square method

Implementation

@override
Bls12Fp square() {
  var tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[1], BigInt.zero);
  BigInt t1 = tmp[0];
  BigInt carry = tmp[1];

  tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[2], carry);
  BigInt t2 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[3], carry);
  BigInt t3 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[4], carry);
  BigInt t4 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[5], carry);
  BigInt t5 = tmp[0];
  BigInt t6 = tmp[1];

  tmp = BigintUtils.mac(t3, limbs[1], limbs[2], BigInt.zero);
  t3 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t4, limbs[1], limbs[3], carry);
  t4 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t5, limbs[1], limbs[4], carry);
  t5 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t6, limbs[1], limbs[5], carry);
  t6 = tmp[0];
  BigInt t7 = tmp[1];

  ///
  tmp = BigintUtils.mac(t5, limbs[2], limbs[3], BigInt.zero);
  t5 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t6, limbs[2], limbs[4], carry);
  t6 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t7, limbs[2], limbs[5], carry);
  t7 = tmp[0];
  BigInt t8 = tmp[1];
  //
  tmp = BigintUtils.mac(t7, limbs[3], limbs[4], BigInt.zero);
  t7 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t8, limbs[3], limbs[5], carry);
  t8 = tmp[0];
  BigInt t9 = tmp[1];

  tmp = BigintUtils.mac(t9, limbs[4], limbs[5], BigInt.zero);
  t9 = tmp[0];
  BigInt t10 = tmp[1];

  // Double the cross products
  BigInt t11 = (t10 >> 63).toU64;
  t10 = ((t10 << 1) | (t9 >> 63)).toU64;
  t9 = ((t9 << 1) | (t8 >> 63)).toU64;
  t8 = ((t8 << 1) | (t7 >> 63)).toU64;
  t7 = ((t7 << 1) | (t6 >> 63)).toU64;
  t6 = ((t6 << 1) | (t5 >> 63)).toU64;
  t5 = ((t5 << 1) | (t4 >> 63)).toU64;
  t4 = ((t4 << 1) | (t3 >> 63)).toU64;
  t3 = ((t3 << 1) | (t2 >> 63)).toU64;
  t2 = ((t2 << 1) | (t1 >> 63)).toU64;
  t1 = (t1 << 1).toU64;

  // Square the limbs and accumulate
  tmp = BigintUtils.mac(BigInt.zero, limbs[0], limbs[0], BigInt.zero);
  BigInt t0 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t1, BigInt.zero, carry);
  t1 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t2, limbs[1], limbs[1], carry);
  t2 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t3, BigInt.zero, carry);
  t3 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t4, limbs[2], limbs[2], carry);
  t4 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t5, BigInt.zero, carry);
  t5 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t6, limbs[3], limbs[3], carry);
  t6 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t7, BigInt.zero, carry);
  t7 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t8, limbs[4], limbs[4], carry);
  t8 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t9, BigInt.zero, carry);
  t9 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.mac(t10, limbs[5], limbs[5], carry);
  t10 = tmp[0];
  carry = tmp[1];

  tmp = BigintUtils.adc(t11, BigInt.zero, carry);
  t11 = tmp[0];
  // final carry ignored
  // --- Montgomery reduction -------------------------------------------------
  return Bls12Fp.montgomeryReduce(
    t0,
    t1,
    t2,
    t3,
    t4,
    t5,
    t6,
    t7,
    t8,
    t9,
    t10,
    t11,
  );
}