mclmul.1

[ben-marshall]

• [x] Implement RTL
• Implement Model
• [x] Implement Formal

[ben-marshall]

@danpage

I think (hope) there is a typo in the spec for mclmul.1. I thought it would mirror mmul.1 in doing a (in this case carryless) multiply and then accumulate.

The spec suggests so, but the actual notation makes it look like a 32x32 carryless multiply followed by a 64x32 carryless multiply, rather than a 64x32 addition?

[danpage]

I might be missing the point, but it looks correct to me. The idea is that for the integer case you're doing ( x * y ) + z, whereas in the carryless case both the multiple and addition are in \F_2[X] so basically you do ( x \otimes y ) \oplus z (where \otimes and \oplus are multiplication and addition of binary polynomials, so \oplus is actually XOR).

[ben-marshall]

Gottcha. I was mixing up the two instructions in my head. My bad!