
-{
- {
- { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
- { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
- { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
- },
- {
- { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
- { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
- { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
- },
- {
- { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
- { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
- { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
- },
- {
- { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
- { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
- { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
- },
- {
- { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
- { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
- { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
- },
- {
- { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
- { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
- { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
- },
- {
- { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
- { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
- { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
- },
- {
- { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
- { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
- { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
- },
-},
-{
- {
- { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
- { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
- { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
- },
- {
- { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
- { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
- { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
- },
- {
- { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
- { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
- { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
- },
- {
- { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
- { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
- { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
- },
- {
- { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
- { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
- { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
- },
- {
- { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
- { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
- { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
- },
- {
- { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
- { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
- { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
- },
- {
- { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
- { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
- { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
- },
-},
-{
- {
- { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
- { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
- { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
- },
- {
- { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
- { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
- { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
- },
- {
- { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
- { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
- { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
- },
- {
- { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
- { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
- { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
- },
- {
- { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
- { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
- { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
- },
- {
- { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
- { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
- { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
- },
- {
- { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
- { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
- { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
- },
- {
- { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
- { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
- { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
- },
-},
-{
- {
- { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
- { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
- { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
- },
- {
- { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
- { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
- { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
- },
- {
- { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
- { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
- { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
- },
- {
- { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
- { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
- { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
- },
- {
- { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
- { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
- { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
- },
- {
- { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
- { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
- { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
- },
- {
- { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
- { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
- { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
- },
- {
- { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
- { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
- { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
- },
-},
-{
- {
- { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
- { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
- { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
- },
- {
- { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
- { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
- { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
- },
- {
- { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
- { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
- { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
- },
- {
- { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
- { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
- { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
- },
- {
- { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
- { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
- { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
- },
- {
- { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
- { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
- { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
- },
- {
- { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
- { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
- { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
- },
- {
- { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
- { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
- { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
- },
-},
-{
- {
- { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
- { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
- { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
- },
- {
- { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
- { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
- { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
- },
- {
- { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
- { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
- { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
- },
- {
- { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
- { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
- { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
- },
- {
- { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
- { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
- { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
- },
- {
- { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
- { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
- { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
- },
- {
- { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
- { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
- { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
- },
- {
- { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
- { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
- { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
- },
-},
-{
- {
- { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
- { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
- { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
- },
- {
- { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
- { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
- { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
- },
- {
- { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
- { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
- { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
- },
- {
- { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
- { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
- { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
- },
- {
- { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
- { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
- { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
- },
- {
- { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
- { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
- { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
- },
- {
- { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
- { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
- { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
- },
- {
- { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
- { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
- { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
- },
-},
-{
- {
- { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
- { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
- { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
- },
- {
- { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
- { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
- { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
- },
- {
- { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
- { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
- { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
- },
- {
- { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
- { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
- { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
- },
- {
- { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
- { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
- { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
- },
- {
- { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
- { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
- { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
- },
- {
- { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
- { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
- { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
- },
- {
- { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
- { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
- { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
- },
-},
-{
- {
- { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
- { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
- { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
- },
- {
- { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
- { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
- { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
- },
- {
- { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
- { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
- { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
- },
- {
- { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
- { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
- { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
- },
- {
- { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
- { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
- { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
- },
- {
- { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
- { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
- { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
- },
- {
- { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
- { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
- { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
- },
- {
- { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
- { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
- { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
- },
-},
-{
- {
- { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
- { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
- { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
- },
- {
- { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
- { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
- { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
- },
- {
- { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
- { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
- { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
- },
- {
- { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
- { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
- { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
- },
- {
- { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
- { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
- { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
- },
- {
- { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
- { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
- { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
- },
- {
- { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
- { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
- { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
- },
- {
- { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
- { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
- { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
- },
-},
-{
- {
- { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
- { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
- { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
- },
- {
- { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
- { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
- { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
- },
- {
- { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
- { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
- { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
- },
- {
- { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
- { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
- { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
- },
- {
- { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
- { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
- { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
- },
- {
- { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
- { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
- { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
- },
- {
- { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
- { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
- { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
- },
- {
- { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
- { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
- { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
- },
-},
-{
- {
- { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
- { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
- { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
- },
- {
- { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
- { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
- { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
- },
- {
- { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
- { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
- { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
- },
- {
- { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
- { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
- { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
- },
- {
- { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
- { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
- { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
- },
- {
- { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
- { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
- { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
- },
- {
- { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
- { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
- { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
- },
- {
- { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
- { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
- { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
- },
-},
-{
- {
- { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
- { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
- { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
- },
- {
- { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
- { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
- { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
- },
- {
- { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
- { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
- { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
- },
- {
- { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
- { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
- { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
- },
- {
- { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
- { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
- { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
- },
- {
- { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
- { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
- { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
- },
- {
- { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
- { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
- { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
- },
- {
- { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
- { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
- { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
- },
-},
-{
- {
- { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
- { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
- { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
- },
- {
- { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
- { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
- { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
- },
- {
- { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
- { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
- { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
- },
- {
- { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
- { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
- { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
- },
- {
- { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
- { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
- { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
- },
- {
- { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
- { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
- { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
- },
- {
- { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
- { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
- { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
- },
- {
- { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
- { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
- { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
- },
-},
-{
- {
- { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
- { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
- { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
- },
- {
- { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
- { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
- { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
- },
- {
- { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
- { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
- { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
- },
- {
- { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
- { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
- { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
- },
- {
- { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
- { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
- { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
- },
- {
- { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
- { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
- { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
- },
- {
- { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
- { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
- { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
- },
- {
- { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
- { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
- { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
- },
-},
-{
- {
- { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
- { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
- { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
- },
- {
- { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
- { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
- { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
- },
- {
- { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
- { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
- { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
- },
- {
- { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
- { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
- { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
- },
- {
- { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
- { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
- { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
- },
- {
- { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
- { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
- { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
- },
- {
- { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
- { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
- { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
- },
- {
- { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
- { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
- { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
- },
-},
-{
- {
- { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
- { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
- { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
- },
- {
- { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
- { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
- { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
- },
- {
- { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
- { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
- { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
- },
- {
- { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
- { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
- { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
- },
- {
- { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
- { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
- { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
- },
- {
- { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
- { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
- { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
- },
- {
- { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
- { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
- { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
- },
- {
- { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
- { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
- { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
- },
-},
-{
- {
- { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
- { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
- { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
- },
- {
- { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
- { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
- { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
- },
- {
- { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
- { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
- { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
- },
- {
- { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
- { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
- { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
- },
- {
- { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
- { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
- { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
- },
- {
- { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
- { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
- { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
- },
- {
- { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
- { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
- { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
- },
- {
- { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
- { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
- { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
- },
-},
-{
- {
- { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
- { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
- { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
- },
- {
- { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
- { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
- { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
- },
- {
- { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
- { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
- { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
- },
- {
- { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
- { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
- { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
- },
- {
- { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
- { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
- { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
- },
- {
- { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
- { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
- { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
- },
- {
- { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
- { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
- { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
- },
- {
- { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
- { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
- { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
- },
-},
-{
- {
- { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
- { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
- { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
- },
- {
- { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
- { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
- { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
- },
- {
- { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
- { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
- { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
- },
- {
- { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
- { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
- { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
- },
- {
- { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
- { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
- { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
- },
- {
- { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
- { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
- { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
- },
- {
- { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
- { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
- { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
- },
- {
- { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
- { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
- { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
- },
-},
-{
- {
- { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
- { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
- { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
- },
- {
- { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
- { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
- { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
- },
- {
- { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
- { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
- { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
- },
- {
- { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
- { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
- { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
- },
- {
- { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
- { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
- { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
- },
- {
- { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
- { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
- { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
- },
- {
- { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
- { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
- { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
- },
- {
- { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
- { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
- { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
- },
-},
-{
- {
- { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
- { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
- { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
- },
- {
- { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
- { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
- { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
- },
- {
- { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
- { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
- { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
- },
- {
- { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
- { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
- { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
- },
- {
- { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
- { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
- { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
- },
- {
- { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
- { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
- { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
- },
- {
- { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
- { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
- { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
- },
- {
- { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
- { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
- { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
- },
-},
-{
- {
- { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
- { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
- { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
- },
- {
- { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
- { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
- { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
- },
- {
- { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
- { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
- { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
- },
- {
- { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
- { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
- { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
- },
- {
- { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
- { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
- { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
- },
- {
- { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
- { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
- { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
- },
- {
- { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
- { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
- { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
- },
- {
- { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
- { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
- { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
- },
-},
diff --git a/src/crypto/shen_ed25519_ref/ref10/base.py b/src/crypto/shen_ed25519_ref/ref10/base.py
deleted file mode 100644
index 84accc858..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/base.py
+++ /dev/null
@@ -1,65 +0,0 @@
-b = 256
-q = 2**255 - 19
-l = 2**252 + 27742317777372353535851937790883648493
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-d = -121665 * inv(121666)
-I = expmod(2,(q-1)/4,q)
-
-def xrecover(y):
- xx = (y*y-1) * inv(d*y*y+1)
- x = expmod(xx,(q+3)/8,q)
- if (x*x - xx) % q != 0: x = (x*I) % q
- if x % 2 != 0: x = q-x
- return x
-
-By = 4 * inv(5)
-Bx = xrecover(By)
-B = [Bx % q,By % q]
-
-def edwards(P,Q):
- x1 = P[0]
- y1 = P[1]
- x2 = Q[0]
- y2 = Q[1]
- x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
- y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
- return [x3 % q,y3 % q]
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-Bi = B
-for i in range(32):
- print "{"
- Bij = Bi
- for j in range(8):
- print " {"
- print " {",radix255(Bij[1]+Bij[0]),"},"
- print " {",radix255(Bij[1]-Bij[0]),"},"
- print " {",radix255(2*d*Bij[0]*Bij[1]),"},"
- Bij = edwards(Bij,Bi)
- print " },"
- print "},"
- for k in range(8):
- Bi = edwards(Bi,Bi)
diff --git a/src/crypto/shen_ed25519_ref/ref10/base2.h b/src/crypto/shen_ed25519_ref/ref10/base2.h
deleted file mode 100644
index 8c538440f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/base2.h
+++ /dev/null
@@ -1,40 +0,0 @@
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
- { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
- { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
- },
- {
- { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
- { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
- { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
- },
- {
- { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
- { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
- { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
- },
- {
- { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
- { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
- { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
- },
diff --git a/src/crypto/shen_ed25519_ref/ref10/base2.py b/src/crypto/shen_ed25519_ref/ref10/base2.py
deleted file mode 100644
index 5e4e8739d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/base2.py
+++ /dev/null
@@ -1,60 +0,0 @@
-b = 256
-q = 2**255 - 19
-l = 2**252 + 27742317777372353535851937790883648493
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-d = -121665 * inv(121666)
-I = expmod(2,(q-1)/4,q)
-
-def xrecover(y):
- xx = (y*y-1) * inv(d*y*y+1)
- x = expmod(xx,(q+3)/8,q)
- if (x*x - xx) % q != 0: x = (x*I) % q
- if x % 2 != 0: x = q-x
- return x
-
-By = 4 * inv(5)
-Bx = xrecover(By)
-B = [Bx % q,By % q]
-
-def edwards(P,Q):
- x1 = P[0]
- y1 = P[1]
- x2 = Q[0]
- y2 = Q[1]
- x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
- y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
- return [x3 % q,y3 % q]
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-Bi = B
-
-for i in range(8):
- print " {"
- print " {",radix255(Bi[1]+Bi[0]),"},"
- print " {",radix255(Bi[1]-Bi[0]),"},"
- print " {",radix255(2*d*Bi[0]*Bi[1]),"},"
- print " },"
- Bi = edwards(B,edwards(B,Bi))
diff --git a/src/crypto/shen_ed25519_ref/ref10/d.h b/src/crypto/shen_ed25519_ref/ref10/d.h
deleted file mode 100644
index e25f57835..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/d.h
+++ /dev/null
@@ -1 +0,0 @@
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
diff --git a/src/crypto/shen_ed25519_ref/ref10/d.py b/src/crypto/shen_ed25519_ref/ref10/d.py
deleted file mode 100644
index 8995bb86a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/d.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-d = -121665 * inv(121666)
-print radix255(d)
diff --git a/src/crypto/shen_ed25519_ref/ref10/d2.h b/src/crypto/shen_ed25519_ref/ref10/d2.h
deleted file mode 100644
index 01aaec751..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/d2.h
+++ /dev/null
@@ -1 +0,0 @@
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
diff --git a/src/crypto/shen_ed25519_ref/ref10/d2.py b/src/crypto/shen_ed25519_ref/ref10/d2.py
deleted file mode 100644
index 79841758b..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/d2.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-d = -121665 * inv(121666)
-print radix255(d*2)
diff --git a/src/crypto/shen_ed25519_ref/ref10/description b/src/crypto/shen_ed25519_ref/ref10/description
deleted file mode 100644
index cbfcb2cba..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/description
+++ /dev/null
@@ -1,2 +0,0 @@
-EdDSA signatures using Curve25519
-from http://hyperelliptic.org/ebats/supercop-20141124.tar.bz2
diff --git a/src/crypto/shen_ed25519_ref/ref10/designers b/src/crypto/shen_ed25519_ref/ref10/designers
deleted file mode 100644
index 2a3a93a8e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/designers
+++ /dev/null
@@ -1,5 +0,0 @@
-Daniel J. Bernstein
-Niels Duif
-Tanja Lange
-Peter Schwabe
-Bo-Yin Yang
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe.h b/src/crypto/shen_ed25519_ref/ref10/fe.h
deleted file mode 100644
index 60c308ba4..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef FE_H
-#define FE_H
-
-#include "crypto_int32.h"
-
-typedef crypto_int32 fe[10];
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
-#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
-#define fe_copy crypto_sign_ed25519_ref10_fe_copy
-#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
-#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
-#define fe_0 crypto_sign_ed25519_ref10_fe_0
-#define fe_1 crypto_sign_ed25519_ref10_fe_1
-#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
-#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
-#define fe_add crypto_sign_ed25519_ref10_fe_add
-#define fe_sub crypto_sign_ed25519_ref10_fe_sub
-#define fe_neg crypto_sign_ed25519_ref10_fe_neg
-#define fe_mul crypto_sign_ed25519_ref10_fe_mul
-#define fe_sq crypto_sign_ed25519_ref10_fe_sq
-#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
-#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
-#define fe_invert crypto_sign_ed25519_ref10_fe_invert
-#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
-
-extern void fe_frombytes(fe,const unsigned char *);
-extern void fe_tobytes(unsigned char *,const fe);
-
-extern void fe_copy(fe,const fe);
-extern int fe_isnonzero(const fe);
-extern int fe_isnegative(const fe);
-extern void fe_0(fe);
-extern void fe_1(fe);
-extern void fe_cswap(fe,fe,unsigned int);
-extern void fe_cmov(fe,const fe,unsigned int);
-
-extern void fe_add(fe,const fe,const fe);
-extern void fe_sub(fe,const fe,const fe);
-extern void fe_neg(fe,const fe);
-extern void fe_mul(fe,const fe,const fe);
-extern void fe_sq(fe,const fe);
-extern void fe_sq2(fe,const fe);
-extern void fe_mul121666(fe,const fe);
-extern void fe_invert(fe,const fe);
-extern void fe_pow22523(fe,const fe);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_0.c b/src/crypto/shen_ed25519_ref/ref10/fe_0.c
deleted file mode 100644
index ec879d733..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_0.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
- h[0] = 0;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_1.c b/src/crypto/shen_ed25519_ref/ref10/fe_1.c
deleted file mode 100644
index 8cf778484..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_1.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
- h[0] = 1;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_add.c b/src/crypto/shen_ed25519_ref/ref10/fe_add.c
deleted file mode 100644
index e6a81da20..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_add.c
+++ /dev/null
@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 h0 = f0 + g0;
- crypto_int32 h1 = f1 + g1;
- crypto_int32 h2 = f2 + g2;
- crypto_int32 h3 = f3 + g3;
- crypto_int32 h4 = f4 + g4;
- crypto_int32 h5 = f5 + g5;
- crypto_int32 h6 = f6 + g6;
- crypto_int32 h7 = f7 + g7;
- crypto_int32 h8 = f8 + g8;
- crypto_int32 h9 = f9 + g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_cmov.c b/src/crypto/shen_ed25519_ref/ref10/fe_cmov.c
deleted file mode 100644
index 8ca584fb1..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_cmov.c
+++ /dev/null
@@ -1,63 +0,0 @@
-#include "fe.h"
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cmov(fe f,const fe g,unsigned int b)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 x0 = f0 ^ g0;
- crypto_int32 x1 = f1 ^ g1;
- crypto_int32 x2 = f2 ^ g2;
- crypto_int32 x3 = f3 ^ g3;
- crypto_int32 x4 = f4 ^ g4;
- crypto_int32 x5 = f5 ^ g5;
- crypto_int32 x6 = f6 ^ g6;
- crypto_int32 x7 = f7 ^ g7;
- crypto_int32 x8 = f8 ^ g8;
- crypto_int32 x9 = f9 ^ g9;
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_copy.c b/src/crypto/shen_ed25519_ref/ref10/fe_copy.c
deleted file mode 100644
index 9c5bf865a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_copy.c
+++ /dev/null
@@ -1,29 +0,0 @@
-#include "fe.h"
-
-/*
-h = f
-*/
-
-void fe_copy(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_frombytes.c b/src/crypto/shen_ed25519_ref/ref10/fe_frombytes.c
deleted file mode 100644
index 5c1791748..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_frombytes.c
+++ /dev/null
@@ -1,73 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Ignores top bit of h.
-*/
-
-void fe_frombytes(fe h,const unsigned char *s)
-{
- crypto_int64 h0 = load_4(s);
- crypto_int64 h1 = load_3(s + 4) << 6;
- crypto_int64 h2 = load_3(s + 7) << 5;
- crypto_int64 h3 = load_3(s + 10) << 3;
- crypto_int64 h4 = load_3(s + 13) << 2;
- crypto_int64 h5 = load_4(s + 16);
- crypto_int64 h6 = load_3(s + 20) << 7;
- crypto_int64 h7 = load_3(s + 23) << 5;
- crypto_int64 h8 = load_3(s + 26) << 4;
- crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_invert.c b/src/crypto/shen_ed25519_ref/ref10/fe_invert.c
deleted file mode 100644
index bcfdb8ff8..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_invert.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "fe.h"
-
-void fe_invert(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- fe t3;
- int i;
-
-#include "pow225521.h"
-
- return;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_isnegative.c b/src/crypto/shen_ed25519_ref/ref10/fe_isnegative.c
deleted file mode 100644
index 3b2c8b8d5..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_isnegative.c
+++ /dev/null
@@ -1,16 +0,0 @@
-#include "fe.h"
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-int fe_isnegative(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return s[0] & 1;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_isnonzero.c b/src/crypto/shen_ed25519_ref/ref10/fe_isnonzero.c
deleted file mode 100644
index 47568001c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_isnonzero.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-#include "crypto_verify_32.h"
-
-/*
-return 1 if f == 0
-return 0 if f != 0
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-static const unsigned char zero[32];
-
-int fe_isnonzero(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return crypto_verify_32(s,zero);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_mul.c b/src/crypto/shen_ed25519_ref/ref10/fe_mul.c
deleted file mode 100644
index 26ca8b368..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_mul.c
+++ /dev/null
@@ -1,253 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-void fe_mul(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 g1_19 = 19 * g1; /* 1.959375*2^29 */
- crypto_int32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- crypto_int32 g3_19 = 19 * g3;
- crypto_int32 g4_19 = 19 * g4;
- crypto_int32 g5_19 = 19 * g5;
- crypto_int32 g6_19 = 19 * g6;
- crypto_int32 g7_19 = 19 * g7;
- crypto_int32 g8_19 = 19 * g8;
- crypto_int32 g9_19 = 19 * g9;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f9_2 = 2 * f9;
- crypto_int64 f0g0 = f0 * (crypto_int64) g0;
- crypto_int64 f0g1 = f0 * (crypto_int64) g1;
- crypto_int64 f0g2 = f0 * (crypto_int64) g2;
- crypto_int64 f0g3 = f0 * (crypto_int64) g3;
- crypto_int64 f0g4 = f0 * (crypto_int64) g4;
- crypto_int64 f0g5 = f0 * (crypto_int64) g5;
- crypto_int64 f0g6 = f0 * (crypto_int64) g6;
- crypto_int64 f0g7 = f0 * (crypto_int64) g7;
- crypto_int64 f0g8 = f0 * (crypto_int64) g8;
- crypto_int64 f0g9 = f0 * (crypto_int64) g9;
- crypto_int64 f1g0 = f1 * (crypto_int64) g0;
- crypto_int64 f1g1_2 = f1_2 * (crypto_int64) g1;
- crypto_int64 f1g2 = f1 * (crypto_int64) g2;
- crypto_int64 f1g3_2 = f1_2 * (crypto_int64) g3;
- crypto_int64 f1g4 = f1 * (crypto_int64) g4;
- crypto_int64 f1g5_2 = f1_2 * (crypto_int64) g5;
- crypto_int64 f1g6 = f1 * (crypto_int64) g6;
- crypto_int64 f1g7_2 = f1_2 * (crypto_int64) g7;
- crypto_int64 f1g8 = f1 * (crypto_int64) g8;
- crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
- crypto_int64 f2g0 = f2 * (crypto_int64) g0;
- crypto_int64 f2g1 = f2 * (crypto_int64) g1;
- crypto_int64 f2g2 = f2 * (crypto_int64) g2;
- crypto_int64 f2g3 = f2 * (crypto_int64) g3;
- crypto_int64 f2g4 = f2 * (crypto_int64) g4;
- crypto_int64 f2g5 = f2 * (crypto_int64) g5;
- crypto_int64 f2g6 = f2 * (crypto_int64) g6;
- crypto_int64 f2g7 = f2 * (crypto_int64) g7;
- crypto_int64 f2g8_19 = f2 * (crypto_int64) g8_19;
- crypto_int64 f2g9_19 = f2 * (crypto_int64) g9_19;
- crypto_int64 f3g0 = f3 * (crypto_int64) g0;
- crypto_int64 f3g1_2 = f3_2 * (crypto_int64) g1;
- crypto_int64 f3g2 = f3 * (crypto_int64) g2;
- crypto_int64 f3g3_2 = f3_2 * (crypto_int64) g3;
- crypto_int64 f3g4 = f3 * (crypto_int64) g4;
- crypto_int64 f3g5_2 = f3_2 * (crypto_int64) g5;
- crypto_int64 f3g6 = f3 * (crypto_int64) g6;
- crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
- crypto_int64 f3g8_19 = f3 * (crypto_int64) g8_19;
- crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
- crypto_int64 f4g0 = f4 * (crypto_int64) g0;
- crypto_int64 f4g1 = f4 * (crypto_int64) g1;
- crypto_int64 f4g2 = f4 * (crypto_int64) g2;
- crypto_int64 f4g3 = f4 * (crypto_int64) g3;
- crypto_int64 f4g4 = f4 * (crypto_int64) g4;
- crypto_int64 f4g5 = f4 * (crypto_int64) g5;
- crypto_int64 f4g6_19 = f4 * (crypto_int64) g6_19;
- crypto_int64 f4g7_19 = f4 * (crypto_int64) g7_19;
- crypto_int64 f4g8_19 = f4 * (crypto_int64) g8_19;
- crypto_int64 f4g9_19 = f4 * (crypto_int64) g9_19;
- crypto_int64 f5g0 = f5 * (crypto_int64) g0;
- crypto_int64 f5g1_2 = f5_2 * (crypto_int64) g1;
- crypto_int64 f5g2 = f5 * (crypto_int64) g2;
- crypto_int64 f5g3_2 = f5_2 * (crypto_int64) g3;
- crypto_int64 f5g4 = f5 * (crypto_int64) g4;
- crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
- crypto_int64 f5g6_19 = f5 * (crypto_int64) g6_19;
- crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
- crypto_int64 f5g8_19 = f5 * (crypto_int64) g8_19;
- crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
- crypto_int64 f6g0 = f6 * (crypto_int64) g0;
- crypto_int64 f6g1 = f6 * (crypto_int64) g1;
- crypto_int64 f6g2 = f6 * (crypto_int64) g2;
- crypto_int64 f6g3 = f6 * (crypto_int64) g3;
- crypto_int64 f6g4_19 = f6 * (crypto_int64) g4_19;
- crypto_int64 f6g5_19 = f6 * (crypto_int64) g5_19;
- crypto_int64 f6g6_19 = f6 * (crypto_int64) g6_19;
- crypto_int64 f6g7_19 = f6 * (crypto_int64) g7_19;
- crypto_int64 f6g8_19 = f6 * (crypto_int64) g8_19;
- crypto_int64 f6g9_19 = f6 * (crypto_int64) g9_19;
- crypto_int64 f7g0 = f7 * (crypto_int64) g0;
- crypto_int64 f7g1_2 = f7_2 * (crypto_int64) g1;
- crypto_int64 f7g2 = f7 * (crypto_int64) g2;
- crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
- crypto_int64 f7g4_19 = f7 * (crypto_int64) g4_19;
- crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
- crypto_int64 f7g6_19 = f7 * (crypto_int64) g6_19;
- crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
- crypto_int64 f7g8_19 = f7 * (crypto_int64) g8_19;
- crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
- crypto_int64 f8g0 = f8 * (crypto_int64) g0;
- crypto_int64 f8g1 = f8 * (crypto_int64) g1;
- crypto_int64 f8g2_19 = f8 * (crypto_int64) g2_19;
- crypto_int64 f8g3_19 = f8 * (crypto_int64) g3_19;
- crypto_int64 f8g4_19 = f8 * (crypto_int64) g4_19;
- crypto_int64 f8g5_19 = f8 * (crypto_int64) g5_19;
- crypto_int64 f8g6_19 = f8 * (crypto_int64) g6_19;
- crypto_int64 f8g7_19 = f8 * (crypto_int64) g7_19;
- crypto_int64 f8g8_19 = f8 * (crypto_int64) g8_19;
- crypto_int64 f8g9_19 = f8 * (crypto_int64) g9_19;
- crypto_int64 f9g0 = f9 * (crypto_int64) g0;
- crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
- crypto_int64 f9g2_19 = f9 * (crypto_int64) g2_19;
- crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
- crypto_int64 f9g4_19 = f9 * (crypto_int64) g4_19;
- crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
- crypto_int64 f9g6_19 = f9 * (crypto_int64) g6_19;
- crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
- crypto_int64 f9g8_19 = f9 * (crypto_int64) g8_19;
- crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
- crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
- crypto_int64 h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
- crypto_int64 h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
- crypto_int64 h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
- crypto_int64 h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
- crypto_int64 h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
- crypto_int64 h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38;
- crypto_int64 h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
- crypto_int64 h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
- crypto_int64 h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_neg.c b/src/crypto/shen_ed25519_ref/ref10/fe_neg.c
deleted file mode 100644
index 2078ce528..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_neg.c
+++ /dev/null
@@ -1,45 +0,0 @@
-#include "fe.h"
-
-/*
-h = -f
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_neg(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 h0 = -f0;
- crypto_int32 h1 = -f1;
- crypto_int32 h2 = -f2;
- crypto_int32 h3 = -f3;
- crypto_int32 h4 = -f4;
- crypto_int32 h5 = -f5;
- crypto_int32 h6 = -f6;
- crypto_int32 h7 = -f7;
- crypto_int32 h8 = -f8;
- crypto_int32 h9 = -f9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_pow22523.c b/src/crypto/shen_ed25519_ref/ref10/fe_pow22523.c
deleted file mode 100644
index 56675a590..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_pow22523.c
+++ /dev/null
@@ -1,13 +0,0 @@
-#include "fe.h"
-
-void fe_pow22523(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- int i;
-
-#include "pow22523.h"
-
- return;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_sq.c b/src/crypto/shen_ed25519_ref/ref10/fe_sq.c
deleted file mode 100644
index 8dd119841..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_sq.c
+++ /dev/null
@@ -1,149 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 f0_2 = 2 * f0;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f2_2 = 2 * f2;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f4_2 = 2 * f4;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f6_2 = 2 * f6;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
- crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
- crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
- crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
- crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
- crypto_int64 f0f0 = f0 * (crypto_int64) f0;
- crypto_int64 f0f1_2 = f0_2 * (crypto_int64) f1;
- crypto_int64 f0f2_2 = f0_2 * (crypto_int64) f2;
- crypto_int64 f0f3_2 = f0_2 * (crypto_int64) f3;
- crypto_int64 f0f4_2 = f0_2 * (crypto_int64) f4;
- crypto_int64 f0f5_2 = f0_2 * (crypto_int64) f5;
- crypto_int64 f0f6_2 = f0_2 * (crypto_int64) f6;
- crypto_int64 f0f7_2 = f0_2 * (crypto_int64) f7;
- crypto_int64 f0f8_2 = f0_2 * (crypto_int64) f8;
- crypto_int64 f0f9_2 = f0_2 * (crypto_int64) f9;
- crypto_int64 f1f1_2 = f1_2 * (crypto_int64) f1;
- crypto_int64 f1f2_2 = f1_2 * (crypto_int64) f2;
- crypto_int64 f1f3_4 = f1_2 * (crypto_int64) f3_2;
- crypto_int64 f1f4_2 = f1_2 * (crypto_int64) f4;
- crypto_int64 f1f5_4 = f1_2 * (crypto_int64) f5_2;
- crypto_int64 f1f6_2 = f1_2 * (crypto_int64) f6;
- crypto_int64 f1f7_4 = f1_2 * (crypto_int64) f7_2;
- crypto_int64 f1f8_2 = f1_2 * (crypto_int64) f8;
- crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
- crypto_int64 f2f2 = f2 * (crypto_int64) f2;
- crypto_int64 f2f3_2 = f2_2 * (crypto_int64) f3;
- crypto_int64 f2f4_2 = f2_2 * (crypto_int64) f4;
- crypto_int64 f2f5_2 = f2_2 * (crypto_int64) f5;
- crypto_int64 f2f6_2 = f2_2 * (crypto_int64) f6;
- crypto_int64 f2f7_2 = f2_2 * (crypto_int64) f7;
- crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
- crypto_int64 f2f9_38 = f2 * (crypto_int64) f9_38;
- crypto_int64 f3f3_2 = f3_2 * (crypto_int64) f3;
- crypto_int64 f3f4_2 = f3_2 * (crypto_int64) f4;
- crypto_int64 f3f5_4 = f3_2 * (crypto_int64) f5_2;
- crypto_int64 f3f6_2 = f3_2 * (crypto_int64) f6;
- crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
- crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
- crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
- crypto_int64 f4f4 = f4 * (crypto_int64) f4;
- crypto_int64 f4f5_2 = f4_2 * (crypto_int64) f5;
- crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
- crypto_int64 f4f7_38 = f4 * (crypto_int64) f7_38;
- crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
- crypto_int64 f4f9_38 = f4 * (crypto_int64) f9_38;
- crypto_int64 f5f5_38 = f5 * (crypto_int64) f5_38;
- crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
- crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
- crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
- crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
- crypto_int64 f6f6_19 = f6 * (crypto_int64) f6_19;
- crypto_int64 f6f7_38 = f6 * (crypto_int64) f7_38;
- crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
- crypto_int64 f6f9_38 = f6 * (crypto_int64) f9_38;
- crypto_int64 f7f7_38 = f7 * (crypto_int64) f7_38;
- crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
- crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
- crypto_int64 f8f8_19 = f8 * (crypto_int64) f8_19;
- crypto_int64 f8f9_38 = f8 * (crypto_int64) f9_38;
- crypto_int64 f9f9_38 = f9 * (crypto_int64) f9_38;
- crypto_int64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_sq2.c b/src/crypto/shen_ed25519_ref/ref10/fe_sq2.c
deleted file mode 100644
index 026ed3aac..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_sq2.c
+++ /dev/null
@@ -1,160 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq2(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 f0_2 = 2 * f0;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f2_2 = 2 * f2;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f4_2 = 2 * f4;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f6_2 = 2 * f6;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
- crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
- crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
- crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
- crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
- crypto_int64 f0f0 = f0 * (crypto_int64) f0;
- crypto_int64 f0f1_2 = f0_2 * (crypto_int64) f1;
- crypto_int64 f0f2_2 = f0_2 * (crypto_int64) f2;
- crypto_int64 f0f3_2 = f0_2 * (crypto_int64) f3;
- crypto_int64 f0f4_2 = f0_2 * (crypto_int64) f4;
- crypto_int64 f0f5_2 = f0_2 * (crypto_int64) f5;
- crypto_int64 f0f6_2 = f0_2 * (crypto_int64) f6;
- crypto_int64 f0f7_2 = f0_2 * (crypto_int64) f7;
- crypto_int64 f0f8_2 = f0_2 * (crypto_int64) f8;
- crypto_int64 f0f9_2 = f0_2 * (crypto_int64) f9;
- crypto_int64 f1f1_2 = f1_2 * (crypto_int64) f1;
- crypto_int64 f1f2_2 = f1_2 * (crypto_int64) f2;
- crypto_int64 f1f3_4 = f1_2 * (crypto_int64) f3_2;
- crypto_int64 f1f4_2 = f1_2 * (crypto_int64) f4;
- crypto_int64 f1f5_4 = f1_2 * (crypto_int64) f5_2;
- crypto_int64 f1f6_2 = f1_2 * (crypto_int64) f6;
- crypto_int64 f1f7_4 = f1_2 * (crypto_int64) f7_2;
- crypto_int64 f1f8_2 = f1_2 * (crypto_int64) f8;
- crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
- crypto_int64 f2f2 = f2 * (crypto_int64) f2;
- crypto_int64 f2f3_2 = f2_2 * (crypto_int64) f3;
- crypto_int64 f2f4_2 = f2_2 * (crypto_int64) f4;
- crypto_int64 f2f5_2 = f2_2 * (crypto_int64) f5;
- crypto_int64 f2f6_2 = f2_2 * (crypto_int64) f6;
- crypto_int64 f2f7_2 = f2_2 * (crypto_int64) f7;
- crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
- crypto_int64 f2f9_38 = f2 * (crypto_int64) f9_38;
- crypto_int64 f3f3_2 = f3_2 * (crypto_int64) f3;
- crypto_int64 f3f4_2 = f3_2 * (crypto_int64) f4;
- crypto_int64 f3f5_4 = f3_2 * (crypto_int64) f5_2;
- crypto_int64 f3f6_2 = f3_2 * (crypto_int64) f6;
- crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
- crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
- crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
- crypto_int64 f4f4 = f4 * (crypto_int64) f4;
- crypto_int64 f4f5_2 = f4_2 * (crypto_int64) f5;
- crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
- crypto_int64 f4f7_38 = f4 * (crypto_int64) f7_38;
- crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
- crypto_int64 f4f9_38 = f4 * (crypto_int64) f9_38;
- crypto_int64 f5f5_38 = f5 * (crypto_int64) f5_38;
- crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
- crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
- crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
- crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
- crypto_int64 f6f6_19 = f6 * (crypto_int64) f6_19;
- crypto_int64 f6f7_38 = f6 * (crypto_int64) f7_38;
- crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
- crypto_int64 f6f9_38 = f6 * (crypto_int64) f9_38;
- crypto_int64 f7f7_38 = f7 * (crypto_int64) f7_38;
- crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
- crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
- crypto_int64 f8f8_19 = f8 * (crypto_int64) f8_19;
- crypto_int64 f8f9_38 = f8 * (crypto_int64) f9_38;
- crypto_int64 f9f9_38 = f9 * (crypto_int64) f9_38;
- crypto_int64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_sub.c b/src/crypto/shen_ed25519_ref/ref10/fe_sub.c
deleted file mode 100644
index 6e26b7df8..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_sub.c
+++ /dev/null
@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_sub(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 h0 = f0 - g0;
- crypto_int32 h1 = f1 - g1;
- crypto_int32 h2 = f2 - g2;
- crypto_int32 h3 = f3 - g3;
- crypto_int32 h4 = f4 - g4;
- crypto_int32 h5 = f5 - g5;
- crypto_int32 h6 = f6 - g6;
- crypto_int32 h7 = f7 - g7;
- crypto_int32 h8 = f8 - g8;
- crypto_int32 h9 = f9 - g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/fe_tobytes.c b/src/crypto/shen_ed25519_ref/ref10/fe_tobytes.c
deleted file mode 100644
index 0a63baf9c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/fe_tobytes.c
+++ /dev/null
@@ -1,119 +0,0 @@
-#include "fe.h"
-
-/*
-Preconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
- Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
- Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
- Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
- Then 0<y<1.
-
- Write r=h-pq.
- Have 0<=r<=p-1=2^255-20.
- Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
- Write x=r+19(2^-255)r+y.
- Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
- Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-void fe_tobytes(unsigned char *s,const fe h)
-{
- crypto_int32 h0 = h[0];
- crypto_int32 h1 = h[1];
- crypto_int32 h2 = h[2];
- crypto_int32 h3 = h[3];
- crypto_int32 h4 = h[4];
- crypto_int32 h5 = h[5];
- crypto_int32 h6 = h[6];
- crypto_int32 h7 = h[7];
- crypto_int32 h8 = h[8];
- crypto_int32 h9 = h[9];
- crypto_int32 q;
- crypto_int32 carry0;
- crypto_int32 carry1;
- crypto_int32 carry2;
- crypto_int32 carry3;
- crypto_int32 carry4;
- crypto_int32 carry5;
- crypto_int32 carry6;
- crypto_int32 carry7;
- crypto_int32 carry8;
- crypto_int32 carry9;
-
- q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
- q = (h0 + q) >> 26;
- q = (h1 + q) >> 25;
- q = (h2 + q) >> 26;
- q = (h3 + q) >> 25;
- q = (h4 + q) >> 26;
- q = (h5 + q) >> 25;
- q = (h6 + q) >> 26;
- q = (h7 + q) >> 25;
- q = (h8 + q) >> 26;
- q = (h9 + q) >> 25;
-
- /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
- h0 += 19 * q;
- /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
- carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
- carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
- carry9 = h9 >> 25; h9 -= carry9 << 25;
- /* h10 = carry9 */
-
- /*
- Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- Have h0+...+2^230 h9 between 0 and 2^255-1;
- evidently 2^255 h10-2^255 q = 0.
- Goal: Output h0+...+2^230 h9.
- */
-
- s[0] = h0 >> 0;
- s[1] = h0 >> 8;
- s[2] = h0 >> 16;
- s[3] = (h0 >> 24) | (h1 << 2);
- s[4] = h1 >> 6;
- s[5] = h1 >> 14;
- s[6] = (h1 >> 22) | (h2 << 3);
- s[7] = h2 >> 5;
- s[8] = h2 >> 13;
- s[9] = (h2 >> 21) | (h3 << 5);
- s[10] = h3 >> 3;
- s[11] = h3 >> 11;
- s[12] = (h3 >> 19) | (h4 << 6);
- s[13] = h4 >> 2;
- s[14] = h4 >> 10;
- s[15] = h4 >> 18;
- s[16] = h5 >> 0;
- s[17] = h5 >> 8;
- s[18] = h5 >> 16;
- s[19] = (h5 >> 24) | (h6 << 1);
- s[20] = h6 >> 7;
- s[21] = h6 >> 15;
- s[22] = (h6 >> 23) | (h7 << 3);
- s[23] = h7 >> 5;
- s[24] = h7 >> 13;
- s[25] = (h7 >> 21) | (h8 << 4);
- s[26] = h8 >> 4;
- s[27] = h8 >> 12;
- s[28] = (h8 >> 20) | (h9 << 6);
- s[29] = h9 >> 2;
- s[30] = h9 >> 10;
- s[31] = h9 >> 18;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge.h b/src/crypto/shen_ed25519_ref/ref10/ge.h
deleted file mode 100644
index 55e95f95b..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge.h
+++ /dev/null
@@ -1,95 +0,0 @@
-#ifndef GE_H
-#define GE_H
-
-/*
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-
-#include "fe.h"
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
-} ge_p2;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p3;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p1p1;
-
-typedef struct {
- fe yplusx;
- fe yminusx;
- fe xy2d;
-} ge_precomp;
-
-typedef struct {
- fe YplusX;
- fe YminusX;
- fe Z;
- fe T2d;
-} ge_cached;
-
-#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime
-#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes
-#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes
-
-#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0
-#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0
-#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0
-#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2
-#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached
-#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2
-#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3
-#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl
-#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl
-
-#define ge_madd crypto_sign_ed25519_ref10_ge_madd
-#define ge_msub crypto_sign_ed25519_ref10_ge_msub
-#define ge_add crypto_sign_ed25519_ref10_ge_add
-#define ge_sub crypto_sign_ed25519_ref10_ge_sub
-#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base
-#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime
-
-extern void ge_tobytes(unsigned char *,const ge_p2 *);
-extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
-extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
-
-extern void ge_p2_0(ge_p2 *);
-extern void ge_p3_0(ge_p3 *);
-extern void ge_precomp_0(ge_precomp *);
-extern void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
-extern void ge_p3_to_cached(ge_cached *,const ge_p3 *);
-extern void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
-extern void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
-extern void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
-extern void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
-
-extern void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
-extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_add.c b/src/crypto/shen_ed25519_ref/ref10/ge_add.c
deleted file mode 100644
index da7ff5d2e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_add.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-#include "ge_add.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_add.h b/src/crypto/shen_ed25519_ref/ref10/ge_add.h
deleted file mode 100644
index 7481f8ffb..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_add.h
+++ /dev/null
@@ -1,97 +0,0 @@
-
-/* qhasm: enter ge_add */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe Z2 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ZZ */
-
-/* qhasm: fe YpX2 */
-
-/* qhasm: fe YmX2 */
-
-/* qhasm: fe T2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*YpX2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YpX2=q->YplusX); */
-fe_mul(r->Z,r->X,q->YplusX);
-
-/* qhasm: B = YmX1*YmX2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YmX2=q->YminusX); */
-fe_mul(r->Y,r->Y,q->YminusX);
-
-/* qhasm: C = T2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
-fe_mul(r->T,q->T2d,p->T);
-
-/* qhasm: ZZ = Z1*Z2 */
-/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
-/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
-fe_mul(r->X,p->Z,q->Z);
-
-/* qhasm: D = 2*ZZ */
-/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
-/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
-fe_add(t0,r->X,r->X);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D+C */
-/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_add(r->Z,t0,r->T);
-
-/* qhasm: T3 = D-C */
-/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
-fe_sub(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_add.q b/src/crypto/shen_ed25519_ref/ref10/ge_add.q
deleted file mode 100644
index a6572ab0f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_add.q
+++ /dev/null
@@ -1,49 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_add
-
-fe X1
-fe Y1
-fe Z1
-fe Z2
-fe T1
-fe ZZ
-fe YpX2
-fe YmX2
-fe T2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*YpX2
-B = YmX1*YmX2
-C = T2d2*T1
-ZZ = Z1*Z2
-D = 2*ZZ
-X3 = A-B
-Y3 = A+B
-Z3 = D+C
-T3 = D-C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_double_scalarmult.c b/src/crypto/shen_ed25519_ref/ref10/ge_double_scalarmult.c
deleted file mode 100644
index f8bf4bf77..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_double_scalarmult.c
+++ /dev/null
@@ -1,96 +0,0 @@
-#include "ge.h"
-
-static void slide(signed char *r,const unsigned char *a)
-{
- int i;
- int b;
- int k;
-
- for (i = 0;i < 256;++i)
- r[i] = 1 & (a[i >> 3] >> (i & 7));
-
- for (i = 0;i < 256;++i)
- if (r[i]) {
- for (b = 1;b <= 6 && i + b < 256;++b) {
- if (r[i + b]) {
- if (r[i] + (r[i + b] << b) <= 15) {
- r[i] += r[i + b] << b; r[i + b] = 0;
- } else if (r[i] - (r[i + b] << b) >= -15) {
- r[i] -= r[i + b] << b;
- for (k = i + b;k < 256;++k) {
- if (!r[k]) {
- r[k] = 1;
- break;
- }
- r[k] = 0;
- }
- } else
- break;
- }
- }
- }
-
-}
-
-static ge_precomp Bi[8] = {
-#include "base2.h"
-} ;
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
-{
- signed char aslide[256];
- signed char bslide[256];
- ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
- ge_p1p1 t;
- ge_p3 u;
- ge_p3 A2;
- int i;
-
- slide(aslide,a);
- slide(bslide,b);
-
- ge_p3_to_cached(&Ai[0],A);
- ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
- ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
- ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
- ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
- ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
- ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
- ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
- ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
-
- ge_p2_0(r);
-
- for (i = 255;i >= 0;--i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (;i >= 0;--i) {
- ge_p2_dbl(&t,r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_add(&t,&u,&Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_madd(&t,&u,&Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r,&t);
- }
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_frombytes.c b/src/crypto/shen_ed25519_ref/ref10/ge_frombytes.c
deleted file mode 100644
index 1a059ee93..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_frombytes.c
+++ /dev/null
@@ -1,50 +0,0 @@
-#include "ge.h"
-
-static const fe d = {
-#include "d.h"
-} ;
-
-static const fe sqrtm1 = {
-#include "sqrtm1.h"
-} ;
-
-int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
-{
- fe u;
- fe v;
- fe v3;
- fe vxx;
- fe check;
-
- fe_frombytes(h->Y,s);
- fe_1(h->Z);
- fe_sq(u,h->Y);
- fe_mul(v,u,d);
- fe_sub(u,u,h->Z); /* u = y^2-1 */
- fe_add(v,v,h->Z); /* v = dy^2+1 */
-
- fe_sq(v3,v);
- fe_mul(v3,v3,v); /* v3 = v^3 */
- fe_sq(h->X,v3);
- fe_mul(h->X,h->X,v);
- fe_mul(h->X,h->X,u); /* x = uv^7 */
-
- fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
- fe_mul(h->X,h->X,v3);
- fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx,h->X);
- fe_mul(vxx,vxx,v);
- fe_sub(check,vxx,u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check,vxx,u); /* vx^2+u */
- if (fe_isnonzero(check)) return -1;
- fe_mul(h->X,h->X,sqrtm1);
- }
-
- if (fe_isnegative(h->X) == (s[31] >> 7))
- fe_neg(h->X,h->X);
-
- fe_mul(h->T,h->X,h->Y);
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_madd.c b/src/crypto/shen_ed25519_ref/ref10/ge_madd.c
deleted file mode 100644
index 622571774..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_madd.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-#include "ge_madd.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_madd.h b/src/crypto/shen_ed25519_ref/ref10/ge_madd.h
deleted file mode 100644
index ecae84952..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_madd.h
+++ /dev/null
@@ -1,88 +0,0 @@
-
-/* qhasm: enter ge_madd */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ypx2 */
-
-/* qhasm: fe ymx2 */
-
-/* qhasm: fe xy2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*ypx2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ypx2=fe#15); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ypx2=q->yplusx); */
-fe_mul(r->Z,r->X,q->yplusx);
-
-/* qhasm: B = YmX1*ymx2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ymx2=fe#16); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ymx2=q->yminusx); */
-fe_mul(r->Y,r->Y,q->yminusx);
-
-/* qhasm: C = xy2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
-fe_mul(r->T,q->xy2d,p->T);
-
-/* qhasm: D = 2*Z1 */
-/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
-/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
-fe_add(t0,p->Z,p->Z);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D+C */
-/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_add(r->Z,t0,r->T);
-
-/* qhasm: T3 = D-C */
-/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
-fe_sub(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_madd.q b/src/crypto/shen_ed25519_ref/ref10/ge_madd.q
deleted file mode 100644
index aa3db454e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_madd.q
+++ /dev/null
@@ -1,46 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_madd
-
-fe X1
-fe Y1
-fe Z1
-fe T1
-fe ypx2
-fe ymx2
-fe xy2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*ypx2
-B = YmX1*ymx2
-C = xy2d2*T1
-D = 2*Z1
-X3 = A-B
-Y3 = A+B
-Z3 = D+C
-T3 = D-C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_msub.c b/src/crypto/shen_ed25519_ref/ref10/ge_msub.c
deleted file mode 100644
index 741ecbf11..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_msub.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p - q
-*/
-
-void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-#include "ge_msub.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_msub.h b/src/crypto/shen_ed25519_ref/ref10/ge_msub.h
deleted file mode 100644
index 500f986ba..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_msub.h
+++ /dev/null
@@ -1,88 +0,0 @@
-
-/* qhasm: enter ge_msub */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ypx2 */
-
-/* qhasm: fe ymx2 */
-
-/* qhasm: fe xy2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*ymx2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ymx2=fe#16); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ymx2=q->yminusx); */
-fe_mul(r->Z,r->X,q->yminusx);
-
-/* qhasm: B = YmX1*ypx2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ypx2=fe#15); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ypx2=q->yplusx); */
-fe_mul(r->Y,r->Y,q->yplusx);
-
-/* qhasm: C = xy2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
-fe_mul(r->T,q->xy2d,p->T);
-
-/* qhasm: D = 2*Z1 */
-/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
-/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
-fe_add(t0,p->Z,p->Z);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D-C */
-/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_sub(r->Z,t0,r->T);
-
-/* qhasm: T3 = D+C */
-/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
-fe_add(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_msub.q b/src/crypto/shen_ed25519_ref/ref10/ge_msub.q
deleted file mode 100644
index e3cadd882..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_msub.q
+++ /dev/null
@@ -1,46 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_msub
-
-fe X1
-fe Y1
-fe Z1
-fe T1
-fe ypx2
-fe ymx2
-fe xy2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*ymx2
-B = YmX1*ypx2
-C = xy2d2*T1
-D = 2*Z1
-X3 = A-B
-Y3 = A+B
-Z3 = D-C
-T3 = D+C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p2.c b/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p2.c
deleted file mode 100644
index 9bb5013d6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p2.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p3.c b/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p3.c
deleted file mode 100644
index 2f57b1096..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p1p1_to_p3.c
+++ /dev/null
@@ -1,13 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
- fe_mul(r->T,p->X,p->Y);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p2_0.c b/src/crypto/shen_ed25519_ref/ref10/ge_p2_0.c
deleted file mode 100644
index 6191d1e6e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p2_0.c
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "ge.h"
-
-void ge_p2_0(ge_p2 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.c b/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.c
deleted file mode 100644
index 2e332b5ce..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = 2 * p
-*/
-
-void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
-{
- fe t0;
-#include "ge_p2_dbl.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.h b/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.h
deleted file mode 100644
index 128efed90..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.h
+++ /dev/null
@@ -1,73 +0,0 @@
-
-/* qhasm: enter ge_p2_dbl */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe AA */
-
-/* qhasm: fe XX */
-
-/* qhasm: fe YY */
-
-/* qhasm: fe B */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: XX=X1^2 */
-/* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */
-/* asm 2: fe_sq(>XX=r->X,<X1=p->X); */
-fe_sq(r->X,p->X);
-
-/* qhasm: YY=Y1^2 */
-/* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */
-/* asm 2: fe_sq(>YY=r->Z,<Y1=p->Y); */
-fe_sq(r->Z,p->Y);
-
-/* qhasm: B=2*Z1^2 */
-/* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */
-/* asm 2: fe_sq2(>B=r->T,<Z1=p->Z); */
-fe_sq2(r->T,p->Z);
-
-/* qhasm: A=X1+Y1 */
-/* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
-/* asm 2: fe_add(>A=r->Y,<X1=p->X,<Y1=p->Y); */
-fe_add(r->Y,p->X,p->Y);
-
-/* qhasm: AA=A^2 */
-/* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */
-/* asm 2: fe_sq(>AA=t0,<A=r->Y); */
-fe_sq(t0,r->Y);
-
-/* qhasm: Y3=YY+XX */
-/* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
-/* asm 2: fe_add(>Y3=r->Y,<YY=r->Z,<XX=r->X); */
-fe_add(r->Y,r->Z,r->X);
-
-/* qhasm: Z3=YY-XX */
-/* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
-/* asm 2: fe_sub(>Z3=r->Z,<YY=r->Z,<XX=r->X); */
-fe_sub(r->Z,r->Z,r->X);
-
-/* qhasm: X3=AA-Y3 */
-/* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<AA=t0,<Y3=r->Y); */
-fe_sub(r->X,t0,r->Y);
-
-/* qhasm: T3=B-Z3 */
-/* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
-/* asm 2: fe_sub(>T3=r->T,<B=r->T,<Z3=r->Z); */
-fe_sub(r->T,r->T,r->Z);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.q b/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.q
deleted file mode 100644
index 170d42f9a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p2_dbl.q
+++ /dev/null
@@ -1,41 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*f^2:<f=fe:>h=fe:asm/fe_sq2(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_p2_dbl
-
-fe X1
-fe Y1
-fe Z1
-fe A
-fe AA
-fe XX
-fe YY
-fe B
-fe X3
-fe Y3
-fe Z3
-fe T3
-
-XX=X1^2
-YY=Y1^2
-B=2*Z1^2
-A=X1+Y1
-AA=A^2
-Y3=YY+XX
-Z3=YY-XX
-X3=AA-Y3
-T3=B-Z3
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p3_0.c b/src/crypto/shen_ed25519_ref/ref10/ge_p3_0.c
deleted file mode 100644
index 401b2935a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p3_0.c
+++ /dev/null
@@ -1,9 +0,0 @@
-#include "ge.h"
-
-void ge_p3_0(ge_p3 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
- fe_0(h->T);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p3_dbl.c b/src/crypto/shen_ed25519_ref/ref10/ge_p3_dbl.c
deleted file mode 100644
index 0d8a05915..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p3_dbl.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = 2 * p
-*/
-
-void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
-{
- ge_p2 q;
- ge_p3_to_p2(&q,p);
- ge_p2_dbl(r,&q);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_cached.c b/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_cached.c
deleted file mode 100644
index bde64228c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_cached.c
+++ /dev/null
@@ -1,17 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-static const fe d2 = {
-#include "d2.h"
-} ;
-
-extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
-{
- fe_add(r->YplusX,p->Y,p->X);
- fe_sub(r->YminusX,p->Y,p->X);
- fe_copy(r->Z,p->Z);
- fe_mul(r->T2d,p->T,d2);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_p2.c b/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_p2.c
deleted file mode 100644
index e532a9e4c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p3_to_p2.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
-{
- fe_copy(r->X,p->X);
- fe_copy(r->Y,p->Y);
- fe_copy(r->Z,p->Z);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_p3_tobytes.c b/src/crypto/shen_ed25519_ref/ref10/ge_p3_tobytes.c
deleted file mode 100644
index 21cb2fc65..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_p3_tobytes.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "ge.h"
-
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_precomp_0.c b/src/crypto/shen_ed25519_ref/ref10/ge_precomp_0.c
deleted file mode 100644
index 2e218861d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_precomp_0.c
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "ge.h"
-
-void ge_precomp_0(ge_precomp *h)
-{
- fe_1(h->yplusx);
- fe_1(h->yminusx);
- fe_0(h->xy2d);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_scalarmult_base.c b/src/crypto/shen_ed25519_ref/ref10/ge_scalarmult_base.c
deleted file mode 100644
index 421e4fa0f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_scalarmult_base.c
+++ /dev/null
@@ -1,105 +0,0 @@
-#include "ge.h"
-#include "crypto_uint32.h"
-
-static unsigned char equal(signed char b,signed char c)
-{
- unsigned char ub = b;
- unsigned char uc = c;
- unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
- crypto_uint32 y = x; /* 0: yes; 1..255: no */
- y -= 1; /* 4294967295: yes; 0..254: no */
- y >>= 31; /* 1: yes; 0: no */
- return y;
-}
-
-static unsigned char negative(signed char b)
-{
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
- x >>= 63; /* 1: yes; 0: no */
- return x;
-}
-
-static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
-{
- fe_cmov(t->yplusx,u->yplusx,b);
- fe_cmov(t->yminusx,u->yminusx,b);
- fe_cmov(t->xy2d,u->xy2d,b);
-}
-
-/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
-#include "base.h"
-} ;
-
-static void select(ge_precomp *t,int pos,signed char b)
-{
- ge_precomp minust;
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
-
- ge_precomp_0(t);
- cmov(t,&base[pos][0],equal(babs,1));
- cmov(t,&base[pos][1],equal(babs,2));
- cmov(t,&base[pos][2],equal(babs,3));
- cmov(t,&base[pos][3],equal(babs,4));
- cmov(t,&base[pos][4],equal(babs,5));
- cmov(t,&base[pos][5],equal(babs,6));
- cmov(t,&base[pos][6],equal(babs,7));
- cmov(t,&base[pos][7],equal(babs,8));
- fe_copy(minust.yplusx,t->yminusx);
- fe_copy(minust.yminusx,t->yplusx);
- fe_neg(minust.xy2d,t->xy2d);
- cmov(t,&minust,bnegative);
-}
-
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-
-Preconditions:
- a[31] <= 127
-*/
-
-void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
-{
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
- ge_p2 s;
- ge_precomp t;
- int i;
-
- for (i = 0;i < 32;++i) {
- e[2 * i + 0] = (a[i] >> 0) & 15;
- e[2 * i + 1] = (a[i] >> 4) & 15;
- }
- /* each e[i] is between 0 and 15 */
- /* e[63] is between 0 and 7 */
-
- carry = 0;
- for (i = 0;i < 63;++i) {
- e[i] += carry;
- carry = e[i] + 8;
- carry >>= 4;
- e[i] -= carry << 4;
- }
- e[63] += carry;
- /* each e[i] is between -8 and 8 */
-
- ge_p3_0(h);
- for (i = 1;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-
- ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
-
- for (i = 0;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_sub.c b/src/crypto/shen_ed25519_ref/ref10/ge_sub.c
deleted file mode 100644
index 69f3d5406..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_sub.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p - q
-*/
-
-void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-#include "ge_sub.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_sub.h b/src/crypto/shen_ed25519_ref/ref10/ge_sub.h
deleted file mode 100644
index b4ef1f5dd..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_sub.h
+++ /dev/null
@@ -1,97 +0,0 @@
-
-/* qhasm: enter ge_sub */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe Z2 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ZZ */
-
-/* qhasm: fe YpX2 */
-
-/* qhasm: fe YmX2 */
-
-/* qhasm: fe T2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*YmX2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YmX2=fe#16); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YmX2=q->YminusX); */
-fe_mul(r->Z,r->X,q->YminusX);
-
-/* qhasm: B = YmX1*YpX2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YpX2=fe#15); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YpX2=q->YplusX); */
-fe_mul(r->Y,r->Y,q->YplusX);
-
-/* qhasm: C = T2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
-fe_mul(r->T,q->T2d,p->T);
-
-/* qhasm: ZZ = Z1*Z2 */
-/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
-/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
-fe_mul(r->X,p->Z,q->Z);
-
-/* qhasm: D = 2*ZZ */
-/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
-/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
-fe_add(t0,r->X,r->X);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D-C */
-/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_sub(r->Z,t0,r->T);
-
-/* qhasm: T3 = D+C */
-/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
-fe_add(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_sub.q b/src/crypto/shen_ed25519_ref/ref10/ge_sub.q
deleted file mode 100644
index 2779a4a20..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_sub.q
+++ /dev/null
@@ -1,49 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_sub
-
-fe X1
-fe Y1
-fe Z1
-fe Z2
-fe T1
-fe ZZ
-fe YpX2
-fe YmX2
-fe T2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*YmX2
-B = YmX1*YpX2
-C = T2d2*T1
-ZZ = Z1*Z2
-D = 2*ZZ
-X3 = A-B
-Y3 = A+B
-Z3 = D-C
-T3 = D+C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/ge_tobytes.c b/src/crypto/shen_ed25519_ref/ref10/ge_tobytes.c
deleted file mode 100644
index 31b3d33e0..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/ge_tobytes.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "ge.h"
-
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/keypair.c b/src/crypto/shen_ed25519_ref/ref10/keypair.c
deleted file mode 100644
index ac6cea2b7..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/keypair.c
+++ /dev/null
@@ -1,23 +0,0 @@
-#include <string.h>
-#include "randombytes.h"
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "ge.h"
-
-int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
-{
- unsigned char az[64];
- ge_p3 A;
-
- randombytes(sk,32);
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- ge_scalarmult_base(&A,az);
- ge_p3_tobytes(pk,&A);
-
- memmove(sk + 32,pk,32);
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/open.c b/src/crypto/shen_ed25519_ref/ref10/open.c
deleted file mode 100644
index 1ec4cd2bf..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/open.c
+++ /dev/null
@@ -1,48 +0,0 @@
-#include <string.h>
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "crypto_verify_32.h"
-#include "ge.h"
-#include "sc.h"
-
-int crypto_sign_open(
- unsigned char *m,unsigned long long *mlen,
- const unsigned char *sm,unsigned long long smlen,
- const unsigned char *pk
-)
-{
- unsigned char pkcopy[32];
- unsigned char rcopy[32];
- unsigned char scopy[32];
- unsigned char h[64];
- unsigned char rcheck[32];
- ge_p3 A;
- ge_p2 R;
-
- if (smlen < 64) goto badsig;
- if (sm[63] & 224) goto badsig;
- if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
-
- memmove(pkcopy,pk,32);
- memmove(rcopy,sm,32);
- memmove(scopy,sm + 32,32);
-
- memmove(m,sm,smlen);
- memmove(m + 32,pkcopy,32);
- crypto_hash_sha512(h,m,smlen);
- sc_reduce(h);
-
- ge_double_scalarmult_vartime(&R,h,&A,scopy);
- ge_tobytes(rcheck,&R);
- if (crypto_verify_32(rcheck,rcopy) == 0) {
- memmove(m,m + 64,smlen - 64);
- memset(m + smlen - 64,0,64);
- *mlen = smlen - 64;
- return 0;
- }
-
-badsig:
- *mlen = -1;
- memset(m,0,smlen);
- return -1;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/pow22523.h b/src/crypto/shen_ed25519_ref/ref10/pow22523.h
deleted file mode 100644
index 60ffe0d34..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/pow22523.h
+++ /dev/null
@@ -1,160 +0,0 @@
-
-/* qhasm: fe z1 */
-
-/* qhasm: fe z2 */
-
-/* qhasm: fe z8 */
-
-/* qhasm: fe z9 */
-
-/* qhasm: fe z11 */
-
-/* qhasm: fe z22 */
-
-/* qhasm: fe z_5_0 */
-
-/* qhasm: fe z_10_5 */
-
-/* qhasm: fe z_10_0 */
-
-/* qhasm: fe z_20_10 */
-
-/* qhasm: fe z_20_0 */
-
-/* qhasm: fe z_40_20 */
-
-/* qhasm: fe z_40_0 */
-
-/* qhasm: fe z_50_10 */
-
-/* qhasm: fe z_50_0 */
-
-/* qhasm: fe z_100_50 */
-
-/* qhasm: fe z_100_0 */
-
-/* qhasm: fe z_200_100 */
-
-/* qhasm: fe z_200_0 */
-
-/* qhasm: fe z_250_50 */
-
-/* qhasm: fe z_250_0 */
-
-/* qhasm: fe z_252_2 */
-
-/* qhasm: fe z_252_3 */
-
-/* qhasm: enter pow22523 */
-
-/* qhasm: z2 = z1^2^1 */
-/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
-/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z8 = z2^2^2 */
-/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
-/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-
-/* qhasm: z9 = z1*z8 */
-/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
-/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
-fe_mul(t1,z,t1);
-
-/* qhasm: z11 = z2*z9 */
-/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
-/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
-fe_mul(t0,t0,t1);
-
-/* qhasm: z22 = z11^2^1 */
-/* asm 1: fe_sq(>z22=fe#1,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#1,>z22=fe#1); */
-/* asm 2: fe_sq(>z22=t0,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t0,>z22=t0); */
-fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z_5_0 = z9*z22 */
-/* asm 1: fe_mul(>z_5_0=fe#1,<z9=fe#2,<z22=fe#1); */
-/* asm 2: fe_mul(>z_5_0=t0,<z9=t1,<z22=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_10_5 = z_5_0^2^5 */
-/* asm 1: fe_sq(>z_10_5=fe#2,<z_5_0=fe#1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#2,>z_10_5=fe#2); */
-/* asm 2: fe_sq(>z_10_5=t1,<z_5_0=t0); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t1,>z_10_5=t1); */
-fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-
-/* qhasm: z_10_0 = z_10_5*z_5_0 */
-/* asm 1: fe_mul(>z_10_0=fe#1,<z_10_5=fe#2,<z_5_0=fe#1); */
-/* asm 2: fe_mul(>z_10_0=t0,<z_10_5=t1,<z_5_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_20_10 = z_10_0^2^10 */
-/* asm 1: fe_sq(>z_20_10=fe#2,<z_10_0=fe#1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#2,>z_20_10=fe#2); */
-/* asm 2: fe_sq(>z_20_10=t1,<z_10_0=t0); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t1,>z_20_10=t1); */
-fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-
-/* qhasm: z_20_0 = z_20_10*z_10_0 */
-/* asm 1: fe_mul(>z_20_0=fe#2,<z_20_10=fe#2,<z_10_0=fe#1); */
-/* asm 2: fe_mul(>z_20_0=t1,<z_20_10=t1,<z_10_0=t0); */
-fe_mul(t1,t1,t0);
-
-/* qhasm: z_40_20 = z_20_0^2^20 */
-/* asm 1: fe_sq(>z_40_20=fe#3,<z_20_0=fe#2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#3,>z_40_20=fe#3); */
-/* asm 2: fe_sq(>z_40_20=t2,<z_20_0=t1); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t2,>z_40_20=t2); */
-fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
-
-/* qhasm: z_40_0 = z_40_20*z_20_0 */
-/* asm 1: fe_mul(>z_40_0=fe#2,<z_40_20=fe#3,<z_20_0=fe#2); */
-/* asm 2: fe_mul(>z_40_0=t1,<z_40_20=t2,<z_20_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_50_10 = z_40_0^2^10 */
-/* asm 1: fe_sq(>z_50_10=fe#2,<z_40_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#2,>z_50_10=fe#2); */
-/* asm 2: fe_sq(>z_50_10=t1,<z_40_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t1,>z_50_10=t1); */
-fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-
-/* qhasm: z_50_0 = z_50_10*z_10_0 */
-/* asm 1: fe_mul(>z_50_0=fe#1,<z_50_10=fe#2,<z_10_0=fe#1); */
-/* asm 2: fe_mul(>z_50_0=t0,<z_50_10=t1,<z_10_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_100_50 = z_50_0^2^50 */
-/* asm 1: fe_sq(>z_100_50=fe#2,<z_50_0=fe#1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#2,>z_100_50=fe#2); */
-/* asm 2: fe_sq(>z_100_50=t1,<z_50_0=t0); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t1,>z_100_50=t1); */
-fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-
-/* qhasm: z_100_0 = z_100_50*z_50_0 */
-/* asm 1: fe_mul(>z_100_0=fe#2,<z_100_50=fe#2,<z_50_0=fe#1); */
-/* asm 2: fe_mul(>z_100_0=t1,<z_100_50=t1,<z_50_0=t0); */
-fe_mul(t1,t1,t0);
-
-/* qhasm: z_200_100 = z_100_0^2^100 */
-/* asm 1: fe_sq(>z_200_100=fe#3,<z_100_0=fe#2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#3,>z_200_100=fe#3); */
-/* asm 2: fe_sq(>z_200_100=t2,<z_100_0=t1); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t2,>z_200_100=t2); */
-fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
-
-/* qhasm: z_200_0 = z_200_100*z_100_0 */
-/* asm 1: fe_mul(>z_200_0=fe#2,<z_200_100=fe#3,<z_100_0=fe#2); */
-/* asm 2: fe_mul(>z_200_0=t1,<z_200_100=t2,<z_100_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_250_50 = z_200_0^2^50 */
-/* asm 1: fe_sq(>z_250_50=fe#2,<z_200_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#2,>z_250_50=fe#2); */
-/* asm 2: fe_sq(>z_250_50=t1,<z_200_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t1,>z_250_50=t1); */
-fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-
-/* qhasm: z_250_0 = z_250_50*z_50_0 */
-/* asm 1: fe_mul(>z_250_0=fe#1,<z_250_50=fe#2,<z_50_0=fe#1); */
-/* asm 2: fe_mul(>z_250_0=t0,<z_250_50=t1,<z_50_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_252_2 = z_250_0^2^2 */
-/* asm 1: fe_sq(>z_252_2=fe#1,<z_250_0=fe#1); for (i = 1;i < 2;++i) fe_sq(>z_252_2=fe#1,>z_252_2=fe#1); */
-/* asm 2: fe_sq(>z_252_2=t0,<z_250_0=t0); for (i = 1;i < 2;++i) fe_sq(>z_252_2=t0,>z_252_2=t0); */
-fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
-
-/* qhasm: z_252_3 = z_252_2*z1 */
-/* asm 1: fe_mul(>z_252_3=fe#12,<z_252_2=fe#1,<z1=fe#11); */
-/* asm 2: fe_mul(>z_252_3=out,<z_252_2=t0,<z1=z); */
-fe_mul(out,t0,z);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/pow22523.q b/src/crypto/shen_ed25519_ref/ref10/pow22523.q
deleted file mode 100644
index 2ce1da9d4..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/pow22523.q
+++ /dev/null
@@ -1,61 +0,0 @@
-:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
-fe r:var/r=fe:
-
-enter f:enter/f:>z1=fe#11:
-return:nofallthrough:<z_252_3=fe#12:leave:
-
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
-
-:
-
-fe z1
-fe z2
-fe z8
-fe z9
-fe z11
-fe z22
-fe z_5_0
-fe z_10_5
-fe z_10_0
-fe z_20_10
-fe z_20_0
-fe z_40_20
-fe z_40_0
-fe z_50_10
-fe z_50_0
-fe z_100_50
-fe z_100_0
-fe z_200_100
-fe z_200_0
-fe z_250_50
-fe z_250_0
-fe z_252_2
-fe z_252_3
-
-enter pow22523
-
-z2 = z1^2^1
-z8 = z2^2^2
-z9 = z1*z8
-z11 = z2*z9
-z22 = z11^2^1
-z_5_0 = z9*z22
-z_10_5 = z_5_0^2^5
-z_10_0 = z_10_5*z_5_0
-z_20_10 = z_10_0^2^10
-z_20_0 = z_20_10*z_10_0
-z_40_20 = z_20_0^2^20
-z_40_0 = z_40_20*z_20_0
-z_50_10 = z_40_0^2^10
-z_50_0 = z_50_10*z_10_0
-z_100_50 = z_50_0^2^50
-z_100_0 = z_100_50*z_50_0
-z_200_100 = z_100_0^2^100
-z_200_0 = z_200_100*z_100_0
-z_250_50 = z_200_0^2^50
-z_250_0 = z_250_50*z_50_0
-z_252_2 = z_250_0^2^2
-z_252_3 = z_252_2*z1
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/pow225521.h b/src/crypto/shen_ed25519_ref/ref10/pow225521.h
deleted file mode 100644
index 109df779a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/pow225521.h
+++ /dev/null
@@ -1,160 +0,0 @@
-
-/* qhasm: fe z1 */
-
-/* qhasm: fe z2 */
-
-/* qhasm: fe z8 */
-
-/* qhasm: fe z9 */
-
-/* qhasm: fe z11 */
-
-/* qhasm: fe z22 */
-
-/* qhasm: fe z_5_0 */
-
-/* qhasm: fe z_10_5 */
-
-/* qhasm: fe z_10_0 */
-
-/* qhasm: fe z_20_10 */
-
-/* qhasm: fe z_20_0 */
-
-/* qhasm: fe z_40_20 */
-
-/* qhasm: fe z_40_0 */
-
-/* qhasm: fe z_50_10 */
-
-/* qhasm: fe z_50_0 */
-
-/* qhasm: fe z_100_50 */
-
-/* qhasm: fe z_100_0 */
-
-/* qhasm: fe z_200_100 */
-
-/* qhasm: fe z_200_0 */
-
-/* qhasm: fe z_250_50 */
-
-/* qhasm: fe z_250_0 */
-
-/* qhasm: fe z_255_5 */
-
-/* qhasm: fe z_255_21 */
-
-/* qhasm: enter pow225521 */
-
-/* qhasm: z2 = z1^2^1 */
-/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
-/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z8 = z2^2^2 */
-/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
-/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-
-/* qhasm: z9 = z1*z8 */
-/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
-/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
-fe_mul(t1,z,t1);
-
-/* qhasm: z11 = z2*z9 */
-/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
-/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
-fe_mul(t0,t0,t1);
-
-/* qhasm: z22 = z11^2^1 */
-/* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
-/* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
-fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
-
-/* qhasm: z_5_0 = z9*z22 */
-/* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
-/* asm 2: fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
-fe_mul(t1,t1,t2);
-
-/* qhasm: z_10_5 = z_5_0^2^5 */
-/* asm 1: fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
-/* asm 2: fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t2,>z_10_5=t2); */
-fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
-
-/* qhasm: z_10_0 = z_10_5*z_5_0 */
-/* asm 1: fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
-/* asm 2: fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_20_10 = z_10_0^2^10 */
-/* asm 1: fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
-/* asm 2: fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t2,>z_20_10=t2); */
-fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-
-/* qhasm: z_20_0 = z_20_10*z_10_0 */
-/* asm 1: fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
-/* asm 2: fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
-fe_mul(t2,t2,t1);
-
-/* qhasm: z_40_20 = z_20_0^2^20 */
-/* asm 1: fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
-/* asm 2: fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t3,>z_40_20=t3); */
-fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
-
-/* qhasm: z_40_0 = z_40_20*z_20_0 */
-/* asm 1: fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
-/* asm 2: fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
-fe_mul(t2,t3,t2);
-
-/* qhasm: z_50_10 = z_40_0^2^10 */
-/* asm 1: fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
-/* asm 2: fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t2,>z_50_10=t2); */
-fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-
-/* qhasm: z_50_0 = z_50_10*z_10_0 */
-/* asm 1: fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
-/* asm 2: fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_100_50 = z_50_0^2^50 */
-/* asm 1: fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
-/* asm 2: fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t2,>z_100_50=t2); */
-fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-
-/* qhasm: z_100_0 = z_100_50*z_50_0 */
-/* asm 1: fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
-/* asm 2: fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
-fe_mul(t2,t2,t1);
-
-/* qhasm: z_200_100 = z_100_0^2^100 */
-/* asm 1: fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
-/* asm 2: fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t3,>z_200_100=t3); */
-fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
-
-/* qhasm: z_200_0 = z_200_100*z_100_0 */
-/* asm 1: fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
-/* asm 2: fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
-fe_mul(t2,t3,t2);
-
-/* qhasm: z_250_50 = z_200_0^2^50 */
-/* asm 1: fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
-/* asm 2: fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t2,>z_250_50=t2); */
-fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-
-/* qhasm: z_250_0 = z_250_50*z_50_0 */
-/* asm 1: fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
-/* asm 2: fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_255_5 = z_250_0^2^5 */
-/* asm 1: fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
-/* asm 2: fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_255_5=t1,>z_255_5=t1); */
-fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-
-/* qhasm: z_255_21 = z_255_5*z11 */
-/* asm 1: fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
-/* asm 2: fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
-fe_mul(out,t1,t0);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10/pow225521.q b/src/crypto/shen_ed25519_ref/ref10/pow225521.q
deleted file mode 100644
index 45be57c08..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/pow225521.q
+++ /dev/null
@@ -1,61 +0,0 @@
-:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
-fe r:var/r=fe:
-
-enter f:enter/f:>z1=fe#11:
-return:nofallthrough:<z_255_21=fe#12:leave:
-
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
-
-:
-
-fe z1
-fe z2
-fe z8
-fe z9
-fe z11
-fe z22
-fe z_5_0
-fe z_10_5
-fe z_10_0
-fe z_20_10
-fe z_20_0
-fe z_40_20
-fe z_40_0
-fe z_50_10
-fe z_50_0
-fe z_100_50
-fe z_100_0
-fe z_200_100
-fe z_200_0
-fe z_250_50
-fe z_250_0
-fe z_255_5
-fe z_255_21
-
-enter pow225521
-
-z2 = z1^2^1
-z8 = z2^2^2
-z9 = z1*z8
-z11 = z2*z9
-z22 = z11^2^1
-z_5_0 = z9*z22
-z_10_5 = z_5_0^2^5
-z_10_0 = z_10_5*z_5_0
-z_20_10 = z_10_0^2^10
-z_20_0 = z_20_10*z_10_0
-z_40_20 = z_20_0^2^20
-z_40_0 = z_40_20*z_20_0
-z_50_10 = z_40_0^2^10
-z_50_0 = z_50_10*z_10_0
-z_100_50 = z_50_0^2^50
-z_100_0 = z_100_50*z_50_0
-z_200_100 = z_100_0^2^100
-z_200_0 = z_200_100*z_100_0
-z_250_50 = z_200_0^2^50
-z_250_0 = z_250_50*z_50_0
-z_255_5 = z_250_0^2^5
-z_255_21 = z_255_5*z11
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10/q2h.sh b/src/crypto/shen_ed25519_ref/ref10/q2h.sh
deleted file mode 100644
index 47ec5110e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/q2h.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-sed 's/^#.*//' \
-| qhasm-generic \
-| sed 's_//\(.*\)$_/*\1 */_'
diff --git a/src/crypto/shen_ed25519_ref/ref10/sc.h b/src/crypto/shen_ed25519_ref/ref10/sc.h
deleted file mode 100644
index d32ed2e8c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sc.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef SC_H
-#define SC_H
-
-/*
-The set of scalars is \Z/l
-where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce
-#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd
-
-extern void sc_reduce(unsigned char *);
-extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10/sc_muladd.c b/src/crypto/shen_ed25519_ref/ref10/sc_muladd.c
deleted file mode 100644
index 6f1e9d02d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sc_muladd.c
+++ /dev/null
@@ -1,368 +0,0 @@
-#include "sc.h"
-#include "crypto_int64.h"
-#include "crypto_uint32.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,const unsigned char *c)
-{
- crypto_int64 a0 = 2097151 & load_3(a);
- crypto_int64 a1 = 2097151 & (load_4(a + 2) >> 5);
- crypto_int64 a2 = 2097151 & (load_3(a + 5) >> 2);
- crypto_int64 a3 = 2097151 & (load_4(a + 7) >> 7);
- crypto_int64 a4 = 2097151 & (load_4(a + 10) >> 4);
- crypto_int64 a5 = 2097151 & (load_3(a + 13) >> 1);
- crypto_int64 a6 = 2097151 & (load_4(a + 15) >> 6);
- crypto_int64 a7 = 2097151 & (load_3(a + 18) >> 3);
- crypto_int64 a8 = 2097151 & load_3(a + 21);
- crypto_int64 a9 = 2097151 & (load_4(a + 23) >> 5);
- crypto_int64 a10 = 2097151 & (load_3(a + 26) >> 2);
- crypto_int64 a11 = (load_4(a + 28) >> 7);
- crypto_int64 b0 = 2097151 & load_3(b);
- crypto_int64 b1 = 2097151 & (load_4(b + 2) >> 5);
- crypto_int64 b2 = 2097151 & (load_3(b + 5) >> 2);
- crypto_int64 b3 = 2097151 & (load_4(b + 7) >> 7);
- crypto_int64 b4 = 2097151 & (load_4(b + 10) >> 4);
- crypto_int64 b5 = 2097151 & (load_3(b + 13) >> 1);
- crypto_int64 b6 = 2097151 & (load_4(b + 15) >> 6);
- crypto_int64 b7 = 2097151 & (load_3(b + 18) >> 3);
- crypto_int64 b8 = 2097151 & load_3(b + 21);
- crypto_int64 b9 = 2097151 & (load_4(b + 23) >> 5);
- crypto_int64 b10 = 2097151 & (load_3(b + 26) >> 2);
- crypto_int64 b11 = (load_4(b + 28) >> 7);
- crypto_int64 c0 = 2097151 & load_3(c);
- crypto_int64 c1 = 2097151 & (load_4(c + 2) >> 5);
- crypto_int64 c2 = 2097151 & (load_3(c + 5) >> 2);
- crypto_int64 c3 = 2097151 & (load_4(c + 7) >> 7);
- crypto_int64 c4 = 2097151 & (load_4(c + 10) >> 4);
- crypto_int64 c5 = 2097151 & (load_3(c + 13) >> 1);
- crypto_int64 c6 = 2097151 & (load_4(c + 15) >> 6);
- crypto_int64 c7 = 2097151 & (load_3(c + 18) >> 3);
- crypto_int64 c8 = 2097151 & load_3(c + 21);
- crypto_int64 c9 = 2097151 & (load_4(c + 23) >> 5);
- crypto_int64 c10 = 2097151 & (load_3(c + 26) >> 2);
- crypto_int64 c11 = (load_4(c + 28) >> 7);
- crypto_int64 s0;
- crypto_int64 s1;
- crypto_int64 s2;
- crypto_int64 s3;
- crypto_int64 s4;
- crypto_int64 s5;
- crypto_int64 s6;
- crypto_int64 s7;
- crypto_int64 s8;
- crypto_int64 s9;
- crypto_int64 s10;
- crypto_int64 s11;
- crypto_int64 s12;
- crypto_int64 s13;
- crypto_int64 s14;
- crypto_int64 s15;
- crypto_int64 s16;
- crypto_int64 s17;
- crypto_int64 s18;
- crypto_int64 s19;
- crypto_int64 s20;
- crypto_int64 s21;
- crypto_int64 s22;
- crypto_int64 s23;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
- crypto_int64 carry10;
- crypto_int64 carry11;
- crypto_int64 carry12;
- crypto_int64 carry13;
- crypto_int64 carry14;
- crypto_int64 carry15;
- crypto_int64 carry16;
- crypto_int64 carry17;
- crypto_int64 carry18;
- crypto_int64 carry19;
- crypto_int64 carry20;
- crypto_int64 carry21;
- crypto_int64 carry22;
-
- s0 = c0 + a0*b0;
- s1 = c1 + a0*b1 + a1*b0;
- s2 = c2 + a0*b2 + a1*b1 + a2*b0;
- s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
- s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
- s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
- s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
- s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
- s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
- s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
- s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
- s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
- s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
- s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
- s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
- s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
- s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
- s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
- s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
- s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
- s20 = a9*b11 + a10*b10 + a11*b9;
- s21 = a10*b11 + a11*b10;
- s22 = a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/sc_reduce.c b/src/crypto/shen_ed25519_ref/ref10/sc_reduce.c
deleted file mode 100644
index d01f5a573..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sc_reduce.c
+++ /dev/null
@@ -1,275 +0,0 @@
-#include "sc.h"
-#include "crypto_int64.h"
-#include "crypto_uint32.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-
-void sc_reduce(unsigned char *s)
-{
- crypto_int64 s0 = 2097151 & load_3(s);
- crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
- crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
- crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
- crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
- crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
- crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
- crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
- crypto_int64 s8 = 2097151 & load_3(s + 21);
- crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
- crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
- crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
- crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
- crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
- crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
- crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
- crypto_int64 s16 = 2097151 & load_3(s + 42);
- crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
- crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
- crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
- crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
- crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
- crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
- crypto_int64 s23 = (load_4(s + 60) >> 3);
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
- crypto_int64 carry10;
- crypto_int64 carry11;
- crypto_int64 carry12;
- crypto_int64 carry13;
- crypto_int64 carry14;
- crypto_int64 carry15;
- crypto_int64 carry16;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/sign.c b/src/crypto/shen_ed25519_ref/ref10/sign.c
deleted file mode 100644
index de53742a6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sign.c
+++ /dev/null
@@ -1,41 +0,0 @@
-#include <string.h>
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "ge.h"
-#include "sc.h"
-
-int crypto_sign(
- unsigned char *sm,unsigned long long *smlen,
- const unsigned char *m,unsigned long long mlen,
- const unsigned char *sk
-)
-{
- unsigned char pk[32];
- unsigned char az[64];
- unsigned char nonce[64];
- unsigned char hram[64];
- ge_p3 R;
-
- memmove(pk,sk + 32,32);
-
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- *smlen = mlen + 64;
- memmove(sm + 64,m,mlen);
- memmove(sm + 32,az + 32,32);
- crypto_hash_sha512(nonce,sm + 32,mlen + 32);
- memmove(sm + 32,pk,32);
-
- sc_reduce(nonce);
- ge_scalarmult_base(&R,nonce);
- ge_p3_tobytes(sm,&R);
-
- crypto_hash_sha512(hram,sm,mlen + 64);
- sc_reduce(hram);
- sc_muladd(sm + 32,hram,az,nonce);
-
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10/sqrtm1.h b/src/crypto/shen_ed25519_ref/ref10/sqrtm1.h
deleted file mode 100644
index d8caa23b6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sqrtm1.h
+++ /dev/null
@@ -1 +0,0 @@
--32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
diff --git a/src/crypto/shen_ed25519_ref/ref10/sqrtm1.py b/src/crypto/shen_ed25519_ref/ref10/sqrtm1.py
deleted file mode 100644
index 9a47fbc12..000000000
--- a/src/crypto/shen_ed25519_ref/ref10/sqrtm1.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-I = expmod(2,(q-1)/4,q)
-print radix255(I)
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/MakeCryptoOps.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/MakeCryptoOps.py
deleted file mode 100644
index a37ddf370..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/MakeCryptoOps.py
+++ /dev/null
@@ -1,261 +0,0 @@
-#assumes you have gnu sed, osx sed might need slight syntax changeo
-#c.f. http://unix.stackexchange.com/questions/112023/how-can-i-replace-a-string-in-a-files
-
-#written by shen-noether monero research labs
-
-import os #for copying and sed etc.
-import glob #for copy files
-import textwrap #for comments etc
-
-print("make sure you have cat and grep installed")
-print("also assumes gnu sed syntax, c.f. :http://unix.stackexchange.com/questions/112023/how-can-i-replace-a-string-in-a-files")
-print("I believe osx may have slightly different version of sed")
-print("maybe someone smart can replace the sed with perl..")
-
-a = ""
-
-license = textwrap.dedent("""\
- // Copyright (c) 2014-2015, The Monero Project
- //
- // All rights reserved.
- //
- // Redistribution and use in source and binary forms, with or without modification, are
- // permitted provided that the following conditions are met:
- //
- // 1. Redistributions of source code must retain the above copyright notice, this list of
- // conditions and the following disclaimer.
- //
- // 2. Redistributions in binary form must reproduce the above copyright notice, this list
- // of conditions and the following disclaimer in the documentation and/or other
- // materials provided with the distribution.
- //
- // 3. Neither the name of the copyright holder nor the names of its contributors may be
- // used to endorse or promote products derived from this software without specific
- // prior written permission.
- //
- // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
- // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
- // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- //
- // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
- """)
-
-crypto_ops_includes = textwrap.dedent("""\
- #include <assert.h>
- #include <stdint.h>
-
- #include "warnings.h"
- #include "crypto-ops.h"
-
- DISABLE_VS_WARNINGS(4146 4244)
- """)
-
-predeclarations = textwrap.dedent("""\
- /* Predeclarations */
-
- static void fe_mul(fe, const fe, const fe);
- static void fe_sq(fe, const fe);
- static void fe_tobytes(unsigned char *, const fe);
- static int fe_isnonzero(const fe);
- static void ge_madd(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
- static void ge_msub(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
- static void ge_p2_0(ge_p2 *);
- static void ge_p3_dbl(ge_p1p1 *, const ge_p3 *);
- static void ge_sub(ge_p1p1 *, const ge_p3 *, const ge_cached *);
- static void fe_divpowm1(fe, const fe, const fe);
- """)
-
-
-
-fe_comments = textwrap.dedent("""\
- /*
- fe means field element.
- Here the field is \Z/(2^255-19).
- An element t, entries t[0]...t[9], represents the integer
- t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
- Bounds on each t[i] vary depending on context.
- */
- """)
-
-sc_comments = textwrap.dedent("""\
- /*
- *
- * sc code
- *
- *
- The set of scalars is \Z/l
- where l = 2^252 + 27742317777372353535851937790883648493.
-
- This is the order of the curve ed25519.
- The point is that if a is a scalar and P is a point,
- and b is congruent to a mod l, then aP = bP.
- Thus, reducing mod l can possibly give you a smaller scalar,
- so your elliptic curve operations take less time
- */
- """)
-
-ge_comments = textwrap.dedent("""\
- /*
- *
- * ge code
- *
- *
- ge means group element.
-
- Here the group is the set of pairs (x,y) of field elements (see fe.h)
- satisfying -x^2 + y^2 = 1 + d x^2y^2
- where d = -121665/121666.
-
- Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
- */
- """)
-
-xmr_comments = textwrap.dedent("""\
- /*
- *
- * xmr specific code
- *
- *
- This code is from the original CryptoNote.
- Some additional functions were needed to compute ring signatures
- which are not needed for signing.
- Note that sc_sub and sc_mulsub have been given their own file
- since these have been rewritten
-
- */
- """)
-
-
-
-
-def qhasmToC(fi, header, out):
- #replaces mentiones of "header" in "fi" with output in "out"
- #also removes qhasm comments
- out1 = out+".tmp"
- rem_qhasm = " |grep -v 'qhasm' |grep -v ' asm'"
- com = "sed -e '/#include \""+header+"\"/ {' -e 'r "+header+"' -e 'd' -e '}' "+fi+rem_qhasm+" > "+out1
- com2 = "awk 'NF' "+out1+" > "+out
- print(com)
- os.system(com)
- print(com2)
- os.system(com2)
- os.remove(out1) #temporary
-
-while (a != "m") and (a != "m") and (a != "c"):
- a = raw_input("Make / Clean/ Quit m / c / q?")
-
-if a == "m":
- print("making crypto-ops.c and crypto-ops.h")
-
-
- #ref10 header files
-
- #ref10 c files
-
- #fe things
- #still need to do d2, d, sqrtm1
- print("making fe.c")
- print(fe_comments)
- fe = glob.glob("fe*.c")
- for g in fe:
- os.system("cp "+g+" "+g.replace("fe", "fe.monero."))
- qhasmToC("fe_pow22523.c", "pow22523.h", "fe.monero._pow22523.c")
- qhasmToC("fe_invert.c", "pow225521.h", "fe.monero._invert.c")
- os.system("rm fe.monero._isnonzero.c") #since it's modified, it's in xmrSpecificOld
- os.system("cat fe.monero.*.c | grep -v '^#include' > fe.monero.c")
-
- #sc things
- print("\nmaking sc.c")
- print(sc_comments)
- #so you don't get multiple "loads"
- os.system("tail -n +24 sc_reduce.c > sc.monero._reduce.c") #also good on linux
- os.system("tail -n +24 sc_muladd.c > sc.monero._muladd.c")
- os.system("tail -n +31 sc_sub.xmr.c > sc.monero._sub.xmr.c") #careful with the tails if you change these files!
- os.system("cat sc.monero.*.c | grep -v '^#include' > sc.monero.c")
-
- #ge stuff
- print("making ge.c")
- ge = glob.glob("ge*.c")
- for g in ge:
- os.system("cp "+g+" "+g.replace("ge", "ge.monero."))
- print(ge_comments)
- #need to substitute the below lines for their .h files in the appropriate places
- qhasmToC("ge_add.c", "ge_add.h", "ge.monero._add.c")
- qhasmToC("ge_madd.c", "ge_madd.h", "ge.monero._madd.c")
- qhasmToC("ge_sub.c", "ge_sub.h", "ge.monero._sub.c")
- qhasmToC("ge_msub.c", "ge_msub.h", "ge.monero._msub.c")
- qhasmToC("ge_p2_dbl.c", "ge_p2_dbl.h", "ge.monero._p2_dbl.c")
- qhasmToC("ge_frombytes.c", "d.h", "ge.monero._frombytes.c")
- qhasmToC("ge.monero._frombytes.c", "sqrtm1.h", "ge.monero._frombytes.c")
- qhasmToC("ge_p3_to_cached.c", "d2.h", "ge.monero._p3_to_cached.c")
-
-
-
- #also ge_double_scalarmult needs base2.h for ge_precomp Bi
- #note, base2.h is a large file!
- #also in ge_scalarmult_base ge_precomp base needs base.h included
-
- qhasmToC("ge_double_scalarmult.c", "base2.h", "ge.monero._double_scalarmult.c")
- qhasmToC("ge_scalarmult_base.c", "base.h", "ge.monero._scalarmult_base.c")
- #qhasmToC("ge.monero._scalarmult_base.c", "base.h", "ge.monero._scalarmult_base.c")
- os.system("sed -i 's/ cmov/ ge_precomp_cmov/g' ge.monero._scalarmult_base.c")
- os.system("cat ge.monero.*.c | grep -v '^#include' > ge.monero.c")
-
-
- print("making crypto-ops.c")
-
- #sqrtm1 things
-
- #comments
- with open("fe.monero.comments", "w") as text_file:
- text_file.write(fe_comments)
- with open("ge.monero.comments", "w") as text_file:
- text_file.write(ge_comments)
- with open("sc.monero.comments", "w") as text_file:
- text_file.write(sc_comments)
- with open("xmr.monero.comments", "w") as text_file:
- text_file.write(xmr_comments)
- with open("xmr.monero.predeclarations", "w") as text_file:
- text_file.write(predeclarations)
-
-
- #license
- with open("monero.license", "w") as text_file:
- text_file.write(license)
-
- #crypto-ops.c includes
- with open("crypto-ops.monero.includes", "w") as text_file:
- text_file.write(crypto_ops_includes)
-
- #note you may have duplicates of load_3, load_4 and possibly some other functions ...
- os.system("cat monero.license crypto-ops.monero.includes xmr.monero.predeclarations fe.monero.comments fe.monero.c sc.monero.comments sc.monero.c ge.monero.comments ge.monero.c xmr.monero.comments xmrSpecificOld.c > crypto-ops.c")
-
- #monero specific header files
- #print("making crypto-ops-tmp.h")
- #os.system("cat fe.h ge.h sc.h |grep -v crypto_sign_ed25519 |grep -v fe.h > crypto-ops-tmp.h")
- #we'll just use the old header crypto-ops.h
-
- #replace crypto_ints
- os.system("sed -i 's/crypto_int32/int32_t/g' crypto-ops.c")
- os.system("sed -i 's/crypto_int64/int64_t/g' crypto-ops.c")
- os.system("sed -i 's/crypto_uint32/uint32_t/g' crypto-ops.c")
- os.system("sed -i 's/crypto_uint64/uint64_t/g' crypto-ops.c")
-
- #cleaning up
- os.system("rm *monero*")
-
- #monero specific c files
-if a == "c":
- #turn the directory back into ref10
- os.system("rm *monero*")
- os.system("rm crypto-ops.c")
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/api.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/api.h
deleted file mode 100644
index d88dae0c3..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/api.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#define CRYPTO_SECRETKEYBYTES 64
-#define CRYPTO_PUBLICKEYBYTES 32
-#define CRYPTO_BYTES 64
-#define CRYPTO_DETERMINISTIC 1
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.h
deleted file mode 100644
index 573bd8a05..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.h
+++ /dev/null
@@ -1,1344 +0,0 @@
-{
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
- { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
- { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
- { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
- { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
- { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
- { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
- { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
- { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
- },
-},
-{
- {
- { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
- { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
- { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
- },
- {
- { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
- { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
- { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
- },
- {
- { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
- { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
- { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
- },
- {
- { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
- { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
- { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
- },
- {
- { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
- { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
- { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
- },
- {
- { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
- { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
- { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
- },
- {
- { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
- { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
- { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
- },
- {
- { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
- { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
- { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
- },
-},
-{
- {
- { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
- { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
- { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
- },
- {
- { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
- { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
- { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
- },
- {
- { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
- { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
- { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
- },
- {
- { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
- { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
- { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
- },
- {
- { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
- { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
- { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
- },
- {
- { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
- { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
- { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
- },
- {
- { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
- { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
- { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
- },
- {
- { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
- { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
- { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
- },
-},
-{
- {
- { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
- { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
- { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
- },
- {
- { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
- { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
- { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
- },
- {
- { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
- { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
- { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
- },
- {
- { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
- { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
- { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
- },
- {
- { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
- { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
- { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
- },
- {
- { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
- { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
- { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
- },
- {
- { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
- { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
- { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
- },
- {
- { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
- { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
- { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
- },
-},
-{
- {
- { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
- { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
- { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
- },
- {
- { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
- { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
- { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
- },
- {
- { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
- { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
- { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
- },
- {
- { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
- { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
- { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
- },
- {
- { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
- { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
- { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
- },
- {
- { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
- { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
- { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
- },
- {
- { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
- { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
- { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
- },
- {
- { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
- { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
- { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
- },
-},
-{
- {
- { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
- { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
- { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
- },
- {
- { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
- { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
- { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
- },
- {
- { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
- { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
- { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
- },
- {
- { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
- { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
- { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
- },
- {
- { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
- { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
- { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
- },
- {
- { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
- { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
- { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
- },
- {
- { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
- { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
- { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
- },
- {
- { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
- { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
- { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
- },
-},
-{
- {
- { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
- { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
- { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
- },
- {
- { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
- { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
- { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
- },
- {
- { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
- { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
- { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
- },
- {
- { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
- { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
- { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
- },
- {
- { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
- { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
- { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
- },
- {
- { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
- { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
- { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
- },
- {
- { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
- { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
- { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
- },
- {
- { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
- { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
- { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
- },
-},
-{
- {
- { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
- { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
- { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
- },
- {
- { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
- { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
- { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
- },
- {
- { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
- { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
- { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
- },
- {
- { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
- { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
- { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
- },
- {
- { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
- { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
- { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
- },
- {
- { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
- { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
- { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
- },
- {
- { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
- { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
- { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
- },
- {
- { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
- { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
- { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
- },
-},
-{
- {
- { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
- { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
- { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
- },
- {
- { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
- { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
- { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
- },
- {
- { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
- { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
- { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
- },
- {
- { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
- { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
- { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
- },
- {
- { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
- { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
- { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
- },
- {
- { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
- { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
- { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
- },
- {
- { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
- { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
- { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
- },
- {
- { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
- { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
- { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
- },
-},
-{
- {
- { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
- { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
- { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
- },
- {
- { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
- { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
- { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
- },
- {
- { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
- { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
- { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
- },
- {
- { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
- { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
- { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
- },
- {
- { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
- { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
- { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
- },
- {
- { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
- { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
- { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
- },
- {
- { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
- { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
- { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
- },
- {
- { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
- { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
- { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
- },
-},
-{
- {
- { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
- { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
- { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
- },
- {
- { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
- { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
- { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
- },
- {
- { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
- { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
- { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
- },
- {
- { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
- { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
- { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
- },
- {
- { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
- { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
- { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
- },
- {
- { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
- { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
- { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
- },
- {
- { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
- { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
- { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
- },
- {
- { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
- { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
- { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
- },
-},
-{
- {
- { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
- { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
- { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
- },
- {
- { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
- { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
- { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
- },
- {
- { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
- { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
- { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
- },
- {
- { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
- { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
- { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
- },
- {
- { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
- { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
- { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
- },
- {
- { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
- { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
- { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
- },
- {
- { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
- { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
- { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
- },
- {
- { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
- { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
- { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
- },
-},
-{
- {
- { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
- { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
- { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
- },
- {
- { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
- { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
- { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
- },
- {
- { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
- { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
- { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
- },
- {
- { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
- { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
- { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
- },
- {
- { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
- { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
- { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
- },
- {
- { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
- { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
- { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
- },
- {
- { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
- { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
- { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
- },
- {
- { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
- { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
- { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
- },
-},
-{
- {
- { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
- { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
- { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
- },
- {
- { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
- { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
- { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
- },
- {
- { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
- { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
- { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
- },
- {
- { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
- { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
- { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
- },
- {
- { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
- { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
- { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
- },
- {
- { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
- { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
- { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
- },
- {
- { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
- { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
- { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
- },
- {
- { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
- { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
- { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
- },
-},
-{
- {
- { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
- { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
- { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
- },
- {
- { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
- { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
- { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
- },
- {
- { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
- { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
- { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
- },
- {
- { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
- { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
- { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
- },
- {
- { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
- { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
- { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
- },
- {
- { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
- { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
- { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
- },
- {
- { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
- { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
- { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
- },
- {
- { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
- { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
- { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
- },
-},
-{
- {
- { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
- { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
- { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
- },
- {
- { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
- { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
- { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
- },
- {
- { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
- { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
- { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
- },
- {
- { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
- { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
- { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
- },
- {
- { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
- { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
- { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
- },
- {
- { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
- { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
- { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
- },
- {
- { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
- { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
- { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
- },
- {
- { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
- { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
- { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
- },
-},
-{
- {
- { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
- { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
- { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
- },
- {
- { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
- { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
- { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
- },
- {
- { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
- { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
- { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
- },
- {
- { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
- { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
- { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
- },
- {
- { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
- { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
- { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
- },
- {
- { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
- { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
- { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
- },
- {
- { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
- { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
- { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
- },
- {
- { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
- { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
- { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
- },
-},
-{
- {
- { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
- { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
- { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
- },
- {
- { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
- { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
- { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
- },
- {
- { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
- { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
- { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
- },
- {
- { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
- { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
- { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
- },
- {
- { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
- { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
- { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
- },
- {
- { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
- { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
- { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
- },
- {
- { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
- { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
- { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
- },
- {
- { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
- { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
- { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
- },
-},
-{
- {
- { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
- { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
- { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
- },
- {
- { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
- { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
- { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
- },
- {
- { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
- { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
- { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
- },
- {
- { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
- { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
- { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
- },
- {
- { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
- { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
- { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
- },
- {
- { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
- { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
- { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
- },
- {
- { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
- { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
- { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
- },
- {
- { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
- { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
- { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
- },
-},
-{
- {
- { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
- { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
- { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
- },
- {
- { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
- { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
- { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
- },
- {
- { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
- { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
- { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
- },
- {
- { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
- { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
- { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
- },
- {
- { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
- { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
- { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
- },
- {
- { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
- { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
- { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
- },
- {
- { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
- { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
- { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
- },
- {
- { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
- { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
- { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
- },
-},
-{
- {
- { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
- { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
- { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
- },
- {
- { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
- { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
- { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
- },
- {
- { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
- { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
- { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
- },
- {
- { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
- { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
- { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
- },
- {
- { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
- { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
- { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
- },
- {
- { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
- { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
- { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
- },
- {
- { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
- { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
- { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
- },
- {
- { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
- { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
- { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
- },
-},
-{
- {
- { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
- { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
- { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
- },
- {
- { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
- { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
- { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
- },
- {
- { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
- { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
- { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
- },
- {
- { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
- { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
- { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
- },
- {
- { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
- { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
- { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
- },
- {
- { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
- { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
- { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
- },
- {
- { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
- { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
- { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
- },
- {
- { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
- { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
- { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
- },
-},
-{
- {
- { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
- { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
- { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
- },
- {
- { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
- { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
- { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
- },
- {
- { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
- { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
- { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
- },
- {
- { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
- { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
- { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
- },
- {
- { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
- { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
- { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
- },
- {
- { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
- { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
- { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
- },
- {
- { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
- { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
- { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
- },
- {
- { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
- { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
- { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
- },
-},
-{
- {
- { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
- { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
- { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
- },
- {
- { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
- { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
- { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
- },
- {
- { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
- { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
- { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
- },
- {
- { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
- { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
- { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
- },
- {
- { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
- { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
- { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
- },
- {
- { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
- { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
- { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
- },
- {
- { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
- { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
- { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
- },
- {
- { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
- { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
- { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
- },
-},
-{
- {
- { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
- { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
- { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
- },
- {
- { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
- { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
- { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
- },
- {
- { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
- { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
- { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
- },
- {
- { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
- { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
- { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
- },
- {
- { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
- { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
- { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
- },
- {
- { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
- { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
- { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
- },
- {
- { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
- { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
- { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
- },
- {
- { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
- { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
- { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
- },
-},
-{
- {
- { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
- { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
- { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
- },
- {
- { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
- { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
- { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
- },
- {
- { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
- { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
- { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
- },
- {
- { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
- { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
- { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
- },
- {
- { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
- { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
- { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
- },
- {
- { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
- { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
- { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
- },
- {
- { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
- { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
- { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
- },
- {
- { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
- { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
- { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
- },
-},
-{
- {
- { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
- { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
- { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
- },
- {
- { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
- { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
- { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
- },
- {
- { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
- { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
- { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
- },
- {
- { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
- { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
- { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
- },
- {
- { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
- { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
- { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
- },
- {
- { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
- { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
- { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
- },
- {
- { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
- { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
- { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
- },
- {
- { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
- { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
- { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
- },
-},
-{
- {
- { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
- { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
- { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
- },
- {
- { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
- { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
- { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
- },
- {
- { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
- { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
- { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
- },
- {
- { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
- { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
- { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
- },
- {
- { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
- { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
- { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
- },
- {
- { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
- { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
- { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
- },
- {
- { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
- { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
- { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
- },
- {
- { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
- { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
- { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
- },
-},
-{
- {
- { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
- { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
- { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
- },
- {
- { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
- { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
- { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
- },
- {
- { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
- { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
- { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
- },
- {
- { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
- { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
- { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
- },
- {
- { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
- { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
- { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
- },
- {
- { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
- { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
- { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
- },
- {
- { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
- { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
- { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
- },
- {
- { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
- { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
- { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
- },
-},
-{
- {
- { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
- { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
- { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
- },
- {
- { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
- { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
- { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
- },
- {
- { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
- { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
- { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
- },
- {
- { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
- { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
- { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
- },
- {
- { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
- { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
- { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
- },
- {
- { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
- { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
- { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
- },
- {
- { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
- { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
- { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
- },
- {
- { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
- { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
- { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
- },
-},
-{
- {
- { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
- { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
- { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
- },
- {
- { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
- { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
- { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
- },
- {
- { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
- { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
- { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
- },
- {
- { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
- { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
- { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
- },
- {
- { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
- { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
- { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
- },
- {
- { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
- { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
- { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
- },
- {
- { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
- { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
- { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
- },
- {
- { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
- { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
- { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
- },
-},
-{
- {
- { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
- { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
- { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
- },
- {
- { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
- { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
- { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
- },
- {
- { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
- { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
- { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
- },
- {
- { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
- { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
- { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
- },
- {
- { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
- { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
- { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
- },
- {
- { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
- { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
- { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
- },
- {
- { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
- { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
- { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
- },
- {
- { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
- { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
- { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
- },
-},
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.py
deleted file mode 100644
index 84accc858..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base.py
+++ /dev/null
@@ -1,65 +0,0 @@
-b = 256
-q = 2**255 - 19
-l = 2**252 + 27742317777372353535851937790883648493
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-d = -121665 * inv(121666)
-I = expmod(2,(q-1)/4,q)
-
-def xrecover(y):
- xx = (y*y-1) * inv(d*y*y+1)
- x = expmod(xx,(q+3)/8,q)
- if (x*x - xx) % q != 0: x = (x*I) % q
- if x % 2 != 0: x = q-x
- return x
-
-By = 4 * inv(5)
-Bx = xrecover(By)
-B = [Bx % q,By % q]
-
-def edwards(P,Q):
- x1 = P[0]
- y1 = P[1]
- x2 = Q[0]
- y2 = Q[1]
- x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
- y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
- return [x3 % q,y3 % q]
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-Bi = B
-for i in range(32):
- print "{"
- Bij = Bi
- for j in range(8):
- print " {"
- print " {",radix255(Bij[1]+Bij[0]),"},"
- print " {",radix255(Bij[1]-Bij[0]),"},"
- print " {",radix255(2*d*Bij[0]*Bij[1]),"},"
- Bij = edwards(Bij,Bi)
- print " },"
- print "},"
- for k in range(8):
- Bi = edwards(Bi,Bi)
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.h
deleted file mode 100644
index 8c538440f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.h
+++ /dev/null
@@ -1,40 +0,0 @@
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
- { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
- { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
- },
- {
- { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
- { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
- { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
- },
- {
- { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
- { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
- { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
- },
- {
- { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
- { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
- { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
- },
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.py
deleted file mode 100644
index 5e4e8739d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/base2.py
+++ /dev/null
@@ -1,60 +0,0 @@
-b = 256
-q = 2**255 - 19
-l = 2**252 + 27742317777372353535851937790883648493
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-d = -121665 * inv(121666)
-I = expmod(2,(q-1)/4,q)
-
-def xrecover(y):
- xx = (y*y-1) * inv(d*y*y+1)
- x = expmod(xx,(q+3)/8,q)
- if (x*x - xx) % q != 0: x = (x*I) % q
- if x % 2 != 0: x = q-x
- return x
-
-By = 4 * inv(5)
-Bx = xrecover(By)
-B = [Bx % q,By % q]
-
-def edwards(P,Q):
- x1 = P[0]
- y1 = P[1]
- x2 = Q[0]
- y2 = Q[1]
- x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
- y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
- return [x3 % q,y3 % q]
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-Bi = B
-
-for i in range(8):
- print " {"
- print " {",radix255(Bi[1]+Bi[0]),"},"
- print " {",radix255(Bi[1]-Bi[0]),"},"
- print " {",radix255(2*d*Bi[0]*Bi[1]),"},"
- print " },"
- Bi = edwards(B,edwards(B,Bi))
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.c
deleted file mode 100644
index 223224f40..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.c
+++ /dev/null
@@ -1,4830 +0,0 @@
-// Copyright (c) 2014-2015, The Monero Project
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-// of conditions and the following disclaimer in the documentation and/or other
-// materials provided with the distribution.
-//
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-// used to endorse or promote products derived from this software without specific
-// prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-#include <assert.h>
-#include <stdint.h>
-
-#include "warnings.h"
-#include "crypto-ops.h"
-
-DISABLE_VS_WARNINGS(4146 4244)
-/* Predeclarations */
-
-static void fe_mul(fe, const fe, const fe);
-static void fe_sq(fe, const fe);
-static void fe_tobytes(unsigned char *, const fe);
-static int fe_isnonzero(const fe);
-static void ge_madd(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
-static void ge_msub(ge_p1p1 *, const ge_p3 *, const ge_precomp *);
-static void ge_p2_0(ge_p2 *);
-static void ge_p3_dbl(ge_p1p1 *, const ge_p3 *);
-static void ge_sub(ge_p1p1 *, const ge_p3 *, const ge_cached *);
-static void fe_divpowm1(fe, const fe, const fe);
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
- h[0] = 0;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
- h[0] = 1;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 + g0;
- int32_t h1 = f1 + g1;
- int32_t h2 = f2 + g2;
- int32_t h3 = f3 + g3;
- int32_t h4 = f4 + g4;
- int32_t h5 = f5 + g5;
- int32_t h6 = f6 + g6;
- int32_t h7 = f7 + g7;
- int32_t h8 = f8 + g8;
- int32_t h9 = f9 + g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cmov(fe f,const fe g,unsigned int b)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t x0 = f0 ^ g0;
- int32_t x1 = f1 ^ g1;
- int32_t x2 = f2 ^ g2;
- int32_t x3 = f3 ^ g3;
- int32_t x4 = f4 ^ g4;
- int32_t x5 = f5 ^ g5;
- int32_t x6 = f6 ^ g6;
- int32_t x7 = f7 ^ g7;
- int32_t x8 = f8 ^ g8;
- int32_t x9 = f9 ^ g9;
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
-
-/*
-h = f
-*/
-
-void fe_copy(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
-
-static uint64_t load_3(const unsigned char *in)
-{
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- return result;
-}
-
-static uint64_t load_4(const unsigned char *in)
-{
- uint64_t result;
- result = (uint64_t) in[0];
- result |= ((uint64_t) in[1]) << 8;
- result |= ((uint64_t) in[2]) << 16;
- result |= ((uint64_t) in[3]) << 24;
- return result;
-}
-
-/*
-Ignores top bit of h.
-*/
-
-void fe_frombytes(fe h,const unsigned char *s)
-{
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = (load_3(s + 29) & 8388607) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-void fe_invert(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- fe t3;
- int i;
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-fe_mul(t1,z,t1);
-fe_mul(t0,t0,t1);
-fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
-fe_mul(t1,t1,t2);
-fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
-fe_mul(t1,t2,t1);
-fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-fe_mul(t2,t2,t1);
-fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
-fe_mul(t2,t3,t2);
-fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-fe_mul(t1,t2,t1);
-fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-fe_mul(t2,t2,t1);
-fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
-fe_mul(t2,t3,t2);
-fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-fe_mul(t1,t2,t1);
-fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-fe_mul(out,t1,t0);
- return;
-}
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-int fe_isnegative(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return s[0] & 1;
-}
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-void fe_mul(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
- int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- int32_t g3_19 = 19 * g3;
- int32_t g4_19 = 19 * g4;
- int32_t g5_19 = 19 * g5;
- int32_t g6_19 = 19 * g6;
- int32_t g7_19 = 19 * g7;
- int32_t g8_19 = 19 * g8;
- int32_t g9_19 = 19 * g9;
- int32_t f1_2 = 2 * f1;
- int32_t f3_2 = 2 * f3;
- int32_t f5_2 = 2 * f5;
- int32_t f7_2 = 2 * f7;
- int32_t f9_2 = 2 * f9;
- int64_t f0g0 = f0 * (int64_t) g0;
- int64_t f0g1 = f0 * (int64_t) g1;
- int64_t f0g2 = f0 * (int64_t) g2;
- int64_t f0g3 = f0 * (int64_t) g3;
- int64_t f0g4 = f0 * (int64_t) g4;
- int64_t f0g5 = f0 * (int64_t) g5;
- int64_t f0g6 = f0 * (int64_t) g6;
- int64_t f0g7 = f0 * (int64_t) g7;
- int64_t f0g8 = f0 * (int64_t) g8;
- int64_t f0g9 = f0 * (int64_t) g9;
- int64_t f1g0 = f1 * (int64_t) g0;
- int64_t f1g1_2 = f1_2 * (int64_t) g1;
- int64_t f1g2 = f1 * (int64_t) g2;
- int64_t f1g3_2 = f1_2 * (int64_t) g3;
- int64_t f1g4 = f1 * (int64_t) g4;
- int64_t f1g5_2 = f1_2 * (int64_t) g5;
- int64_t f1g6 = f1 * (int64_t) g6;
- int64_t f1g7_2 = f1_2 * (int64_t) g7;
- int64_t f1g8 = f1 * (int64_t) g8;
- int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
- int64_t f2g0 = f2 * (int64_t) g0;
- int64_t f2g1 = f2 * (int64_t) g1;
- int64_t f2g2 = f2 * (int64_t) g2;
- int64_t f2g3 = f2 * (int64_t) g3;
- int64_t f2g4 = f2 * (int64_t) g4;
- int64_t f2g5 = f2 * (int64_t) g5;
- int64_t f2g6 = f2 * (int64_t) g6;
- int64_t f2g7 = f2 * (int64_t) g7;
- int64_t f2g8_19 = f2 * (int64_t) g8_19;
- int64_t f2g9_19 = f2 * (int64_t) g9_19;
- int64_t f3g0 = f3 * (int64_t) g0;
- int64_t f3g1_2 = f3_2 * (int64_t) g1;
- int64_t f3g2 = f3 * (int64_t) g2;
- int64_t f3g3_2 = f3_2 * (int64_t) g3;
- int64_t f3g4 = f3 * (int64_t) g4;
- int64_t f3g5_2 = f3_2 * (int64_t) g5;
- int64_t f3g6 = f3 * (int64_t) g6;
- int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
- int64_t f3g8_19 = f3 * (int64_t) g8_19;
- int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
- int64_t f4g0 = f4 * (int64_t) g0;
- int64_t f4g1 = f4 * (int64_t) g1;
- int64_t f4g2 = f4 * (int64_t) g2;
- int64_t f4g3 = f4 * (int64_t) g3;
- int64_t f4g4 = f4 * (int64_t) g4;
- int64_t f4g5 = f4 * (int64_t) g5;
- int64_t f4g6_19 = f4 * (int64_t) g6_19;
- int64_t f4g7_19 = f4 * (int64_t) g7_19;
- int64_t f4g8_19 = f4 * (int64_t) g8_19;
- int64_t f4g9_19 = f4 * (int64_t) g9_19;
- int64_t f5g0 = f5 * (int64_t) g0;
- int64_t f5g1_2 = f5_2 * (int64_t) g1;
- int64_t f5g2 = f5 * (int64_t) g2;
- int64_t f5g3_2 = f5_2 * (int64_t) g3;
- int64_t f5g4 = f5 * (int64_t) g4;
- int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
- int64_t f5g6_19 = f5 * (int64_t) g6_19;
- int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
- int64_t f5g8_19 = f5 * (int64_t) g8_19;
- int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
- int64_t f6g0 = f6 * (int64_t) g0;
- int64_t f6g1 = f6 * (int64_t) g1;
- int64_t f6g2 = f6 * (int64_t) g2;
- int64_t f6g3 = f6 * (int64_t) g3;
- int64_t f6g4_19 = f6 * (int64_t) g4_19;
- int64_t f6g5_19 = f6 * (int64_t) g5_19;
- int64_t f6g6_19 = f6 * (int64_t) g6_19;
- int64_t f6g7_19 = f6 * (int64_t) g7_19;
- int64_t f6g8_19 = f6 * (int64_t) g8_19;
- int64_t f6g9_19 = f6 * (int64_t) g9_19;
- int64_t f7g0 = f7 * (int64_t) g0;
- int64_t f7g1_2 = f7_2 * (int64_t) g1;
- int64_t f7g2 = f7 * (int64_t) g2;
- int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
- int64_t f7g4_19 = f7 * (int64_t) g4_19;
- int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
- int64_t f7g6_19 = f7 * (int64_t) g6_19;
- int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
- int64_t f7g8_19 = f7 * (int64_t) g8_19;
- int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
- int64_t f8g0 = f8 * (int64_t) g0;
- int64_t f8g1 = f8 * (int64_t) g1;
- int64_t f8g2_19 = f8 * (int64_t) g2_19;
- int64_t f8g3_19 = f8 * (int64_t) g3_19;
- int64_t f8g4_19 = f8 * (int64_t) g4_19;
- int64_t f8g5_19 = f8 * (int64_t) g5_19;
- int64_t f8g6_19 = f8 * (int64_t) g6_19;
- int64_t f8g7_19 = f8 * (int64_t) g7_19;
- int64_t f8g8_19 = f8 * (int64_t) g8_19;
- int64_t f8g9_19 = f8 * (int64_t) g9_19;
- int64_t f9g0 = f9 * (int64_t) g0;
- int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
- int64_t f9g2_19 = f9 * (int64_t) g2_19;
- int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
- int64_t f9g4_19 = f9 * (int64_t) g4_19;
- int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
- int64_t f9g6_19 = f9 * (int64_t) g6_19;
- int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
- int64_t f9g8_19 = f9 * (int64_t) g8_19;
- int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
- int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
- int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
- int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
- int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
- int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
- int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
- int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38;
- int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
- int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
- int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
-h = -f
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_neg(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t h0 = -f0;
- int32_t h1 = -f1;
- int32_t h2 = -f2;
- int32_t h3 = -f3;
- int32_t h4 = -f4;
- int32_t h5 = -f5;
- int32_t h6 = -f6;
- int32_t h7 = -f7;
- int32_t h8 = -f8;
- int32_t h9 = -f9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-void fe_pow22523(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- int i;
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-fe_mul(t1,z,t1);
-fe_mul(t0,t0,t1);
-fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-fe_mul(t0,t1,t0);
-fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-fe_mul(t0,t1,t0);
-fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-fe_mul(t1,t1,t0);
-fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
-fe_mul(t1,t2,t1);
-fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-fe_mul(t0,t1,t0);
-fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-fe_mul(t1,t1,t0);
-fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
-fe_mul(t1,t2,t1);
-fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-fe_mul(t0,t1,t0);
-fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
-fe_mul(out,t0,z);
- return;
-}
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq2(fe h,const fe f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
- int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_sub(fe h,const fe f,const fe g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
- int32_t h0 = f0 - g0;
- int32_t h1 = f1 - g1;
- int32_t h2 = f2 - g2;
- int32_t h3 = f3 - g3;
- int32_t h4 = f4 - g4;
- int32_t h5 = f5 - g5;
- int32_t h6 = f6 - g6;
- int32_t h7 = f7 - g7;
- int32_t h8 = f8 - g8;
- int32_t h9 = f9 - g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
-Preconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
- Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
- Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
- Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
- Then 0<y<1.
-
- Write r=h-pq.
- Have 0<=r<=p-1=2^255-20.
- Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
- Write x=r+19(2^-255)r+y.
- Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
- Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-void fe_tobytes(unsigned char *s,const fe h)
-{
- int32_t h0 = h[0];
- int32_t h1 = h[1];
- int32_t h2 = h[2];
- int32_t h3 = h[3];
- int32_t h4 = h[4];
- int32_t h5 = h[5];
- int32_t h6 = h[6];
- int32_t h7 = h[7];
- int32_t h8 = h[8];
- int32_t h9 = h[9];
- int32_t q;
- int32_t carry0;
- int32_t carry1;
- int32_t carry2;
- int32_t carry3;
- int32_t carry4;
- int32_t carry5;
- int32_t carry6;
- int32_t carry7;
- int32_t carry8;
- int32_t carry9;
-
- q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
- q = (h0 + q) >> 26;
- q = (h1 + q) >> 25;
- q = (h2 + q) >> 26;
- q = (h3 + q) >> 25;
- q = (h4 + q) >> 26;
- q = (h5 + q) >> 25;
- q = (h6 + q) >> 26;
- q = (h7 + q) >> 25;
- q = (h8 + q) >> 26;
- q = (h9 + q) >> 25;
-
- /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
- h0 += 19 * q;
- /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
- carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
- carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
- carry9 = h9 >> 25; h9 -= carry9 << 25;
- /* h10 = carry9 */
-
- /*
- Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- Have h0+...+2^230 h9 between 0 and 2^255-1;
- evidently 2^255 h10-2^255 q = 0.
- Goal: Output h0+...+2^230 h9.
- */
-
- s[0] = h0 >> 0;
- s[1] = h0 >> 8;
- s[2] = h0 >> 16;
- s[3] = (h0 >> 24) | (h1 << 2);
- s[4] = h1 >> 6;
- s[5] = h1 >> 14;
- s[6] = (h1 >> 22) | (h2 << 3);
- s[7] = h2 >> 5;
- s[8] = h2 >> 13;
- s[9] = (h2 >> 21) | (h3 << 5);
- s[10] = h3 >> 3;
- s[11] = h3 >> 11;
- s[12] = (h3 >> 19) | (h4 << 6);
- s[13] = h4 >> 2;
- s[14] = h4 >> 10;
- s[15] = h4 >> 18;
- s[16] = h5 >> 0;
- s[17] = h5 >> 8;
- s[18] = h5 >> 16;
- s[19] = (h5 >> 24) | (h6 << 1);
- s[20] = h6 >> 7;
- s[21] = h6 >> 15;
- s[22] = (h6 >> 23) | (h7 << 3);
- s[23] = h7 >> 5;
- s[24] = h7 >> 13;
- s[25] = (h7 >> 21) | (h8 << 4);
- s[26] = h8 >> 4;
- s[27] = h8 >> 12;
- s[28] = (h8 >> 20) | (h9 << 6);
- s[29] = h9 >> 2;
- s[30] = h9 >> 10;
- s[31] = h9 >> 18;
-}
-/*
- *
- * sc code
- *
- *
-The set of scalars is \Z/l
-where l = 2^252 + 27742317777372353535851937790883648493.
-
-This is the order of the curve ed25519.
-The point is that if a is a scalar and P is a point,
-and b is congruent to a mod l, then aP = bP.
-Thus, reducing mod l can possibly give you a smaller scalar,
-so your elliptic curve operations take less time
-*/
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,const unsigned char *c)
-{
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 + a0*b0;
- s1 = c1 + a0*b1 + a1*b0;
- s2 = c2 + a0*b2 + a1*b1 + a2*b0;
- s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
- s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
- s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
- s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
- s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
- s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
- s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
- s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
- s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
- s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
- s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
- s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
- s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
- s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
- s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
- s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
- s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
- s20 = a9*b11 + a10*b10 + a11*b9;
- s21 = a10*b11 + a11*b10;
- s22 = a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-
-void sc_reduce(unsigned char *s)
-{
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
- int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
- int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
- int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
- int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
- int64_t s16 = 2097151 & load_3(s + 42);
- int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
- int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
- int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
- int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
- int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
- int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
- int64_t s23 = (load_4(s + 60) >> 3);
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-void sc_sub(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 - b0;
- int64_t s1 = a1 - b1;
- int64_t s2 = a2 - b2;
- int64_t s3 = a3 - b3;
- int64_t s4 = a4 - b4;
- int64_t s5 = a5 - b5;
- int64_t s6 = a6 - b6;
- int64_t s7 = a7 - b7;
- int64_t s8 = a8 - b8;
- int64_t s9 = a9 - b9;
- int64_t s10 = a10 - b10;
- int64_t s11 = a11 - b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (c-ab) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-//x
-void sc_mulsub(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 - a0*b0;
- s1 = c1 - (a0*b1 + a1*b0);
- s2 = c2 - (a0*b2 + a1*b1 + a2*b0);
- s3 = c3 - (a0*b3 + a1*b2 + a2*b1 + a3*b0);
- s4 = c4 - (a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0);
- s5 = c5 - (a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0);
- s6 = c6 - (a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0);
- s7 = c7 - (a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0);
- s8 = c8 - (a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0);
- s9 = c9 - (a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0);
- s10 = c10 - (a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0);
- s11 = c11 - (a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0);
- s12 = -(a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1);
- s13 = -(a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2);
- s14 = -(a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3);
- s15 = -(a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4);
- s16 = -(a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5);
- s17 = -(a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6);
- s18 = -(a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7);
- s19 = -(a8*b11 + a9*b10 + a10*b9 + a11*b8);
- s20 = -(a9*b11 + a10*b10 + a11*b9);
- s21 = -(a10*b11 + a11*b10);
- s22 = -a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-
-/*
- *
- * ge code
- *
- *
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-/*
-r = p + q
-*/
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-fe_add(r->X,p->Y,p->X);
-fe_sub(r->Y,p->Y,p->X);
-fe_mul(r->Z,r->X,q->YplusX);
-fe_mul(r->Y,r->Y,q->YminusX);
-fe_mul(r->T,q->T2d,p->T);
-fe_mul(r->X,p->Z,q->Z);
-fe_add(t0,r->X,r->X);
-fe_sub(r->X,r->Z,r->Y);
-fe_add(r->Y,r->Z,r->Y);
-fe_add(r->Z,t0,r->T);
-fe_sub(r->T,t0,r->T);
-}
-static void slide(signed char *r,const unsigned char *a)
-{
- int i;
- int b;
- int k;
- for (i = 0;i < 256;++i)
- r[i] = 1 & (a[i >> 3] >> (i & 7));
- for (i = 0;i < 256;++i)
- if (r[i]) {
- for (b = 1;b <= 6 && i + b < 256;++b) {
- if (r[i + b]) {
- if (r[i] + (r[i + b] << b) <= 15) {
- r[i] += r[i + b] << b; r[i + b] = 0;
- } else if (r[i] - (r[i + b] << b) >= -15) {
- r[i] -= r[i + b] << b;
- for (k = i + b;k < 256;++k) {
- if (!r[k]) {
- r[k] = 1;
- break;
- }
- r[k] = 0;
- }
- } else
- break;
- }
- }
- }
-}
-static ge_precomp Bi[8] = {
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
- { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
- { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
- },
- {
- { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
- { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
- { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
- },
- {
- { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
- { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
- { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
- },
- {
- { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
- { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
- { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
- },
-} ;
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
-{
- signed char aslide[256];
- signed char bslide[256];
- ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
- ge_p1p1 t;
- ge_p3 u;
- ge_p3 A2;
- int i;
- slide(aslide,a);
- slide(bslide,b);
- ge_p3_to_cached(&Ai[0],A);
- ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
- ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
- ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
- ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
- ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
- ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
- ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
- ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
- ge_p2_0(r);
- for (i = 255;i >= 0;--i) {
- if (aslide[i] || bslide[i]) break;
- }
- for (;i >= 0;--i) {
- ge_p2_dbl(&t,r);
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_add(&t,&u,&Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
- }
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_madd(&t,&u,&Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
- }
- ge_p1p1_to_p2(r,&t);
- }
-}
-static const fe d = {
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
-} ;
-static const fe sqrtm1 = {
--32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
-} ;
-int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
-{
- fe u;
- fe v;
- fe v3;
- fe vxx;
- fe check;
- fe_frombytes(h->Y,s);
- fe_1(h->Z);
- fe_sq(u,h->Y);
- fe_mul(v,u,d);
- fe_sub(u,u,h->Z); /* u = y^2-1 */
- fe_add(v,v,h->Z); /* v = dy^2+1 */
- fe_sq(v3,v);
- fe_mul(v3,v3,v); /* v3 = v^3 */
- fe_sq(h->X,v3);
- fe_mul(h->X,h->X,v);
- fe_mul(h->X,h->X,u); /* x = uv^7 */
- fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
- fe_mul(h->X,h->X,v3);
- fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */
- fe_sq(vxx,h->X);
- fe_mul(vxx,vxx,v);
- fe_sub(check,vxx,u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check,vxx,u); /* vx^2+u */
- if (fe_isnonzero(check)) return -1;
- fe_mul(h->X,h->X,sqrtm1);
- }
- if (fe_isnegative(h->X) == (s[31] >> 7))
- fe_neg(h->X,h->X);
- fe_mul(h->T,h->X,h->Y);
- return 0;
-}
-/*
-r = p + q
-*/
-void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-fe_add(r->X,p->Y,p->X);
-fe_sub(r->Y,p->Y,p->X);
-fe_mul(r->Z,r->X,q->yplusx);
-fe_mul(r->Y,r->Y,q->yminusx);
-fe_mul(r->T,q->xy2d,p->T);
-fe_add(t0,p->Z,p->Z);
-fe_sub(r->X,r->Z,r->Y);
-fe_add(r->Y,r->Z,r->Y);
-fe_add(r->Z,t0,r->T);
-fe_sub(r->T,t0,r->T);
-}
-/*
-r = p - q
-*/
-void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-fe_add(r->X,p->Y,p->X);
-fe_sub(r->Y,p->Y,p->X);
-fe_mul(r->Z,r->X,q->yminusx);
-fe_mul(r->Y,r->Y,q->yplusx);
-fe_mul(r->T,q->xy2d,p->T);
-fe_add(t0,p->Z,p->Z);
-fe_sub(r->X,r->Z,r->Y);
-fe_add(r->Y,r->Z,r->Y);
-fe_sub(r->Z,t0,r->T);
-fe_add(r->T,t0,r->T);
-}
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
-}
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
- fe_mul(r->T,p->X,p->Y);
-}
-
-void ge_p2_0(ge_p2 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
-}
-/*
-r = 2 * p
-*/
-void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
-{
- fe t0;
-fe_sq(r->X,p->X);
-fe_sq(r->Z,p->Y);
-fe_sq2(r->T,p->Z);
-fe_add(r->Y,p->X,p->Y);
-fe_sq(t0,r->Y);
-fe_add(r->Y,r->Z,r->X);
-fe_sub(r->Z,r->Z,r->X);
-fe_sub(r->X,t0,r->Y);
-fe_sub(r->T,r->T,r->Z);
-}
-
-void ge_p3_0(ge_p3 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
- fe_0(h->T);
-}
-
-/*
-r = 2 * p
-*/
-
-void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
-{
- ge_p2 q;
- ge_p3_to_p2(&q,p);
- ge_p2_dbl(r,&q);
-}
-/*
-r = p
-*/
-static const fe d2 = {
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
-} ;
-extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
-{
- fe_add(r->YplusX,p->Y,p->X);
- fe_sub(r->YminusX,p->Y,p->X);
- fe_copy(r->Z,p->Z);
- fe_mul(r->T2d,p->T,d2);
-}
-
-/*
-r = p
-*/
-
-extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
-{
- fe_copy(r->X,p->X);
- fe_copy(r->Y,p->Y);
- fe_copy(r->Z,p->Z);
-}
-
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-
-void ge_precomp_0(ge_precomp *h)
-{
- fe_1(h->yplusx);
- fe_1(h->yminusx);
- fe_0(h->xy2d);
-}
-static unsigned char equal(signed char b,signed char c)
-{
- unsigned char ub = b;
- unsigned char uc = c;
- unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
- uint32_t y = x; /* 0: yes; 1..255: no */
- y -= 1; /* 4294967295: yes; 0..254: no */
- y >>= 31; /* 1: yes; 0: no */
- return y;
-}
-static unsigned char negative(signed char b)
-{
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
- x >>= 63; /* 1: yes; 0: no */
- return x;
-}
-static void ge_precomp_cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
-{
- fe_cmov(t->yplusx,u->yplusx,b);
- fe_cmov(t->yminusx,u->yminusx,b);
- fe_cmov(t->xy2d,u->xy2d,b);
-}
-/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
-{
- {
- { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
- { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
- { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
- { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
- { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
- { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
- },
- {
- { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
- { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
- { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
- { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
- { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
- { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
- },
- {
- { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
- { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
- { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
- { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
- { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
- { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
- },
- {
- { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
- { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
- { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
- { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
- { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
- { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
- },
-},
-{
- {
- { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
- { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
- { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
- },
- {
- { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
- { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
- { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
- },
- {
- { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
- { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
- { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
- },
- {
- { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
- { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
- { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
- },
- {
- { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
- { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
- { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
- },
- {
- { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
- { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
- { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
- },
- {
- { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
- { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
- { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
- },
- {
- { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
- { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
- { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
- },
-},
-{
- {
- { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
- { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
- { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
- },
- {
- { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
- { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
- { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
- },
- {
- { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
- { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
- { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
- },
- {
- { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
- { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
- { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
- },
- {
- { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
- { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
- { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
- },
- {
- { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
- { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
- { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
- },
- {
- { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
- { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
- { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
- },
- {
- { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
- { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
- { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
- },
-},
-{
- {
- { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
- { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
- { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
- },
- {
- { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
- { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
- { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
- },
- {
- { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
- { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
- { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
- },
- {
- { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
- { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
- { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
- },
- {
- { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
- { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
- { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
- },
- {
- { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
- { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
- { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
- },
- {
- { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
- { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
- { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
- },
- {
- { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
- { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
- { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
- },
-},
-{
- {
- { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
- { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
- { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
- },
- {
- { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
- { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
- { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
- },
- {
- { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
- { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
- { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
- },
- {
- { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
- { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
- { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
- },
- {
- { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
- { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
- { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
- },
- {
- { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
- { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
- { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
- },
- {
- { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
- { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
- { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
- },
- {
- { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
- { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
- { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
- },
-},
-{
- {
- { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
- { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
- { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
- },
- {
- { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
- { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
- { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
- },
- {
- { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
- { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
- { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
- },
- {
- { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
- { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
- { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
- },
- {
- { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
- { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
- { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
- },
- {
- { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
- { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
- { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
- },
- {
- { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
- { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
- { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
- },
- {
- { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
- { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
- { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
- },
-},
-{
- {
- { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
- { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
- { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
- },
- {
- { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
- { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
- { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
- },
- {
- { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
- { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
- { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
- },
- {
- { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
- { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
- { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
- },
- {
- { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
- { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
- { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
- },
- {
- { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
- { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
- { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
- },
- {
- { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
- { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
- { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
- },
- {
- { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
- { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
- { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
- },
-},
-{
- {
- { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
- { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
- { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
- },
- {
- { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
- { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
- { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
- },
- {
- { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
- { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
- { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
- },
- {
- { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
- { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
- { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
- },
- {
- { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
- { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
- { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
- },
- {
- { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
- { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
- { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
- },
- {
- { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
- { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
- { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
- },
- {
- { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
- { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
- { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
- },
-},
-{
- {
- { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
- { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
- { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
- },
- {
- { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
- { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
- { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
- },
- {
- { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
- { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
- { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
- },
- {
- { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
- { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
- { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
- },
- {
- { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
- { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
- { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
- },
- {
- { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
- { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
- { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
- },
- {
- { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
- { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
- { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
- },
- {
- { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
- { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
- { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
- },
-},
-{
- {
- { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
- { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
- { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
- },
- {
- { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
- { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
- { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
- },
- {
- { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
- { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
- { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
- },
- {
- { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
- { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
- { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
- },
- {
- { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
- { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
- { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
- },
- {
- { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
- { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
- { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
- },
- {
- { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
- { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
- { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
- },
- {
- { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
- { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
- { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
- },
-},
-{
- {
- { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
- { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
- { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
- },
- {
- { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
- { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
- { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
- },
- {
- { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
- { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
- { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
- },
- {
- { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
- { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
- { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
- },
- {
- { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
- { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
- { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
- },
- {
- { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
- { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
- { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
- },
- {
- { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
- { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
- { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
- },
- {
- { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
- { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
- { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
- },
-},
-{
- {
- { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
- { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
- { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
- },
- {
- { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
- { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
- { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
- },
- {
- { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
- { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
- { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
- },
- {
- { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
- { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
- { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
- },
- {
- { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
- { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
- { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
- },
- {
- { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
- { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
- { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
- },
- {
- { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
- { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
- { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
- },
- {
- { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
- { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
- { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
- },
-},
-{
- {
- { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
- { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
- { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
- },
- {
- { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
- { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
- { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
- },
- {
- { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
- { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
- { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
- },
- {
- { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
- { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
- { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
- },
- {
- { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
- { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
- { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
- },
- {
- { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
- { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
- { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
- },
- {
- { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
- { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
- { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
- },
- {
- { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
- { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
- { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
- },
-},
-{
- {
- { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
- { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
- { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
- },
- {
- { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
- { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
- { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
- },
- {
- { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
- { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
- { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
- },
- {
- { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
- { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
- { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
- },
- {
- { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
- { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
- { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
- },
- {
- { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
- { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
- { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
- },
- {
- { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
- { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
- { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
- },
- {
- { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
- { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
- { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
- },
-},
-{
- {
- { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
- { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
- { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
- },
- {
- { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
- { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
- { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
- },
- {
- { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
- { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
- { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
- },
- {
- { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
- { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
- { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
- },
- {
- { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
- { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
- { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
- },
- {
- { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
- { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
- { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
- },
- {
- { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
- { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
- { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
- },
- {
- { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
- { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
- { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
- },
-},
-{
- {
- { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
- { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
- { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
- },
- {
- { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
- { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
- { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
- },
- {
- { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
- { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
- { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
- },
- {
- { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
- { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
- { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
- },
- {
- { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
- { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
- { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
- },
- {
- { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
- { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
- { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
- },
- {
- { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
- { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
- { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
- },
- {
- { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
- { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
- { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
- },
-},
-{
- {
- { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
- { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
- { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
- },
- {
- { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
- { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
- { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
- },
- {
- { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
- { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
- { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
- },
- {
- { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
- { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
- { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
- },
- {
- { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
- { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
- { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
- },
- {
- { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
- { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
- { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
- },
- {
- { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
- { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
- { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
- },
- {
- { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
- { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
- { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
- },
-},
-{
- {
- { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
- { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
- { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
- },
- {
- { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
- { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
- { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
- },
- {
- { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
- { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
- { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
- },
- {
- { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
- { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
- { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
- },
- {
- { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
- { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
- { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
- },
- {
- { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
- { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
- { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
- },
- {
- { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
- { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
- { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
- },
- {
- { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
- { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
- { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
- },
-},
-{
- {
- { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
- { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
- { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
- },
- {
- { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
- { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
- { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
- },
- {
- { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
- { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
- { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
- },
- {
- { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
- { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
- { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
- },
- {
- { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
- { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
- { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
- },
- {
- { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
- { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
- { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
- },
- {
- { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
- { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
- { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
- },
- {
- { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
- { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
- { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
- },
-},
-{
- {
- { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
- { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
- { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
- },
- {
- { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
- { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
- { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
- },
- {
- { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
- { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
- { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
- },
- {
- { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
- { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
- { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
- },
- {
- { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
- { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
- { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
- },
- {
- { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
- { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
- { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
- },
- {
- { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
- { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
- { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
- },
- {
- { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
- { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
- { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
- },
-},
-{
- {
- { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
- { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
- { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
- },
- {
- { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
- { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
- { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
- },
- {
- { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
- { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
- { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
- },
- {
- { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
- { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
- { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
- },
- {
- { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
- { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
- { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
- },
- {
- { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
- { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
- { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
- },
- {
- { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
- { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
- { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
- },
- {
- { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
- { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
- { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
- },
-},
-{
- {
- { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
- { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
- { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
- },
- {
- { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
- { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
- { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
- },
- {
- { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
- { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
- { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
- },
- {
- { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
- { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
- { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
- },
- {
- { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
- { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
- { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
- },
- {
- { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
- { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
- { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
- },
- {
- { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
- { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
- { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
- },
- {
- { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
- { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
- { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
- },
-},
-{
- {
- { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
- { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
- { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
- },
- {
- { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
- { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
- { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
- },
- {
- { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
- { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
- { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
- },
- {
- { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
- { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
- { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
- },
- {
- { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
- { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
- { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
- },
- {
- { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
- { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
- { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
- },
- {
- { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
- { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
- { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
- },
- {
- { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
- { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
- { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
- },
-},
-{
- {
- { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
- { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
- { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
- },
- {
- { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
- { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
- { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
- },
- {
- { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
- { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
- { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
- },
- {
- { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
- { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
- { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
- },
- {
- { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
- { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
- { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
- },
- {
- { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
- { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
- { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
- },
- {
- { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
- { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
- { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
- },
- {
- { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
- { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
- { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
- },
-},
-{
- {
- { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
- { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
- { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
- },
- {
- { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
- { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
- { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
- },
- {
- { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
- { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
- { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
- },
- {
- { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
- { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
- { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
- },
- {
- { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
- { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
- { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
- },
- {
- { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
- { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
- { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
- },
- {
- { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
- { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
- { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
- },
- {
- { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
- { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
- { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
- },
-},
-{
- {
- { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
- { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
- { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
- },
- {
- { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
- { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
- { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
- },
- {
- { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
- { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
- { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
- },
- {
- { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
- { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
- { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
- },
- {
- { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
- { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
- { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
- },
- {
- { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
- { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
- { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
- },
- {
- { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
- { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
- { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
- },
- {
- { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
- { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
- { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
- },
-},
-{
- {
- { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
- { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
- { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
- },
- {
- { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
- { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
- { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
- },
- {
- { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
- { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
- { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
- },
- {
- { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
- { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
- { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
- },
- {
- { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
- { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
- { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
- },
- {
- { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
- { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
- { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
- },
- {
- { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
- { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
- { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
- },
- {
- { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
- { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
- { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
- },
-},
-{
- {
- { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
- { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
- { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
- },
- {
- { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
- { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
- { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
- },
- {
- { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
- { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
- { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
- },
- {
- { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
- { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
- { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
- },
- {
- { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
- { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
- { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
- },
- {
- { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
- { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
- { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
- },
- {
- { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
- { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
- { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
- },
- {
- { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
- { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
- { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
- },
-},
-{
- {
- { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
- { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
- { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
- },
- {
- { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
- { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
- { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
- },
- {
- { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
- { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
- { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
- },
- {
- { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
- { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
- { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
- },
- {
- { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
- { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
- { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
- },
- {
- { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
- { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
- { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
- },
- {
- { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
- { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
- { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
- },
- {
- { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
- { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
- { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
- },
-},
-{
- {
- { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
- { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
- { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
- },
- {
- { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
- { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
- { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
- },
- {
- { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
- { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
- { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
- },
- {
- { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
- { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
- { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
- },
- {
- { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
- { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
- { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
- },
- {
- { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
- { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
- { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
- },
- {
- { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
- { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
- { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
- },
- {
- { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
- { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
- { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
- },
-},
-{
- {
- { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
- { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
- { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
- },
- {
- { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
- { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
- { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
- },
- {
- { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
- { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
- { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
- },
- {
- { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
- { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
- { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
- },
- {
- { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
- { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
- { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
- },
- {
- { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
- { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
- { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
- },
- {
- { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
- { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
- { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
- },
- {
- { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
- { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
- { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
- },
-},
-{
- {
- { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
- { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
- { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
- },
- {
- { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
- { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
- { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
- },
- {
- { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
- { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
- { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
- },
- {
- { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
- { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
- { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
- },
- {
- { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
- { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
- { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
- },
- {
- { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
- { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
- { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
- },
- {
- { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
- { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
- { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
- },
- {
- { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
- { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
- { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
- },
-},
-} ;
-static void select(ge_precomp *t,int pos,signed char b)
-{
- ge_precomp minust;
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
- ge_precomp_0(t);
- ge_precomp_cmov(t,&base[pos][0],equal(babs,1));
- ge_precomp_cmov(t,&base[pos][1],equal(babs,2));
- ge_precomp_cmov(t,&base[pos][2],equal(babs,3));
- ge_precomp_cmov(t,&base[pos][3],equal(babs,4));
- ge_precomp_cmov(t,&base[pos][4],equal(babs,5));
- ge_precomp_cmov(t,&base[pos][5],equal(babs,6));
- ge_precomp_cmov(t,&base[pos][6],equal(babs,7));
- ge_precomp_cmov(t,&base[pos][7],equal(babs,8));
- fe_copy(minust.yplusx,t->yminusx);
- fe_copy(minust.yminusx,t->yplusx);
- fe_neg(minust.xy2d,t->xy2d);
- ge_precomp_cmov(t,&minust,bnegative);
-}
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-Preconditions:
- a[31] <= 127
-*/
-void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
-{
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
- ge_p2 s;
- ge_precomp t;
- int i;
- for (i = 0;i < 32;++i) {
- e[2 * i + 0] = (a[i] >> 0) & 15;
- e[2 * i + 1] = (a[i] >> 4) & 15;
- }
- /* each e[i] is between 0 and 15 */
- /* e[63] is between 0 and 7 */
- carry = 0;
- for (i = 0;i < 63;++i) {
- e[i] += carry;
- carry = e[i] + 8;
- carry >>= 4;
- e[i] -= carry << 4;
- }
- e[63] += carry;
- /* each e[i] is between -8 and 8 */
- ge_p3_0(h);
- for (i = 1;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
- ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
- for (i = 0;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-}
-/*
-r = p - q
-*/
-void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-fe_add(r->X,p->Y,p->X);
-fe_sub(r->Y,p->Y,p->X);
-fe_mul(r->Z,r->X,q->YminusX);
-fe_mul(r->Y,r->Y,q->YplusX);
-fe_mul(r->T,q->T2d,p->T);
-fe_mul(r->X,p->Z,q->Z);
-fe_add(t0,r->X,r->X);
-fe_sub(r->X,r->Z,r->Y);
-fe_add(r->Y,r->Z,r->Y);
-fe_sub(r->Z,t0,r->T);
-fe_add(r->T,t0,r->T);
-}
-
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
-/*
- *
- * xmr specific code
- *
- *
-This code is from the original CryptoNote.
-Some additional functions were needed to compute ring signatures
-which are not needed for signing.
-Note that sc_sub and sc_mulsub have been given their own file
-since these have been rewritten
-
-*/
-/*Code inherited from the original cryptonote (I didn't write these) */
-/*These functions either don't exist in, or are modified from ref10*/
-
-
-/* From fe_isnonzero.c, modified */
-
-//x
-static int fe_isnonzero(const fe f) {
- unsigned char s[32];
- fe_tobytes(s, f);
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
-
-//double scalar mult precomp
-void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s) {
- ge_p1p1 t;
- ge_p3 s2, u;
- ge_p3_to_cached(&r[0], s);
- ge_p3_dbl(&t, s); ge_p1p1_to_p3(&s2, &t);
- ge_add(&t, &s2, &r[0]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[1], &u);
- ge_add(&t, &s2, &r[1]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[2], &u);
- ge_add(&t, &s2, &r[2]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[3], &u);
- ge_add(&t, &s2, &r[3]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[4], &u);
- ge_add(&t, &s2, &r[4]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[5], &u);
- ge_add(&t, &s2, &r[5]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[6], &u);
- ge_add(&t, &s2, &r[6]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[7], &u);
-}
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-
-void ge_double_scalarmult_base_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);/* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- //so this gets us to the highest i such that both have a nonzero
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);//simple double and add
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_madd(&t, &u, &ge_Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_msub(&t, &u, &ge_Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-
-/* From ge_frombytes.c, modified */
-//this is like xrecover ..
-//x
-int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) {
- fe u;
- fe v;
- fe vxx;
- fe check;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = (load_3(s + 29) & 8388607) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /* Validate the number to be canonical */
- if (h9 == 33554428 && h8 == 268435440 && h7 == 536870880 && h6 == 2147483520 &&
- h5 == 4294967295 && h4 == 67108860 && h3 == 134217720 && h2 == 536870880 &&
- h1 == 1073741760 && h0 >= 4294967277) {
- return -1;
- }
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h->Y[0] = h0;
- h->Y[1] = h1;
- h->Y[2] = h2;
- h->Y[3] = h3;
- h->Y[4] = h4;
- h->Y[5] = h5;
- h->Y[6] = h6;
- h->Y[7] = h7;
- h->Y[8] = h8;
- h->Y[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_1(h->Z);
- fe_sq(u, h->Y);
- fe_mul(v, u, fe_d);
- fe_sub(u, u, h->Z); /* u = y^2-1 */
- fe_add(v, v, h->Z); /* v = dy^2+1 */
-
- fe_divpowm1(h->X, u, v); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx, h->X);
- fe_mul(vxx, vxx, v);
- fe_sub(check, vxx, u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check, vxx, u); /* vx^2+u */
- if (fe_isnonzero(check)) {
- return -1;
- }
- fe_mul(h->X, h->X, fe_sqrtm1); //this is mapping X to X * sqrt(-1) c.f. 3.1 in hisil, dong, etc.
- }
-
- if (fe_isnegative(h->X) != (s[31] >> 7)) {
- /* If x = 0, the sign must be positive */
- if (!fe_isnonzero(h->X)) {
- return -1;
- }
- fe_neg(h->X, h->X);
- }
-
- fe_mul(h->T, h->X, h->Y);
- return 0;
-}
-
-/* New code */
-/* (u / v)^(m + 1) */
-static void fe_divpowm1(fe r, const fe u, const fe v) {
- fe v3, uv7, t0, t1, t2;
- int i;
-
- fe_sq(v3, v);
- fe_mul(v3, v3, v); /* v3 = v^3 */
- fe_sq(uv7, v3);
- fe_mul(uv7, uv7, v);
- fe_mul(uv7, uv7, u); /* uv7 = uv^7 */
-
- /*fe_pow22523(uv7, uv7);*/
-
- /* From fe_pow22523.c */
-
- fe_sq(t0, uv7);
- fe_sq(t1, t0);
- fe_sq(t1, t1);
- fe_mul(t1, uv7, t1);
- fe_mul(t0, t0, t1);
- fe_sq(t0, t0);
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 4; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 9; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 19; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 10; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 49; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 99; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 50; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t0, t0);
- fe_sq(t0, t0);
- fe_mul(t0, t0, uv7);
-
- /* End fe_pow22523.c */
- /* t0 = (uv^7)^((q-5)/8) */
- fe_mul(t0, t0, v3);
- fe_mul(r, t0, u); /* u^(m+1)v^(-(m+1)) */
-}
-
-static void ge_cached_0(ge_cached *r) {
- fe_1(r->YplusX);
- fe_1(r->YminusX);
- fe_1(r->Z);
- fe_0(r->T2d);
-}
-
-static void ge_cached_cmov(ge_cached *t, const ge_cached *u, unsigned char b) {
- fe_cmov(t->YplusX, u->YplusX, b);
- fe_cmov(t->YminusX, u->YminusX, b);
- fe_cmov(t->Z, u->Z, b);
- fe_cmov(t->T2d, u->T2d, b);
-}
-
-/* Assumes that a[31] <= 127 */
-void ge_scalarmult(ge_p2 *r, const unsigned char *a, const ge_p3 *A) {
- signed char e[64];
- int carry, carry2, i;
- ge_cached Ai[8]; /* 1 * A, 2 * A, ..., 8 * A */
- ge_p1p1 t;
- ge_p3 u;
-
- carry = 0; /* 0..1 */
- for (i = 0; i < 31; i++) {
- carry += a[i]; /* 0..256 */
- carry2 = (carry + 8) >> 4; /* 0..16 */
- e[2 * i] = carry - (carry2 << 4); /* -8..7 */
- carry = (carry2 + 8) >> 4; /* 0..1 */
- e[2 * i + 1] = carry2 - (carry << 4); /* -8..7 */
- }
- carry += a[31]; /* 0..128 */
- carry2 = (carry + 8) >> 4; /* 0..8 */
- e[62] = carry - (carry2 << 4); /* -8..7 */
- e[63] = carry2; /* 0..8 */
-
- ge_p3_to_cached(&Ai[0], A);
- for (i = 0; i < 7; i++) {
- ge_add(&t, A, &Ai[i]);
- ge_p1p1_to_p3(&u, &t);
- ge_p3_to_cached(&Ai[i + 1], &u);
- }
-
- ge_p2_0(r);
- for (i = 63; i >= 0; i--) {
- signed char b = e[i];
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
- ge_cached cur, minuscur;
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p3(&u, &t);
- ge_cached_0(&cur);
- ge_cached_cmov(&cur, &Ai[0], equal(babs, 1));
- ge_cached_cmov(&cur, &Ai[1], equal(babs, 2));
- ge_cached_cmov(&cur, &Ai[2], equal(babs, 3));
- ge_cached_cmov(&cur, &Ai[3], equal(babs, 4));
- ge_cached_cmov(&cur, &Ai[4], equal(babs, 5));
- ge_cached_cmov(&cur, &Ai[5], equal(babs, 6));
- ge_cached_cmov(&cur, &Ai[6], equal(babs, 7));
- ge_cached_cmov(&cur, &Ai[7], equal(babs, 8));
- fe_copy(minuscur.YplusX, cur.YminusX);
- fe_copy(minuscur.YminusX, cur.YplusX);
- fe_copy(minuscur.Z, cur.Z);
- fe_neg(minuscur.T2d, cur.T2d);
- ge_cached_cmov(&cur, &minuscur, bnegative);
- ge_add(&t, &u, &cur);
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//assume Bi has precomputed multiples
-void ge_double_scalarmult_precomp_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b, const ge_dsmp Bii) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */ //precomps
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Bii[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Bii[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//x
-void ge_mul8(ge_p1p1 *r, const ge_p2 *t) {
- ge_p2 u;
- ge_p2_dbl(r, t);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
-}
-
-//x
-void ge_fromfe_frombytes_vartime(ge_p2 *r, const unsigned char *s) {
- fe u, v, w, x, y, z;
- unsigned char sign;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = load_3(s + 29) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- u[0] = h0;
- u[1] = h1;
- u[2] = h2;
- u[3] = h3;
- u[4] = h4;
- u[5] = h5;
- u[6] = h6;
- u[7] = h7;
- u[8] = h8;
- u[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_sq2(v, u); /* 2 * u^2 */
- fe_1(w);
- fe_add(w, v, w); /* w = 2 * u^2 + 1 */
- fe_sq(x, w); /* w^2 */
- fe_mul(y, fe_ma2, v); /* -2 * A^2 * u^2 */
- fe_add(x, x, y); /* x = w^2 - 2 * A^2 * u^2 */
- fe_divpowm1(r->X, w, x); /* (w / x)^(m + 1) */
- fe_sq(y, r->X);
- fe_mul(x, y, x);
- fe_sub(y, w, x);
- fe_copy(z, fe_ma);
- if (fe_isnonzero(y)) {
- fe_add(y, w, x);
- if (fe_isnonzero(y)) {
- goto negative;
- } else {
- fe_mul(r->X, r->X, fe_fffb1);
- }
- } else {
- fe_mul(r->X, r->X, fe_fffb2);
- }
- fe_mul(r->X, r->X, u); /* u * sqrt(2 * A * (A + 2) * w / x) */
- fe_mul(z, z, v); /* -2 * A * u^2 */
- sign = 0;
- goto setsign;
-negative:
- fe_mul(x, x, fe_sqrtm1);
- fe_sub(y, w, x);
- if (fe_isnonzero(y)) {
- assert((fe_add(y, w, x), !fe_isnonzero(y)));
- fe_mul(r->X, r->X, fe_fffb3);
- } else {
- fe_mul(r->X, r->X, fe_fffb4);
- }
- /* r->X = sqrt(A * (A + 2) * w / x) */
- /* z = -A */
- sign = 1;
-setsign:
- if (fe_isnegative(r->X) != sign) {
- assert(fe_isnonzero(r->X));
- fe_neg(r->X, r->X);
- }
- fe_add(r->Z, z, w);
- fe_sub(r->Y, z, w);
- fe_mul(r->X, r->X, r->Z);
-#if !defined(NDEBUG)
- {
- fe check_x, check_y, check_iz, check_v;
- fe_invert(check_iz, r->Z);
- fe_mul(check_x, r->X, check_iz);
- fe_mul(check_y, r->Y, check_iz);
- fe_sq(check_x, check_x);
- fe_sq(check_y, check_y);
- fe_mul(check_v, check_x, check_y);
- fe_mul(check_v, fe_d, check_v);
- fe_add(check_v, check_v, check_x);
- fe_sub(check_v, check_v, check_y);
- fe_1(check_x);
- fe_add(check_v, check_v, check_x);
- assert(!fe_isnonzero(check_v));
- }
-#endif
-}
-
-//x
-void sc_0(unsigned char *s) {
- int i;
- for (i = 0; i < 32; i++) {
- s[i] = 0;
- }
-}
-
-//x
-void sc_reduce32(unsigned char *s) {
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = (load_4(s + 28) >> 7);
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-//x
-void sc_add(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 + b0;
- int64_t s1 = a1 + b1;
- int64_t s2 = a2 + b2;
- int64_t s3 = a3 + b3;
- int64_t s4 = a4 + b4;
- int64_t s5 = a5 + b5;
- int64_t s6 = a6 + b6;
- int64_t s7 = a7 + b7;
- int64_t s8 = a8 + b8;
- int64_t s9 = a9 + b9;
- int64_t s10 = a10 + b10;
- int64_t s11 = a11 + b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/* Assumes that a != INT64_MIN */
-//x c.f. lt in 32 bit ref
-static int64_t signum(int64_t a) {
- return (a >> 63) - ((-a) >> 63);
-}
-
-//x
-int sc_check(const unsigned char *s) {
- int64_t s0 = load_4(s);
- int64_t s1 = load_4(s + 4);
- int64_t s2 = load_4(s + 8);
- int64_t s3 = load_4(s + 12);
- int64_t s4 = load_4(s + 16);
- int64_t s5 = load_4(s + 20);
- int64_t s6 = load_4(s + 24);
- int64_t s7 = load_4(s + 28);
- return (signum(1559614444 - s0) + (signum(1477600026 - s1) << 1) + (signum(2734136534 - s2) << 2) + (signum(350157278 - s3) << 3) + (signum(-s4) << 4) + (signum(-s5) << 5) + (signum(-s6) << 6) + (signum(268435456 - s7) << 7)) >> 8;
-}
-
-//x
-int sc_isnonzero(const unsigned char *s) {
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.h
deleted file mode 100644
index 0bd1f9f9b..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/crypto-ops.h
+++ /dev/null
@@ -1,145 +0,0 @@
-// Copyright (c) 2014-2015, The Monero Project
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-// of conditions and the following disclaimer in the documentation and/or other
-// materials provided with the distribution.
-//
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-// used to endorse or promote products derived from this software without specific
-// prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-#pragma once
-
-/* From fe.h */
-
-typedef int32_t fe[10];
-
-/* From ge.h */
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
-} ge_p2;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p3;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p1p1;
-
-typedef struct {
- fe yplusx;
- fe yminusx;
- fe xy2d;
-} ge_precomp;
-
-typedef struct {
- fe YplusX;
- fe YminusX;
- fe Z;
- fe T2d;
-} ge_cached;
-
-/* From ge_add.c */
-
-void ge_add(ge_p1p1 *, const ge_p3 *, const ge_cached *);
-
-/* From ge_double_scalarmult.c, modified */
-
-typedef ge_cached ge_dsmp[8];
-extern const ge_precomp ge_Bi[8];
-void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s);
-void ge_double_scalarmult_base_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *);
-
-/* From ge_frombytes.c, modified */
-
-extern const fe fe_sqrtm1;
-extern const fe fe_d;
-int ge_frombytes_vartime(ge_p3 *, const unsigned char *);
-
-/* From ge_p1p1_to_p2.c */
-
-void ge_p1p1_to_p2(ge_p2 *, const ge_p1p1 *);
-
-/* From ge_p1p1_to_p3.c */
-
-void ge_p1p1_to_p3(ge_p3 *, const ge_p1p1 *);
-
-/* From ge_p2_dbl.c */
-
-void ge_p2_dbl(ge_p1p1 *, const ge_p2 *);
-
-/* From ge_p3_to_cached.c */
-
-extern const fe fe_d2;
-void ge_p3_to_cached(ge_cached *, const ge_p3 *);
-
-/* From ge_p3_to_p2.c */
-
-void ge_p3_to_p2(ge_p2 *, const ge_p3 *);
-
-/* From ge_p3_tobytes.c */
-
-void ge_p3_tobytes(unsigned char *, const ge_p3 *);
-
-/* From ge_scalarmult_base.c */
-
-extern const ge_precomp ge_base[32][8];
-void ge_scalarmult_base(ge_p3 *, const unsigned char *);
-
-/* From ge_tobytes.c */
-
-void ge_tobytes(unsigned char *, const ge_p2 *);
-
-/* From sc_reduce.c */
-
-void sc_reduce(unsigned char *);
-
-/* New code */
-
-void ge_scalarmult(ge_p2 *, const unsigned char *, const ge_p3 *);
-void ge_double_scalarmult_precomp_vartime(ge_p2 *, const unsigned char *, const ge_p3 *, const unsigned char *, const ge_dsmp);
-void ge_mul8(ge_p1p1 *, const ge_p2 *);
-extern const fe fe_ma2;
-extern const fe fe_ma;
-extern const fe fe_fffb1;
-extern const fe fe_fffb2;
-extern const fe fe_fffb3;
-extern const fe fe_fffb4;
-void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
-void sc_0(unsigned char *);
-void sc_reduce32(unsigned char *);
-void sc_add(unsigned char *, const unsigned char *, const unsigned char *);
-void sc_sub(unsigned char *, const unsigned char *, const unsigned char *);
-void sc_mulsub(unsigned char *, const unsigned char *, const unsigned char *, const unsigned char *);
-int sc_check(const unsigned char *);
-int sc_isnonzero(const unsigned char *); /* Doesn't normalize */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.h
deleted file mode 100644
index e25f57835..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.h
+++ /dev/null
@@ -1 +0,0 @@
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.py
deleted file mode 100644
index 8995bb86a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-d = -121665 * inv(121666)
-print radix255(d)
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.h
deleted file mode 100644
index 01aaec751..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.h
+++ /dev/null
@@ -1 +0,0 @@
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.py
deleted file mode 100644
index 79841758b..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/d2.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-d = -121665 * inv(121666)
-print radix255(d*2)
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/description b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/description
deleted file mode 100644
index 07bf45d05..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/description
+++ /dev/null
@@ -1,7 +0,0 @@
-shen_ed25519_ref10
-MakeCryptoOps.py makes crypto-ops.c in the monero source from the ref10 implementation
-
-EdDSA signatures using Curve25519
-from http://hyperelliptic.org/ebats/supercop-20141124.tar.bz2
-
-commented / combined by shen noether, monero research labs
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/designers b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/designers
deleted file mode 100644
index 63781c08f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/designers
+++ /dev/null
@@ -1,9 +0,0 @@
-ref10:
-Daniel J. Bernstein
-Niels Duif
-Tanja Lange
-Peter Schwabe
-Bo-Yin Yang
-
-MakeCryptoOps.py
-Shen Noether monero research labs
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe.h
deleted file mode 100644
index 60c308ba4..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef FE_H
-#define FE_H
-
-#include "crypto_int32.h"
-
-typedef crypto_int32 fe[10];
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
-#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
-#define fe_copy crypto_sign_ed25519_ref10_fe_copy
-#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
-#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
-#define fe_0 crypto_sign_ed25519_ref10_fe_0
-#define fe_1 crypto_sign_ed25519_ref10_fe_1
-#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
-#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
-#define fe_add crypto_sign_ed25519_ref10_fe_add
-#define fe_sub crypto_sign_ed25519_ref10_fe_sub
-#define fe_neg crypto_sign_ed25519_ref10_fe_neg
-#define fe_mul crypto_sign_ed25519_ref10_fe_mul
-#define fe_sq crypto_sign_ed25519_ref10_fe_sq
-#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
-#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
-#define fe_invert crypto_sign_ed25519_ref10_fe_invert
-#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
-
-extern void fe_frombytes(fe,const unsigned char *);
-extern void fe_tobytes(unsigned char *,const fe);
-
-extern void fe_copy(fe,const fe);
-extern int fe_isnonzero(const fe);
-extern int fe_isnegative(const fe);
-extern void fe_0(fe);
-extern void fe_1(fe);
-extern void fe_cswap(fe,fe,unsigned int);
-extern void fe_cmov(fe,const fe,unsigned int);
-
-extern void fe_add(fe,const fe,const fe);
-extern void fe_sub(fe,const fe,const fe);
-extern void fe_neg(fe,const fe);
-extern void fe_mul(fe,const fe,const fe);
-extern void fe_sq(fe,const fe);
-extern void fe_sq2(fe,const fe);
-extern void fe_mul121666(fe,const fe);
-extern void fe_invert(fe,const fe);
-extern void fe_pow22523(fe,const fe);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_0.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_0.c
deleted file mode 100644
index ec879d733..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_0.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
- h[0] = 0;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_1.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_1.c
deleted file mode 100644
index 8cf778484..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_1.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
- h[0] = 1;
- h[1] = 0;
- h[2] = 0;
- h[3] = 0;
- h[4] = 0;
- h[5] = 0;
- h[6] = 0;
- h[7] = 0;
- h[8] = 0;
- h[9] = 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_add.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_add.c
deleted file mode 100644
index e6a81da20..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_add.c
+++ /dev/null
@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 h0 = f0 + g0;
- crypto_int32 h1 = f1 + g1;
- crypto_int32 h2 = f2 + g2;
- crypto_int32 h3 = f3 + g3;
- crypto_int32 h4 = f4 + g4;
- crypto_int32 h5 = f5 + g5;
- crypto_int32 h6 = f6 + g6;
- crypto_int32 h7 = f7 + g7;
- crypto_int32 h8 = f8 + g8;
- crypto_int32 h9 = f9 + g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_cmov.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_cmov.c
deleted file mode 100644
index 8ca584fb1..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_cmov.c
+++ /dev/null
@@ -1,63 +0,0 @@
-#include "fe.h"
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cmov(fe f,const fe g,unsigned int b)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 x0 = f0 ^ g0;
- crypto_int32 x1 = f1 ^ g1;
- crypto_int32 x2 = f2 ^ g2;
- crypto_int32 x3 = f3 ^ g3;
- crypto_int32 x4 = f4 ^ g4;
- crypto_int32 x5 = f5 ^ g5;
- crypto_int32 x6 = f6 ^ g6;
- crypto_int32 x7 = f7 ^ g7;
- crypto_int32 x8 = f8 ^ g8;
- crypto_int32 x9 = f9 ^ g9;
- b = -b;
- x0 &= b;
- x1 &= b;
- x2 &= b;
- x3 &= b;
- x4 &= b;
- x5 &= b;
- x6 &= b;
- x7 &= b;
- x8 &= b;
- x9 &= b;
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_copy.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_copy.c
deleted file mode 100644
index 9c5bf865a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_copy.c
+++ /dev/null
@@ -1,29 +0,0 @@
-#include "fe.h"
-
-/*
-h = f
-*/
-
-void fe_copy(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_frombytes.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_frombytes.c
deleted file mode 100644
index 5c1791748..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_frombytes.c
+++ /dev/null
@@ -1,73 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Ignores top bit of h.
-*/
-
-void fe_frombytes(fe h,const unsigned char *s)
-{
- crypto_int64 h0 = load_4(s);
- crypto_int64 h1 = load_3(s + 4) << 6;
- crypto_int64 h2 = load_3(s + 7) << 5;
- crypto_int64 h3 = load_3(s + 10) << 3;
- crypto_int64 h4 = load_3(s + 13) << 2;
- crypto_int64 h5 = load_4(s + 16);
- crypto_int64 h6 = load_3(s + 20) << 7;
- crypto_int64 h7 = load_3(s + 23) << 5;
- crypto_int64 h8 = load_3(s + 26) << 4;
- crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_invert.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_invert.c
deleted file mode 100644
index bcfdb8ff8..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_invert.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "fe.h"
-
-void fe_invert(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- fe t3;
- int i;
-
-#include "pow225521.h"
-
- return;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnegative.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnegative.c
deleted file mode 100644
index 3b2c8b8d5..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnegative.c
+++ /dev/null
@@ -1,16 +0,0 @@
-#include "fe.h"
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-int fe_isnegative(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return s[0] & 1;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnonzero.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnonzero.c
deleted file mode 100644
index 47568001c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_isnonzero.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#include "fe.h"
-#include "crypto_verify_32.h"
-
-/*
-return 1 if f == 0
-return 0 if f != 0
-
-Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-static const unsigned char zero[32];
-
-int fe_isnonzero(const fe f)
-{
- unsigned char s[32];
- fe_tobytes(s,f);
- return crypto_verify_32(s,zero);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_mul.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_mul.c
deleted file mode 100644
index 26ca8b368..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_mul.c
+++ /dev/null
@@ -1,253 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-void fe_mul(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 g1_19 = 19 * g1; /* 1.959375*2^29 */
- crypto_int32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- crypto_int32 g3_19 = 19 * g3;
- crypto_int32 g4_19 = 19 * g4;
- crypto_int32 g5_19 = 19 * g5;
- crypto_int32 g6_19 = 19 * g6;
- crypto_int32 g7_19 = 19 * g7;
- crypto_int32 g8_19 = 19 * g8;
- crypto_int32 g9_19 = 19 * g9;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f9_2 = 2 * f9;
- crypto_int64 f0g0 = f0 * (crypto_int64) g0;
- crypto_int64 f0g1 = f0 * (crypto_int64) g1;
- crypto_int64 f0g2 = f0 * (crypto_int64) g2;
- crypto_int64 f0g3 = f0 * (crypto_int64) g3;
- crypto_int64 f0g4 = f0 * (crypto_int64) g4;
- crypto_int64 f0g5 = f0 * (crypto_int64) g5;
- crypto_int64 f0g6 = f0 * (crypto_int64) g6;
- crypto_int64 f0g7 = f0 * (crypto_int64) g7;
- crypto_int64 f0g8 = f0 * (crypto_int64) g8;
- crypto_int64 f0g9 = f0 * (crypto_int64) g9;
- crypto_int64 f1g0 = f1 * (crypto_int64) g0;
- crypto_int64 f1g1_2 = f1_2 * (crypto_int64) g1;
- crypto_int64 f1g2 = f1 * (crypto_int64) g2;
- crypto_int64 f1g3_2 = f1_2 * (crypto_int64) g3;
- crypto_int64 f1g4 = f1 * (crypto_int64) g4;
- crypto_int64 f1g5_2 = f1_2 * (crypto_int64) g5;
- crypto_int64 f1g6 = f1 * (crypto_int64) g6;
- crypto_int64 f1g7_2 = f1_2 * (crypto_int64) g7;
- crypto_int64 f1g8 = f1 * (crypto_int64) g8;
- crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
- crypto_int64 f2g0 = f2 * (crypto_int64) g0;
- crypto_int64 f2g1 = f2 * (crypto_int64) g1;
- crypto_int64 f2g2 = f2 * (crypto_int64) g2;
- crypto_int64 f2g3 = f2 * (crypto_int64) g3;
- crypto_int64 f2g4 = f2 * (crypto_int64) g4;
- crypto_int64 f2g5 = f2 * (crypto_int64) g5;
- crypto_int64 f2g6 = f2 * (crypto_int64) g6;
- crypto_int64 f2g7 = f2 * (crypto_int64) g7;
- crypto_int64 f2g8_19 = f2 * (crypto_int64) g8_19;
- crypto_int64 f2g9_19 = f2 * (crypto_int64) g9_19;
- crypto_int64 f3g0 = f3 * (crypto_int64) g0;
- crypto_int64 f3g1_2 = f3_2 * (crypto_int64) g1;
- crypto_int64 f3g2 = f3 * (crypto_int64) g2;
- crypto_int64 f3g3_2 = f3_2 * (crypto_int64) g3;
- crypto_int64 f3g4 = f3 * (crypto_int64) g4;
- crypto_int64 f3g5_2 = f3_2 * (crypto_int64) g5;
- crypto_int64 f3g6 = f3 * (crypto_int64) g6;
- crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
- crypto_int64 f3g8_19 = f3 * (crypto_int64) g8_19;
- crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
- crypto_int64 f4g0 = f4 * (crypto_int64) g0;
- crypto_int64 f4g1 = f4 * (crypto_int64) g1;
- crypto_int64 f4g2 = f4 * (crypto_int64) g2;
- crypto_int64 f4g3 = f4 * (crypto_int64) g3;
- crypto_int64 f4g4 = f4 * (crypto_int64) g4;
- crypto_int64 f4g5 = f4 * (crypto_int64) g5;
- crypto_int64 f4g6_19 = f4 * (crypto_int64) g6_19;
- crypto_int64 f4g7_19 = f4 * (crypto_int64) g7_19;
- crypto_int64 f4g8_19 = f4 * (crypto_int64) g8_19;
- crypto_int64 f4g9_19 = f4 * (crypto_int64) g9_19;
- crypto_int64 f5g0 = f5 * (crypto_int64) g0;
- crypto_int64 f5g1_2 = f5_2 * (crypto_int64) g1;
- crypto_int64 f5g2 = f5 * (crypto_int64) g2;
- crypto_int64 f5g3_2 = f5_2 * (crypto_int64) g3;
- crypto_int64 f5g4 = f5 * (crypto_int64) g4;
- crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
- crypto_int64 f5g6_19 = f5 * (crypto_int64) g6_19;
- crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
- crypto_int64 f5g8_19 = f5 * (crypto_int64) g8_19;
- crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
- crypto_int64 f6g0 = f6 * (crypto_int64) g0;
- crypto_int64 f6g1 = f6 * (crypto_int64) g1;
- crypto_int64 f6g2 = f6 * (crypto_int64) g2;
- crypto_int64 f6g3 = f6 * (crypto_int64) g3;
- crypto_int64 f6g4_19 = f6 * (crypto_int64) g4_19;
- crypto_int64 f6g5_19 = f6 * (crypto_int64) g5_19;
- crypto_int64 f6g6_19 = f6 * (crypto_int64) g6_19;
- crypto_int64 f6g7_19 = f6 * (crypto_int64) g7_19;
- crypto_int64 f6g8_19 = f6 * (crypto_int64) g8_19;
- crypto_int64 f6g9_19 = f6 * (crypto_int64) g9_19;
- crypto_int64 f7g0 = f7 * (crypto_int64) g0;
- crypto_int64 f7g1_2 = f7_2 * (crypto_int64) g1;
- crypto_int64 f7g2 = f7 * (crypto_int64) g2;
- crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
- crypto_int64 f7g4_19 = f7 * (crypto_int64) g4_19;
- crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
- crypto_int64 f7g6_19 = f7 * (crypto_int64) g6_19;
- crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
- crypto_int64 f7g8_19 = f7 * (crypto_int64) g8_19;
- crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
- crypto_int64 f8g0 = f8 * (crypto_int64) g0;
- crypto_int64 f8g1 = f8 * (crypto_int64) g1;
- crypto_int64 f8g2_19 = f8 * (crypto_int64) g2_19;
- crypto_int64 f8g3_19 = f8 * (crypto_int64) g3_19;
- crypto_int64 f8g4_19 = f8 * (crypto_int64) g4_19;
- crypto_int64 f8g5_19 = f8 * (crypto_int64) g5_19;
- crypto_int64 f8g6_19 = f8 * (crypto_int64) g6_19;
- crypto_int64 f8g7_19 = f8 * (crypto_int64) g7_19;
- crypto_int64 f8g8_19 = f8 * (crypto_int64) g8_19;
- crypto_int64 f8g9_19 = f8 * (crypto_int64) g9_19;
- crypto_int64 f9g0 = f9 * (crypto_int64) g0;
- crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
- crypto_int64 f9g2_19 = f9 * (crypto_int64) g2_19;
- crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
- crypto_int64 f9g4_19 = f9 * (crypto_int64) g4_19;
- crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
- crypto_int64 f9g6_19 = f9 * (crypto_int64) g6_19;
- crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
- crypto_int64 f9g8_19 = f9 * (crypto_int64) g8_19;
- crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
- crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
- crypto_int64 h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
- crypto_int64 h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
- crypto_int64 h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
- crypto_int64 h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
- crypto_int64 h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
- crypto_int64 h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38;
- crypto_int64 h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
- crypto_int64 h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
- crypto_int64 h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_neg.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_neg.c
deleted file mode 100644
index 2078ce528..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_neg.c
+++ /dev/null
@@ -1,45 +0,0 @@
-#include "fe.h"
-
-/*
-h = -f
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_neg(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 h0 = -f0;
- crypto_int32 h1 = -f1;
- crypto_int32 h2 = -f2;
- crypto_int32 h3 = -f3;
- crypto_int32 h4 = -f4;
- crypto_int32 h5 = -f5;
- crypto_int32 h6 = -f6;
- crypto_int32 h7 = -f7;
- crypto_int32 h8 = -f8;
- crypto_int32 h9 = -f9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_pow22523.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_pow22523.c
deleted file mode 100644
index 56675a590..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_pow22523.c
+++ /dev/null
@@ -1,13 +0,0 @@
-#include "fe.h"
-
-void fe_pow22523(fe out,const fe z)
-{
- fe t0;
- fe t1;
- fe t2;
- int i;
-
-#include "pow22523.h"
-
- return;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq.c
deleted file mode 100644
index 8dd119841..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq.c
+++ /dev/null
@@ -1,149 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 f0_2 = 2 * f0;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f2_2 = 2 * f2;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f4_2 = 2 * f4;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f6_2 = 2 * f6;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
- crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
- crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
- crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
- crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
- crypto_int64 f0f0 = f0 * (crypto_int64) f0;
- crypto_int64 f0f1_2 = f0_2 * (crypto_int64) f1;
- crypto_int64 f0f2_2 = f0_2 * (crypto_int64) f2;
- crypto_int64 f0f3_2 = f0_2 * (crypto_int64) f3;
- crypto_int64 f0f4_2 = f0_2 * (crypto_int64) f4;
- crypto_int64 f0f5_2 = f0_2 * (crypto_int64) f5;
- crypto_int64 f0f6_2 = f0_2 * (crypto_int64) f6;
- crypto_int64 f0f7_2 = f0_2 * (crypto_int64) f7;
- crypto_int64 f0f8_2 = f0_2 * (crypto_int64) f8;
- crypto_int64 f0f9_2 = f0_2 * (crypto_int64) f9;
- crypto_int64 f1f1_2 = f1_2 * (crypto_int64) f1;
- crypto_int64 f1f2_2 = f1_2 * (crypto_int64) f2;
- crypto_int64 f1f3_4 = f1_2 * (crypto_int64) f3_2;
- crypto_int64 f1f4_2 = f1_2 * (crypto_int64) f4;
- crypto_int64 f1f5_4 = f1_2 * (crypto_int64) f5_2;
- crypto_int64 f1f6_2 = f1_2 * (crypto_int64) f6;
- crypto_int64 f1f7_4 = f1_2 * (crypto_int64) f7_2;
- crypto_int64 f1f8_2 = f1_2 * (crypto_int64) f8;
- crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
- crypto_int64 f2f2 = f2 * (crypto_int64) f2;
- crypto_int64 f2f3_2 = f2_2 * (crypto_int64) f3;
- crypto_int64 f2f4_2 = f2_2 * (crypto_int64) f4;
- crypto_int64 f2f5_2 = f2_2 * (crypto_int64) f5;
- crypto_int64 f2f6_2 = f2_2 * (crypto_int64) f6;
- crypto_int64 f2f7_2 = f2_2 * (crypto_int64) f7;
- crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
- crypto_int64 f2f9_38 = f2 * (crypto_int64) f9_38;
- crypto_int64 f3f3_2 = f3_2 * (crypto_int64) f3;
- crypto_int64 f3f4_2 = f3_2 * (crypto_int64) f4;
- crypto_int64 f3f5_4 = f3_2 * (crypto_int64) f5_2;
- crypto_int64 f3f6_2 = f3_2 * (crypto_int64) f6;
- crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
- crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
- crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
- crypto_int64 f4f4 = f4 * (crypto_int64) f4;
- crypto_int64 f4f5_2 = f4_2 * (crypto_int64) f5;
- crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
- crypto_int64 f4f7_38 = f4 * (crypto_int64) f7_38;
- crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
- crypto_int64 f4f9_38 = f4 * (crypto_int64) f9_38;
- crypto_int64 f5f5_38 = f5 * (crypto_int64) f5_38;
- crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
- crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
- crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
- crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
- crypto_int64 f6f6_19 = f6 * (crypto_int64) f6_19;
- crypto_int64 f6f7_38 = f6 * (crypto_int64) f7_38;
- crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
- crypto_int64 f6f9_38 = f6 * (crypto_int64) f9_38;
- crypto_int64 f7f7_38 = f7 * (crypto_int64) f7_38;
- crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
- crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
- crypto_int64 f8f8_19 = f8 * (crypto_int64) f8_19;
- crypto_int64 f8f9_38 = f8 * (crypto_int64) f9_38;
- crypto_int64 f9f9_38 = f9 * (crypto_int64) f9_38;
- crypto_int64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq2.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq2.c
deleted file mode 100644
index 026ed3aac..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sq2.c
+++ /dev/null
@@ -1,160 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq2(fe h,const fe f)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 f0_2 = 2 * f0;
- crypto_int32 f1_2 = 2 * f1;
- crypto_int32 f2_2 = 2 * f2;
- crypto_int32 f3_2 = 2 * f3;
- crypto_int32 f4_2 = 2 * f4;
- crypto_int32 f5_2 = 2 * f5;
- crypto_int32 f6_2 = 2 * f6;
- crypto_int32 f7_2 = 2 * f7;
- crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
- crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
- crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
- crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
- crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
- crypto_int64 f0f0 = f0 * (crypto_int64) f0;
- crypto_int64 f0f1_2 = f0_2 * (crypto_int64) f1;
- crypto_int64 f0f2_2 = f0_2 * (crypto_int64) f2;
- crypto_int64 f0f3_2 = f0_2 * (crypto_int64) f3;
- crypto_int64 f0f4_2 = f0_2 * (crypto_int64) f4;
- crypto_int64 f0f5_2 = f0_2 * (crypto_int64) f5;
- crypto_int64 f0f6_2 = f0_2 * (crypto_int64) f6;
- crypto_int64 f0f7_2 = f0_2 * (crypto_int64) f7;
- crypto_int64 f0f8_2 = f0_2 * (crypto_int64) f8;
- crypto_int64 f0f9_2 = f0_2 * (crypto_int64) f9;
- crypto_int64 f1f1_2 = f1_2 * (crypto_int64) f1;
- crypto_int64 f1f2_2 = f1_2 * (crypto_int64) f2;
- crypto_int64 f1f3_4 = f1_2 * (crypto_int64) f3_2;
- crypto_int64 f1f4_2 = f1_2 * (crypto_int64) f4;
- crypto_int64 f1f5_4 = f1_2 * (crypto_int64) f5_2;
- crypto_int64 f1f6_2 = f1_2 * (crypto_int64) f6;
- crypto_int64 f1f7_4 = f1_2 * (crypto_int64) f7_2;
- crypto_int64 f1f8_2 = f1_2 * (crypto_int64) f8;
- crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
- crypto_int64 f2f2 = f2 * (crypto_int64) f2;
- crypto_int64 f2f3_2 = f2_2 * (crypto_int64) f3;
- crypto_int64 f2f4_2 = f2_2 * (crypto_int64) f4;
- crypto_int64 f2f5_2 = f2_2 * (crypto_int64) f5;
- crypto_int64 f2f6_2 = f2_2 * (crypto_int64) f6;
- crypto_int64 f2f7_2 = f2_2 * (crypto_int64) f7;
- crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
- crypto_int64 f2f9_38 = f2 * (crypto_int64) f9_38;
- crypto_int64 f3f3_2 = f3_2 * (crypto_int64) f3;
- crypto_int64 f3f4_2 = f3_2 * (crypto_int64) f4;
- crypto_int64 f3f5_4 = f3_2 * (crypto_int64) f5_2;
- crypto_int64 f3f6_2 = f3_2 * (crypto_int64) f6;
- crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
- crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
- crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
- crypto_int64 f4f4 = f4 * (crypto_int64) f4;
- crypto_int64 f4f5_2 = f4_2 * (crypto_int64) f5;
- crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
- crypto_int64 f4f7_38 = f4 * (crypto_int64) f7_38;
- crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
- crypto_int64 f4f9_38 = f4 * (crypto_int64) f9_38;
- crypto_int64 f5f5_38 = f5 * (crypto_int64) f5_38;
- crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
- crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
- crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
- crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
- crypto_int64 f6f6_19 = f6 * (crypto_int64) f6_19;
- crypto_int64 f6f7_38 = f6 * (crypto_int64) f7_38;
- crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
- crypto_int64 f6f9_38 = f6 * (crypto_int64) f9_38;
- crypto_int64 f7f7_38 = f7 * (crypto_int64) f7_38;
- crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
- crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
- crypto_int64 f8f8_19 = f8 * (crypto_int64) f8_19;
- crypto_int64 f8f9_38 = f8 * (crypto_int64) f9_38;
- crypto_int64 f9f9_38 = f9 * (crypto_int64) f9_38;
- crypto_int64 h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
- crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
- crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
- crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
- crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38;
- crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
- crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
- crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
- crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
- crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
- carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
- carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
- carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
- carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sub.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sub.c
deleted file mode 100644
index 6e26b7df8..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_sub.c
+++ /dev/null
@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_sub(fe h,const fe f,const fe g)
-{
- crypto_int32 f0 = f[0];
- crypto_int32 f1 = f[1];
- crypto_int32 f2 = f[2];
- crypto_int32 f3 = f[3];
- crypto_int32 f4 = f[4];
- crypto_int32 f5 = f[5];
- crypto_int32 f6 = f[6];
- crypto_int32 f7 = f[7];
- crypto_int32 f8 = f[8];
- crypto_int32 f9 = f[9];
- crypto_int32 g0 = g[0];
- crypto_int32 g1 = g[1];
- crypto_int32 g2 = g[2];
- crypto_int32 g3 = g[3];
- crypto_int32 g4 = g[4];
- crypto_int32 g5 = g[5];
- crypto_int32 g6 = g[6];
- crypto_int32 g7 = g[7];
- crypto_int32 g8 = g[8];
- crypto_int32 g9 = g[9];
- crypto_int32 h0 = f0 - g0;
- crypto_int32 h1 = f1 - g1;
- crypto_int32 h2 = f2 - g2;
- crypto_int32 h3 = f3 - g3;
- crypto_int32 h4 = f4 - g4;
- crypto_int32 h5 = f5 - g5;
- crypto_int32 h6 = f6 - g6;
- crypto_int32 h7 = f7 - g7;
- crypto_int32 h8 = f8 - g8;
- crypto_int32 h9 = f9 - g9;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_tobytes.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_tobytes.c
deleted file mode 100644
index 0a63baf9c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/fe_tobytes.c
+++ /dev/null
@@ -1,119 +0,0 @@
-#include "fe.h"
-
-/*
-Preconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
- Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
- Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
- Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
- Then 0<y<1.
-
- Write r=h-pq.
- Have 0<=r<=p-1=2^255-20.
- Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
- Write x=r+19(2^-255)r+y.
- Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
- Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
- so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-void fe_tobytes(unsigned char *s,const fe h)
-{
- crypto_int32 h0 = h[0];
- crypto_int32 h1 = h[1];
- crypto_int32 h2 = h[2];
- crypto_int32 h3 = h[3];
- crypto_int32 h4 = h[4];
- crypto_int32 h5 = h[5];
- crypto_int32 h6 = h[6];
- crypto_int32 h7 = h[7];
- crypto_int32 h8 = h[8];
- crypto_int32 h9 = h[9];
- crypto_int32 q;
- crypto_int32 carry0;
- crypto_int32 carry1;
- crypto_int32 carry2;
- crypto_int32 carry3;
- crypto_int32 carry4;
- crypto_int32 carry5;
- crypto_int32 carry6;
- crypto_int32 carry7;
- crypto_int32 carry8;
- crypto_int32 carry9;
-
- q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
- q = (h0 + q) >> 26;
- q = (h1 + q) >> 25;
- q = (h2 + q) >> 26;
- q = (h3 + q) >> 25;
- q = (h4 + q) >> 26;
- q = (h5 + q) >> 25;
- q = (h6 + q) >> 26;
- q = (h7 + q) >> 25;
- q = (h8 + q) >> 26;
- q = (h9 + q) >> 25;
-
- /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
- h0 += 19 * q;
- /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
- carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
- carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
- carry9 = h9 >> 25; h9 -= carry9 << 25;
- /* h10 = carry9 */
-
- /*
- Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- Have h0+...+2^230 h9 between 0 and 2^255-1;
- evidently 2^255 h10-2^255 q = 0.
- Goal: Output h0+...+2^230 h9.
- */
-
- s[0] = h0 >> 0;
- s[1] = h0 >> 8;
- s[2] = h0 >> 16;
- s[3] = (h0 >> 24) | (h1 << 2);
- s[4] = h1 >> 6;
- s[5] = h1 >> 14;
- s[6] = (h1 >> 22) | (h2 << 3);
- s[7] = h2 >> 5;
- s[8] = h2 >> 13;
- s[9] = (h2 >> 21) | (h3 << 5);
- s[10] = h3 >> 3;
- s[11] = h3 >> 11;
- s[12] = (h3 >> 19) | (h4 << 6);
- s[13] = h4 >> 2;
- s[14] = h4 >> 10;
- s[15] = h4 >> 18;
- s[16] = h5 >> 0;
- s[17] = h5 >> 8;
- s[18] = h5 >> 16;
- s[19] = (h5 >> 24) | (h6 << 1);
- s[20] = h6 >> 7;
- s[21] = h6 >> 15;
- s[22] = (h6 >> 23) | (h7 << 3);
- s[23] = h7 >> 5;
- s[24] = h7 >> 13;
- s[25] = (h7 >> 21) | (h8 << 4);
- s[26] = h8 >> 4;
- s[27] = h8 >> 12;
- s[28] = (h8 >> 20) | (h9 << 6);
- s[29] = h9 >> 2;
- s[30] = h9 >> 10;
- s[31] = h9 >> 18;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge.h
deleted file mode 100644
index 55e95f95b..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge.h
+++ /dev/null
@@ -1,95 +0,0 @@
-#ifndef GE_H
-#define GE_H
-
-/*
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
- ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-
-#include "fe.h"
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
-} ge_p2;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p3;
-
-typedef struct {
- fe X;
- fe Y;
- fe Z;
- fe T;
-} ge_p1p1;
-
-typedef struct {
- fe yplusx;
- fe yminusx;
- fe xy2d;
-} ge_precomp;
-
-typedef struct {
- fe YplusX;
- fe YminusX;
- fe Z;
- fe T2d;
-} ge_cached;
-
-#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime
-#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes
-#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes
-
-#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0
-#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0
-#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0
-#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2
-#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached
-#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2
-#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3
-#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl
-#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl
-
-#define ge_madd crypto_sign_ed25519_ref10_ge_madd
-#define ge_msub crypto_sign_ed25519_ref10_ge_msub
-#define ge_add crypto_sign_ed25519_ref10_ge_add
-#define ge_sub crypto_sign_ed25519_ref10_ge_sub
-#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base
-#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime
-
-extern void ge_tobytes(unsigned char *,const ge_p2 *);
-extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
-extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
-
-extern void ge_p2_0(ge_p2 *);
-extern void ge_p3_0(ge_p3 *);
-extern void ge_precomp_0(ge_precomp *);
-extern void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
-extern void ge_p3_to_cached(ge_cached *,const ge_p3 *);
-extern void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
-extern void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
-extern void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
-extern void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
-
-extern void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
-extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.c
deleted file mode 100644
index da7ff5d2e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-#include "ge_add.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.h
deleted file mode 100644
index 7481f8ffb..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.h
+++ /dev/null
@@ -1,97 +0,0 @@
-
-/* qhasm: enter ge_add */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe Z2 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ZZ */
-
-/* qhasm: fe YpX2 */
-
-/* qhasm: fe YmX2 */
-
-/* qhasm: fe T2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*YpX2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YpX2=q->YplusX); */
-fe_mul(r->Z,r->X,q->YplusX);
-
-/* qhasm: B = YmX1*YmX2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YmX2=q->YminusX); */
-fe_mul(r->Y,r->Y,q->YminusX);
-
-/* qhasm: C = T2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
-fe_mul(r->T,q->T2d,p->T);
-
-/* qhasm: ZZ = Z1*Z2 */
-/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
-/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
-fe_mul(r->X,p->Z,q->Z);
-
-/* qhasm: D = 2*ZZ */
-/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
-/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
-fe_add(t0,r->X,r->X);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D+C */
-/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_add(r->Z,t0,r->T);
-
-/* qhasm: T3 = D-C */
-/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
-fe_sub(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.q
deleted file mode 100644
index a6572ab0f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_add.q
+++ /dev/null
@@ -1,49 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_add
-
-fe X1
-fe Y1
-fe Z1
-fe Z2
-fe T1
-fe ZZ
-fe YpX2
-fe YmX2
-fe T2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*YpX2
-B = YmX1*YmX2
-C = T2d2*T1
-ZZ = Z1*Z2
-D = 2*ZZ
-X3 = A-B
-Y3 = A+B
-Z3 = D+C
-T3 = D-C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_double_scalarmult.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_double_scalarmult.c
deleted file mode 100644
index f8bf4bf77..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_double_scalarmult.c
+++ /dev/null
@@ -1,96 +0,0 @@
-#include "ge.h"
-
-static void slide(signed char *r,const unsigned char *a)
-{
- int i;
- int b;
- int k;
-
- for (i = 0;i < 256;++i)
- r[i] = 1 & (a[i >> 3] >> (i & 7));
-
- for (i = 0;i < 256;++i)
- if (r[i]) {
- for (b = 1;b <= 6 && i + b < 256;++b) {
- if (r[i + b]) {
- if (r[i] + (r[i + b] << b) <= 15) {
- r[i] += r[i + b] << b; r[i + b] = 0;
- } else if (r[i] - (r[i + b] << b) >= -15) {
- r[i] -= r[i + b] << b;
- for (k = i + b;k < 256;++k) {
- if (!r[k]) {
- r[k] = 1;
- break;
- }
- r[k] = 0;
- }
- } else
- break;
- }
- }
- }
-
-}
-
-static ge_precomp Bi[8] = {
-#include "base2.h"
-} ;
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
-{
- signed char aslide[256];
- signed char bslide[256];
- ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
- ge_p1p1 t;
- ge_p3 u;
- ge_p3 A2;
- int i;
-
- slide(aslide,a);
- slide(bslide,b);
-
- ge_p3_to_cached(&Ai[0],A);
- ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
- ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
- ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
- ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
- ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
- ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
- ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
- ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
-
- ge_p2_0(r);
-
- for (i = 255;i >= 0;--i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (;i >= 0;--i) {
- ge_p2_dbl(&t,r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_add(&t,&u,&Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_madd(&t,&u,&Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u,&t);
- ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r,&t);
- }
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_frombytes.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_frombytes.c
deleted file mode 100644
index 1a059ee93..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_frombytes.c
+++ /dev/null
@@ -1,50 +0,0 @@
-#include "ge.h"
-
-static const fe d = {
-#include "d.h"
-} ;
-
-static const fe sqrtm1 = {
-#include "sqrtm1.h"
-} ;
-
-int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
-{
- fe u;
- fe v;
- fe v3;
- fe vxx;
- fe check;
-
- fe_frombytes(h->Y,s);
- fe_1(h->Z);
- fe_sq(u,h->Y);
- fe_mul(v,u,d);
- fe_sub(u,u,h->Z); /* u = y^2-1 */
- fe_add(v,v,h->Z); /* v = dy^2+1 */
-
- fe_sq(v3,v);
- fe_mul(v3,v3,v); /* v3 = v^3 */
- fe_sq(h->X,v3);
- fe_mul(h->X,h->X,v);
- fe_mul(h->X,h->X,u); /* x = uv^7 */
-
- fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
- fe_mul(h->X,h->X,v3);
- fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx,h->X);
- fe_mul(vxx,vxx,v);
- fe_sub(check,vxx,u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check,vxx,u); /* vx^2+u */
- if (fe_isnonzero(check)) return -1;
- fe_mul(h->X,h->X,sqrtm1);
- }
-
- if (fe_isnegative(h->X) == (s[31] >> 7))
- fe_neg(h->X,h->X);
-
- fe_mul(h->T,h->X,h->Y);
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.c
deleted file mode 100644
index 622571774..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-#include "ge_madd.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.h
deleted file mode 100644
index ecae84952..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.h
+++ /dev/null
@@ -1,88 +0,0 @@
-
-/* qhasm: enter ge_madd */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ypx2 */
-
-/* qhasm: fe ymx2 */
-
-/* qhasm: fe xy2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*ypx2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ypx2=fe#15); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ypx2=q->yplusx); */
-fe_mul(r->Z,r->X,q->yplusx);
-
-/* qhasm: B = YmX1*ymx2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ymx2=fe#16); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ymx2=q->yminusx); */
-fe_mul(r->Y,r->Y,q->yminusx);
-
-/* qhasm: C = xy2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
-fe_mul(r->T,q->xy2d,p->T);
-
-/* qhasm: D = 2*Z1 */
-/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
-/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
-fe_add(t0,p->Z,p->Z);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D+C */
-/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_add(r->Z,t0,r->T);
-
-/* qhasm: T3 = D-C */
-/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
-fe_sub(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.q
deleted file mode 100644
index aa3db454e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_madd.q
+++ /dev/null
@@ -1,46 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_madd
-
-fe X1
-fe Y1
-fe Z1
-fe T1
-fe ypx2
-fe ymx2
-fe xy2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*ypx2
-B = YmX1*ymx2
-C = xy2d2*T1
-D = 2*Z1
-X3 = A-B
-Y3 = A+B
-Z3 = D+C
-T3 = D-C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.c
deleted file mode 100644
index 741ecbf11..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p - q
-*/
-
-void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
-{
- fe t0;
-#include "ge_msub.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.h
deleted file mode 100644
index 500f986ba..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.h
+++ /dev/null
@@ -1,88 +0,0 @@
-
-/* qhasm: enter ge_msub */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ypx2 */
-
-/* qhasm: fe ymx2 */
-
-/* qhasm: fe xy2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*ymx2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ymx2=fe#16); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ymx2=q->yminusx); */
-fe_mul(r->Z,r->X,q->yminusx);
-
-/* qhasm: B = YmX1*ypx2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ypx2=fe#15); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ypx2=q->yplusx); */
-fe_mul(r->Y,r->Y,q->yplusx);
-
-/* qhasm: C = xy2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
-fe_mul(r->T,q->xy2d,p->T);
-
-/* qhasm: D = 2*Z1 */
-/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
-/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
-fe_add(t0,p->Z,p->Z);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D-C */
-/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_sub(r->Z,t0,r->T);
-
-/* qhasm: T3 = D+C */
-/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
-fe_add(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.q
deleted file mode 100644
index e3cadd882..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_msub.q
+++ /dev/null
@@ -1,46 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_msub
-
-fe X1
-fe Y1
-fe Z1
-fe T1
-fe ypx2
-fe ymx2
-fe xy2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*ymx2
-B = YmX1*ypx2
-C = xy2d2*T1
-D = 2*Z1
-X3 = A-B
-Y3 = A+B
-Z3 = D-C
-T3 = D+C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p2.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p2.c
deleted file mode 100644
index 9bb5013d6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p2.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p3.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p3.c
deleted file mode 100644
index 2f57b1096..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p1p1_to_p3.c
+++ /dev/null
@@ -1,13 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
-{
- fe_mul(r->X,p->X,p->T);
- fe_mul(r->Y,p->Y,p->Z);
- fe_mul(r->Z,p->Z,p->T);
- fe_mul(r->T,p->X,p->Y);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_0.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_0.c
deleted file mode 100644
index 6191d1e6e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_0.c
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "ge.h"
-
-void ge_p2_0(ge_p2 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.c
deleted file mode 100644
index 2e332b5ce..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = 2 * p
-*/
-
-void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
-{
- fe t0;
-#include "ge_p2_dbl.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.h
deleted file mode 100644
index 128efed90..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.h
+++ /dev/null
@@ -1,73 +0,0 @@
-
-/* qhasm: enter ge_p2_dbl */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe AA */
-
-/* qhasm: fe XX */
-
-/* qhasm: fe YY */
-
-/* qhasm: fe B */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: XX=X1^2 */
-/* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */
-/* asm 2: fe_sq(>XX=r->X,<X1=p->X); */
-fe_sq(r->X,p->X);
-
-/* qhasm: YY=Y1^2 */
-/* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */
-/* asm 2: fe_sq(>YY=r->Z,<Y1=p->Y); */
-fe_sq(r->Z,p->Y);
-
-/* qhasm: B=2*Z1^2 */
-/* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */
-/* asm 2: fe_sq2(>B=r->T,<Z1=p->Z); */
-fe_sq2(r->T,p->Z);
-
-/* qhasm: A=X1+Y1 */
-/* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
-/* asm 2: fe_add(>A=r->Y,<X1=p->X,<Y1=p->Y); */
-fe_add(r->Y,p->X,p->Y);
-
-/* qhasm: AA=A^2 */
-/* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */
-/* asm 2: fe_sq(>AA=t0,<A=r->Y); */
-fe_sq(t0,r->Y);
-
-/* qhasm: Y3=YY+XX */
-/* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
-/* asm 2: fe_add(>Y3=r->Y,<YY=r->Z,<XX=r->X); */
-fe_add(r->Y,r->Z,r->X);
-
-/* qhasm: Z3=YY-XX */
-/* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
-/* asm 2: fe_sub(>Z3=r->Z,<YY=r->Z,<XX=r->X); */
-fe_sub(r->Z,r->Z,r->X);
-
-/* qhasm: X3=AA-Y3 */
-/* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<AA=t0,<Y3=r->Y); */
-fe_sub(r->X,t0,r->Y);
-
-/* qhasm: T3=B-Z3 */
-/* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
-/* asm 2: fe_sub(>T3=r->T,<B=r->T,<Z3=r->Z); */
-fe_sub(r->T,r->T,r->Z);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.q
deleted file mode 100644
index 170d42f9a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p2_dbl.q
+++ /dev/null
@@ -1,41 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*f^2:<f=fe:>h=fe:asm/fe_sq2(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_p2_dbl
-
-fe X1
-fe Y1
-fe Z1
-fe A
-fe AA
-fe XX
-fe YY
-fe B
-fe X3
-fe Y3
-fe Z3
-fe T3
-
-XX=X1^2
-YY=Y1^2
-B=2*Z1^2
-A=X1+Y1
-AA=A^2
-Y3=YY+XX
-Z3=YY-XX
-X3=AA-Y3
-T3=B-Z3
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_0.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_0.c
deleted file mode 100644
index 401b2935a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_0.c
+++ /dev/null
@@ -1,9 +0,0 @@
-#include "ge.h"
-
-void ge_p3_0(ge_p3 *h)
-{
- fe_0(h->X);
- fe_1(h->Y);
- fe_1(h->Z);
- fe_0(h->T);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_dbl.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_dbl.c
deleted file mode 100644
index 0d8a05915..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_dbl.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = 2 * p
-*/
-
-void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
-{
- ge_p2 q;
- ge_p3_to_p2(&q,p);
- ge_p2_dbl(r,&q);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_cached.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_cached.c
deleted file mode 100644
index bde64228c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_cached.c
+++ /dev/null
@@ -1,17 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-static const fe d2 = {
-#include "d2.h"
-} ;
-
-extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
-{
- fe_add(r->YplusX,p->Y,p->X);
- fe_sub(r->YminusX,p->Y,p->X);
- fe_copy(r->Z,p->Z);
- fe_mul(r->T2d,p->T,d2);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_p2.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_p2.c
deleted file mode 100644
index e532a9e4c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_to_p2.c
+++ /dev/null
@@ -1,12 +0,0 @@
-#include "ge.h"
-
-/*
-r = p
-*/
-
-extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
-{
- fe_copy(r->X,p->X);
- fe_copy(r->Y,p->Y);
- fe_copy(r->Z,p->Z);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_tobytes.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_tobytes.c
deleted file mode 100644
index 21cb2fc65..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_p3_tobytes.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "ge.h"
-
-void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_precomp_0.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_precomp_0.c
deleted file mode 100644
index 2e218861d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_precomp_0.c
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "ge.h"
-
-void ge_precomp_0(ge_precomp *h)
-{
- fe_1(h->yplusx);
- fe_1(h->yminusx);
- fe_0(h->xy2d);
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_scalarmult_base.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_scalarmult_base.c
deleted file mode 100644
index 421e4fa0f..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_scalarmult_base.c
+++ /dev/null
@@ -1,105 +0,0 @@
-#include "ge.h"
-#include "crypto_uint32.h"
-
-static unsigned char equal(signed char b,signed char c)
-{
- unsigned char ub = b;
- unsigned char uc = c;
- unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
- crypto_uint32 y = x; /* 0: yes; 1..255: no */
- y -= 1; /* 4294967295: yes; 0..254: no */
- y >>= 31; /* 1: yes; 0: no */
- return y;
-}
-
-static unsigned char negative(signed char b)
-{
- unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
- x >>= 63; /* 1: yes; 0: no */
- return x;
-}
-
-static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
-{
- fe_cmov(t->yplusx,u->yplusx,b);
- fe_cmov(t->yminusx,u->yminusx,b);
- fe_cmov(t->xy2d,u->xy2d,b);
-}
-
-/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
-#include "base.h"
-} ;
-
-static void select(ge_precomp *t,int pos,signed char b)
-{
- ge_precomp minust;
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
-
- ge_precomp_0(t);
- cmov(t,&base[pos][0],equal(babs,1));
- cmov(t,&base[pos][1],equal(babs,2));
- cmov(t,&base[pos][2],equal(babs,3));
- cmov(t,&base[pos][3],equal(babs,4));
- cmov(t,&base[pos][4],equal(babs,5));
- cmov(t,&base[pos][5],equal(babs,6));
- cmov(t,&base[pos][6],equal(babs,7));
- cmov(t,&base[pos][7],equal(babs,8));
- fe_copy(minust.yplusx,t->yminusx);
- fe_copy(minust.yminusx,t->yplusx);
- fe_neg(minust.xy2d,t->xy2d);
- cmov(t,&minust,bnegative);
-}
-
-/*
-h = a * B
-where a = a[0]+256*a[1]+...+256^31 a[31]
-B is the Ed25519 base point (x,4/5) with x positive.
-
-Preconditions:
- a[31] <= 127
-*/
-
-void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
-{
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
- ge_p2 s;
- ge_precomp t;
- int i;
-
- for (i = 0;i < 32;++i) {
- e[2 * i + 0] = (a[i] >> 0) & 15;
- e[2 * i + 1] = (a[i] >> 4) & 15;
- }
- /* each e[i] is between 0 and 15 */
- /* e[63] is between 0 and 7 */
-
- carry = 0;
- for (i = 0;i < 63;++i) {
- e[i] += carry;
- carry = e[i] + 8;
- carry >>= 4;
- e[i] -= carry << 4;
- }
- e[63] += carry;
- /* each e[i] is between -8 and 8 */
-
- ge_p3_0(h);
- for (i = 1;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-
- ge_p3_dbl(&r,h); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
- ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
-
- for (i = 0;i < 64;i += 2) {
- select(&t,i / 2,e[i]);
- ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
- }
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.c
deleted file mode 100644
index 69f3d5406..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.c
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p - q
-*/
-
-void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-#include "ge_sub.h"
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.h
deleted file mode 100644
index b4ef1f5dd..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.h
+++ /dev/null
@@ -1,97 +0,0 @@
-
-/* qhasm: enter ge_sub */
-
-/* qhasm: fe X1 */
-
-/* qhasm: fe Y1 */
-
-/* qhasm: fe Z1 */
-
-/* qhasm: fe Z2 */
-
-/* qhasm: fe T1 */
-
-/* qhasm: fe ZZ */
-
-/* qhasm: fe YpX2 */
-
-/* qhasm: fe YmX2 */
-
-/* qhasm: fe T2d2 */
-
-/* qhasm: fe X3 */
-
-/* qhasm: fe Y3 */
-
-/* qhasm: fe Z3 */
-
-/* qhasm: fe T3 */
-
-/* qhasm: fe YpX1 */
-
-/* qhasm: fe YmX1 */
-
-/* qhasm: fe A */
-
-/* qhasm: fe B */
-
-/* qhasm: fe C */
-
-/* qhasm: fe D */
-
-/* qhasm: YpX1 = Y1+X1 */
-/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
-fe_add(r->X,p->Y,p->X);
-
-/* qhasm: YmX1 = Y1-X1 */
-/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
-/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
-fe_sub(r->Y,p->Y,p->X);
-
-/* qhasm: A = YpX1*YmX2 */
-/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YmX2=fe#16); */
-/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YmX2=q->YminusX); */
-fe_mul(r->Z,r->X,q->YminusX);
-
-/* qhasm: B = YmX1*YpX2 */
-/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YpX2=fe#15); */
-/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YpX2=q->YplusX); */
-fe_mul(r->Y,r->Y,q->YplusX);
-
-/* qhasm: C = T2d2*T1 */
-/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
-/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
-fe_mul(r->T,q->T2d,p->T);
-
-/* qhasm: ZZ = Z1*Z2 */
-/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
-/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
-fe_mul(r->X,p->Z,q->Z);
-
-/* qhasm: D = 2*ZZ */
-/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
-/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
-fe_add(t0,r->X,r->X);
-
-/* qhasm: X3 = A-B */
-/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
-fe_sub(r->X,r->Z,r->Y);
-
-/* qhasm: Y3 = A+B */
-/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
-/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
-fe_add(r->Y,r->Z,r->Y);
-
-/* qhasm: Z3 = D-C */
-/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
-fe_sub(r->Z,t0,r->T);
-
-/* qhasm: T3 = D+C */
-/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
-/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
-fe_add(r->T,t0,r->T);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.q
deleted file mode 100644
index 2779a4a20..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_sub.q
+++ /dev/null
@@ -1,49 +0,0 @@
-:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
-fe r:var/r=fe:
-
-enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
-return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
-
-h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
-h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
-h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
-
-:
-
-enter ge_sub
-
-fe X1
-fe Y1
-fe Z1
-fe Z2
-fe T1
-fe ZZ
-fe YpX2
-fe YmX2
-fe T2d2
-fe X3
-fe Y3
-fe Z3
-fe T3
-fe YpX1
-fe YmX1
-fe A
-fe B
-fe C
-fe D
-
-YpX1 = Y1+X1
-YmX1 = Y1-X1
-A = YpX1*YmX2
-B = YmX1*YpX2
-C = T2d2*T1
-ZZ = Z1*Z2
-D = 2*ZZ
-X3 = A-B
-Y3 = A+B
-Z3 = D-C
-T3 = D+C
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_tobytes.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_tobytes.c
deleted file mode 100644
index 31b3d33e0..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/ge_tobytes.c
+++ /dev/null
@@ -1,14 +0,0 @@
-#include "ge.h"
-
-void ge_tobytes(unsigned char *s,const ge_p2 *h)
-{
- fe recip;
- fe x;
- fe y;
-
- fe_invert(recip,h->Z);
- fe_mul(x,h->X,recip);
- fe_mul(y,h->Y,recip);
- fe_tobytes(s,y);
- s[31] ^= fe_isnegative(x) << 7;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/keypair.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/keypair.c
deleted file mode 100644
index ac6cea2b7..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/keypair.c
+++ /dev/null
@@ -1,23 +0,0 @@
-#include <string.h>
-#include "randombytes.h"
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "ge.h"
-
-int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
-{
- unsigned char az[64];
- ge_p3 A;
-
- randombytes(sk,32);
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- ge_scalarmult_base(&A,az);
- ge_p3_tobytes(pk,&A);
-
- memmove(sk + 32,pk,32);
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/open.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/open.c
deleted file mode 100644
index 1ec4cd2bf..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/open.c
+++ /dev/null
@@ -1,48 +0,0 @@
-#include <string.h>
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "crypto_verify_32.h"
-#include "ge.h"
-#include "sc.h"
-
-int crypto_sign_open(
- unsigned char *m,unsigned long long *mlen,
- const unsigned char *sm,unsigned long long smlen,
- const unsigned char *pk
-)
-{
- unsigned char pkcopy[32];
- unsigned char rcopy[32];
- unsigned char scopy[32];
- unsigned char h[64];
- unsigned char rcheck[32];
- ge_p3 A;
- ge_p2 R;
-
- if (smlen < 64) goto badsig;
- if (sm[63] & 224) goto badsig;
- if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
-
- memmove(pkcopy,pk,32);
- memmove(rcopy,sm,32);
- memmove(scopy,sm + 32,32);
-
- memmove(m,sm,smlen);
- memmove(m + 32,pkcopy,32);
- crypto_hash_sha512(h,m,smlen);
- sc_reduce(h);
-
- ge_double_scalarmult_vartime(&R,h,&A,scopy);
- ge_tobytes(rcheck,&R);
- if (crypto_verify_32(rcheck,rcopy) == 0) {
- memmove(m,m + 64,smlen - 64);
- memset(m + smlen - 64,0,64);
- *mlen = smlen - 64;
- return 0;
- }
-
-badsig:
- *mlen = -1;
- memset(m,0,smlen);
- return -1;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.h
deleted file mode 100644
index 60ffe0d34..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.h
+++ /dev/null
@@ -1,160 +0,0 @@
-
-/* qhasm: fe z1 */
-
-/* qhasm: fe z2 */
-
-/* qhasm: fe z8 */
-
-/* qhasm: fe z9 */
-
-/* qhasm: fe z11 */
-
-/* qhasm: fe z22 */
-
-/* qhasm: fe z_5_0 */
-
-/* qhasm: fe z_10_5 */
-
-/* qhasm: fe z_10_0 */
-
-/* qhasm: fe z_20_10 */
-
-/* qhasm: fe z_20_0 */
-
-/* qhasm: fe z_40_20 */
-
-/* qhasm: fe z_40_0 */
-
-/* qhasm: fe z_50_10 */
-
-/* qhasm: fe z_50_0 */
-
-/* qhasm: fe z_100_50 */
-
-/* qhasm: fe z_100_0 */
-
-/* qhasm: fe z_200_100 */
-
-/* qhasm: fe z_200_0 */
-
-/* qhasm: fe z_250_50 */
-
-/* qhasm: fe z_250_0 */
-
-/* qhasm: fe z_252_2 */
-
-/* qhasm: fe z_252_3 */
-
-/* qhasm: enter pow22523 */
-
-/* qhasm: z2 = z1^2^1 */
-/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
-/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z8 = z2^2^2 */
-/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
-/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-
-/* qhasm: z9 = z1*z8 */
-/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
-/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
-fe_mul(t1,z,t1);
-
-/* qhasm: z11 = z2*z9 */
-/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
-/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
-fe_mul(t0,t0,t1);
-
-/* qhasm: z22 = z11^2^1 */
-/* asm 1: fe_sq(>z22=fe#1,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#1,>z22=fe#1); */
-/* asm 2: fe_sq(>z22=t0,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t0,>z22=t0); */
-fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z_5_0 = z9*z22 */
-/* asm 1: fe_mul(>z_5_0=fe#1,<z9=fe#2,<z22=fe#1); */
-/* asm 2: fe_mul(>z_5_0=t0,<z9=t1,<z22=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_10_5 = z_5_0^2^5 */
-/* asm 1: fe_sq(>z_10_5=fe#2,<z_5_0=fe#1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#2,>z_10_5=fe#2); */
-/* asm 2: fe_sq(>z_10_5=t1,<z_5_0=t0); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t1,>z_10_5=t1); */
-fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-
-/* qhasm: z_10_0 = z_10_5*z_5_0 */
-/* asm 1: fe_mul(>z_10_0=fe#1,<z_10_5=fe#2,<z_5_0=fe#1); */
-/* asm 2: fe_mul(>z_10_0=t0,<z_10_5=t1,<z_5_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_20_10 = z_10_0^2^10 */
-/* asm 1: fe_sq(>z_20_10=fe#2,<z_10_0=fe#1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#2,>z_20_10=fe#2); */
-/* asm 2: fe_sq(>z_20_10=t1,<z_10_0=t0); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t1,>z_20_10=t1); */
-fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-
-/* qhasm: z_20_0 = z_20_10*z_10_0 */
-/* asm 1: fe_mul(>z_20_0=fe#2,<z_20_10=fe#2,<z_10_0=fe#1); */
-/* asm 2: fe_mul(>z_20_0=t1,<z_20_10=t1,<z_10_0=t0); */
-fe_mul(t1,t1,t0);
-
-/* qhasm: z_40_20 = z_20_0^2^20 */
-/* asm 1: fe_sq(>z_40_20=fe#3,<z_20_0=fe#2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#3,>z_40_20=fe#3); */
-/* asm 2: fe_sq(>z_40_20=t2,<z_20_0=t1); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t2,>z_40_20=t2); */
-fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
-
-/* qhasm: z_40_0 = z_40_20*z_20_0 */
-/* asm 1: fe_mul(>z_40_0=fe#2,<z_40_20=fe#3,<z_20_0=fe#2); */
-/* asm 2: fe_mul(>z_40_0=t1,<z_40_20=t2,<z_20_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_50_10 = z_40_0^2^10 */
-/* asm 1: fe_sq(>z_50_10=fe#2,<z_40_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#2,>z_50_10=fe#2); */
-/* asm 2: fe_sq(>z_50_10=t1,<z_40_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t1,>z_50_10=t1); */
-fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
-
-/* qhasm: z_50_0 = z_50_10*z_10_0 */
-/* asm 1: fe_mul(>z_50_0=fe#1,<z_50_10=fe#2,<z_10_0=fe#1); */
-/* asm 2: fe_mul(>z_50_0=t0,<z_50_10=t1,<z_10_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_100_50 = z_50_0^2^50 */
-/* asm 1: fe_sq(>z_100_50=fe#2,<z_50_0=fe#1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#2,>z_100_50=fe#2); */
-/* asm 2: fe_sq(>z_100_50=t1,<z_50_0=t0); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t1,>z_100_50=t1); */
-fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-
-/* qhasm: z_100_0 = z_100_50*z_50_0 */
-/* asm 1: fe_mul(>z_100_0=fe#2,<z_100_50=fe#2,<z_50_0=fe#1); */
-/* asm 2: fe_mul(>z_100_0=t1,<z_100_50=t1,<z_50_0=t0); */
-fe_mul(t1,t1,t0);
-
-/* qhasm: z_200_100 = z_100_0^2^100 */
-/* asm 1: fe_sq(>z_200_100=fe#3,<z_100_0=fe#2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#3,>z_200_100=fe#3); */
-/* asm 2: fe_sq(>z_200_100=t2,<z_100_0=t1); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t2,>z_200_100=t2); */
-fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
-
-/* qhasm: z_200_0 = z_200_100*z_100_0 */
-/* asm 1: fe_mul(>z_200_0=fe#2,<z_200_100=fe#3,<z_100_0=fe#2); */
-/* asm 2: fe_mul(>z_200_0=t1,<z_200_100=t2,<z_100_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_250_50 = z_200_0^2^50 */
-/* asm 1: fe_sq(>z_250_50=fe#2,<z_200_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#2,>z_250_50=fe#2); */
-/* asm 2: fe_sq(>z_250_50=t1,<z_200_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t1,>z_250_50=t1); */
-fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
-
-/* qhasm: z_250_0 = z_250_50*z_50_0 */
-/* asm 1: fe_mul(>z_250_0=fe#1,<z_250_50=fe#2,<z_50_0=fe#1); */
-/* asm 2: fe_mul(>z_250_0=t0,<z_250_50=t1,<z_50_0=t0); */
-fe_mul(t0,t1,t0);
-
-/* qhasm: z_252_2 = z_250_0^2^2 */
-/* asm 1: fe_sq(>z_252_2=fe#1,<z_250_0=fe#1); for (i = 1;i < 2;++i) fe_sq(>z_252_2=fe#1,>z_252_2=fe#1); */
-/* asm 2: fe_sq(>z_252_2=t0,<z_250_0=t0); for (i = 1;i < 2;++i) fe_sq(>z_252_2=t0,>z_252_2=t0); */
-fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
-
-/* qhasm: z_252_3 = z_252_2*z1 */
-/* asm 1: fe_mul(>z_252_3=fe#12,<z_252_2=fe#1,<z1=fe#11); */
-/* asm 2: fe_mul(>z_252_3=out,<z_252_2=t0,<z1=z); */
-fe_mul(out,t0,z);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.q
deleted file mode 100644
index 2ce1da9d4..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow22523.q
+++ /dev/null
@@ -1,61 +0,0 @@
-:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
-fe r:var/r=fe:
-
-enter f:enter/f:>z1=fe#11:
-return:nofallthrough:<z_252_3=fe#12:leave:
-
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
-
-:
-
-fe z1
-fe z2
-fe z8
-fe z9
-fe z11
-fe z22
-fe z_5_0
-fe z_10_5
-fe z_10_0
-fe z_20_10
-fe z_20_0
-fe z_40_20
-fe z_40_0
-fe z_50_10
-fe z_50_0
-fe z_100_50
-fe z_100_0
-fe z_200_100
-fe z_200_0
-fe z_250_50
-fe z_250_0
-fe z_252_2
-fe z_252_3
-
-enter pow22523
-
-z2 = z1^2^1
-z8 = z2^2^2
-z9 = z1*z8
-z11 = z2*z9
-z22 = z11^2^1
-z_5_0 = z9*z22
-z_10_5 = z_5_0^2^5
-z_10_0 = z_10_5*z_5_0
-z_20_10 = z_10_0^2^10
-z_20_0 = z_20_10*z_10_0
-z_40_20 = z_20_0^2^20
-z_40_0 = z_40_20*z_20_0
-z_50_10 = z_40_0^2^10
-z_50_0 = z_50_10*z_10_0
-z_100_50 = z_50_0^2^50
-z_100_0 = z_100_50*z_50_0
-z_200_100 = z_100_0^2^100
-z_200_0 = z_200_100*z_100_0
-z_250_50 = z_200_0^2^50
-z_250_0 = z_250_50*z_50_0
-z_252_2 = z_250_0^2^2
-z_252_3 = z_252_2*z1
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.h
deleted file mode 100644
index 109df779a..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.h
+++ /dev/null
@@ -1,160 +0,0 @@
-
-/* qhasm: fe z1 */
-
-/* qhasm: fe z2 */
-
-/* qhasm: fe z8 */
-
-/* qhasm: fe z9 */
-
-/* qhasm: fe z11 */
-
-/* qhasm: fe z22 */
-
-/* qhasm: fe z_5_0 */
-
-/* qhasm: fe z_10_5 */
-
-/* qhasm: fe z_10_0 */
-
-/* qhasm: fe z_20_10 */
-
-/* qhasm: fe z_20_0 */
-
-/* qhasm: fe z_40_20 */
-
-/* qhasm: fe z_40_0 */
-
-/* qhasm: fe z_50_10 */
-
-/* qhasm: fe z_50_0 */
-
-/* qhasm: fe z_100_50 */
-
-/* qhasm: fe z_100_0 */
-
-/* qhasm: fe z_200_100 */
-
-/* qhasm: fe z_200_0 */
-
-/* qhasm: fe z_250_50 */
-
-/* qhasm: fe z_250_0 */
-
-/* qhasm: fe z_255_5 */
-
-/* qhasm: fe z_255_21 */
-
-/* qhasm: enter pow225521 */
-
-/* qhasm: z2 = z1^2^1 */
-/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
-/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
-
-/* qhasm: z8 = z2^2^2 */
-/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
-/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
-fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
-
-/* qhasm: z9 = z1*z8 */
-/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
-/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
-fe_mul(t1,z,t1);
-
-/* qhasm: z11 = z2*z9 */
-/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
-/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
-fe_mul(t0,t0,t1);
-
-/* qhasm: z22 = z11^2^1 */
-/* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
-/* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
-fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
-
-/* qhasm: z_5_0 = z9*z22 */
-/* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
-/* asm 2: fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
-fe_mul(t1,t1,t2);
-
-/* qhasm: z_10_5 = z_5_0^2^5 */
-/* asm 1: fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
-/* asm 2: fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t2,>z_10_5=t2); */
-fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
-
-/* qhasm: z_10_0 = z_10_5*z_5_0 */
-/* asm 1: fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
-/* asm 2: fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_20_10 = z_10_0^2^10 */
-/* asm 1: fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
-/* asm 2: fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t2,>z_20_10=t2); */
-fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-
-/* qhasm: z_20_0 = z_20_10*z_10_0 */
-/* asm 1: fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
-/* asm 2: fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
-fe_mul(t2,t2,t1);
-
-/* qhasm: z_40_20 = z_20_0^2^20 */
-/* asm 1: fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
-/* asm 2: fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t3,>z_40_20=t3); */
-fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
-
-/* qhasm: z_40_0 = z_40_20*z_20_0 */
-/* asm 1: fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
-/* asm 2: fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
-fe_mul(t2,t3,t2);
-
-/* qhasm: z_50_10 = z_40_0^2^10 */
-/* asm 1: fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
-/* asm 2: fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t2,>z_50_10=t2); */
-fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
-
-/* qhasm: z_50_0 = z_50_10*z_10_0 */
-/* asm 1: fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
-/* asm 2: fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_100_50 = z_50_0^2^50 */
-/* asm 1: fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
-/* asm 2: fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t2,>z_100_50=t2); */
-fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-
-/* qhasm: z_100_0 = z_100_50*z_50_0 */
-/* asm 1: fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
-/* asm 2: fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
-fe_mul(t2,t2,t1);
-
-/* qhasm: z_200_100 = z_100_0^2^100 */
-/* asm 1: fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
-/* asm 2: fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t3,>z_200_100=t3); */
-fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
-
-/* qhasm: z_200_0 = z_200_100*z_100_0 */
-/* asm 1: fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
-/* asm 2: fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
-fe_mul(t2,t3,t2);
-
-/* qhasm: z_250_50 = z_200_0^2^50 */
-/* asm 1: fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
-/* asm 2: fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t2,>z_250_50=t2); */
-fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
-
-/* qhasm: z_250_0 = z_250_50*z_50_0 */
-/* asm 1: fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
-/* asm 2: fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
-fe_mul(t1,t2,t1);
-
-/* qhasm: z_255_5 = z_250_0^2^5 */
-/* asm 1: fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
-/* asm 2: fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_255_5=t1,>z_255_5=t1); */
-fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
-
-/* qhasm: z_255_21 = z_255_5*z11 */
-/* asm 1: fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
-/* asm 2: fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
-fe_mul(out,t1,t0);
-
-/* qhasm: return */
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.q b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.q
deleted file mode 100644
index 45be57c08..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/pow225521.q
+++ /dev/null
@@ -1,61 +0,0 @@
-:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
-fe r:var/r=fe:
-
-enter f:enter/f:>z1=fe#11:
-return:nofallthrough:<z_255_21=fe#12:leave:
-
-h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
-h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
-
-:
-
-fe z1
-fe z2
-fe z8
-fe z9
-fe z11
-fe z22
-fe z_5_0
-fe z_10_5
-fe z_10_0
-fe z_20_10
-fe z_20_0
-fe z_40_20
-fe z_40_0
-fe z_50_10
-fe z_50_0
-fe z_100_50
-fe z_100_0
-fe z_200_100
-fe z_200_0
-fe z_250_50
-fe z_250_0
-fe z_255_5
-fe z_255_21
-
-enter pow225521
-
-z2 = z1^2^1
-z8 = z2^2^2
-z9 = z1*z8
-z11 = z2*z9
-z22 = z11^2^1
-z_5_0 = z9*z22
-z_10_5 = z_5_0^2^5
-z_10_0 = z_10_5*z_5_0
-z_20_10 = z_10_0^2^10
-z_20_0 = z_20_10*z_10_0
-z_40_20 = z_20_0^2^20
-z_40_0 = z_40_20*z_20_0
-z_50_10 = z_40_0^2^10
-z_50_0 = z_50_10*z_10_0
-z_100_50 = z_50_0^2^50
-z_100_0 = z_100_50*z_50_0
-z_200_100 = z_100_0^2^100
-z_200_0 = z_200_100*z_100_0
-z_250_50 = z_200_0^2^50
-z_250_0 = z_250_50*z_50_0
-z_255_5 = z_250_0^2^5
-z_255_21 = z_255_5*z11
-
-return
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/q2h.sh b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/q2h.sh
deleted file mode 100644
index 47ec5110e..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/q2h.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-sed 's/^#.*//' \
-| qhasm-generic \
-| sed 's_//\(.*\)$_/*\1 */_'
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc.h
deleted file mode 100644
index d32ed2e8c..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef SC_H
-#define SC_H
-
-/*
-The set of scalars is \Z/l
-where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce
-#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd
-
-extern void sc_reduce(unsigned char *);
-extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
-
-#endif
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_muladd.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_muladd.c
deleted file mode 100644
index 6f1e9d02d..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_muladd.c
+++ /dev/null
@@ -1,368 +0,0 @@
-#include "sc.h"
-#include "crypto_int64.h"
-#include "crypto_uint32.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,const unsigned char *c)
-{
- crypto_int64 a0 = 2097151 & load_3(a);
- crypto_int64 a1 = 2097151 & (load_4(a + 2) >> 5);
- crypto_int64 a2 = 2097151 & (load_3(a + 5) >> 2);
- crypto_int64 a3 = 2097151 & (load_4(a + 7) >> 7);
- crypto_int64 a4 = 2097151 & (load_4(a + 10) >> 4);
- crypto_int64 a5 = 2097151 & (load_3(a + 13) >> 1);
- crypto_int64 a6 = 2097151 & (load_4(a + 15) >> 6);
- crypto_int64 a7 = 2097151 & (load_3(a + 18) >> 3);
- crypto_int64 a8 = 2097151 & load_3(a + 21);
- crypto_int64 a9 = 2097151 & (load_4(a + 23) >> 5);
- crypto_int64 a10 = 2097151 & (load_3(a + 26) >> 2);
- crypto_int64 a11 = (load_4(a + 28) >> 7);
- crypto_int64 b0 = 2097151 & load_3(b);
- crypto_int64 b1 = 2097151 & (load_4(b + 2) >> 5);
- crypto_int64 b2 = 2097151 & (load_3(b + 5) >> 2);
- crypto_int64 b3 = 2097151 & (load_4(b + 7) >> 7);
- crypto_int64 b4 = 2097151 & (load_4(b + 10) >> 4);
- crypto_int64 b5 = 2097151 & (load_3(b + 13) >> 1);
- crypto_int64 b6 = 2097151 & (load_4(b + 15) >> 6);
- crypto_int64 b7 = 2097151 & (load_3(b + 18) >> 3);
- crypto_int64 b8 = 2097151 & load_3(b + 21);
- crypto_int64 b9 = 2097151 & (load_4(b + 23) >> 5);
- crypto_int64 b10 = 2097151 & (load_3(b + 26) >> 2);
- crypto_int64 b11 = (load_4(b + 28) >> 7);
- crypto_int64 c0 = 2097151 & load_3(c);
- crypto_int64 c1 = 2097151 & (load_4(c + 2) >> 5);
- crypto_int64 c2 = 2097151 & (load_3(c + 5) >> 2);
- crypto_int64 c3 = 2097151 & (load_4(c + 7) >> 7);
- crypto_int64 c4 = 2097151 & (load_4(c + 10) >> 4);
- crypto_int64 c5 = 2097151 & (load_3(c + 13) >> 1);
- crypto_int64 c6 = 2097151 & (load_4(c + 15) >> 6);
- crypto_int64 c7 = 2097151 & (load_3(c + 18) >> 3);
- crypto_int64 c8 = 2097151 & load_3(c + 21);
- crypto_int64 c9 = 2097151 & (load_4(c + 23) >> 5);
- crypto_int64 c10 = 2097151 & (load_3(c + 26) >> 2);
- crypto_int64 c11 = (load_4(c + 28) >> 7);
- crypto_int64 s0;
- crypto_int64 s1;
- crypto_int64 s2;
- crypto_int64 s3;
- crypto_int64 s4;
- crypto_int64 s5;
- crypto_int64 s6;
- crypto_int64 s7;
- crypto_int64 s8;
- crypto_int64 s9;
- crypto_int64 s10;
- crypto_int64 s11;
- crypto_int64 s12;
- crypto_int64 s13;
- crypto_int64 s14;
- crypto_int64 s15;
- crypto_int64 s16;
- crypto_int64 s17;
- crypto_int64 s18;
- crypto_int64 s19;
- crypto_int64 s20;
- crypto_int64 s21;
- crypto_int64 s22;
- crypto_int64 s23;
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
- crypto_int64 carry10;
- crypto_int64 carry11;
- crypto_int64 carry12;
- crypto_int64 carry13;
- crypto_int64 carry14;
- crypto_int64 carry15;
- crypto_int64 carry16;
- crypto_int64 carry17;
- crypto_int64 carry18;
- crypto_int64 carry19;
- crypto_int64 carry20;
- crypto_int64 carry21;
- crypto_int64 carry22;
-
- s0 = c0 + a0*b0;
- s1 = c1 + a0*b1 + a1*b0;
- s2 = c2 + a0*b2 + a1*b1 + a2*b0;
- s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
- s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
- s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
- s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
- s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
- s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
- s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
- s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
- s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
- s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
- s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
- s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
- s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
- s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
- s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
- s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
- s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
- s20 = a9*b11 + a10*b10 + a11*b9;
- s21 = a10*b11 + a11*b10;
- s22 = a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_reduce.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_reduce.c
deleted file mode 100644
index d01f5a573..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_reduce.c
+++ /dev/null
@@ -1,275 +0,0 @@
-#include "sc.h"
-#include "crypto_int64.h"
-#include "crypto_uint32.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-/*
-Input:
- s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = s mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
- Overwrites s in place.
-*/
-
-void sc_reduce(unsigned char *s)
-{
- crypto_int64 s0 = 2097151 & load_3(s);
- crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
- crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
- crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
- crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
- crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
- crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
- crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
- crypto_int64 s8 = 2097151 & load_3(s + 21);
- crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
- crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
- crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
- crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
- crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
- crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
- crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
- crypto_int64 s16 = 2097151 & load_3(s + 42);
- crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
- crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
- crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
- crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
- crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
- crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
- crypto_int64 s23 = (load_4(s + 60) >> 3);
- crypto_int64 carry0;
- crypto_int64 carry1;
- crypto_int64 carry2;
- crypto_int64 carry3;
- crypto_int64 carry4;
- crypto_int64 carry5;
- crypto_int64 carry6;
- crypto_int64 carry7;
- crypto_int64 carry8;
- crypto_int64 carry9;
- crypto_int64 carry10;
- crypto_int64 carry11;
- crypto_int64 carry12;
- crypto_int64 carry13;
- crypto_int64 carry14;
- crypto_int64 carry15;
- crypto_int64 carry16;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
- s23 = 0;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
- s22 = 0;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
- s21 = 0;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
- s20 = 0;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
- s19 = 0;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
- s18 = 0;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
- s17 = 0;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
- s16 = 0;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
- s15 = 0;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
- s14 = 0;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
- s13 = 0;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_sub.xmr.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_sub.xmr.c
deleted file mode 100644
index cd4a50ff0..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sc_sub.xmr.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/*
- * sc_sub, sc_mulsub, sc_mul
- *
- * (These are from the old code as well)
- */
-
-
-#include "sc.h"
-#include "crypto_int64.h"
-#include "crypto_uint32.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
- crypto_uint64 result;
- result = (crypto_uint64) in[0];
- result |= ((crypto_uint64) in[1]) << 8;
- result |= ((crypto_uint64) in[2]) << 16;
- result |= ((crypto_uint64) in[3]) << 24;
- return result;
-}
-
-void sc_sub(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 - b0;
- int64_t s1 = a1 - b1;
- int64_t s2 = a2 - b2;
- int64_t s3 = a3 - b3;
- int64_t s4 = a4 - b4;
- int64_t s5 = a5 - b5;
- int64_t s6 = a6 - b6;
- int64_t s7 = a7 - b7;
- int64_t s8 = a8 - b8;
- int64_t s9 = a9 - b9;
- int64_t s10 = a10 - b10;
- int64_t s11 = a11 - b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/*
-Input:
- a[0]+256*a[1]+...+256^31*a[31] = a
- b[0]+256*b[1]+...+256^31*b[31] = b
- c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
- s[0]+256*s[1]+...+256^31*s[31] = (c-ab) mod l
- where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-//x
-void sc_mulsub(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t c0 = 2097151 & load_3(c);
- int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
- int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
- int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
- int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
- int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
- int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
- int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
- int64_t c8 = 2097151 & load_3(c + 21);
- int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
- int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
- int64_t c11 = (load_4(c + 28) >> 7);
- int64_t s0;
- int64_t s1;
- int64_t s2;
- int64_t s3;
- int64_t s4;
- int64_t s5;
- int64_t s6;
- int64_t s7;
- int64_t s8;
- int64_t s9;
- int64_t s10;
- int64_t s11;
- int64_t s12;
- int64_t s13;
- int64_t s14;
- int64_t s15;
- int64_t s16;
- int64_t s17;
- int64_t s18;
- int64_t s19;
- int64_t s20;
- int64_t s21;
- int64_t s22;
- int64_t s23;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
- int64_t carry12;
- int64_t carry13;
- int64_t carry14;
- int64_t carry15;
- int64_t carry16;
- int64_t carry17;
- int64_t carry18;
- int64_t carry19;
- int64_t carry20;
- int64_t carry21;
- int64_t carry22;
-
- s0 = c0 - a0*b0;
- s1 = c1 - (a0*b1 + a1*b0);
- s2 = c2 - (a0*b2 + a1*b1 + a2*b0);
- s3 = c3 - (a0*b3 + a1*b2 + a2*b1 + a3*b0);
- s4 = c4 - (a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0);
- s5 = c5 - (a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0);
- s6 = c6 - (a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0);
- s7 = c7 - (a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0);
- s8 = c8 - (a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0);
- s9 = c9 - (a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0);
- s10 = c10 - (a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0);
- s11 = c11 - (a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0);
- s12 = -(a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1);
- s13 = -(a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2);
- s14 = -(a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3);
- s15 = -(a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4);
- s16 = -(a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5);
- s17 = -(a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6);
- s18 = -(a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7);
- s19 = -(a8*b11 + a9*b10 + a10*b9 + a11*b8);
- s20 = -(a9*b11 + a10*b10 + a11*b9);
- s21 = -(a10*b11 + a11*b10);
- s22 = -a11*b11;
- s23 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
- carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
- carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
- carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
- carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
- carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
- carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
- s11 += s23 * 666643;
- s12 += s23 * 470296;
- s13 += s23 * 654183;
- s14 -= s23 * 997805;
- s15 += s23 * 136657;
- s16 -= s23 * 683901;
-
- s10 += s22 * 666643;
- s11 += s22 * 470296;
- s12 += s22 * 654183;
- s13 -= s22 * 997805;
- s14 += s22 * 136657;
- s15 -= s22 * 683901;
-
- s9 += s21 * 666643;
- s10 += s21 * 470296;
- s11 += s21 * 654183;
- s12 -= s21 * 997805;
- s13 += s21 * 136657;
- s14 -= s21 * 683901;
-
- s8 += s20 * 666643;
- s9 += s20 * 470296;
- s10 += s20 * 654183;
- s11 -= s20 * 997805;
- s12 += s20 * 136657;
- s13 -= s20 * 683901;
-
- s7 += s19 * 666643;
- s8 += s19 * 470296;
- s9 += s19 * 654183;
- s10 -= s19 * 997805;
- s11 += s19 * 136657;
- s12 -= s19 * 683901;
-
- s6 += s18 * 666643;
- s7 += s18 * 470296;
- s8 += s18 * 654183;
- s9 -= s18 * 997805;
- s10 += s18 * 136657;
- s11 -= s18 * 683901;
-
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
- carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
- carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
- carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
- carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
- s5 += s17 * 666643;
- s6 += s17 * 470296;
- s7 += s17 * 654183;
- s8 -= s17 * 997805;
- s9 += s17 * 136657;
- s10 -= s17 * 683901;
-
- s4 += s16 * 666643;
- s5 += s16 * 470296;
- s6 += s16 * 654183;
- s7 -= s16 * 997805;
- s8 += s16 * 136657;
- s9 -= s16 * 683901;
-
- s3 += s15 * 666643;
- s4 += s15 * 470296;
- s5 += s15 * 654183;
- s6 -= s15 * 997805;
- s7 += s15 * 136657;
- s8 -= s15 * 683901;
-
- s2 += s14 * 666643;
- s3 += s14 * 470296;
- s4 += s14 * 654183;
- s5 -= s14 * 997805;
- s6 += s14 * 136657;
- s7 -= s14 * 683901;
-
- s1 += s13 * 666643;
- s2 += s13 * 470296;
- s3 += s13 * 654183;
- s4 -= s13 * 997805;
- s5 += s13 * 136657;
- s6 -= s13 * 683901;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/scrap.txt b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/scrap.txt
deleted file mode 100644
index 9a02605db..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/scrap.txt
+++ /dev/null
@@ -1,53 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
- fe t0;
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-fe_add(r->X,p->Y,p->X);
-
-fe_sub(r->Y,p->Y,p->X);
-
-fe_mul(r->Z,r->X,q->YplusX);
-
-fe_mul(r->Y,r->Y,q->YminusX);
-
-fe_mul(r->T,q->T2d,p->T);
-
-fe_mul(r->X,p->Z,q->Z);
-
-fe_add(t0,r->X,r->X);
-
-fe_sub(r->X,r->Z,r->Y);
-
-fe_add(r->Y,r->Z,r->Y);
-
-fe_add(r->Z,t0,r->T);
-
-fe_sub(r->T,t0,r->T);
-
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sign.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sign.c
deleted file mode 100644
index de53742a6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sign.c
+++ /dev/null
@@ -1,41 +0,0 @@
-#include <string.h>
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "ge.h"
-#include "sc.h"
-
-int crypto_sign(
- unsigned char *sm,unsigned long long *smlen,
- const unsigned char *m,unsigned long long mlen,
- const unsigned char *sk
-)
-{
- unsigned char pk[32];
- unsigned char az[64];
- unsigned char nonce[64];
- unsigned char hram[64];
- ge_p3 R;
-
- memmove(pk,sk + 32,32);
-
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- *smlen = mlen + 64;
- memmove(sm + 64,m,mlen);
- memmove(sm + 32,az + 32,32);
- crypto_hash_sha512(nonce,sm + 32,mlen + 32);
- memmove(sm + 32,pk,32);
-
- sc_reduce(nonce);
- ge_scalarmult_base(&R,nonce);
- ge_p3_tobytes(sm,&R);
-
- crypto_hash_sha512(hram,sm,mlen + 64);
- sc_reduce(hram);
- sc_muladd(sm + 32,hram,az,nonce);
-
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.h b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.h
deleted file mode 100644
index d8caa23b6..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.h
+++ /dev/null
@@ -1 +0,0 @@
--32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.py
deleted file mode 100644
index 9a47fbc12..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/sqrtm1.py
+++ /dev/null
@@ -1,28 +0,0 @@
-q = 2**255 - 19
-
-def expmod(b,e,m):
- if e == 0: return 1
- t = expmod(b,e/2,m)**2 % m
- if e & 1: t = (t*b) % m
- return t
-
-def inv(x):
- return expmod(x,q-2,q)
-
-def radix255(x):
- x = x % q
- if x + x > q: x -= q
- x = [x,0,0,0,0,0,0,0,0,0]
- bits = [26,25,26,25,26,25,26,25,26,25]
- for i in range(9):
- carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
- x[i] -= carry * 2**bits[i]
- x[i + 1] += carry
- result = ""
- for i in range(9):
- result = result+str(x[i])+","
- result = result+str(x[9])
- return result
-
-I = expmod(2,(q-1)/4,q)
-print radix255(I)
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/test.py b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/test.py
deleted file mode 100644
index 10fa408ce..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/test.py
+++ /dev/null
@@ -1,5 +0,0 @@
-import os
-l = "(((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] | s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] | s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] | s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;"
-
-os.system("sed -i 's/crypto_verify_32(s, zero)/"+l+"/' crypto-ops.c")
-
diff --git a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/xmrSpecificOld.c b/src/crypto/shen_ed25519_ref/ref10CommentedCombined/xmrSpecificOld.c
deleted file mode 100644
index e6567c120..000000000
--- a/src/crypto/shen_ed25519_ref/ref10CommentedCombined/xmrSpecificOld.c
+++ /dev/null
@@ -1,776 +0,0 @@
-/*Code inherited from the original cryptonote (I didn't write these) */
-/*These functions either don't exist in, or are modified from ref10*/
-
-
-/* From fe_isnonzero.c, modified */
-
-//x
-static int fe_isnonzero(const fe f) {
- unsigned char s[32];
- fe_tobytes(s, f);
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
-
-//double scalar mult precomp
-void ge_dsm_precomp(ge_dsmp r, const ge_p3 *s) {
- ge_p1p1 t;
- ge_p3 s2, u;
- ge_p3_to_cached(&r[0], s);
- ge_p3_dbl(&t, s); ge_p1p1_to_p3(&s2, &t);
- ge_add(&t, &s2, &r[0]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[1], &u);
- ge_add(&t, &s2, &r[1]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[2], &u);
- ge_add(&t, &s2, &r[2]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[3], &u);
- ge_add(&t, &s2, &r[3]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[4], &u);
- ge_add(&t, &s2, &r[4]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[5], &u);
- ge_add(&t, &s2, &r[5]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[6], &u);
- ge_add(&t, &s2, &r[6]); ge_p1p1_to_p3(&u, &t); ge_p3_to_cached(&r[7], &u);
-}
-
-/*
-r = a * A + b * B
-where a = a[0]+256*a[1]+...+256^31 a[31].
-and b = b[0]+256*b[1]+...+256^31 b[31].
-B is the Ed25519 base point (x,4/5) with x positive.
-*/
-
-void ge_double_scalarmult_base_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);/* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- //so this gets us to the highest i such that both have a nonzero
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);//simple double and add
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_madd(&t, &u, &ge_Bi[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_msub(&t, &u, &ge_Bi[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-
-/* From ge_frombytes.c, modified */
-//this is like xrecover ..
-//x
-int ge_frombytes_vartime(ge_p3 *h, const unsigned char *s) {
- fe u;
- fe v;
- fe vxx;
- fe check;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = (load_3(s + 29) & 8388607) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /* Validate the number to be canonical */
- if (h9 == 33554428 && h8 == 268435440 && h7 == 536870880 && h6 == 2147483520 &&
- h5 == 4294967295 && h4 == 67108860 && h3 == 134217720 && h2 == 536870880 &&
- h1 == 1073741760 && h0 >= 4294967277) {
- return -1;
- }
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- h->Y[0] = h0;
- h->Y[1] = h1;
- h->Y[2] = h2;
- h->Y[3] = h3;
- h->Y[4] = h4;
- h->Y[5] = h5;
- h->Y[6] = h6;
- h->Y[7] = h7;
- h->Y[8] = h8;
- h->Y[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_1(h->Z);
- fe_sq(u, h->Y);
- fe_mul(v, u, fe_d);
- fe_sub(u, u, h->Z); /* u = y^2-1 */
- fe_add(v, v, h->Z); /* v = dy^2+1 */
-
- fe_divpowm1(h->X, u, v); /* x = uv^3(uv^7)^((q-5)/8) */
-
- fe_sq(vxx, h->X);
- fe_mul(vxx, vxx, v);
- fe_sub(check, vxx, u); /* vx^2-u */
- if (fe_isnonzero(check)) {
- fe_add(check, vxx, u); /* vx^2+u */
- if (fe_isnonzero(check)) {
- return -1;
- }
- fe_mul(h->X, h->X, fe_sqrtm1); //this is mapping X to X * sqrt(-1) c.f. 3.1 in hisil, dong, etc.
- }
-
- if (fe_isnegative(h->X) != (s[31] >> 7)) {
- /* If x = 0, the sign must be positive */
- if (!fe_isnonzero(h->X)) {
- return -1;
- }
- fe_neg(h->X, h->X);
- }
-
- fe_mul(h->T, h->X, h->Y);
- return 0;
-}
-
-/* New code */
-/* (u / v)^(m + 1) */
-static void fe_divpowm1(fe r, const fe u, const fe v) {
- fe v3, uv7, t0, t1, t2;
- int i;
-
- fe_sq(v3, v);
- fe_mul(v3, v3, v); /* v3 = v^3 */
- fe_sq(uv7, v3);
- fe_mul(uv7, uv7, v);
- fe_mul(uv7, uv7, u); /* uv7 = uv^7 */
-
- /*fe_pow22523(uv7, uv7);*/
-
- /* From fe_pow22523.c */
-
- fe_sq(t0, uv7);
- fe_sq(t1, t0);
- fe_sq(t1, t1);
- fe_mul(t1, uv7, t1);
- fe_mul(t0, t0, t1);
- fe_sq(t0, t0);
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 4; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 9; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 19; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 10; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t1, t0);
- for (i = 0; i < 49; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t1, t1, t0);
- fe_sq(t2, t1);
- for (i = 0; i < 99; ++i) {
- fe_sq(t2, t2);
- }
- fe_mul(t1, t2, t1);
- for (i = 0; i < 50; ++i) {
- fe_sq(t1, t1);
- }
- fe_mul(t0, t1, t0);
- fe_sq(t0, t0);
- fe_sq(t0, t0);
- fe_mul(t0, t0, uv7);
-
- /* End fe_pow22523.c */
- /* t0 = (uv^7)^((q-5)/8) */
- fe_mul(t0, t0, v3);
- fe_mul(r, t0, u); /* u^(m+1)v^(-(m+1)) */
-}
-
-static void ge_cached_0(ge_cached *r) {
- fe_1(r->YplusX);
- fe_1(r->YminusX);
- fe_1(r->Z);
- fe_0(r->T2d);
-}
-
-static void ge_cached_cmov(ge_cached *t, const ge_cached *u, unsigned char b) {
- fe_cmov(t->YplusX, u->YplusX, b);
- fe_cmov(t->YminusX, u->YminusX, b);
- fe_cmov(t->Z, u->Z, b);
- fe_cmov(t->T2d, u->T2d, b);
-}
-
-/* Assumes that a[31] <= 127 */
-void ge_scalarmult(ge_p2 *r, const unsigned char *a, const ge_p3 *A) {
- signed char e[64];
- int carry, carry2, i;
- ge_cached Ai[8]; /* 1 * A, 2 * A, ..., 8 * A */
- ge_p1p1 t;
- ge_p3 u;
-
- carry = 0; /* 0..1 */
- for (i = 0; i < 31; i++) {
- carry += a[i]; /* 0..256 */
- carry2 = (carry + 8) >> 4; /* 0..16 */
- e[2 * i] = carry - (carry2 << 4); /* -8..7 */
- carry = (carry2 + 8) >> 4; /* 0..1 */
- e[2 * i + 1] = carry2 - (carry << 4); /* -8..7 */
- }
- carry += a[31]; /* 0..128 */
- carry2 = (carry + 8) >> 4; /* 0..8 */
- e[62] = carry - (carry2 << 4); /* -8..7 */
- e[63] = carry2; /* 0..8 */
-
- ge_p3_to_cached(&Ai[0], A);
- for (i = 0; i < 7; i++) {
- ge_add(&t, A, &Ai[i]);
- ge_p1p1_to_p3(&u, &t);
- ge_p3_to_cached(&Ai[i + 1], &u);
- }
-
- ge_p2_0(r);
- for (i = 63; i >= 0; i--) {
- signed char b = e[i];
- unsigned char bnegative = negative(b);
- unsigned char babs = b - (((-bnegative) & b) << 1);
- ge_cached cur, minuscur;
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p2(r, &t);
- ge_p2_dbl(&t, r);
- ge_p1p1_to_p3(&u, &t);
- ge_cached_0(&cur);
- ge_cached_cmov(&cur, &Ai[0], equal(babs, 1));
- ge_cached_cmov(&cur, &Ai[1], equal(babs, 2));
- ge_cached_cmov(&cur, &Ai[2], equal(babs, 3));
- ge_cached_cmov(&cur, &Ai[3], equal(babs, 4));
- ge_cached_cmov(&cur, &Ai[4], equal(babs, 5));
- ge_cached_cmov(&cur, &Ai[5], equal(babs, 6));
- ge_cached_cmov(&cur, &Ai[6], equal(babs, 7));
- ge_cached_cmov(&cur, &Ai[7], equal(babs, 8));
- fe_copy(minuscur.YplusX, cur.YminusX);
- fe_copy(minuscur.YminusX, cur.YplusX);
- fe_copy(minuscur.Z, cur.Z);
- fe_neg(minuscur.T2d, cur.T2d);
- ge_cached_cmov(&cur, &minuscur, bnegative);
- ge_add(&t, &u, &cur);
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//assume Bi has precomputed multiples
-void ge_double_scalarmult_precomp_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b, const ge_dsmp Bii) {
- signed char aslide[256];
- signed char bslide[256];
- ge_dsmp Ai; /* A, 3A, 5A, 7A, 9A, 11A, 13A, 15A */ //precomps
- ge_p1p1 t;
- ge_p3 u;
- int i;
-
- slide(aslide, a);
- slide(bslide, b);
- ge_dsm_precomp(Ai, A);
-
- ge_p2_0(r);
-
- for (i = 255; i >= 0; --i) {
- if (aslide[i] || bslide[i]) break;
- }
-
- for (; i >= 0; --i) {
- ge_p2_dbl(&t, r);
-
- if (aslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Ai[aslide[i]/2]);
- } else if (aslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Ai[(-aslide[i])/2]);
- }
-
- if (bslide[i] > 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_add(&t, &u, &Bii[bslide[i]/2]);
- } else if (bslide[i] < 0) {
- ge_p1p1_to_p3(&u, &t);
- ge_sub(&t, &u, &Bii[(-bslide[i])/2]);
- }
-
- ge_p1p1_to_p2(r, &t);
- }
-}
-
-//x
-void ge_mul8(ge_p1p1 *r, const ge_p2 *t) {
- ge_p2 u;
- ge_p2_dbl(r, t);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
- ge_p1p1_to_p2(&u, r);
- ge_p2_dbl(r, &u);
-}
-
-//x
-void ge_fromfe_frombytes_vartime(ge_p2 *r, const unsigned char *s) {
- fe u, v, w, x, y, z;
- unsigned char sign;
-
- /* From fe_frombytes.c */
-
- int64_t h0 = load_4(s);
- int64_t h1 = load_3(s + 4) << 6;
- int64_t h2 = load_3(s + 7) << 5;
- int64_t h3 = load_3(s + 10) << 3;
- int64_t h4 = load_3(s + 13) << 2;
- int64_t h5 = load_4(s + 16);
- int64_t h6 = load_3(s + 20) << 7;
- int64_t h7 = load_3(s + 23) << 5;
- int64_t h8 = load_3(s + 26) << 4;
- int64_t h9 = load_3(s + 29) << 2;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
- carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
- carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
- carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
- carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
- carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
- carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
- carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
- carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
- carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
- u[0] = h0;
- u[1] = h1;
- u[2] = h2;
- u[3] = h3;
- u[4] = h4;
- u[5] = h5;
- u[6] = h6;
- u[7] = h7;
- u[8] = h8;
- u[9] = h9;
-
- /* End fe_frombytes.c */
-
- fe_sq2(v, u); /* 2 * u^2 */
- fe_1(w);
- fe_add(w, v, w); /* w = 2 * u^2 + 1 */
- fe_sq(x, w); /* w^2 */
- fe_mul(y, fe_ma2, v); /* -2 * A^2 * u^2 */
- fe_add(x, x, y); /* x = w^2 - 2 * A^2 * u^2 */
- fe_divpowm1(r->X, w, x); /* (w / x)^(m + 1) */
- fe_sq(y, r->X);
- fe_mul(x, y, x);
- fe_sub(y, w, x);
- fe_copy(z, fe_ma);
- if (fe_isnonzero(y)) {
- fe_add(y, w, x);
- if (fe_isnonzero(y)) {
- goto negative;
- } else {
- fe_mul(r->X, r->X, fe_fffb1);
- }
- } else {
- fe_mul(r->X, r->X, fe_fffb2);
- }
- fe_mul(r->X, r->X, u); /* u * sqrt(2 * A * (A + 2) * w / x) */
- fe_mul(z, z, v); /* -2 * A * u^2 */
- sign = 0;
- goto setsign;
-negative:
- fe_mul(x, x, fe_sqrtm1);
- fe_sub(y, w, x);
- if (fe_isnonzero(y)) {
- assert((fe_add(y, w, x), !fe_isnonzero(y)));
- fe_mul(r->X, r->X, fe_fffb3);
- } else {
- fe_mul(r->X, r->X, fe_fffb4);
- }
- /* r->X = sqrt(A * (A + 2) * w / x) */
- /* z = -A */
- sign = 1;
-setsign:
- if (fe_isnegative(r->X) != sign) {
- assert(fe_isnonzero(r->X));
- fe_neg(r->X, r->X);
- }
- fe_add(r->Z, z, w);
- fe_sub(r->Y, z, w);
- fe_mul(r->X, r->X, r->Z);
-#if !defined(NDEBUG)
- {
- fe check_x, check_y, check_iz, check_v;
- fe_invert(check_iz, r->Z);
- fe_mul(check_x, r->X, check_iz);
- fe_mul(check_y, r->Y, check_iz);
- fe_sq(check_x, check_x);
- fe_sq(check_y, check_y);
- fe_mul(check_v, check_x, check_y);
- fe_mul(check_v, fe_d, check_v);
- fe_add(check_v, check_v, check_x);
- fe_sub(check_v, check_v, check_y);
- fe_1(check_x);
- fe_add(check_v, check_v, check_x);
- assert(!fe_isnonzero(check_v));
- }
-#endif
-}
-
-//x
-void sc_0(unsigned char *s) {
- int i;
- for (i = 0; i < 32; i++) {
- s[i] = 0;
- }
-}
-
-//x
-void sc_reduce32(unsigned char *s) {
- int64_t s0 = 2097151 & load_3(s);
- int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
- int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
- int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
- int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
- int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
- int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
- int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
- int64_t s8 = 2097151 & load_3(s + 21);
- int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
- int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
- int64_t s11 = (load_4(s + 28) >> 7);
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-//x
-void sc_add(unsigned char *s, const unsigned char *a, const unsigned char *b) {
- int64_t a0 = 2097151 & load_3(a);
- int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
- int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
- int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
- int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
- int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
- int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
- int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
- int64_t a8 = 2097151 & load_3(a + 21);
- int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
- int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
- int64_t a11 = (load_4(a + 28) >> 7);
- int64_t b0 = 2097151 & load_3(b);
- int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
- int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
- int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
- int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
- int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
- int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
- int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
- int64_t b8 = 2097151 & load_3(b + 21);
- int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
- int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
- int64_t b11 = (load_4(b + 28) >> 7);
- int64_t s0 = a0 + b0;
- int64_t s1 = a1 + b1;
- int64_t s2 = a2 + b2;
- int64_t s3 = a3 + b3;
- int64_t s4 = a4 + b4;
- int64_t s5 = a5 + b5;
- int64_t s6 = a6 + b6;
- int64_t s7 = a7 + b7;
- int64_t s8 = a8 + b8;
- int64_t s9 = a9 + b9;
- int64_t s10 = a10 + b10;
- int64_t s11 = a11 + b11;
- int64_t s12 = 0;
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
- int64_t carry10;
- int64_t carry11;
-
- carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
- s12 = 0;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
- carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
- s0 += s12 * 666643;
- s1 += s12 * 470296;
- s2 += s12 * 654183;
- s3 -= s12 * 997805;
- s4 += s12 * 136657;
- s5 -= s12 * 683901;
-
- carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
- carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
- carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
- carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
- carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
- carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
- carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
- carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
- carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
- carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
- carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
- s[0] = s0 >> 0;
- s[1] = s0 >> 8;
- s[2] = (s0 >> 16) | (s1 << 5);
- s[3] = s1 >> 3;
- s[4] = s1 >> 11;
- s[5] = (s1 >> 19) | (s2 << 2);
- s[6] = s2 >> 6;
- s[7] = (s2 >> 14) | (s3 << 7);
- s[8] = s3 >> 1;
- s[9] = s3 >> 9;
- s[10] = (s3 >> 17) | (s4 << 4);
- s[11] = s4 >> 4;
- s[12] = s4 >> 12;
- s[13] = (s4 >> 20) | (s5 << 1);
- s[14] = s5 >> 7;
- s[15] = (s5 >> 15) | (s6 << 6);
- s[16] = s6 >> 2;
- s[17] = s6 >> 10;
- s[18] = (s6 >> 18) | (s7 << 3);
- s[19] = s7 >> 5;
- s[20] = s7 >> 13;
- s[21] = s8 >> 0;
- s[22] = s8 >> 8;
- s[23] = (s8 >> 16) | (s9 << 5);
- s[24] = s9 >> 3;
- s[25] = s9 >> 11;
- s[26] = (s9 >> 19) | (s10 << 2);
- s[27] = s10 >> 6;
- s[28] = (s10 >> 14) | (s11 << 7);
- s[29] = s11 >> 1;
- s[30] = s11 >> 9;
- s[31] = s11 >> 17;
-}
-
-/* Assumes that a != INT64_MIN */
-//x c.f. lt in 32 bit ref
-static int64_t signum(int64_t a) {
- return (a >> 63) - ((-a) >> 63);
-}
-
-//x
-int sc_check(const unsigned char *s) {
- int64_t s0 = load_4(s);
- int64_t s1 = load_4(s + 4);
- int64_t s2 = load_4(s + 8);
- int64_t s3 = load_4(s + 12);
- int64_t s4 = load_4(s + 16);
- int64_t s5 = load_4(s + 20);
- int64_t s6 = load_4(s + 24);
- int64_t s7 = load_4(s + 28);
- return (signum(1559614444 - s0) + (signum(1477600026 - s1) << 1) + (signum(2734136534 - s2) << 2) + (signum(350157278 - s3) << 3) + (signum(-s4) << 4) + (signum(-s5) << 5) + (signum(-s6) << 6) + (signum(268435456 - s7) << 7)) >> 8;
-}
-
-//x
-int sc_isnonzero(const unsigned char *s) {
- return (((int) (s[0] | s[1] | s[2] | s[3] | s[4] | s[5] | s[6] | s[7] | s[8] |
- s[9] | s[10] | s[11] | s[12] | s[13] | s[14] | s[15] | s[16] | s[17] |
- s[18] | s[19] | s[20] | s[21] | s[22] | s[23] | s[24] | s[25] | s[26] |
- s[27] | s[28] | s[29] | s[30] | s[31]) - 1) >> 8) + 1;
-}
diff --git a/src/crypto/shen_ed25519_ref/sha512-blocks.c b/src/crypto/shen_ed25519_ref/sha512-blocks.c
deleted file mode 100755
index c8dbf0d35..000000000
--- a/src/crypto/shen_ed25519_ref/sha512-blocks.c
+++ /dev/null
@@ -1,239 +0,0 @@
-//#include "crypto_hashblocks.h"
-
-typedef unsigned long long uint64;
-
-static uint64 load_bigendian(const unsigned char *x)
-{
- return
- (uint64) (x[7]) \
- | (((uint64) (x[6])) << 8) \
- | (((uint64) (x[5])) << 16) \
- | (((uint64) (x[4])) << 24) \
- | (((uint64) (x[3])) << 32) \
- | (((uint64) (x[2])) << 40) \
- | (((uint64) (x[1])) << 48) \
- | (((uint64) (x[0])) << 56)
- ;
-}
-
-static void store_bigendian(unsigned char *x,uint64 u)
-{
- x[7] = u; u >>= 8;
- x[6] = u; u >>= 8;
- x[5] = u; u >>= 8;
- x[4] = u; u >>= 8;
- x[3] = u; u >>= 8;
- x[2] = u; u >>= 8;
- x[1] = u; u >>= 8;
- x[0] = u;
-}
-
-#define SHR(x,c) ((x) >> (c))
-#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
-
-#define Ch(x,y,z) ((x & y) ^ (~x & z))
-#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
-#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
-#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
-#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
-
-#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
-
-#define EXPAND \
- M(w0 ,w14,w9 ,w1 ) \
- M(w1 ,w15,w10,w2 ) \
- M(w2 ,w0 ,w11,w3 ) \
- M(w3 ,w1 ,w12,w4 ) \
- M(w4 ,w2 ,w13,w5 ) \
- M(w5 ,w3 ,w14,w6 ) \
- M(w6 ,w4 ,w15,w7 ) \
- M(w7 ,w5 ,w0 ,w8 ) \
- M(w8 ,w6 ,w1 ,w9 ) \
- M(w9 ,w7 ,w2 ,w10) \
- M(w10,w8 ,w3 ,w11) \
- M(w11,w9 ,w4 ,w12) \
- M(w12,w10,w5 ,w13) \
- M(w13,w11,w6 ,w14) \
- M(w14,w12,w7 ,w15) \
- M(w15,w13,w8 ,w0 )
-
-#define F(w,k) \
- T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
- T2 = Sigma0(a) + Maj(a,b,c); \
- h = g; \
- g = f; \
- f = e; \
- e = d + T1; \
- d = c; \
- c = b; \
- b = a; \
- a = T1 + T2;
-
-int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
-{
- uint64 state[8];
- uint64 a;
- uint64 b;
- uint64 c;
- uint64 d;
- uint64 e;
- uint64 f;
- uint64 g;
- uint64 h;
- uint64 T1;
- uint64 T2;
-
- a = load_bigendian(statebytes + 0); state[0] = a;
- b = load_bigendian(statebytes + 8); state[1] = b;
- c = load_bigendian(statebytes + 16); state[2] = c;
- d = load_bigendian(statebytes + 24); state[3] = d;
- e = load_bigendian(statebytes + 32); state[4] = e;
- f = load_bigendian(statebytes + 40); state[5] = f;
- g = load_bigendian(statebytes + 48); state[6] = g;
- h = load_bigendian(statebytes + 56); state[7] = h;
-
- while (inlen >= 128) {
- uint64 w0 = load_bigendian(in + 0);
- uint64 w1 = load_bigendian(in + 8);
- uint64 w2 = load_bigendian(in + 16);
- uint64 w3 = load_bigendian(in + 24);
- uint64 w4 = load_bigendian(in + 32);
- uint64 w5 = load_bigendian(in + 40);
- uint64 w6 = load_bigendian(in + 48);
- uint64 w7 = load_bigendian(in + 56);
- uint64 w8 = load_bigendian(in + 64);
- uint64 w9 = load_bigendian(in + 72);
- uint64 w10 = load_bigendian(in + 80);
- uint64 w11 = load_bigendian(in + 88);
- uint64 w12 = load_bigendian(in + 96);
- uint64 w13 = load_bigendian(in + 104);
- uint64 w14 = load_bigendian(in + 112);
- uint64 w15 = load_bigendian(in + 120);
-
- F(w0 ,0x428a2f98d728ae22ULL)
- F(w1 ,0x7137449123ef65cdULL)
- F(w2 ,0xb5c0fbcfec4d3b2fULL)
- F(w3 ,0xe9b5dba58189dbbcULL)
- F(w4 ,0x3956c25bf348b538ULL)
- F(w5 ,0x59f111f1b605d019ULL)
- F(w6 ,0x923f82a4af194f9bULL)
- F(w7 ,0xab1c5ed5da6d8118ULL)
- F(w8 ,0xd807aa98a3030242ULL)
- F(w9 ,0x12835b0145706fbeULL)
- F(w10,0x243185be4ee4b28cULL)
- F(w11,0x550c7dc3d5ffb4e2ULL)
- F(w12,0x72be5d74f27b896fULL)
- F(w13,0x80deb1fe3b1696b1ULL)
- F(w14,0x9bdc06a725c71235ULL)
- F(w15,0xc19bf174cf692694ULL)
-
- EXPAND
-
- F(w0 ,0xe49b69c19ef14ad2ULL)
- F(w1 ,0xefbe4786384f25e3ULL)
- F(w2 ,0x0fc19dc68b8cd5b5ULL)
- F(w3 ,0x240ca1cc77ac9c65ULL)
- F(w4 ,0x2de92c6f592b0275ULL)
- F(w5 ,0x4a7484aa6ea6e483ULL)
- F(w6 ,0x5cb0a9dcbd41fbd4ULL)
- F(w7 ,0x76f988da831153b5ULL)
- F(w8 ,0x983e5152ee66dfabULL)
- F(w9 ,0xa831c66d2db43210ULL)
- F(w10,0xb00327c898fb213fULL)
- F(w11,0xbf597fc7beef0ee4ULL)
- F(w12,0xc6e00bf33da88fc2ULL)
- F(w13,0xd5a79147930aa725ULL)
- F(w14,0x06ca6351e003826fULL)
- F(w15,0x142929670a0e6e70ULL)
-
- EXPAND
-
- F(w0 ,0x27b70a8546d22ffcULL)
- F(w1 ,0x2e1b21385c26c926ULL)
- F(w2 ,0x4d2c6dfc5ac42aedULL)
- F(w3 ,0x53380d139d95b3dfULL)
- F(w4 ,0x650a73548baf63deULL)
- F(w5 ,0x766a0abb3c77b2a8ULL)
- F(w6 ,0x81c2c92e47edaee6ULL)
- F(w7 ,0x92722c851482353bULL)
- F(w8 ,0xa2bfe8a14cf10364ULL)
- F(w9 ,0xa81a664bbc423001ULL)
- F(w10,0xc24b8b70d0f89791ULL)
- F(w11,0xc76c51a30654be30ULL)
- F(w12,0xd192e819d6ef5218ULL)
- F(w13,0xd69906245565a910ULL)
- F(w14,0xf40e35855771202aULL)
- F(w15,0x106aa07032bbd1b8ULL)
-
- EXPAND
-
- F(w0 ,0x19a4c116b8d2d0c8ULL)
- F(w1 ,0x1e376c085141ab53ULL)
- F(w2 ,0x2748774cdf8eeb99ULL)
- F(w3 ,0x34b0bcb5e19b48a8ULL)
- F(w4 ,0x391c0cb3c5c95a63ULL)
- F(w5 ,0x4ed8aa4ae3418acbULL)
- F(w6 ,0x5b9cca4f7763e373ULL)
- F(w7 ,0x682e6ff3d6b2b8a3ULL)
- F(w8 ,0x748f82ee5defb2fcULL)
- F(w9 ,0x78a5636f43172f60ULL)
- F(w10,0x84c87814a1f0ab72ULL)
- F(w11,0x8cc702081a6439ecULL)
- F(w12,0x90befffa23631e28ULL)
- F(w13,0xa4506cebde82bde9ULL)
- F(w14,0xbef9a3f7b2c67915ULL)
- F(w15,0xc67178f2e372532bULL)
-
- EXPAND
-
- F(w0 ,0xca273eceea26619cULL)
- F(w1 ,0xd186b8c721c0c207ULL)
- F(w2 ,0xeada7dd6cde0eb1eULL)
- F(w3 ,0xf57d4f7fee6ed178ULL)
- F(w4 ,0x06f067aa72176fbaULL)
- F(w5 ,0x0a637dc5a2c898a6ULL)
- F(w6 ,0x113f9804bef90daeULL)
- F(w7 ,0x1b710b35131c471bULL)
- F(w8 ,0x28db77f523047d84ULL)
- F(w9 ,0x32caab7b40c72493ULL)
- F(w10,0x3c9ebe0a15c9bebcULL)
- F(w11,0x431d67c49c100d4cULL)
- F(w12,0x4cc5d4becb3e42b6ULL)
- F(w13,0x597f299cfc657e2aULL)
- F(w14,0x5fcb6fab3ad6faecULL)
- F(w15,0x6c44198c4a475817ULL)
-
- a += state[0];
- b += state[1];
- c += state[2];
- d += state[3];
- e += state[4];
- f += state[5];
- g += state[6];
- h += state[7];
-
- state[0] = a;
- state[1] = b;
- state[2] = c;
- state[3] = d;
- state[4] = e;
- state[5] = f;
- state[6] = g;
- state[7] = h;
-
- in += 128;
- inlen -= 128;
- }
-
- store_bigendian(statebytes + 0,state[0]);
- store_bigendian(statebytes + 8,state[1]);
- store_bigendian(statebytes + 16,state[2]);
- store_bigendian(statebytes + 24,state[3]);
- store_bigendian(statebytes + 32,state[4]);
- store_bigendian(statebytes + 40,state[5]);
- store_bigendian(statebytes + 48,state[6]);
- store_bigendian(statebytes + 56,state[7]);
-
- return inlen;
-}
diff --git a/src/crypto/shen_ed25519_ref/sha512-hash.c b/src/crypto/shen_ed25519_ref/sha512-hash.c
deleted file mode 100755
index f2f292505..000000000
--- a/src/crypto/shen_ed25519_ref/sha512-hash.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-20080913
-D. J. Bernstein
-Public domain.
-*/
-
-#include "sha512.h"
-
-extern int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen);
-
-#define blocks crypto_hashblocks
-
-static const unsigned char iv[64] = {
- 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
- 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
- 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
- 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
- 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
- 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
- 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
- 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
-} ;
-
-typedef unsigned long long uint64;
-
-int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen)
-{
- unsigned char h[64];
- unsigned char padded[256];
- int i;
- unsigned long long bytes = inlen;
-
- for (i = 0;i < 64;++i) h[i] = iv[i];
-
- blocks(h,in,inlen);
- in += inlen;
- inlen &= 127;
- in -= inlen;
-
- for (i = 0;i < inlen;++i) padded[i] = in[i];
- padded[inlen] = 0x80;
-
- if (inlen < 112) {
- for (i = inlen + 1;i < 119;++i) padded[i] = 0;
- padded[119] = bytes >> 61;
- padded[120] = bytes >> 53;
- padded[121] = bytes >> 45;
- padded[122] = bytes >> 37;
- padded[123] = bytes >> 29;
- padded[124] = bytes >> 21;
- padded[125] = bytes >> 13;
- padded[126] = bytes >> 5;
- padded[127] = bytes << 3;
- blocks(h,padded,128);
- } else {
- for (i = inlen + 1;i < 247;++i) padded[i] = 0;
- padded[247] = bytes >> 61;
- padded[248] = bytes >> 53;
- padded[249] = bytes >> 45;
- padded[250] = bytes >> 37;
- padded[251] = bytes >> 29;
- padded[252] = bytes >> 21;
- padded[253] = bytes >> 13;
- padded[254] = bytes >> 5;
- padded[255] = bytes << 3;
- blocks(h,padded,256);
- }
-
- for (i = 0;i < 64;++i) out[i] = h[i];
-
- return 0;
-}
diff --git a/src/crypto/shen_ed25519_ref/sha512.h b/src/crypto/shen_ed25519_ref/sha512.h
deleted file mode 100755
index 37376b15d..000000000
--- a/src/crypto/shen_ed25519_ref/sha512.h
+++ /dev/null
@@ -1,4 +0,0 @@
-extern int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen);
-extern int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen);
-
-#define crypto_hash_sha512_BYTES 64
diff --git a/src/crypto/shen_ed25519_ref/verify.c b/src/crypto/shen_ed25519_ref/verify.c
deleted file mode 100755
index a04186b60..000000000
--- a/src/crypto/shen_ed25519_ref/verify.c
+++ /dev/null
@@ -1,40 +0,0 @@
-#include "crypto_verify_32.h"
-
-int crypto_verify_32(const unsigned char *x,const unsigned char *y)
-{
- unsigned int differentbits = 0;
-#define F(i) differentbits |= x[i] ^ y[i];
- F(0)
- F(1)
- F(2)
- F(3)
- F(4)
- F(5)
- F(6)
- F(7)
- F(8)
- F(9)
- F(10)
- F(11)
- F(12)
- F(13)
- F(14)
- F(15)
- F(16)
- F(17)
- F(18)
- F(19)
- F(20)
- F(21)
- F(22)
- F(23)
- F(24)
- F(25)
- F(26)
- F(27)
- F(28)
- F(29)
- F(30)
- F(31)
- return (1 & ((differentbits - 1) >> 8)) - 1;
-}