Add BoxedUint support

Author: fjarri

benches/bench.rs

@@ -27,12 +27,13 @@ fn make_rng() -> ChaCha8Rng {
 fn random_odd_uint<T: RandomBits + Integer>(
     rng: &mut impl CryptoRngCore,
     bit_length: u32,
+    bits_precision: u32,
 ) -> Odd<T> {
-    random_odd_integer::<T>(rng, NonZeroU32::new(bit_length).unwrap())
+    random_odd_integer::<T>(rng, NonZeroU32::new(bit_length).unwrap(), bits_precision)
 }
 
 fn make_sieve<const L: usize>(rng: &mut impl CryptoRngCore) -> Sieve<Uint<L>> {
-    let start = random_odd_uint::<Uint<L>>(rng, Uint::<L>::BITS);
+    let start = random_odd_uint::<Uint<L>>(rng, Uint::<L>::BITS, Uint::<L>::BITS);
     Sieve::new(&start, NonZeroU32::new(Uint::<L>::BITS).unwrap(), false)
 }
 
@@ -45,12 +46,12 @@ fn bench_sieve(c: &mut Criterion) {
     let mut group = c.benchmark_group("Sieve");
 
     group.bench_function("(U128) random start", |b| {
-        b.iter(|| random_odd_uint::<U128>(&mut OsRng, 128))
+        b.iter(|| random_odd_uint::<U128>(&mut OsRng, 128, 128))
     });
 
     group.bench_function("(U128) creation", |b| {
         b.iter_batched(
-            || random_odd_uint::<U128>(&mut OsRng, 128),
+            || random_odd_uint::<U128>(&mut OsRng, 128, 128),
             |start| Sieve::new(start.as_ref(), NonZeroU32::new(128).unwrap(), false),
             BatchSize::SmallInput,
         )
@@ -66,12 +67,12 @@ fn bench_sieve(c: &mut Criterion) {
     });
 
     group.bench_function("(U1024) random start", |b| {
-        b.iter(|| random_odd_uint::<U1024>(&mut OsRng, 1024))
+        b.iter(|| random_odd_uint::<U1024>(&mut OsRng, 1024, 1024))
     });
 
     group.bench_function("(U1024) creation", |b| {
         b.iter_batched(
-            || random_odd_uint::<U1024>(&mut OsRng, 1024),
+            || random_odd_uint::<U1024>(&mut OsRng, 1024, 1024),
             |start| Sieve::new(start.as_ref(), NonZeroU32::new(1024).unwrap(), false),
             BatchSize::SmallInput,
         )
@@ -93,7 +94,7 @@ fn bench_miller_rabin(c: &mut Criterion) {
 
     group.bench_function("(U128) creation", |b| {
         b.iter_batched(
-            || random_odd_uint::<U128>(&mut OsRng, 128),
+            || random_odd_uint::<U128>(&mut OsRng, 128, 128),
             |n| MillerRabin::new(&n),
             BatchSize::SmallInput,
         )
@@ -109,7 +110,7 @@ fn bench_miller_rabin(c: &mut Criterion) {
 
     group.bench_function("(U1024) creation", |b| {
         b.iter_batched(
-            || random_odd_uint::<U1024>(&mut OsRng, 1024),
+            || random_odd_uint::<U1024>(&mut OsRng, 1024, 1024),
             |n| MillerRabin::new(&n),
             BatchSize::SmallInput,
         )
@@ -202,39 +203,39 @@ fn bench_presets(c: &mut Criterion) {
 
     group.bench_function("(U128) Prime test", |b| {
         b.iter_batched(
-            || random_odd_uint::<U128>(&mut OsRng, 128),
+            || random_odd_uint::<U128>(&mut OsRng, 128, 128),
             |num| is_prime_with_rng(&mut OsRng, num.as_ref()),
             BatchSize::SmallInput,
         )
     });
 
     group.bench_function("(U128) Safe prime test", |b| {
         b.iter_batched(
-            || random_odd_uint::<U128>(&mut OsRng, 128),
+            || random_odd_uint::<U128>(&mut OsRng, 128, 128),
             |num| is_safe_prime_with_rng(&mut OsRng, num.as_ref()),
             BatchSize::SmallInput,
         )
     });
 
     let mut rng = make_rng();
     group.bench_function("(U128) Random prime", |b| {
-        b.iter(|| generate_prime_with_rng::<U128>(&mut rng, 128))
+        b.iter(|| generate_prime_with_rng::<U128>(&mut rng, 128, 128))
     });
 
     let mut rng = make_rng();
     group.bench_function("(U1024) Random prime", |b| {
-        b.iter(|| generate_prime_with_rng::<U1024>(&mut rng, 1024))
+        b.iter(|| generate_prime_with_rng::<U1024>(&mut rng, 1024, 1024))
     });
 
     let mut rng = make_rng();
     group.bench_function("(U128) Random safe prime", |b| {
-        b.iter(|| generate_safe_prime_with_rng::<U128>(&mut rng, 128))
+        b.iter(|| generate_safe_prime_with_rng::<U128>(&mut rng, 128, 128))
     });
 
     group.sample_size(20);
     let mut rng = make_rng();
     group.bench_function("(U1024) Random safe prime", |b| {
-        b.iter(|| generate_safe_prime_with_rng::<U1024>(&mut rng, 1024))
+        b.iter(|| generate_safe_prime_with_rng::<U1024>(&mut rng, 1024, 1024))
     });
 
     group.finish();
@@ -244,19 +245,19 @@ fn bench_presets(c: &mut Criterion) {
 
     let mut rng = make_rng();
     group.bench_function("(U128) Random safe prime", |b| {
-        b.iter(|| generate_safe_prime_with_rng::<U128>(&mut rng, 128))
+        b.iter(|| generate_safe_prime_with_rng::<U128>(&mut rng, 128, 128))
     });
 
     // The performance should scale with the prime size, not with the Uint size.
     // So we should strive for this test's result to be as close as possible
     // to that of the previous one and as far away as possible from the next one.
     group.bench_function("(U256) Random 128 bit safe prime", |b| {
-        b.iter(|| generate_safe_prime_with_rng::<U256>(&mut rng, 128))
+        b.iter(|| generate_safe_prime_with_rng::<U256>(&mut rng, 128, 256))
     });
 
     // The upper bound for the previous test.
     group.bench_function("(U256) Random 256 bit safe prime", |b| {
-        b.iter(|| generate_safe_prime_with_rng::<U256>(&mut rng, 256))
+        b.iter(|| generate_safe_prime_with_rng::<U256>(&mut rng, 256, 256))
     });
 
     group.finish();
@@ -267,7 +268,7 @@ fn bench_gmp(c: &mut Criterion) {
     let mut group = c.benchmark_group("GMP");
 
     fn random<const L: usize>(rng: &mut impl CryptoRngCore) -> GmpInteger {
-        let num = random_odd_uint::<Uint<L>>(rng, Uint::<L>::BITS).get();
+        let num = random_odd_uint::<Uint<L>>(rng, Uint::<L>::BITS, Uint::<L>::BITS).get();
         GmpInteger::from_digits(num.as_words(), Order::Lsf)
     }
 

src/hazmat/jacobi.rs

@@ -84,7 +84,7 @@ pub(crate) fn jacobi_symbol_vartime<T: Integer>(
     };
 
     // A degenerate case.
-    if abs_a == 1 || p_long.as_ref() == &T::one() {
+    if abs_a == 1 || p_long.as_ref() == &T::one_like(p_long) {
         return result;
     }
 

src/hazmat/lucas.rs

@@ -1,5 +1,5 @@
 //! Lucas primality test.
-use crypto_bigint::{Integer, Monty, Odd, Square, Word};
+use crypto_bigint::{Integer, Limb, Monty, Odd, Square, Word};
 
 use super::{
     gcd::gcd_vartime,
@@ -161,7 +161,7 @@ impl LucasBase for BruteForceBase {
                 // Since the loop proceeds in increasing P and starts with P - 2 == 1,
                 // the shared prime factor must be P + 2.
                 // If P + 2 == n, then n is prime; otherwise P + 2 is a proper factor of n.
-                let primality = if n.as_ref() == &T::from(p + 2) {
+                let primality = if n.as_ref() == &T::from_limb_like(Limb::from(p + 2), n.as_ref()) {
                     Primality::Prime
                 } else {
                     Primality::Composite
@@ -182,6 +182,7 @@ fn decompose<T: Integer>(n: &Odd<T>) -> (u32, Odd<T>) {
     // Need to be careful here since `n + 1` can overflow.
     // Instead of adding 1 and counting trailing 0s, we count trailing ones on the original `n`.
 
+    let one = T::one_like(n);
     let s = n.trailing_ones_vartime();
     let d = if s < n.bits_precision() {
         // The shift won't overflow because of the check above.
@@ -190,10 +191,10 @@ fn decompose<T: Integer>(n: &Odd<T>) -> (u32, Odd<T>) {
         n.as_ref()
             .overflowing_shr_vartime(s)
             .expect("shift should be within range by construction")
-            .checked_add(&T::one())
+            .checked_add(&one)
             .expect("addition should not overflow by construction")
     } else {
-        T::one()
+        one
     };
 
     (s, Odd::new(d).expect("`d` should be odd by construction"))
@@ -293,6 +294,9 @@ pub fn lucas_test<T: Integer>(
     //   R. Crandall, C. Pomerance, "Prime numbers: a computational perspective",
     //   2nd ed., Springer (2005) (ISBN: 0-387-25282-7, 978-0387-25282-7)
 
+    // A word-to-big integer conversion helper
+    let to_integer = |x: Word| T::from_limb_like(Limb::from(x), candidate.as_ref());
+
     // Find the base for the Lucas sequence.
     let (p, abs_q, q_is_negative) = match base.generate(candidate) {
         Ok(pq) => pq,
@@ -328,7 +332,7 @@ pub fn lucas_test<T: Integer>(
     // it does not noticeably affect the performance.
     if abs_q != 1
         && gcd_vartime(candidate.as_ref(), abs_q) != 1
-        && candidate.as_ref() > &T::from(abs_q)
+        && candidate.as_ref() > &to_integer(abs_q)
     {
         return Primality::Composite;
     }
@@ -351,7 +355,7 @@ pub fn lucas_test<T: Integer>(
     let q = if q_is_one {
         one.clone()
     } else {
-        let abs_q = <T as Integer>::Monty::new(T::from(abs_q), params.clone());
+        let abs_q = <T as Integer>::Monty::new(to_integer(abs_q), params.clone());
         if q_is_negative {
             -abs_q
         } else {
@@ -364,7 +368,7 @@ pub fn lucas_test<T: Integer>(
     let p = if p_is_one {
         one.clone()
     } else {
-        <T as Integer>::Monty::new(T::from(p), params.clone())
+        <T as Integer>::Monty::new(to_integer(p), params.clone())
     };
 
     // Compute d-th element of Lucas sequence (U_d(P, Q), V_d(P, Q)), where:
@@ -387,7 +391,7 @@ pub fn lucas_test<T: Integer>(
     let mut qk = one.clone(); // keeps Q^k
 
     // D in Montgomery representation - note that it can be negative.
-    let abs_d = <T as Integer>::Monty::new(T::from(abs_d), params);
+    let abs_d = <T as Integer>::Monty::new(to_integer(abs_d), params);
     let d_m = if d_is_negative { -abs_d } else { abs_d };
 
     for i in (0..d.bits_vartime()).rev() {

src/hazmat/miller_rabin.rs

@@ -1,6 +1,6 @@
 //! Miller-Rabin primality test.
 
-use crypto_bigint::{Integer, Monty, NonZero, Odd, PowBoundedExp, RandomMod, Square};
+use crypto_bigint::{Integer, Limb, Monty, NonZero, Odd, PowBoundedExp, RandomMod, Square};
 use rand_core::CryptoRngCore;
 
 use super::Primality;
@@ -28,14 +28,16 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
     /// Initializes a Miller-Rabin test for `candidate`.
     pub fn new(candidate: &Odd<T>) -> Self {
         let params = <T as Integer>::Monty::new_params_vartime(candidate.clone());
-        let one = <T as Integer>::Monty::one(params.clone());
-        let minus_one = -one.clone();
+        let m_one = <T as Integer>::Monty::one(params.clone());
+        let m_minus_one = -m_one.clone();
+
+        let one = T::one_like(candidate.as_ref());
 
         // Find `s` and odd `d` such that `candidate - 1 == 2^s * d`.
-        let (s, d) = if candidate.as_ref() == &T::one() {
-            (0, T::one())
+        let (s, d) = if candidate.as_ref() == &one {
+            (0, one)
         } else {
-            let candidate_minus_one = candidate.wrapping_sub(&T::one());
+            let candidate_minus_one = candidate.wrapping_sub(&one);
             let s = candidate_minus_one.trailing_zeros_vartime();
             // Will not overflow because `candidate` is odd and greater than 1.
             let d = candidate_minus_one
@@ -48,8 +50,8 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
             candidate: candidate.as_ref().clone(),
             bit_length: candidate.bits_vartime(),
             montgomery_params: params,
-            one,
-            minus_one,
+            one: m_one,
+            minus_one: m_minus_one,
             s,
             d,
         }
@@ -85,7 +87,7 @@ impl<T: Integer + RandomMod> MillerRabin<T> {
 
     /// Perform a Miller-Rabin check with base 2.
     pub fn test_base_two(&self) -> Primality {
-        self.test(&T::from(2u32))
+        self.test(&T::from_limb_like(Limb::from(2u32), &self.candidate))
     }
 
     /// Perform a Miller-Rabin check with a random base (in the range `[3, candidate-2]`)
@@ -189,7 +191,8 @@ mod tests {
     #[test]
     fn trivial() {
         let mut rng = ChaCha8Rng::from_seed(*b"01234567890123456789012345678901");
-        let start = random_odd_integer::<U1024>(&mut rng, NonZeroU32::new(1024).unwrap());
+        let start =
+            random_odd_integer::<U1024>(&mut rng, NonZeroU32::new(1024).unwrap(), U1024::BITS);
         for num in Sieve::new(start.as_ref(), NonZeroU32::new(1024).unwrap(), false).take(10) {
             let mr = MillerRabin::new(&Odd::new(num).unwrap());
 

src/hazmat/sieve.rs

@@ -14,11 +14,12 @@ use crate::hazmat::precomputed::{SmallPrime, RECIPROCALS, SMALL_PRIMES};
 pub fn random_odd_integer<T: Integer + RandomBits>(
     rng: &mut impl CryptoRngCore,
     bit_length: NonZeroU32,
+    bits_precision: u32,
 ) -> Odd<T> {
     let bit_length = bit_length.get();
 
-    let mut random = T::random_bits(rng, bit_length);
-
+    let mut random = T::random_bits_with_precision(rng, bit_length, bits_precision);
+    assert!(random.bits_precision() == bits_precision);
     // Make it odd
     random.set_bit_vartime(0, true);
 
@@ -99,7 +100,7 @@ impl<T: Integer> Sieve<T> {
             base = T::from(3u32);
         } else {
             // Adjust the base so that we hit odd numbers when incrementing it by 2.
-            base |= T::one();
+            base |= T::one_like(start);
         }
 
         // Only calculate residues by primes up to and not including `base`,
@@ -157,9 +158,12 @@ impl<T: Integer> Sieve<T> {
         }
 
         // Find the increment limit.
-        let max_value = match T::one().overflowing_shl_vartime(self.max_bit_length).into() {
+        let max_value = match T::one_like(&self.base)
+            .overflowing_shl_vartime(self.max_bit_length)
+            .into()
+        {
             Some(val) => val,
-            None => T::one(),
+            None => T::one_like(&self.base),
         };
         let incr_limit = max_value.wrapping_sub(&self.base);
         self.incr_limit = if incr_limit > T::from(INCR_LIMIT) {
@@ -218,7 +222,7 @@ impl<T: Integer> Sieve<T> {
                 .checked_add(&self.incr.into())
                 .expect("addition should not overflow by construction");
             if self.safe_primes {
-                num = num.wrapping_shl_vartime(1) | T::one();
+                num = num.wrapping_shl_vartime(1) | T::one_like(&self.base);
             }
             Some(num)
         };
@@ -279,7 +283,8 @@ mod tests {
         let max_prime = SMALL_PRIMES[SMALL_PRIMES.len() - 1];
 
         let mut rng = ChaCha8Rng::from_seed(*b"01234567890123456789012345678901");
-        let start = random_odd_integer::<U64>(&mut rng, NonZeroU32::new(32).unwrap()).get();
+        let start =
+            random_odd_integer::<U64>(&mut rng, NonZeroU32::new(32).unwrap(), U64::BITS).get();
         for num in Sieve::new(&start, NonZeroU32::new(32).unwrap(), false).take(100) {
             let num_u64 = u64::from(num);
             assert!(num_u64.leading_zeros() == 32);
@@ -360,17 +365,18 @@ mod tests {
     #[test]
     fn random_below_max_length() {
         for _ in 0..10 {
-            let r = random_odd_integer::<U64>(&mut OsRng, NonZeroU32::new(50).unwrap()).get();
+            let r = random_odd_integer::<U64>(&mut OsRng, NonZeroU32::new(50).unwrap(), U64::BITS)
+                .get();
             assert_eq!(r.bits(), 50);
         }
     }
 
     #[test]
     #[should_panic(
-        expected = "try_random_bits() failed: BitLengthTooLarge { bit_length: 65, bits_precision: 64 }"
+        expected = "try_random_bits_with_precision() failed: BitLengthTooLarge { bit_length: 65, bits_precision: 64 }"
     )]
     fn random_odd_uint_too_many_bits() {
-        let _p = random_odd_integer::<U64>(&mut OsRng, NonZeroU32::new(65).unwrap());
+        let _p = random_odd_integer::<U64>(&mut OsRng, NonZeroU32::new(65).unwrap(), U64::BITS);
     }
 
     #[test]