Merge pull request #19 from fjarri/bounded-primes

Bounded MR test

Author: fjarri

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `sieve_once()` was removed ([#22]).
 - `MillerRabin::new()` and `test_random_base()` will panic if the input is invalid. ([#22])
 - `MillerRabin::check()` renamed to `test()`. ([#22])
+- Prime-generating function take `Option<usize>` instead of `usize`, where `None` means the full size of the `Uint`. ([#19])
 
 
 ### Added
@@ -22,8 +23,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Some mistakes in the description of Lucas checks (the logic itself was fine). ([#20])
 - Major performance increase across the board due to better sieving (especially for random safe prime finding). ([#22])
+- Performance increase for the cases when the bit size of the generated prime is smaller than that of the containing `Uint`. ([#19])
 
 
+[#19]: https://github.com/nucypher/rust-umbral/pull/19
 [#20]: https://github.com/nucypher/rust-umbral/pull/20
 [#22]: https://github.com/nucypher/rust-umbral/pull/22
 

benches/bench.rs

@@ -207,23 +207,45 @@ fn bench_presets(c: &mut Criterion) {
 
     let mut rng = make_rng();
     group.bench_function("(U128) Random prime", |b| {
-        b.iter(|| prime_with_rng::<{ nlimbs!(128) }>(&mut rng, 128))
+        b.iter(|| prime_with_rng::<{ nlimbs!(128) }>(&mut rng, None))
     });
 
     let mut rng = make_rng();
     group.bench_function("(U1024) Random prime", |b| {
-        b.iter(|| prime_with_rng::<{ nlimbs!(1024) }>(&mut rng, 1024))
+        b.iter(|| prime_with_rng::<{ nlimbs!(1024) }>(&mut rng, None))
     });
 
     let mut rng = make_rng();
     group.bench_function("(U128) Random safe prime", |b| {
-        b.iter(|| safe_prime_with_rng::<{ nlimbs!(128) }>(&mut rng, 128))
+        b.iter(|| safe_prime_with_rng::<{ nlimbs!(128) }>(&mut rng, None))
     });
 
     group.sample_size(20);
     let mut rng = make_rng();
     group.bench_function("(U1024) Random safe prime", |b| {
-        b.iter(|| safe_prime_with_rng::<{ nlimbs!(1024) }>(&mut rng, 1024))
+        b.iter(|| safe_prime_with_rng::<{ nlimbs!(1024) }>(&mut rng, None))
+    });
+
+    group.finish();
+
+    // A separate group for bounded tests, to make it easier to run them separately.
+    let mut group = c.benchmark_group("Presets (bounded)");
+
+    let mut rng = make_rng();
+    group.bench_function("(U128) Random safe prime", |b| {
+        b.iter(|| safe_prime_with_rng::<{ nlimbs!(128) }>(&mut rng, None))
+    });
+
+    // The performance should scale with the prime size, not with the Uint size.
+    // So we should strive for this test's result to be as close as possible
+    // to that of the previous one and as far away as possible from the next one.
+    group.bench_function("(U256) Random 128 bit safe prime", |b| {
+        b.iter(|| safe_prime_with_rng::<{ nlimbs!(256) }>(&mut rng, Some(128)))
+    });
+
+    // The upper bound for the previous test.
+    group.bench_function("(U256) Random 256 bit safe prime", |b| {
+        b.iter(|| safe_prime_with_rng::<{ nlimbs!(256) }>(&mut rng, None))
     });
 
     group.finish();

src/hazmat/miller_rabin.rs

@@ -20,6 +20,7 @@ use super::Primality;
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct MillerRabin<const L: usize> {
     candidate: Uint<L>,
+    bit_length: usize,
     montgomery_params: DynResidueParams<L>,
     one: DynResidue<L>,
     minus_one: DynResidue<L>,
@@ -47,6 +48,7 @@ impl<const L: usize> MillerRabin<L> {
 
         Self {
             candidate: *candidate,
+            bit_length: candidate.bits_vartime(),
             montgomery_params: params,
             one,
             minus_one,
@@ -61,7 +63,13 @@ impl<const L: usize> MillerRabin<L> {
         // otherwise we can return `Composite` right away.
 
         let base = DynResidue::<L>::new(base, self.montgomery_params);
-        let mut test = base.pow(&self.d);
+
+        // Implementation detail: bounded exp gets faster every time we decrease the bound
+        // by the window length it uses, which is currently 4 bits.
+        // So even when the bound isn't low enough that the number can fit
+        // in a smaller number of limbs, there is still a performance gain
+        // from specifying the bound.
+        let mut test = base.pow_bounded_exp(&self.d, self.bit_length);
 
         if test == self.one || test == self.minus_one {
             return Primality::ProbablyPrime;

src/presets.rs

@@ -9,19 +9,21 @@ use crate::hazmat::{
 };
 
 /// Returns a random prime of size `bit_length` using [`OsRng`] as the RNG.
+/// If `bit_length` is `None`, the full size of `Uint<L>` is used.
 ///
 /// See [`is_prime_with_rng`] for details about the performed checks.
 #[cfg(feature = "default-rng")]
-pub fn prime<const L: usize>(bit_length: usize) -> Uint<L> {
+pub fn prime<const L: usize>(bit_length: Option<usize>) -> Uint<L> {
     prime_with_rng(&mut OsRng, bit_length)
 }
 
 /// Returns a random safe prime (that is, such that `(n - 1) / 2` is also prime)
 /// of size `bit_length` using [`OsRng`] as the RNG.
+/// If `bit_length` is `None`, the full size of `Uint<L>` is used.
 ///
 /// See [`is_prime_with_rng`] for details about the performed checks.
 #[cfg(feature = "default-rng")]
-pub fn safe_prime<const L: usize>(bit_length: usize) -> Uint<L> {
+pub fn safe_prime<const L: usize>(bit_length: Option<usize>) -> Uint<L> {
     safe_prime_with_rng(&mut OsRng, bit_length)
 }
 
@@ -44,11 +46,16 @@ pub fn is_safe_prime<const L: usize>(num: &Uint<L>) -> bool {
 }
 
 /// Returns a random prime of size `bit_length` using the provided RNG.
+/// If `bit_length` is `None`, the full size of `Uint<L>` is used.
 ///
 /// Panics if `bit_length` is less than 2, or greater than the bit size of the target `Uint`.
 ///
 /// See [`is_prime_with_rng`] for details about the performed checks.
-pub fn prime_with_rng<const L: usize>(rng: &mut impl CryptoRngCore, bit_length: usize) -> Uint<L> {
+pub fn prime_with_rng<const L: usize>(
+    rng: &mut impl CryptoRngCore,
+    bit_length: Option<usize>,
+) -> Uint<L> {
+    let bit_length = bit_length.unwrap_or(Uint::<L>::BITS);
     if bit_length < 2 {
         panic!("`bit_length` must be 2 or greater.");
     }
@@ -65,14 +72,16 @@ pub fn prime_with_rng<const L: usize>(rng: &mut impl CryptoRngCore, bit_length:
 
 /// Returns a random safe prime (that is, such that `(n - 1) / 2` is also prime)
 /// of size `bit_length` using the provided RNG.
+/// If `bit_length` is `None`, the full size of `Uint<L>` is used.
 ///
 /// Panics if `bit_length` is less than 3, or is greater than the bit size of the target `Uint`.
 ///
 /// See [`is_prime_with_rng`] for details about the performed checks.
 pub fn safe_prime_with_rng<const L: usize>(
     rng: &mut impl CryptoRngCore,
-    bit_length: usize,
+    bit_length: Option<usize>,
 ) -> Uint<L> {
+    let bit_length = bit_length.unwrap_or(Uint::<L>::BITS);
     if bit_length < 3 {
         panic!("`bit_length` must be 3 or greater.");
     }
@@ -240,7 +249,7 @@ mod tests {
     #[test]
     fn generate_prime() {
         for bit_length in (28..=128).step_by(10) {
-            let p: U128 = prime(bit_length);
+            let p: U128 = prime(Some(bit_length));
             assert!(p.bits_vartime() == bit_length);
             assert!(is_prime(&p));
         }
@@ -249,7 +258,7 @@ mod tests {
     #[test]
     fn generate_safe_prime() {
         for bit_length in (28..=128).step_by(10) {
-            let p: U128 = safe_prime(bit_length);
+            let p: U128 = safe_prime(Some(bit_length));
             assert!(p.bits_vartime() == bit_length);
             assert!(is_safe_prime(&p));
         }
@@ -282,25 +291,25 @@ mod tests {
     #[test]
     #[should_panic(expected = "`bit_length` must be 2 or greater")]
     fn generate_prime_too_few_bits() {
-        let _p: U64 = prime_with_rng(&mut OsRng, 1);
+        let _p: U64 = prime_with_rng(&mut OsRng, Some(1));
     }
 
     #[test]
     #[should_panic(expected = "`bit_length` must be 3 or greater")]
     fn generate_safe_prime_too_few_bits() {
-        let _p: U64 = safe_prime_with_rng(&mut OsRng, 2);
+        let _p: U64 = safe_prime_with_rng(&mut OsRng, Some(2));
     }
 
     #[test]
     #[should_panic(expected = "The requested bit length (65) is larger than the chosen Uint size")]
     fn generate_prime_too_many_bits() {
-        let _p: U64 = prime_with_rng(&mut OsRng, 65);
+        let _p: U64 = prime_with_rng(&mut OsRng, Some(65));
     }
 
     #[test]
     #[should_panic(expected = "The requested bit length (65) is larger than the chosen Uint size")]
     fn generate_safe_prime_too_many_bits() {
-        let _p: U64 = safe_prime_with_rng(&mut OsRng, 65);
+        let _p: U64 = safe_prime_with_rng(&mut OsRng, Some(65));
     }
 
     fn is_prime_ref(num: Word) -> bool {
@@ -311,7 +320,7 @@ mod tests {
     fn corner_cases_generate_prime() {
         for bits in 2usize..5 {
             for _ in 0..100 {
-                let p: U64 = prime(bits);
+                let p: U64 = prime(Some(bits));
                 let p_word = p.as_words()[0];
                 assert!(is_prime_ref(p_word));
             }
@@ -322,7 +331,7 @@ mod tests {
     fn corner_cases_generate_safe_prime() {
         for bits in 3usize..5 {
             for _ in 0..100 {
-                let p: U64 = safe_prime(bits);
+                let p: U64 = safe_prime(Some(bits));
                 let p_word = p.as_words()[0];
                 assert!(is_prime_ref(p_word) && is_prime_ref(p_word / 2));
             }
@@ -360,7 +369,7 @@ mod tests_openssl {
 
         // Generate primes, let OpenSSL check them
         for _ in 0..100 {
-            let p: U128 = prime(128);
+            let p: U128 = prime(Some(128));
             let p_bn = to_openssl(&p);
             assert!(
                 openssl_is_prime(&p_bn, &mut ctx),
@@ -419,7 +428,7 @@ mod tests_gmp {
     fn gmp_cross_check() {
         // Generate primes, let GMP check them
         for _ in 0..100 {
-            let p: U128 = prime(128);
+            let p: U128 = prime(Some(128));
             let p_bn = to_gmp(&p);
             assert!(gmp_is_prime(&p_bn), "GMP reports {p} as composite");
         }

src/traits.rs

@@ -7,19 +7,21 @@ use crate::{is_prime_with_rng, is_safe_prime_with_rng, prime_with_rng, safe_prim
 /// and primality checking, wrapping the standalone functions ([`is_prime_with_rng`] etc).
 pub trait RandomPrimeWithRng {
     /// Returns a random prime of size `bit_length` using the provided RNG.
+    /// If `bit_length` is `None`, the full size of `Uint<L>` is used.
     ///
     /// Panics if `bit_length` is less than 2, or greater than the bit size of the target `Uint`.
     ///
     /// See [`is_prime_with_rng`] for details about the performed checks.
-    fn prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: usize) -> Self;
+    fn prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: Option<usize>) -> Self;
 
     /// Returns a random safe prime (that is, such that `(n - 1) / 2` is also prime)
     /// of size `bit_length` using the provided RNG.
+    /// If `bit_length` is `None`, the full size of `Uint<L>` is used.
     ///
     /// Panics if `bit_length` is less than 3, or greater than the bit size of the target `Uint`.
     ///
     /// See [`is_prime_with_rng`] for details about the performed checks.
-    fn safe_prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: usize) -> Self;
+    fn safe_prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: Option<usize>) -> Self;
 
     /// Checks probabilistically if the given number is prime using the provided RNG.
     ///
@@ -33,10 +35,10 @@ pub trait RandomPrimeWithRng {
 }
 
 impl<const L: usize> RandomPrimeWithRng for Uint<L> {
-    fn prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: usize) -> Self {
+    fn prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: Option<usize>) -> Self {
         prime_with_rng(rng, bit_length)
     }
-    fn safe_prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: usize) -> Self {
+    fn safe_prime_with_rng(rng: &mut impl CryptoRngCore, bit_length: Option<usize>) -> Self {
         safe_prime_with_rng(rng, bit_length)
     }
     fn is_prime_with_rng(&self, rng: &mut impl CryptoRngCore) -> bool {
@@ -62,7 +64,7 @@ mod tests {
         assert!(!U64::from(13u32).is_safe_prime_with_rng(&mut OsRng));
         assert!(U64::from(11u32).is_safe_prime_with_rng(&mut OsRng));
 
-        assert!(U64::prime_with_rng(&mut OsRng, 10).is_prime_with_rng(&mut OsRng));
-        assert!(U64::safe_prime_with_rng(&mut OsRng, 10).is_safe_prime_with_rng(&mut OsRng));
+        assert!(U64::prime_with_rng(&mut OsRng, Some(10)).is_prime_with_rng(&mut OsRng));
+        assert!(U64::safe_prime_with_rng(&mut OsRng, Some(10)).is_safe_prime_with_rng(&mut OsRng));
     }
 }