use cselect_on_bit where applicable, instead of conditional_select or MontgomeryValue's cmov

Author: hurchalla

modular_arithmetic/CMakeLists.txt

@@ -75,7 +75,7 @@ include(FetchContent)
 FetchContent_Declare(
     hurchalla_util
     GIT_REPOSITORY https://github.com/hurchalla/util.git
-    GIT_TAG        e3a0fd02c86b67dcbf833fdd4ccf0732552f6e3e
+    GIT_TAG        aa71ce34e12392db20229979801048ff97e6b7da
 )
 FetchContent_MakeAvailable(hurchalla_util)
 

modular_arithmetic/include/hurchalla/modular_arithmetic/detail/impl_modular_pow.h

@@ -11,7 +11,7 @@
 
 #include "hurchalla/modular_arithmetic/modular_multiplication.h"
 #include "hurchalla/util/traits/ut_numeric_limits.h"
-#include "hurchalla/util/conditional_select.h"
+#include "hurchalla/util/cselect_on_bit.h"
 #include "hurchalla/util/compiler_macros.h"
 #include "hurchalla/modular_arithmetic/detail/clockwork_programming_by_contract.h"
 
@@ -49,8 +49,9 @@ struct impl_modular_pow {
     }
 */
     // slightly optimized version
-       // result = (exponent & 1u) ? base : 1;
-    T result = hc::conditional_select((exponent & 1u), base, static_cast<T>(1));
+       // T result = (exponent & 1u) ? base : 1;
+    T result = ::hurchalla::cselect_on_bit<0>::ne_0(
+                      static_cast<uint64_t>(exponent), base, static_cast<T>(1));
     while (exponent > 1)
     {
        exponent = static_cast<U>(exponent >> 1);

modular_arithmetic/include/hurchalla/modular_arithmetic/detail/platform_specific/impl_modular_multiplication.h

@@ -13,7 +13,7 @@
 #include "hurchalla/modular_arithmetic/detail/optimization_tag_structs.h"
 #include "hurchalla/util/traits/safely_promote_unsigned.h"
 #include "hurchalla/util/traits/ut_numeric_limits.h"
-#include "hurchalla/util/conditional_select.h"
+#include "hurchalla/util/cselect_on_bit.h"
 #include "hurchalla/util/compiler_macros.h"
 #include "hurchalla/modular_arithmetic/detail/clockwork_programming_by_contract.h"
 #include <cstdint>
@@ -70,7 +70,8 @@ struct slow_modular_multiplication {
         namespace hc = ::hurchalla;
         T tmp = hc::modular_addition_prereduced_inputs(a, result, modulus);
           // result = (b&1) ? tmp : result
-        result = hc::conditional_select((b & 1u), tmp, result);
+        result = ::hurchalla::cselect_on_bit<0>::ne_0(
+                                         static_cast<uint64_t>(b), tmp, result);
         a = hc::modular_addition_prereduced_inputs(a, a, modulus);
         b = static_cast<T>(b >> 1);
     }

montgomery_arithmetic/CMakeLists.txt

@@ -78,7 +78,7 @@ include(FetchContent)
 FetchContent_Declare(
     hurchalla_util
     GIT_REPOSITORY https://github.com/hurchalla/util.git
-    GIT_TAG        e3a0fd02c86b67dcbf833fdd4ccf0732552f6e3e
+    GIT_TAG        aa71ce34e12392db20229979801048ff97e6b7da
 )
 FetchContent_MakeAvailable(hurchalla_util)
 

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyFullRange.h

@@ -236,7 +236,8 @@ class MontyFullRange final :
 
         T oddsum = halfval + halfn_ceiling;
           // T retval = ((val & 1u) == 0) ? halfval : oddsum;
-        T retval = conditional_select(((val & 1u) == 0), halfval, oddsum);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                   static_cast<uint64_t>(val), halfval, oddsum);
 
         HPBC_CLOCKWORK_POSTCONDITION2(retval < n_);
         return V(retval);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyHalfRange.h

@@ -536,7 +536,8 @@ class MontyHalfRange final :
           // S retval = (val % 2 == 0) ? halfval : oddsum;
         static_assert(static_cast<S>(-1) == ~(static_cast<S>(0)),
                                   "S must use two's complement representation");
-        S retval = conditional_select(((static_cast<T>(val) & 1u) == 0), halfval, oddsum);
+        S retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                   static_cast<uint64_t>(val), halfval, oddsum);
 
         // It's fairly straightforward why retval works when val >= 0
         //   it's basically the same situation as halve() in MontyFullRange,
@@ -584,7 +585,8 @@ class MontyHalfRange final :
         T oddhalf = static_cast<T>(val + n_) >> 1;
         HPBC_CLOCKWORK_ASSERT2(oddhalf < n_);
           // T retval = ((val & 1u) == 0) ? evenhalf : oddhalf;
-        T retval = conditional_select(((val & 1u) == 0), evenhalf, oddhalf);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                 static_cast<uint64_t>(val), evenhalf, oddhalf);
 
         HPBC_CLOCKWORK_POSTCONDITION2(0 <= retval && retval < n_);
         return C(retval);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyQuarterRange.h

@@ -355,7 +355,8 @@ class MontyQuarterRange final : public
         //   And we know by the assertion above that oddhalf fits in V.
 
           // T retval = ((val & 1u) == 0) ? evenhalf : oddhalf;
-        T retval = conditional_select(((val & 1u) == 0), evenhalf, oddhalf);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                 static_cast<uint64_t>(val), evenhalf, oddhalf);
 
         HPBC_CLOCKWORK_POSTCONDITION2(retval < 2*n_);
         return V(retval);
@@ -375,7 +376,8 @@ class MontyQuarterRange final : public
         // since val < n,  (val + n)/2 < n.
         T oddhalf = static_cast<T>(val + n_) >> 1;
           // T retval = ((val & 1u) == 0) ? evenhalf : oddhalf;
-        T retval = conditional_select(((val & 1u) == 0), evenhalf, oddhalf);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                 static_cast<uint64_t>(val), evenhalf, oddhalf);
 
         HPBC_CLOCKWORK_POSTCONDITION2(retval < n_);
         return C(retval);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/MontyWrappedStandardMath.h

@@ -287,7 +287,8 @@ class MontyWrappedStandardMath final {
 
         T oddsum = halfval + halfn_ceiling;
           // T retval = ((val & 1u) == 0) ? halfval : oddsum;
-        T retval = conditional_select(((val & 1u) == 0), halfval, oddsum);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                   static_cast<uint64_t>(val), halfval, oddsum);
 
         HPBC_CLOCKWORK_POSTCONDITION2(retval < modulus_);
         return C(retval);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/experimental/MontyFullRangeMasked.h

@@ -352,7 +352,8 @@ class MontyFullRangeMasked final :
 
         T oddsum = halfval + halfn_ceiling;
           // T retval = ((val & 1u) == 0) ? halfval : oddsum;
-        T retval = conditional_select(((val & 1u) == 0), halfval, oddsum);
+        T retval = ::hurchalla::cselect_on_bit<0>::eq_0(
+                                   static_cast<uint64_t>(val), halfval, oddsum);
 
         HPBC_CLOCKWORK_POSTCONDITION2(retval < n_);
         return C(retval);

montgomery_arithmetic/include/hurchalla/montgomery_arithmetic/detail/platform_specific/montgomery_pow.h

@@ -24,6 +24,9 @@
 namespace hurchalla { namespace detail {
 
 
+//#define HURCHALLA_MONTGOMERY_POW_USE_CSELECT_ON_BIT 1
+
+
 // This file is intended to implement the class MontgomeryForm's member
 // functions pow() and array_pow().
 
@@ -41,8 +44,14 @@ struct montgomery_pow {
     // Applied Handbook of Cryptography- http://cacr.uwaterloo.ca/hac/
     // See also: hurchalla/modular_arithmetic/detail/impl_modular_pow.h
     V mont_one = mf.getUnityValue();
+#ifndef HURCHALLA_MONTGOMERY_POW_USE_CSELECT_ON_BIT
+ // see comments for the cmov #ifndef section further below in this function
     V result = mont_one;
     result.cmov((exponent & static_cast<T>(1)), base);
+#else
+    V result = V::template cselect_on_bit_ne0<0>(static_cast<uint64_t>(exponent), base, mont_one);
+#endif
+
     while (exponent > static_cast<T>(1)) {
         exponent = static_cast<T>(exponent >> static_cast<T>(1));
         base = mf.template square<LowlatencyTag>(base);
@@ -67,11 +76,12 @@ struct montgomery_pow {
         // in theory should run faster.  And in practice it has consistently
         // benchmarked better - usually ~5% faster, and never slower than above.
 
-# if 1
+# ifndef HURCHALLA_MONTGOMERY_POW_USE_CSELECT_ON_BIT
         V tmp = mont_one;
         tmp.cmov(exponent & static_cast<T>(1), base);
 # else
-        // this timed a little faster for MontyFull and MontyMasked, and a
+        // with HURCHALLA_ALLOW_INLINE_ASM_CSELECT_ON_BIT defined, this timed a
+        // little faster than the above for MontyFull and MontyMasked, and a
         // little slower (or a lot slower- gcc MontyHalf) for the rest.
         V tmp = V::template cselect_on_bit_ne0<0>(static_cast<uint64_t>(exponent), base, mont_one);
 # endif
@@ -198,8 +208,13 @@ struct montgomery_pow {
 
         V mont_one = mf.getUnityValue();
         Unroll<NUM_BASES>::call([&](std::size_t i) HURCHALLA_INLINE_LAMBDA {
+# ifndef HURCHALLA_MONTGOMERY_POW_USE_CSELECT_ON_BIT
             V tmp = mont_one;
             tmp.cmov(exponent & static_cast<T>(1), bases[i]);
+# else
+            V tmp = V::template cselect_on_bit_ne0<0>(
+                           static_cast<uint64_t>(exponent), bases[i], mont_one);
+# endif
             result[i] = mf.template multiply<PTAG>(result[i], tmp);
         });
 #endif
@@ -238,6 +253,8 @@ struct montgomery_pow {
         Unroll<NUM_BASES>::call([&](std::size_t i) HURCHALLA_INLINE_LAMBDA {
             bases[i] = mf.template square<PTAG>(bases[i]);
             V tmp = mont_one;
+            // note: since we are doing masked selections, we definitely don't
+            // want to use cselect_on_bit here
             tmp.template
                  cmov<CSelectMaskedTag>(exponent & static_cast<T>(1), bases[i]);
             result[i] = mf.template multiply<PTAG>(result[i], tmp);