Do we need an unsigned multiplyHigh?

Andrew Haley aph at
Mon Sep 25 14:50:01 UTC 2017

We now have a multiplyHigh intrinsic, but it is signed.  Unsigned
multiplyHigh is in general a more useful primitive for crypto than
signed, and I wonder if we need an intrinsic for that as well.  I've
looked at cooking up an unsigned multiplyHigh in Java, and I think the
fastest way is this:

    private static final long unsignedMultiplyHigh(long a, long b) {
        long result = Math.multiplyHigh(a, b);
        if (a < 0)  result += b;
        if (b < 0)  result += a;
        // Can also be written as:
        // result += (a >> 63) & b;
        // result += (b >> 63) & a;
        return result;

It's still about 50% slower than the signed multiplyHigh, though.

Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

More information about the security-dev mailing list