| | Input: integera a and c = (c15, c14, …, c0) in base 232; . | | | Output: (c+a) mod p | | (1) | s1 = (c7, c6, c5, c4, c3, c2, c1, c0); s2 = (c15, 0, 0, 0, 0, 0, 0, c8); | | | s3 = (c14, 0, 0, c14, c14, 0, c14, c14); s4 = (c13, 0, 0, 0, c13, 0, c13, c13); | | | s5 = (c12, 0, c15, 0, 0, 0, c15, c15); s6 = (c11, c11, c13, c13, c11, 0, c11, c11); | | | s7 = (c10, c15, c10, 0, 0, 0, c10, c10); s8 = (c9, c14, c14, c15, c15, 0, c9, c9); | | | s9 = (c8, 0, 0, c9, c8, 0, 0, 0); s10 = (0, 0, 0, c12, c12, 0, c12, c12); | | | s11 = (0, 0, 0, 0, c14, c14, 0, 0); s12 = (0, 0, 0, 0, 0, c9, 0, c8); | | | s13 = (0, 0, 0, 0, 0, c13, c13, 0); s14 = (0, 0, 0, 0, 0, c8, 0, c8); | | | Z1 = s1+ 3s2 + 2s3 + 2s4 + 2s5 + s6 + s7 + s8 + s9 +s10– s11– s12– s13 – s14 – a + p = (r8, r7, r6, r5, r4, r3, r2, r1, r0) | | (2) | s15 = (r7, r6, r5, r4, r3, r2, r1, r0); s16 = (r8, 0, 0, 0, r8, 0, 0, r8); s17 = (0, 0, 0, 0, 0, r8, 0, 0); | | | Z2 = s15 – s16 – s17; | | | Z3 = Z2 – p; | | | If Z3≥0, return Z3 | | | else return Z2 |
|
