Pluggable implementations for different architectures.
The backend code is split into two parts: a serial backend, and a vector backend.
serial] backend contains 32- and 64-bit implementations of
field arithmetic and scalar arithmetic, as well as implementations
of point operations using the mixed-model strategy (passing
between different curve models depending on the operation).
vector] backend contains implementations of vectorized
field arithmetic, used to implement point operations using a novel
implementation strategy derived from parallel formulas of Hisil,
Wong, Carter, and Dawson.
Because the two strategies give rise to different curve models,
it's not possible to reuse exactly the same scalar multiplication
code (or to write it generically), so both serial and vector
backends contain matching implementations of scalar multiplication
algorithms. These are intended to be selected by a
vector] backend is selected by the
feature; it uses the [
serial] backend for non-vectorized operations.
Serial implementations of field, scalar, point arithmetic.
Vectorized implementations of field and point operations, using a modification of the 4-way parallel formulas of Hisil, Wong, Carter, and Dawson.