- A multiple precision algorithm would augment the precision of the destination to accomodate the result while a single precision system would truncate excess bits to maintain a ﬁxed level of precision.
- The same algorithms based on multiple precision integers can accomodate any reasonable size input without the designer’s explicit forethought. This leads to lower cost of ownership for the code as it only has to be written and tested once.

```
typedef struct {
int used, alloc, sign;
mp_digit *dp;
} mp_int;
```

> The pointer *dp* points to a dynamically allocated array of digits that represent the given multiple precision integer.  It is padded with *alloc - used* zero digits.  The array is maintained in a `least significant digit order`.  As a pencil and paper analogy the array is organized such that the right most digits are stored first starting at the location indexed by zero in the array.  For example, if *dp* contains $\lbrace a, b, c, \ldots \rbrace$ where *dp_0 = a*, *dp_1 = b*, *dp_2 = c*, $\ldots$ then it would represent the integer $a + b\beta + c\beta^2 + \ldots$

Calling convention (MPI style)
```
mp_mul(&a, &b, &c); /* c = a * b */
mp_add(&a, &b, &a); /* a = a + b */
mp_sqr(&a, &b); /* b = a * a */
```

$$c = a - b \cdot \lfloor (a \cdot \lfloor 2^q / b \rfloor)/2^q \rfloor$$

$$c = a - b \cdot \lfloor (a \cdot \mu)/2^q \rfloor$$

Let $q_0 = \lfloor a/\beta^{m-1} \rfloor$ represent the input with the irrelevant digits trimmed. Now the modular reduction is trimmed to the almost equivalent equation

$$c = a - b \cdot \lfloor (q_0 \cdot \mu) / \beta^{m+1} \rfloor$$

|Algorithm 1 **mp\_reduce**.                                                                      |
|------------------------------------------------------------------------------------------------|
|**Input**. mp\_int $a$, mp\_int $b$ and $\mu = \lfloor \beta^{2m}/b \rfloor, m = \lceil lg_{\beta}(b) \rceil, (0 \le a < b^2, b > 1)$  |
|**Output**. $a \mbox{ (mod }b\mbox{)}$                                                      |
|Let $m$ represent the number of digits in $b$.                                              |
|1. Make a copy of $a$ and store it in $q$. (*mp\_init\_copy*)                                 |
|2. $q \leftarrow \lfloor q / \beta^{m - 1} \rfloor$ (*mp\_rshd*) |
|Produce the quotient.  |
|3. $q \leftarrow q \cdot \mu$ (*note: only produce digits at or above $m-1$*)|       
|4. $q \leftarrow \lfloor q / \beta^{m + 1} \rfloor$                                           |
|Subtract the multiple of modulus from the input.                                             |
|5. $a \leftarrow a \mbox{ (mod }\beta^{m+1}\mbox{)}$ (*mp\_mod\_2d*)                      |
|6. $q \leftarrow q \cdot b \mbox{ (mod }\beta^{m+1}\mbox{)}$  (*s\_mp\_mul\_digs*)   |
|7. $a \leftarrow a - q$ (*mp\_sub*)                                                            |
|Add $\beta^{m+1}$ if a carry occured.                                                          |
|8. If $a < 0$ then (*mp\_cmp\_d*)                                                              |
|8.1 $q \leftarrow 1$ (*mp\_set*)                                                              |
|8.2 $q \leftarrow q \cdot \beta^{m+1}$ (*mp\_lshd*)                                            |
|8.3 $a \leftarrow a + q$                                                                       |
|Now subtract the modulus if the residue is too large (e.g. quotient too small.)                |       
|9. While $a \ge b$ do (*mp\_cmp*)                                                              |
|9.1 $c \leftarrow a - b$                                                                       |
|10. Clear $q$.                                                                                 |
|11. Return(*MP\_OKAY*)                                                                         |

|Algorithm 2 Barrett Reduction                                                                                  |
|:--------------------------------------------------------------------|
|Input: $0 \leq T = (T_{2k−1}, T_{2k−2},..., T_1, T_0)_b < b^{2k}, N, b \geq 3$, $k = \lfloor logb N \rfloor +1$ and $\mu$|
|Output: $R ≡ (R_{k−1}, ... ,R_0)_b = T\mbox{ (mod }mod N\mbox{)}$                                                               |
|1: $q_1 =\lfloor T/b^{k-1} \rfloor$ (Bitwise Shift Right)                                                                       |
|2: $q_2 = q_1 · μ $ (Multiplication)                                                                               |
|3: $q_3 = \lfloor q_2/b^{k+1} \rfloor$ (Bitwise Shift Right)                                                                      |
|4: $R_1 = T \mbox{ (mod } b^{k+1}\mbox{)}$ (Truncation)                                                                          |
|5: $R_2 = q_3 · N \mbox{ (mod } b^{k+1}\mbox{)}$ (Multiplication + Truncation)                                                    |
|6: $R = R_1 − R_2$ (Subtraction)                                                                                  |
|7: If $(R < 0)$ then $R = R + b^{k+1}$ (Addition)                                                               |
|8: While ($R \geq N)$ do $R = R − N$ (Subtraction)                                                              |
|9: Return $R$                                                                                                   |

|Algorithm 3 Computation of $\mu$                                               |
|------------------------------------------|
|Input: $p$, and $k = \lfloor logb N\rfloor + 1$                                 |
|Output: $\mu = \lfloor b^{2k}/N \rfloor$                                        |
|1: $\mu = b^k$                                                                  |
|2: Repeat                                                                       |
|3: $S = μ$                                                                      |
|4: $μ = 2μ − \lfloor (\lfloor μ^2/b^k \rfloor \cdot N )/ b^k \rfloor  $           |
|5: Until $μ \leq S$                                                             |
|6: $t = b^{2k} − N \cdot μ$                                                     |
|7: While ($t < 0$) do                                                           |
|8: $μ = μ − 1$                                                                  |
|9: $t = t + N$                                                                  |
|10: Return $R$                                                                  |

In [11]:
%%writefile barret.cpp


#include <iostream>
#include "big.h"
using namespace std;
Miracl precision(400,10);

Big barret_setup (Big b)
{
  Big     x;
  x = pow((Big)2, 2*bits(b));
  x = x/b;
  return x;
}

Big barret_reduction (Big x, Big m, Big mu)
{
  Big  q, b, temp, zero;
  int ix, iq;
  temp = 1;
  /* q = x */
  q = x;
  q = q >> (bits(m)-1);
  q = mu * q;

  q = q >> (bits(m)+1);

  temp = pow((Big)2, bits(m)+1);
  x = x % temp;
  
  cout << "x="<< x << endl;

  q =q * m;
  temp = pow((Big)2, bits(m)+1);
  q = q % temp;
  cout << "q=" << q << endl <<"m=" << m << endl;
  x = x - q;
  if (x < 0) {
    b = pow((Big)2, bits(m)+1);
    x = x + b;
    cout << "b=" << b << endl;
  }
  while (x > m)  x = x - m; 
  cout << "x=" << x << endl;

  return x;
}
int  main()
{
    Big a,b,c,mu;
   /*  initialize  a,b  to  desired  values,  mp_init  mu, c  and  set  c  to  1...we  want  to  compute  a^3  mod  b   */
    a = 1601613;
    b = 201;
    /*  get  mu  value  */
    mu = barret_setup(b);
    /*  now  reduce a modulo b */
    c = barret_reduction (a, b, mu);
    cout << "number = " << c << endl;
    
    return  1;
}

Overwriting barret.cpp


In [12]:
%%bash 
g++ barret.cpp big.cpp miracl.a -o barret
./barret

x=77
q=142
m=201
b=512
x=45
number = 45


### Montgomery Mutiplication

In [13]:
%%writefile Mont.cpp
#include <iostream>
#include "big.h"
#include "zzn.h"
#include <math.h>

using namespace std;

Miracl precision(400,10);

Big bitvar(Big a, int base, int inradix ){
   Big x, temp;
   int i;
   x = 0;
   temp = 1;
   for (i=0; i < inradix; i++){
        x = x + bit(a,base+i)*temp;
        temp = temp *2;     
    }
   return x;
}    
   

Big mont_setup (Big p, int radix)
{
  Big     x, temp;
  temp = pow((Big)2, radix);
  x = inverse(p, temp);//p^-1 mod 2
  x = (temp-x)%temp;
  return x;
}

Big mont_full (Big a, Big b, Big p, Big p_p)
{
    Big c, q, temp;
    temp = pow((Big)2, bits(p));
    c = a*b;
    q = ((c % temp) * p_p) % temp;
    c = (c+q*p)/temp;
    if(c>=p)  c = c -p;
    return c;
}


Big mont_mul (Big a, Big b, Big p, Big p_p, int inradix)
{
  Big  q, temp, c;
  int i, iter;
  temp = 0;
  c = 0;
  temp = pow((Big)2, inradix);
  if(bits(p)%2==0)  iter = bits(p)/inradix;
  else      iter = (bits(p)/inradix)+1;

  for (i=0; i< iter; i++){
    // method 1
        q = ((bitvar(c,0,inradix)+bitvar(a,i*inradix,inradix)*bitvar(b,0,inradix))*p_p) % temp;
 //       for(int j = inradix-1; j>=0; j--)
 //           cout<<bit(c,j);
 //       cout << endl;
         c = c+bitvar(a,i*inradix,inradix)*b+q*p;
  //      cout << "c=" << c << endl;
  //      for(int j =inradix-1; j>=0; j--)
  //          cout<<bit(c,j);
  //      cout << endl;
        c = c /temp;
        
        /*
       // method 2
         c = c + bit(a,i)*b;
         q = inverse(bit(p,0), 2);
         q = (bit(c,0)*q)%2;
         
         //cout << "q=" << q << endl;
         c = c+q*p;
         c = c/2;
      */ 
      /*
      // method 3
         c = c + bit(a,i)*b;
         if(bit(c,0)==1){
            c = c + p;
        }
         c=c/2;
        */
  }
 /* Back off if it's too big */
  if (c >= p) {
    c = c - p;
  }
  //cout << "c=" << c << endl;

  return c;
}
  

int  main()
{
    Big a, b, c, p, mu, ina, inb, outc, temp, test;
    ZZn na, nb, nc;
    int radix, inradix;
    a = 155;
    b = 174;
    p = 201;
    temp = pow((Big)2, 2*bits(p));
    temp = temp % 201;
        
    inradix = 0;
    radix = 16;// 2^4
    while (radix > 1){
        inradix = inradix+1;
        radix = radix/2;
    }
    /*  get  mu  value  */
    mu = mont_setup(bitvar(p,0,inradix), inradix);
    cout << "mu=" << mu <<endl;
        
    // using radix2
    ina = mont_mul(a, temp, p, mu, inradix);
    inb = mont_mul(b, temp, p, mu, inradix);
    cout << "ina=" << ina << endl;
    cout << "inb=" << inb << endl;
    outc =  mont_mul(ina, inb, p, mu, inradix);
    cout << "outc=" << outc << endl;
    /*  now  reduce a modulo b */
    c = mont_mul (outc,(Big)1, p, mu, inradix);
    cout << "number = " << c << endl;
    
    // using full word, no radix   
    temp = pow((Big)2, 16);
      
    mu = mont_setup(p, bits(p));
    cout << "mu2=" << mu <<endl;
       
    temp = temp % 201;
    ina = mont_full(a, temp, p, mu);
    inb = mont_full(b, temp, p, mu);
    outc = mont_full(ina, inb, p, mu);
    cout <<"ina=" << ina << endl;
    cout <<"inb=" << inb << endl;
    cout <<"outc=" << outc << endl;
    c = mont_full(outc, (Big)1, p, mu);
    cout << "number2 = " << c << endl;
      
    // Using built-in montgomery multiplication
    modulo(p);
    //prepare_monty((Big)201);
    na = a;
    nb = b;
    nc = a*b;
    c = nc;
    /*
    nres(a, ina);
    nres(b, inb);
    nres_modmult(ina, inb , outc);
    redc(outc,c);
    */
    temp= inverse(a, p);
    //temp((Big)na.getzzn());
    temp = 26*temp;
    cout << "ina=";
    otnum(na.getzzn(), stdout);
    cout << "inb=" ;
    otnum(nb.getzzn(), stdout);
    cout << "outc=";
    otnum(nc.getzzn(), stdout);
    cout << "number3=" <<  c << endl;    
    return  1;
}


Writing Mont.cpp


In [18]:
%%bash
g++ Mont.cpp big.cpp zzn.cpp miracl.a -o Mont
./Mont

mu=7
ina=83
inb=123
outc=171
number = 36
mu2=135
ina=83
inb=123
outc=171
number2 = 36
ina=26
inb=24
outc=102
number3=36


### Karatsuba Multiplication

In [37]:
%%writefile karatsuba.cpp

#include <iostream>
#include "big.h"
using namespace std;
Miracl precision(400,10);


const int _CUTOFF = 1536;

Big karatsuba_mul (Big x, Big y)
{
  Big  mask, xlow, ylow, xhigh, yhigh, a, b, c, d;
  int n, half;
  // Base case
  if ( bits(x) <= _CUTOFF || bits(y) <= _CUTOFF)  return x * y ;
  else {
        n = max(bits(x), bits(y));
        half = (n + 32) / 64 * 32 ;
        mask = Big((1 << half) - 1);
        xlow = land(x, mask);
        ylow = land(y, mask);
        xhigh = x >> half;
        yhigh = y >> half;

        a = karatsuba_mul(xhigh, yhigh);
        b = karatsuba_mul(xlow + xhigh, ylow + yhigh);
        c = karatsuba_mul(xlow, ylow);
        d = b - a - c
        return (((a << half) + d) << half) + c;
  }
  
}
int  main()
{
    Big a,b,c;
    a = 1601613;
    b = 201;
    c = karatsuba_mul (a, b);
    cout << "number = " << c << endl;  
    return  1;
}

Overwriting karatsuba.cpp


In [38]:
%%bash
g++ karatsuba.cpp big.cpp miracl.a -o karatsuba

karatsuba.cpp: In function ‘Big karatsuba_mul(Big, Big)’:
karatsuba.cpp:20:18: error: no match for ‘operator&’ (operand types are ‘Big’ and ‘Big’)
         xlow = x & mask;
                  ^
In file included from /usr/include/c++/5/ios:42:0,
                 from /usr/include/c++/5/ostream:38,
                 from /usr/include/c++/5/iostream:39,
                 from karatsuba.cpp:2:
/usr/include/c++/5/bits/ios_base.h:81:3: note: candidate: std::_Ios_Fmtflags std::operator&(std::_Ios_Fmtflags, std::_Ios_Fmtflags)
   operator&(_Ios_Fmtflags __a, _Ios_Fmtflags __b)
   ^
/usr/include/c++/5/bits/ios_base.h:81:3: note:   no known conversion for argument 1 from ‘Big’ to ‘std::_Ios_Fmtflags’
/usr/include/c++/5/bits/ios_base.h:121:3: note: candidate: std::_Ios_Openmode std::operator&(std::_Ios_Openmode, std::_Ios_Openmode)
   operator&(_Ios_Openmode __a, _Ios_Openmode __b)
   ^
/usr/include/c++/5/bits/ios_base.h:121:3: note:   no known conversion for argument 1 from ‘Big’ to ‘std::_Ios_Open

In [22]:
# Requires Python version >= 2.7 because of long.bit_length().
# Requirement: _CUTOFF >= 64, or else there will be infinite recursion.
_CUTOFF = 1536

def multiply(x, y):
    if x.bit_length() <= _CUTOFF or y.bit_length() <= _CUTOFF:  # Base case
        return x * y  
    else:
        n = max(x.bit_length(), y.bit_length())
        half = (n + 32) // 64 * 32
        mask = (1 << half) - 1
        xlow = x & mask
        ylow = y & mask
        xhigh = x >> half
        yhigh = y >> half

        a = multiply(xhigh, yhigh)
        b = multiply(xlow + xhigh, ylow + yhigh)
        c = multiply(xlow, ylow)
        d = b - a - c
        return (((a << half) + d) << half) + c

In [24]:
hex(multiply(0xFFFFFFFF, 0x11111111))

'0x11111110eeeeeeef'

In [25]:
hex(multiply(0x87609798870979228866001198790ACDFFFFEEEE756868ABAABB564312345678, 0xAAAA1122907567841367868987091789876582228769815290789878AAA7DCAC))

'0x5a4013dfa63fa51db98a302172759f4140ff7f8f0100f7611012289b5371283d537fccc3202cd44ae56e00920e05cc4d0b31b29143bb076927f702854dc138a0'