improve REDC

Author: hurchalla

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/MontgomeryForm.h

@@ -111,19 +111,25 @@ class MontgomeryForm final {
 
     // Returns the converted value of the standard number 'a' into monty form.
     // Requires a >= 0.  (Note there is no restriction on how large 'a' can be.)
-    HURCHALLA_FORCE_INLINE
+    // Normally you don't want to specify PTAG (just accept the default).
+    // For advanced use: PTAG can be either LowlatencyTag or LowuopsTag, which
+    // will optimize this function for either low latency or a low uop count.
+    template <class PTAG = LowuopsTag> HURCHALLA_FORCE_INLINE
     MontgomeryValue convertIn(T a) const
     {
         HPBC_CLOCKWORK_API_PRECONDITION(a >= 0);
-        return impl.convertIn(a);
+        return impl.template convertIn<PTAG>(a);
     }
 
     // Converts (montgomery value) x into a "normal" number; returns the result.
     // Guarantees 0 <= result < modulus.
-    HURCHALLA_FORCE_INLINE
+    // Normally you don't want to specify PTAG (just accept the default).
+    // For advanced use: PTAG can be either LowlatencyTag or LowuopsTag, which
+    // will optimize this function for either low latency or a low uop count.
+    template <class PTAG = LowuopsTag> HURCHALLA_FORCE_INLINE
     T convertOut(MontgomeryValue x) const
     {
-        T a = impl.convertOut(x);
+        T a = impl.template convertOut<PTAG>(x);
         HPBC_CLOCKWORK_POSTCONDITION(0 <= a && a < getModulus());
         return a;
     }
@@ -556,7 +562,7 @@ class MontgomeryForm final {
 
     // Returns the Montgomery division of x by a small power of two (requires
     // 0 <= power <= 7, which translates to Montgomery division by 1,2,4,8,16,
-    // 32,64, or 128). This function always produces an exact correct result.
+    // 32,64, or 128). This function always produces an exactly correct result.
     // Note that Montgomery division is modular division, which is different
     // from normal and non modular division - modular division performs modular
     // multiplication by the modular multiplicative inverse of the divisor. So,
@@ -617,10 +623,11 @@ class MontgomeryForm final {
     // If you have already instantiated this MontgomeryForm, then calling
     // remainder() should be faster than directly computing  a % modulus,
     // even if your CPU has extremely fast division (like many new CPUs).
-    HURCHALLA_FORCE_INLINE T remainder(T a) const
+    template <class PTAG = LowlatencyTag> HURCHALLA_FORCE_INLINE
+    T remainder(T a) const
     {
         HPBC_CLOCKWORK_API_PRECONDITION(a >= 0);
-        return impl.remainder(a);
+        return impl.template remainder<PTAG>(a);
     }
 
 };

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/ImplMontgomeryForm.contents

@@ -45,16 +45,16 @@ public:
     HURCHALLA_IMF_MAYBE_FORCE_INLINE
     T getModulus() const { return static_cast<T>(impl.getModulus()); }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
     MontgomeryValue convertIn(T a) const
     {
-        return impl.convertIn(static_cast<U>(a), LowlatencyTag());
+        return impl.convertIn(static_cast<U>(a), PTAG());
     }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
     T convertOut(MontgomeryValue x) const
     {
-        return static_cast<T>(impl.convertOut(x));
+        return static_cast<T>(impl.convertOut(x, PTAG()));
     }
 
     HURCHALLA_IMF_MAYBE_FORCE_INLINE
@@ -240,11 +240,11 @@ public:
         return static_cast<T>(impl.gcd_with_modulus(x, gcd_functor));
     }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
     T remainder(T a) const
     {
         HPBC_CLOCKWORK_PRECONDITION(a >= 0);
-        return static_cast<T>(impl.remainder(static_cast<U>(a)));
+        return static_cast<T>(impl.remainder(static_cast<U>(a), PTAG()));
     }
 
 
@@ -277,9 +277,10 @@ public:
         return impl.twoPowLimited_times_x_v2(exponent, x, PTAG());
     }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE U getMagicValue() const
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    U getMagicValue() const
     {
-        return impl.getMagicValue();
+        return impl.getMagicValue(PTAG());
     }
 
     template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
@@ -306,16 +307,16 @@ public:
         return impl.getSquaringValue(x);
     }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
     SquaringValue squareSV(SquaringValue sv) const
     {
-        return impl.squareSV(sv);
+        return impl.squareSV(sv, PTAG());
     }
 
-    HURCHALLA_IMF_MAYBE_FORCE_INLINE
+    template <class PTAG> HURCHALLA_IMF_MAYBE_FORCE_INLINE
     MontgomeryValue squareToMontgomeryValue(SquaringValue sv) const
     {
-        return impl.squareToMontgomeryValue(sv);
+        return impl.squareToMontgomeryValue(sv, PTAG());
     }
 
     HURCHALLA_IMF_MAYBE_FORCE_INLINE

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontgomeryFormExtensions.h

@@ -78,7 +78,7 @@ struct MontgomeryFormExtensions final {
     HURCHALLA_FORCE_INLINE
     static RU getMagicValue(const MF& mf)
     {
-        return mf.impl.getMagicValue();
+        return mf.impl.template getMagicValue<PTAG>();
     }
 
     HURCHALLA_FORCE_INLINE
@@ -123,14 +123,14 @@ struct MontgomeryFormExtensions final {
     HURCHALLA_FORCE_INLINE
     static SquaringValue squareSV(const MF& mf, SquaringValue sv)
     {
-        return mf.impl.squareSV(sv);
+        return mf.impl.template squareSV<PTAG>(sv);
     }
 
     HURCHALLA_FORCE_INLINE
     static MontgomeryValue
     squareToMontgomeryValue(const MF& mf, SquaringValue sv)
     {
-        return mf.impl.squareToMontgomeryValue(sv);
+        return mf.impl.template squareToMontgomeryValue<PTAG>(sv);
     }
 
     HURCHALLA_FORCE_INLINE

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyCommonBase.h

@@ -93,25 +93,29 @@ class MontyCommonBase {
         return result;
     }
 
-    HURCHALLA_FORCE_INLINE T convertOut(V x) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    T convertOut(V x, PTAG) const
     {
         T u_hi = 0;
         // get a Natural number (i.e. number >= 0) congruent to x (mod n)
         T u_lo = static_cast<const D*>(this)->getNaturalEquivalence(x);
         namespace hc = ::hurchalla;
-        bool isNegative;
-        T result = hc::REDC_incomplete(isNegative, u_hi, u_lo, n_, inv_n_);
+
+        T minuend, subtrahend;
+        hc::REDC_incomplete(minuend, subtrahend, u_hi, u_lo, n_, inv_n_, PTAG());
+        T result = static_cast<T>(minuend - subtrahend);
         // Because u_hi == 0, we should expect the following 'if' to be very
         // well predicted.
-        if (isNegative)
+        if (minuend < subtrahend)
             result = static_cast<T>(result + n_);
-        HPBC_CLOCKWORK_ASSERT2(result==hc::REDC_standard(u_hi,u_lo,n_,inv_n_));
+        HPBC_CLOCKWORK_ASSERT2(result == hc::REDC_standard(u_hi, u_lo, n_, inv_n_, PTAG()));
 
         HPBC_CLOCKWORK_POSTCONDITION2(result < n_);
         return result;
     }
 
-    HURCHALLA_FORCE_INLINE T remainder(T a) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    T remainder(T a, PTAG) const
     {
         HPBC_CLOCKWORK_INVARIANT2(r_mod_n_ < n_);
         namespace hc = ::hurchalla;
@@ -120,7 +124,7 @@ class MontyCommonBase {
         // Since a is type T, 0 <= a < R.  And since r_mod_n is type T and
         // r_mod_n < n, we know  0 <= r_mod_n < n.  Therefore,
         // 0 <= u == a * r_mod_n < R*n,  which will satisfy REDC's precondition.
-        T result = hc::REDC_standard(u_hi, u_lo, n_, inv_n_, LowlatencyTag());
+        T result = hc::REDC_standard(u_hi, u_lo, n_, inv_n_, PTAG());
 
         HPBC_CLOCKWORK_POSTCONDITION2(result < n_);
         return result;
@@ -548,15 +552,16 @@ class MontyCommonBase {
     }
 
     // returns (R*R*R) mod N
-    HURCHALLA_FORCE_INLINE T getMagicValue() const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    T getMagicValue(PTAG) const
     {
         HPBC_CLOCKWORK_INVARIANT2(r_squared_mod_n_ < n_);
         namespace hc = ::hurchalla;
         T u_lo;
         T u_hi = hc::unsigned_multiply_to_hilo_product(u_lo,
                                             r_squared_mod_n_, r_squared_mod_n_);
         HPBC_CLOCKWORK_ASSERT2(u_hi < n_);  // verify that (u_hi*R + u_lo) < n*R
-        T result = hc::REDC_standard(u_hi, u_lo, n_, inv_n_, LowlatencyTag());
+        T result = hc::REDC_standard(u_hi, u_lo, n_, inv_n_, PTAG());
         HPBC_CLOCKWORK_POSTCONDITION2(result < n_);
         return result;
     }
@@ -566,7 +571,7 @@ class MontyCommonBase {
     V convertInExtended_aTimesR(T a, T magicValue, PTAG) const
     {
         // see convertIn() comments for explanation
-        HPBC_CLOCKWORK_PRECONDITION2(magicValue == getMagicValue());
+        HPBC_CLOCKWORK_PRECONDITION2(magicValue == getMagicValue(PTAG()));
         HPBC_CLOCKWORK_ASSERT2(magicValue < n_);
         namespace hc = ::hurchalla;
         T u_lo;
@@ -602,7 +607,7 @@ class MontyCommonBase {
     template <class PTAG> HURCHALLA_FORCE_INLINE
     V RTimesTwoPowLimited(size_t exponent, T magicValue, PTAG) const
     {
-        HPBC_CLOCKWORK_PRECONDITION2(magicValue == getMagicValue());
+        HPBC_CLOCKWORK_PRECONDITION2(magicValue == getMagicValue(PTAG()));
         HPBC_CLOCKWORK_ASSERT2(magicValue < n_);
         static constexpr int digitsT = ut_numeric_limits<T>::digits;
         int power = static_cast<int>(exponent);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyFullRange.h

@@ -216,7 +216,8 @@ class MontyFullRange final :
         return SV(x.get(), 0);
     }
 
-    HURCHALLA_FORCE_INLINE SV squareSV(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    SV squareSV(SV sv, PTAG) const
     {
         // see squareToHiLo in MontyFullRangeMasked.h for basic ideas of
         // proof for why u_hi and u_lo are correct
@@ -229,14 +230,16 @@ class MontyFullRange final :
         T u_lo = sqlo;
         HPBC_CLOCKWORK_ASSERT2(u_hi < n_);
 
-        bool isNegative;
-        T res = hc::REDC_incomplete(isNegative, u_hi, u_lo, n_, BC::inv_n_);
-        T subtrahend = isNegative ? res : static_cast<T>(0);
+        T minu, subt;
+        hc::REDC_incomplete(minu, subt, u_hi, u_lo, n_, BC::inv_n_, PTAG());
+        T res = static_cast<T>(minu - subt);
+        T subtrahend = (minu < subt) ? res : static_cast<T>(0);
         SV result(res, subtrahend);
         return result;
     }
 
-    HURCHALLA_FORCE_INLINE V squareToMontgomeryValue(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    V squareToMontgomeryValue(SV sv, PTAG) const
     {
         // see squareToHiLo in MontyFullRangeMasked.h for basic ideas of
         // proof for why u_hi and u_lo are correct
@@ -249,8 +252,7 @@ class MontyFullRange final :
         T u_lo = sqlo;
         HPBC_CLOCKWORK_ASSERT2(u_hi < n_);
 
-        T res = hc::REDC_standard(
-                               u_hi, u_lo, n_, BC::inv_n_, hc::LowlatencyTag());
+        T res = hc::REDC_standard(u_hi, u_lo, n_, BC::inv_n_, PTAG());
         V result(res);
         return result;
     }

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyHalfRange.h

@@ -498,15 +498,17 @@ class MontyHalfRange final :
         static_assert(std::is_same<V, SV>::value, "");
         return x;
     }
-    HURCHALLA_FORCE_INLINE SV squareSV(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    SV squareSV(SV sv, PTAG) const
     {
         static_assert(std::is_same<V, SV>::value, "");
-        return BC::square(sv, LowlatencyTag());
+        return BC::square(sv, PTAG());
     }
-    HURCHALLA_FORCE_INLINE V squareToMontgomeryValue(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    V squareToMontgomeryValue(SV sv, PTAG) const
     {
         static_assert(std::is_same<V, SV>::value, "");
-        return BC::square(sv, LowlatencyTag());
+        return BC::square(sv, PTAG());
     }
     HURCHALLA_FORCE_INLINE V getMontgomeryValue(SV sv) const
     {
@@ -524,7 +526,7 @@ class MontyHalfRange final :
     {
         HPBC_CLOCKWORK_PRECONDITION2(u_hi < n_);  // verifies that (u_hi*R + u_lo) < n*R
         namespace hc = ::hurchalla;
-        T result = hc::REDC_incomplete(u_hi, u_lo, n_, BC::inv_n_);
+        T result = hc::REDC_incomplete(u_hi, u_lo, n_, BC::inv_n_, PTAG());
         resultIsZero = (result == 0);
         V v = V(static_cast<S>(result));
         HPBC_CLOCKWORK_POSTCONDITION2(isValid(v));

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyQuarterRange.h

@@ -317,15 +317,17 @@ class MontyQuarterRange final : public
         static_assert(std::is_same<V, SV>::value, "");
         return x;
     }
-    HURCHALLA_FORCE_INLINE SV squareSV(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    SV squareSV(SV sv, PTAG) const
     {
         static_assert(std::is_same<V, SV>::value, "");
-        return BC::square(sv, LowlatencyTag());
+        return BC::square(sv, PTAG());
     }
-    HURCHALLA_FORCE_INLINE V squareToMontgomeryValue(SV sv) const
+    template <class PTAG> HURCHALLA_FORCE_INLINE
+    V squareToMontgomeryValue(SV sv, PTAG) const
     {
         static_assert(std::is_same<V, SV>::value, "");
-        return BC::square(sv, LowlatencyTag());
+        return BC::square(sv, PTAG());
     }
     HURCHALLA_FORCE_INLINE V getMontgomeryValue(SV sv) const
     {
@@ -343,7 +345,7 @@ class MontyQuarterRange final : public
     {
         HPBC_CLOCKWORK_PRECONDITION2(u_hi < n_);  // verifies that (u_hi*R + u_lo) < n*R
         namespace hc = ::hurchalla;
-        T result = hc::REDC_incomplete(u_hi, u_lo, n_, BC::inv_n_);
+        T result = hc::REDC_incomplete(u_hi, u_lo, n_, BC::inv_n_, PTAG());
         resultIsZero = (result == 0);
         T sum = static_cast<T>(result + n_);
         HPBC_CLOCKWORK_POSTCONDITION2(0 < sum && sum < static_cast<T>(2*n_));