Merge pull request #35 from fjarri/bump-crypto-bigint

fjarri · web-flow · commit 93799b8ea08b · 2023-11-28T20:34:24.000-08:00
Bump `crypto-bigint` to 0.5.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [0.5.1] - Unreleased
+
+### Fixed
+
+- Bumped `crypto-bigint` to 0.5.4. ([#35])
+
+
+[#35]: https://github.com/nucypher/rust-umbral/pull/35
+
+
 ## [0.5.0] - 2023-08-20
 
 ### Changed
diff --git a/Cargo.toml b/Cargo.toml
@@ -10,7 +10,7 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.65"
 
 [dependencies]
-crypto-bigint = { version = "0.5.2", default-features = false, features = ["rand_core"] }
+crypto-bigint = { version = "0.5.4", default-features = false, features = ["rand_core"] }
 rand_core = { version = "0.6.4", default-features = false }
 openssl = { version = "0.10.39", optional = true, features = ["vendored"] }
 rug = { version = "1.18", default-features = false, features = ["integer"], optional = true }
diff --git a/src/hazmat/lucas.rs b/src/hazmat/lucas.rs
@@ -60,7 +60,7 @@ impl LucasBase for SelfridgeBase {
             }
 
             if attempts >= ATTEMPTS_BEFORE_SQRT {
-                let sqrt_n = n.sqrt();
+                let sqrt_n = n.sqrt_vartime();
                 if &sqrt_n.wrapping_mul(&sqrt_n) == n {
                     return Err(Primality::Composite);
                 }
@@ -137,7 +137,7 @@ impl LucasBase for BruteForceBase {
             }
 
             if attempts >= ATTEMPTS_BEFORE_SQRT {
-                let sqrt_n = n.sqrt();
+                let sqrt_n = n.sqrt_vartime();
                 if &sqrt_n.wrapping_mul(&sqrt_n) == n {
                     return Err(Primality::Composite);
                 }
@@ -172,25 +172,17 @@ impl LucasBase for BruteForceBase {
 }
 
 /// For the given odd `n`, finds `s` and odd `d` such that `n + 1 == 2^s * d`.
-fn decompose<const L: usize>(n: &Uint<L>) -> (u32, Uint<L>) {
+fn decompose<const L: usize>(n: &Uint<L>) -> (usize, Uint<L>) {
     debug_assert!(bool::from(n.is_odd()));
 
     // Need to be careful here since `n + 1` can overflow.
     // Instead of adding 1 and counting trailing 0s, we count trailing ones on the original `n`.
 
-    let mut n = *n;
-    let mut s = 0;
-
-    while n.is_odd().into() {
-        n >>= 1;
-        s += 1;
-    }
-
+    let s = n.trailing_ones();
     // This won't overflow since the original `n` was odd, so we right-shifted at least once.
-    (
-        s,
-        Option::from(n.checked_add(&Uint::<L>::ONE)).expect("Integer overflow"),
-    )
+    let d = Option::from((n >> s).checked_add(&Uint::<L>::ONE)).expect("Integer overflow");
+
+    (s, d)
 }
 
 /// The checks to perform in the Lucas test.
@@ -317,7 +309,8 @@ pub fn lucas_test<const L: usize>(
         return Primality::Composite;
     }
 
-    // Find d and s, such that d is odd and d * 2^s = (n - (D/n)).
+    // Find `d` and `s`, such that `d` is odd and `d * 2^s = n - (D/n)`.
+    // Since `(D/n) == -1` by construction, we're looking for `d * 2^s = n + 1`.
     let (s, d) = decompose(candidate);
 
     // Some constants in Montgomery form
