Normalize the usage of prefixes for method names

src/ct_choice.rs

@@ -6,9 +6,9 @@ use crate::Word;
 // TODO: should be replaced by `subtle::Choice` or `CtOption`
 // when `subtle` starts supporting const fns.
 #[derive(Debug, Copy, Clone)]
-pub struct CtChoice(Word);
+pub struct ConstChoice(Word);
 
-impl CtChoice {
+impl ConstChoice {
     /// The falsy value.
     pub const FALSE: Self = Self(0);
 
@@ -137,7 +137,7 @@ impl CtChoice {
 
     #[inline]
     pub(crate) const fn is_true_vartime(&self) -> bool {
-        self.0 == CtChoice::TRUE.0
+        self.0 == ConstChoice::TRUE.0
     }
 
     #[inline]
@@ -146,34 +146,34 @@ impl CtChoice {
     }
 }
 
-impl From<CtChoice> for Choice {
-    fn from(choice: CtChoice) -> Self {
+impl From<ConstChoice> for Choice {
+    fn from(choice: ConstChoice) -> Self {
         Choice::from(choice.to_u8())
     }
 }
 
-impl From<CtChoice> for bool {
-    fn from(choice: CtChoice) -> Self {
+impl From<ConstChoice> for bool {
+    fn from(choice: ConstChoice) -> Self {
         choice.is_true_vartime()
     }
 }
 
-impl PartialEq for CtChoice {
+impl PartialEq for ConstChoice {
     fn eq(&self, other: &Self) -> bool {
         self.0 == other.0
     }
 }
 
 #[cfg(test)]
 mod tests {
-    use super::CtChoice;
+    use super::ConstChoice;
     use crate::Word;
 
     #[test]
     fn select() {
         let a: Word = 1;
         let b: Word = 2;
-        assert_eq!(CtChoice::TRUE.select_word(a, b), b);
-        assert_eq!(CtChoice::FALSE.select_word(a, b), a);
+        assert_eq!(ConstChoice::TRUE.select_word(a, b), b);
+        assert_eq!(ConstChoice::FALSE.select_word(a, b), a);
     }
 }

src/lib.rs

@@ -176,7 +176,7 @@ mod wrapping;
 
 pub use crate::{
     checked::Checked,
-    ct_choice::CtChoice,
+    ct_choice::ConstChoice,
     limb::{Limb, WideWord, Word},
     non_zero::NonZero,
     traits::*,

src/limb/cmp.rs

@@ -1,6 +1,6 @@
 //! Limb comparisons
 
-use crate::{CtChoice, Limb};
+use crate::{ConstChoice, Limb};
 use core::cmp::Ordering;
 use subtle::{
     Choice, ConditionallySelectable, ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess,
@@ -28,14 +28,14 @@ impl Limb {
 
     /// Return `b` if `c` is truthy, otherwise return `a`.
     #[inline]
-    pub(crate) const fn ct_select(a: Self, b: Self, c: CtChoice) -> Self {
+    pub(crate) const fn select(a: Self, b: Self, c: ConstChoice) -> Self {
         Self(c.select_word(a.0, b.0))
     }
 
     /// Returns the truthy value if `self != 0` and the falsy value otherwise.
     #[inline]
-    pub(crate) const fn ct_is_nonzero(&self) -> CtChoice {
-        CtChoice::from_word_nonzero(self.0)
+    pub(crate) const fn is_nonzero(&self) -> ConstChoice {
+        ConstChoice::from_word_nonzero(self.0)
     }
 }
 

src/modular/div_by_2.rs

@@ -26,5 +26,5 @@ pub(crate) fn div_by_2<const LIMBS: usize>(a: &Uint<LIMBS>, modulus: &Uint<LIMBS
         .wrapping_add(&half_modulus)
         .wrapping_add(&Uint::<LIMBS>::ONE);
 
-    Uint::<LIMBS>::ct_select(&if_even, &if_odd, is_odd)
+    Uint::<LIMBS>::select(&if_even, &if_odd, is_odd)
 }

src/modular/dyn_residue/inv.rs

@@ -1,15 +1,15 @@
 //! Multiplicative inverses of residues with a modulus set at runtime.
 
 use super::DynResidue;
-use crate::{modular::inv::inv_montgomery_form, traits::Invert, CtChoice};
+use crate::{modular::inv::inv_montgomery_form, traits::Invert, ConstChoice};
 use subtle::CtOption;
 
 impl<const LIMBS: usize> DynResidue<LIMBS> {
     /// Computes the residue `self^-1` representing the multiplicative inverse of `self`.
     /// I.e. `self * self^-1 = 1`.
     /// If the number was invertible, the second element of the tuple is the truthy value,
     /// otherwise it is the falsy value (in which case the first element's value is unspecified).
-    pub const fn invert(&self) -> (Self, CtChoice) {
+    pub const fn invert(&self) -> (Self, ConstChoice) {
         let (montgomery_form, is_some) = inv_montgomery_form(
             &self.montgomery_form,
             &self.residue_params.modulus,

src/modular/inv.rs

@@ -1,11 +1,11 @@
-use crate::{modular::reduction::montgomery_reduction, CtChoice, Limb, Uint};
+use crate::{modular::reduction::montgomery_reduction, ConstChoice, Limb, Uint};
 
 pub const fn inv_montgomery_form<const LIMBS: usize>(
     x: &Uint<LIMBS>,
     modulus: &Uint<LIMBS>,
     r3: &Uint<LIMBS>,
     mod_neg_inv: Limb,
-) -> (Uint<LIMBS>, CtChoice) {
+) -> (Uint<LIMBS>, ConstChoice) {
     let (inverse, is_some) = x.inv_odd_mod(modulus);
     (
         montgomery_reduction(&inverse.mul_wide(r3), modulus, mod_neg_inv),

src/modular/pow.rs

@@ -1,4 +1,4 @@
-use crate::{CtChoice, Limb, Uint, Word};
+use crate::{ConstChoice, Limb, Uint, Word};
 
 use super::mul::{mul_montgomery_form, square_montgomery_form};
 
@@ -163,8 +163,8 @@ const fn multi_exponentiate_montgomery_form_internal<const LIMBS: usize, const R
                 let mut power = powers[0];
                 let mut j = 1;
                 while j < 1 << WINDOW {
-                    let choice = CtChoice::from_word_eq(j, idx);
-                    power = Uint::<LIMBS>::ct_select(&power, &powers[j as usize], choice);
+                    let choice = ConstChoice::from_word_eq(j, idx);
+                    power = Uint::<LIMBS>::select(&power, &powers[j as usize], choice);
                     j += 1;
                 }
 

src/modular/residue.rs

@@ -204,7 +204,7 @@ where
         D: Deserializer<'de>,
     {
         Uint::<LIMBS>::deserialize(deserializer).and_then(|montgomery_form| {
-            if Uint::ct_lt(&montgomery_form, &MOD::MODULUS).into() {
+            if montgomery_form < MOD::MODULUS.0 {
                 Ok(Self {
                     montgomery_form,
                     phantom: PhantomData,

src/modular/residue/inv.rs

@@ -1,7 +1,7 @@
 //! Multiplicative inverses of residues with a constant modulus.
 
 use super::{Residue, ResidueParams};
-use crate::{modular::inv::inv_montgomery_form, traits::Invert, CtChoice, NonZero};
+use crate::{modular::inv::inv_montgomery_form, traits::Invert, ConstChoice, NonZero};
 use core::marker::PhantomData;
 use subtle::CtOption;
 
@@ -10,7 +10,7 @@ impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> Residue<MOD, LIMBS> {
     /// I.e. `self * self^-1 = 1`.
     /// If the number was invertible, the second element of the tuple is the truthy value,
     /// otherwise it is the falsy value (in which case the first element's value is unspecified).
-    pub const fn invert(&self) -> (Self, CtChoice) {
+    pub const fn invert(&self) -> (Self, ConstChoice) {
         let (montgomery_form, is_some) = inv_montgomery_form(
             &self.montgomery_form,
             &MOD::MODULUS.0,

src/non_zero.rs

@@ -1,6 +1,6 @@
 //! Wrapper type for non-zero integers.
 
-use crate::{Bounded, Constants, CtChoice, Encoding, Limb, Uint, Zero};
+use crate::{Bounded, ConstChoice, Constants, Encoding, Limb, Uint, Zero};
 use core::{
     fmt,
     num::{NonZeroU128, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU8},
@@ -27,16 +27,16 @@ pub struct NonZero<T: Zero>(pub(crate) T);
 impl NonZero<Limb> {
     /// Creates a new non-zero limb in a const context.
     /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise.
-    pub const fn const_new(n: Limb) -> (Self, CtChoice) {
-        (Self(n), n.ct_is_nonzero())
+    pub const fn const_new(n: Limb) -> (Self, ConstChoice) {
+        (Self(n), n.is_nonzero())
     }
 }
 
 impl<const LIMBS: usize> NonZero<Uint<LIMBS>> {
     /// Creates a new non-zero integer in a const context.
     /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise.
-    pub const fn const_new(n: Uint<LIMBS>) -> (Self, CtChoice) {
-        (Self(n), n.ct_is_nonzero())
+    pub const fn const_new(n: Uint<LIMBS>) -> (Self, ConstChoice) {
+        (Self(n), n.is_nonzero())
     }
 }
 

src/uint/add.rs

@@ -1,6 +1,6 @@
 //! [`Uint`] addition operations.
 
-use crate::{Checked, CheckedAdd, CtChoice, Limb, Uint, Wrapping, Zero};
+use crate::{Checked, CheckedAdd, ConstChoice, Limb, Uint, Wrapping, Zero};
 use core::ops::{Add, AddAssign};
 use subtle::CtOption;
 
@@ -24,7 +24,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     /// Perform saturating addition, returning `MAX` on overflow.
     pub const fn saturating_add(&self, rhs: &Self) -> Self {
         let (res, overflow) = self.adc(rhs, Limb::ZERO);
-        Self::ct_select(&res, &Self::MAX, CtChoice::from_word_lsb(overflow.0))
+        Self::select(&res, &Self::MAX, ConstChoice::from_word_lsb(overflow.0))
     }
 
     /// Perform wrapping addition, discarding overflow.
@@ -37,11 +37,11 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     pub(crate) const fn conditional_wrapping_add(
         &self,
         rhs: &Self,
-        choice: CtChoice,
-    ) -> (Self, CtChoice) {
-        let actual_rhs = Uint::ct_select(&Uint::ZERO, rhs, choice);
+        choice: ConstChoice,
+    ) -> (Self, ConstChoice) {
+        let actual_rhs = Uint::select(&Uint::ZERO, rhs, choice);
         let (sum, carry) = self.adc(&actual_rhs, Limb::ZERO);
-        (sum, CtChoice::from_word_lsb(carry.0))
+        (sum, ConstChoice::from_word_lsb(carry.0))
     }
 }
 

src/uint/bits.rs

@@ -1,9 +1,9 @@
-use crate::{CtChoice, Limb, Uint};
+use crate::{ConstChoice, Limb, Uint};
 
 impl<const LIMBS: usize> Uint<LIMBS> {
-    /// Get the value of the bit at position `index`, as a truthy or falsy `CtChoice`.
+    /// Get the value of the bit at position `index`, as a truthy or falsy `ConstChoice`.
     /// Returns the falsy value for indices out of range.
-    pub const fn bit(&self, index: u32) -> CtChoice {
+    pub const fn bit(&self, index: u32) -> ConstChoice {
         let limb_num = index / Limb::BITS;
         let index_in_limb = index % Limb::BITS;
         let index_mask = 1 << index_in_limb;
@@ -14,12 +14,12 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         let mut i = 0;
         while i < LIMBS {
             let bit = limbs[i] & index_mask;
-            let is_right_limb = CtChoice::from_u32_eq(i as u32, limb_num);
+            let is_right_limb = ConstChoice::from_u32_eq(i as u32, limb_num);
             result |= is_right_limb.if_true_word(bit);
             i += 1;
         }
 
-        CtChoice::from_word_lsb(result >> index_in_limb)
+        ConstChoice::from_word_lsb(result >> index_in_limb)
     }
 
     /// Returns `true` if the bit at position `index` is set, `false` otherwise.
@@ -59,14 +59,14 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         let mut count = 0;
         let mut i = LIMBS;
-        let mut nonzero_limb_not_encountered = CtChoice::TRUE;
+        let mut nonzero_limb_not_encountered = ConstChoice::TRUE;
         while i > 0 {
             i -= 1;
             let l = limbs[i];
             let z = l.leading_zeros();
             count += nonzero_limb_not_encountered.if_true_u32(z);
             nonzero_limb_not_encountered =
-                nonzero_limb_not_encountered.and(CtChoice::from_word_nonzero(l.0).not());
+                nonzero_limb_not_encountered.and(ConstChoice::from_word_nonzero(l.0).not());
         }
 
         count
@@ -98,13 +98,13 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         let mut count = 0;
         let mut i = 0;
-        let mut nonzero_limb_not_encountered = CtChoice::TRUE;
+        let mut nonzero_limb_not_encountered = ConstChoice::TRUE;
         while i < LIMBS {
             let l = limbs[i];
             let z = l.trailing_zeros();
             count += nonzero_limb_not_encountered.if_true_u32(z);
             nonzero_limb_not_encountered =
-                nonzero_limb_not_encountered.and(CtChoice::from_word_nonzero(l.0).not());
+                nonzero_limb_not_encountered.and(ConstChoice::from_word_nonzero(l.0).not());
             i += 1;
         }
 
@@ -137,13 +137,13 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
         let mut count = 0;
         let mut i = 0;
-        let mut nonmax_limb_not_encountered = CtChoice::TRUE;
+        let mut nonmax_limb_not_encountered = ConstChoice::TRUE;
         while i < LIMBS {
             let l = limbs[i];
             let z = l.trailing_ones();
             count += nonmax_limb_not_encountered.if_true_u32(z);
             nonmax_limb_not_encountered =
-                nonmax_limb_not_encountered.and(CtChoice::from_word_eq(l.0, Limb::MAX.0));
+                nonmax_limb_not_encountered.and(ConstChoice::from_word_eq(l.0, Limb::MAX.0));
             i += 1;
         }
 
@@ -171,15 +171,15 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     }
 
     /// Sets the bit at `index` to 0 or 1 depending on the value of `bit_value`.
-    pub(crate) const fn set_bit(self, index: u32, bit_value: CtChoice) -> Self {
+    pub(crate) const fn set_bit(self, index: u32, bit_value: ConstChoice) -> Self {
         let mut result = self;
         let limb_num = index / Limb::BITS;
         let index_in_limb = index % Limb::BITS;
         let index_mask = 1 << index_in_limb;
 
         let mut i = 0;
         while i < LIMBS {
-            let is_right_limb = CtChoice::from_u32_eq(i as u32, limb_num);
+            let is_right_limb = ConstChoice::from_u32_eq(i as u32, limb_num);
             let old_limb = result.limbs[i].0;
             let new_limb = bit_value.select_word(old_limb & !index_mask, old_limb | index_mask);
             result.limbs[i] = Limb(is_right_limb.select_word(old_limb, new_limb));
@@ -191,7 +191,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
 
 #[cfg(test)]
 mod tests {
-    use crate::{CtChoice, U256};
+    use crate::{ConstChoice, U256};
 
     fn uint_with_bits_at(positions: &[u32]) -> U256 {
         let mut result = U256::ZERO;
@@ -337,25 +337,25 @@ mod tests {
     fn set_bit() {
         let u = uint_with_bits_at(&[16, 79, 150]);
         assert_eq!(
-            u.set_bit(127, CtChoice::TRUE),
+            u.set_bit(127, ConstChoice::TRUE),
             uint_with_bits_at(&[16, 79, 127, 150])
         );
 
         let u = uint_with_bits_at(&[16, 79, 150]);
         assert_eq!(
-            u.set_bit(150, CtChoice::TRUE),
+            u.set_bit(150, ConstChoice::TRUE),
             uint_with_bits_at(&[16, 79, 150])
         );
 
         let u = uint_with_bits_at(&[16, 79, 150]);
         assert_eq!(
-            u.set_bit(127, CtChoice::FALSE),
+            u.set_bit(127, ConstChoice::FALSE),
             uint_with_bits_at(&[16, 79, 150])
         );
 
         let u = uint_with_bits_at(&[16, 79, 150]);
         assert_eq!(
-            u.set_bit(150, CtChoice::FALSE),
+            u.set_bit(150, ConstChoice::FALSE),
             uint_with_bits_at(&[16, 79])
         );
     }