which guarantees // that all carries are at most 111 - 51 = 60 bits, which fits in a uint64. // // r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1) // r0 < 2⁵²×2⁵² + 19×(2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵²) // r0 < (1 + 19 × 4) × 2⁵² × 2⁵² // r0 < 2⁷ × 2⁵² × 2⁵² // r0 < 2¹¹¹ // // Moreover, the top coefficient (r4) is at most 107 bits, so c4 is at most // 56 bits, and c4 * 19 is at most 61 bits, which again fits in a uint64 and // allows us to easily apply the reduction identity. // // r4 = a0×b4 + a1×b3...