Do we need an unsigned multiplyHigh?

Andrew Haley aph at redhat.com
Mon Sep 25 14:50:01 UTC 2017


We now have a multiplyHigh intrinsic, but it is signed.  Unsigned
multiplyHigh is in general a more useful primitive for crypto than
signed, and I wonder if we need an intrinsic for that as well.  I've
looked at cooking up an unsigned multiplyHigh in Java, and I think the
fastest way is this:

    private static final long unsignedMultiplyHigh(long a, long b) {
        long result = Math.multiplyHigh(a, b);
        if (a < 0)  result += b;
        if (b < 0)  result += a;
        // Can also be written as:
        // result += (a >> 63) & b;
        // result += (b >> 63) & a;
        return result;
    }

It's still about 50% slower than the signed multiplyHigh, though.
Thoughts?

-- 
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671


More information about the security-dev mailing list