compute each limb with // only three Mul64 and four Add64, instead of five and eight. l0_2 := l0 * 2 l1_2 := l1 * 2 l1_38 := l1 * 38 l2_38 := l2 * 38 l3_38 := l3 * 38 l3_19 := l3 * 19 l4_19 := l4 * 19 // r0 = l0×l0 + 19×(l1×l4 + l2×l3 + l3×l2 + l4×l1) = l0×l0 + 19×2×(l1×l4 + l2×l3) r0 := mul64(l0, l0) r0 = addMul64(r0, l1_38, l4) r0 = addMul64(r0, l2_38, l3) // r1 = l0×l1 + l1×l0 + 19×(l2×l4 + l3×l3 + l4×l2) = 2×l0×l1 + 19×2×l2×l4 + 19×l3×l3 r1 := mul64(l0_2, l1) r1 = addMul64(r1, l2_38, l4) r1 = addMul64(r1,...