plonky2/evm/src/cpu/kernel/asm/bignum/modexp.asm

// Arithmetic on little-endian integers represented with 128-bit limbs.
// All integers must be under a given length bound, and are padded with leading zeroes.

// Stores b ^ e % m in output_loc, leaving b, e, and m unchanged.
// b, e, and m must have the same length.
// output_loc must have size length and be initialized with zeroes; scratch_1 must have size length.
// All of scratch_2..scratch_5 must have size 2 * length and be initialized with zeroes.
global modexp_bignum:
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // We store the repeated-squares accumulator x_i in scratch_1, starting with x_0 := b.
    DUP1
    // stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP3
    // stack: b_start_loc, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP8
    // stack: scratch_1, b_start_loc, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %memcpy_kernel_general
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // We store the accumulated output value x_i in output_loc, starting with x_0=1.
    PUSH 1
    // stack: 1, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP6
    // stack: output_loc, 1, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5,  retdest
    %mstore_kernel_general

modexp_loop:
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // y := e % 2
    DUP3
    // stack: e_start_loc, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %mload_kernel_general
    // stack: e_first, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %mod_const(2)
    // stack: y = e_first % 2 = e % 2, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    ISZERO
    // stack: y == 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jumpi(modexp_y_0)

    // if y == 1, modular-multiply output_loc by scratch_1, using scratch_2..scratch_4 as scratch space, and store in scratch_5.
    PUSH modexp_mul_return
    // stack: modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP14
    // stack: scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP9
    // stack: m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP12
    // stack: scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP12
    // stack: output_loc, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP9
    // stack: length, output_loc, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jump(modmul_bignum)
modexp_mul_return:
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // Copy scratch_5 to output_loc.
    DUP1
    // stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP11
    // stack: scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP7
    // stack: output_loc, scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %memcpy_kernel_general
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // Zero out scratch_2..scratch_5.
    DUP1
    // stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %mul_const(8)
    // stack: 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP8
    // stack: scratch_2, 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %clear_kernel_general
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

modexp_y_0:
    // if y == 0, do nothing

    // Modular-square repeated-squares accumulator x_i (in scratch_1), using scratch_2..scratch_4 as scratch space, and store in scratch_5.
    PUSH modexp_square_return
    // stack: modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP10
    // stack: scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP14
    // stack: scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP9
    // stack: m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP12
    // stack: scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP1
    // stack: scratch_1, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP9
    // stack: length, scratch_1, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jump(modmul_bignum)
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

modexp_square_return:
    // Copy scratch_5 to scratch_1.
    DUP1
    // stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP11
    // stack: scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP8
    // stack: scratch_1, scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %memcpy_kernel_general
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // Zero out scratch_2..scratch_5.
    DUP1
    // stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %mul_const(8)
    // stack: 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP8
    // stack: scratch_2, 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %clear_kernel_general
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // e //= 2 (with shr_bignum)

    PUSH modexp_shr_return
    // stack: modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP4
    // stack: e_start_loc, modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP3
    // stack: length, e_start_loc, modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jump(shr_bignum)
modexp_shr_return:
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest

    // check if e == 0 (with iszero_bignum)
    PUSH modexp_iszero_return
    // stack: modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP4
    // stack: e_start_loc, modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    DUP3
    // stack: length, e_start_loc, modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jump(iszero_bignum)
modexp_iszero_return:
    // stack: e == 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    ISZERO
    // stack: e != 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %jumpi(modexp_loop)
modexp_end:
    // stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest
    %rep 10
        POP
    %endrep
    // stack: retdest
    JUMP
modmul and modexp 2023-03-07 15:15:20 -08:00			`// Arithmetic on little-endian integers represented with 128-bit limbs.`
			`// All integers must be under a given length bound, and are padded with leading zeroes.`

			`// Stores b ^ e % m in output_loc, leaving b, e, and m unchanged.`
			`// b, e, and m must have the same length.`
			`// output_loc must have size length and be initialized with zeroes; scratch_1 must have size length.`
modexp fix 2023-02-21 17:04:25 -08:00			`// All of scratch_2..scratch_5 must have size 2 * length and be initialized with zeroes.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`global modexp_bignum:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`// We store the repeated-squares accumulator x_i in scratch_1, starting with x_0 := b.`
			`DUP1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP3`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: b_start_loc, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP8`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_1, b_start_loc, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%memcpy_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`// We store the accumulated output value x_i in output_loc, starting with x_0=1.`
			`PUSH 1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: 1, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP6`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: output_loc, 1, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%mstore_kernel_general`

			`modexp_loop:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`// y := e % 2`
			`DUP3`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e_start_loc, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%mload_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e_first, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%mod_const(2)`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: y = e_first % 2 = e % 2, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`ISZERO`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: y == 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jumpi(modexp_y_0)`

modexp fix 2023-02-21 17:04:25 -08:00			`// if y == 1, modular-multiply output_loc by scratch_1, using scratch_2..scratch_4 as scratch space, and store in scratch_5.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`PUSH modexp_mul_return`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP10`
			`// stack: scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP10`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP10`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP14`
			`// stack: scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP9`
			`// stack: m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP12`
			`// stack: scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP12`
			`// stack: output_loc, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP9`
			`// stack: length, output_loc, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_mul_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jump(modmul_bignum)`
			`modexp_mul_return:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
modexp fix 2023-02-21 17:04:25 -08:00			`// Copy scratch_5 to output_loc.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP11`
			`// stack: scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP7`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: output_loc, scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%memcpy_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
modexp fix 2023-02-21 17:04:25 -08:00			`// Zero out scratch_2..scratch_5.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`%mul_const(8)`
			`// stack: 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP8`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_2, 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%clear_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`modexp_y_0:`
			`// if y == 0, do nothing`

modexp fix 2023-02-21 17:04:25 -08:00			`// Modular-square repeated-squares accumulator x_i (in scratch_1), using scratch_2..scratch_4 as scratch space, and store in scratch_5.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`PUSH modexp_square_return`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP10`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP10`
			`// stack: scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP10`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP14`
			`// stack: scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP9`
			`// stack: m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP12`
			`// stack: scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP1`
			`// stack: scratch_1, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP9`
			`// stack: length, scratch_1, scratch_1, m_start_loc, scratch_5, scratch_2, scratch_3, scratch_4, modexp_square_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jump(modmul_bignum)`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`modexp_square_return:`
modexp fix 2023-02-21 17:04:25 -08:00			`// Copy scratch_5 to scratch_1.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`DUP11`
			`// stack: scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP8`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_1, scratch_5, length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%memcpy_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
modexp fix 2023-02-21 17:04:25 -08:00			`// Zero out scratch_2..scratch_5.`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP1`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`%mul_const(8)`
			`// stack: 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP8`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: scratch_2, 8 * length, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%clear_kernel_general`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
modexp fix 2023-02-21 17:04:25 -08:00			`// e //= 2 (with shr_bignum)`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`PUSH modexp_shr_return`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP4`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e_start_loc, modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP3`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, e_start_loc, modexp_shr_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jump(shr_bignum)`
			`modexp_shr_return:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00
			`// check if e == 0 (with iszero_bignum)`
			`PUSH modexp_iszero_return`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP4`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e_start_loc, modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`DUP3`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, e_start_loc, modexp_iszero_return, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jump(iszero_bignum)`
			`modexp_iszero_return:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e == 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`ISZERO`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: e != 0, length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
modmul and modexp 2023-03-07 15:15:20 -08:00			`%jumpi(modexp_loop)`
			`modexp_end:`
modexp fix 2023-02-21 17:04:25 -08:00			`// stack: length, b_start_loc, e_start_loc, m_start_loc, output_loc, scratch_1, scratch_2, scratch_3, scratch_4, scratch_5, retdest`
			`%rep 10`
modmul and modexp 2023-03-07 15:15:20 -08:00			`POP`
			`%endrep`
			`// stack: retdest`
			`JUMP`