1
2
3(* Copyright (c) 2011-2020 Stefan Krah. All rights reserved. *)
4
5
6==========================================================================
7                Calculate (a * b) % p using special primes
8==========================================================================
9
10A description of the algorithm can be found in the apfloat manual by
11Tommila [1].
12
13
14Definitions:
15------------
16
17In the whole document, "==" stands for "is congruent with".
18
19Result of a * b in terms of high/low words:
20
21   (1) hi * 2**64 + lo = a * b
22
23Special primes:
24
25   (2) p = 2**64 - z + 1, where z = 2**n
26
27Single step modular reduction:
28
29   (3) R(hi, lo) = hi * z - hi + lo
30
31
32Strategy:
33---------
34
35   a) Set (hi, lo) to the result of a * b.
36
37   b) Set (hi', lo') to the result of R(hi, lo).
38
39   c) Repeat step b) until 0 <= hi' * 2**64 + lo' < 2*p.
40
41   d) If the result is less than p, return lo'. Otherwise return lo' - p.
42
43
44The reduction step b) preserves congruence:
45-------------------------------------------
46
47    hi * 2**64 + lo == hi * z - hi + lo   (mod p)
48
49    Proof:
50    ~~~~~~
51
52       hi * 2**64 + lo = (2**64 - z + 1) * hi + z * hi - hi + lo
53
54                       = p * hi               + z * hi - hi + lo
55
56                       == z * hi - hi + lo   (mod p)
57
58
59Maximum numbers of step b):
60---------------------------
61
62# To avoid unnecessary formalism, define:
63
64def R(hi, lo, z):
65     return divmod(hi * z - hi + lo, 2**64)
66
67# For simplicity, assume hi=2**64-1, lo=2**64-1 after the
68# initial multiplication a * b. This is of course impossible
69# but certainly covers all cases.
70
71# Then, for p1:
72hi=2**64-1; lo=2**64-1; z=2**32
73p1 = 2**64 - z + 1
74
75hi, lo = R(hi, lo, z)    # First reduction
76hi, lo = R(hi, lo, z)    # Second reduction
77hi * 2**64 + lo < 2 * p1 # True
78
79# For p2:
80hi=2**64-1; lo=2**64-1; z=2**34
81p2 = 2**64 - z + 1
82
83hi, lo = R(hi, lo, z)    # First reduction
84hi, lo = R(hi, lo, z)    # Second reduction
85hi, lo = R(hi, lo, z)    # Third reduction
86hi * 2**64 + lo < 2 * p2 # True
87
88# For p3:
89hi=2**64-1; lo=2**64-1; z=2**40
90p3 = 2**64 - z + 1
91
92hi, lo = R(hi, lo, z)    # First reduction
93hi, lo = R(hi, lo, z)    # Second reduction
94hi, lo = R(hi, lo, z)    # Third reduction
95hi * 2**64 + lo < 2 * p3 # True
96
97
98Step d) preserves congruence and yields a result < p:
99-----------------------------------------------------
100
101   Case hi = 0:
102
103       Case lo < p: trivial.
104
105       Case lo >= p:
106
107          lo == lo - p   (mod p)             # result is congruent
108
109          p <= lo < 2*p  ->  0 <= lo - p < p # result is in the correct range
110
111   Case hi = 1:
112
113       p < 2**64 /\ 2**64 + lo < 2*p  ->  lo < p  # lo is always less than p
114
115       2**64 + lo == 2**64 + (lo - p)   (mod p)   # result is congruent
116
117                  = lo - p   # exactly the same value as the previous RHS
118                             # in uint64_t arithmetic.
119
120       p < 2**64 + lo < 2*p  ->  0 < 2**64 + (lo - p) < p  # correct range
121
122
123
124[1]  http://www.apfloat.org/apfloat/2.40/apfloat.pdf
125
126
127
128