symm/chacha-x86ish-sse2.S: Fix mathematical errors in commentary.

The commentary proving the correctness for the general solution of
`gfreduce_quadsolve' was wrong in a number of details that somehow
managed to cancel out.  The claim is correct, and now the proof has been
fixed, with somewhat expanded calculations making the tricks easier to
notice.

diff --git a/math/gfreduce.c b/math/gfreduce.c
index 99f3bea..f29c104 100644 (file)
--- a/math/gfreduce.c
+++ b/math/gfreduce.c
@@ -554,12 +554,16 @@ mp *gfreduce_quadsolve(const gfreduce *r, mp *d, mp *x)
      *
      * Choose %$\rho \inr \gf{2^m}$% with %$\Tr(\rho) = 1$%.  Let
      * %$z = \sum_{0\le i<m} \rho^{2^i} \sum_{0\le j<i} x^{2^j} = {}$%
+     * %$\sum_{1\le i<m} \rho^{2^i} (x + \sum_{1\le j<i} x^{2^j} = {}$%
      * %$\rho^2 x + \rho^4 (x + x^2) + \rho^8 (x + x^2 + x^4) + \cdots + {}$%
      * %$\rho^{2^{m-1}} (x + x^2 + x^{2^{m-2}})$%.  Then %$z^2 = {}$%
      * %$\sum_{0\le i<m} \rho^{2^{i+1}} \sum_{0\le j<i} x^{2^{j+1}} = {}$%
-     * %$\sum_{1\le i\le m} \rho^{2^i} \sum_{1\le j\le i} x^{2^j}$% and,
-     * somewhat miraculously, %$z^2 + z = \sum_{0\le i<m} \rho^{2^i} x + {}$%
-     * %$\rho \sum_{1\le i<m} x^{2^i} = x \Tr(\rho) + \rho \Tr(x)$%.  Again,
+     * %$\sum_{1\le i\le m} \rho^{2^i} \sum_{1\le j<i} x^{2^j} = {}$%
+     * %$\sum_{1\le i<m} \rho^{2^i} \sum_{1\le j<i} x^{2^j} + {}$%
+     * %$\rho^{2^m} \sum_{1\le j<m} x^{2^j}$%; and, somewhat miraculously,
+     * %$z^2 + z = \sum_{1\le i<m} \rho^{2^i} x + {}$%
+     * %$\rho \sum_{1\le i<m} x^{2^i} = x (\Tr(\rho) + \rho) + {}$%
+     * %$\rho (\Tr(x) + x) = x \Tr(\rho) + \rho \Tr(x)$%.  Again,
      * this gives us the root we want whenever %$\Tr(x) = 0$%.
      *
      * The loop below calculates %$w = \Tr(\rho)$% and %$z$% simultaneously,