[WIP] Bump crypto-bigint

This PR includes #113 along with breaking changes to `crypto-bigint`

Author: tarcieri

Cargo.toml

@@ -10,7 +10,7 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
-crypto-bigint = { version = "0.7.0-rc.22", default-features = false, features = ["rand_core"] }
+crypto-bigint = { version = "0.7.0-rc.26", default-features = false, features = ["rand_core"] }
 libm = { version = "0.2.13", default-features = false, features = ["arch"] }
 rand_core = { version = "0.10", default-features = false }
 rayon = { version = "1", optional = true, default-features = false }
@@ -23,7 +23,7 @@ glass_pumpkin = { version = "1", optional = true }
 [dev-dependencies]
 rand = { version = "0.10", features = ["chacha"] }
 # need `crypto-bigint` with `alloc` to test `BoxedUint`
-crypto-bigint = { version = "0.7.0-pre.22", default-features = false, features = ["alloc"] }
+crypto-bigint = { version = "0.7.0-pre.26", default-features = false, features = ["alloc"] }
 criterion = { version = "0.5", features = ["html_reports"] }
 num-modular = { version = "0.5", features = ["num-bigint"] }
 num-bigint = "0.4"
@@ -61,3 +61,6 @@ harness = false
 [[bench]]
 name = "cctv"
 harness = false
+
+[patch.crates-io.crypto-bigint]
+git = "https://github.com/RustCrypto/crypto-bigint"

benches/bench.rs

@@ -65,7 +65,7 @@ fn bench_sieve(c: &mut Criterion) {
     // 5 is the average number of pre-sieved samples we need to take before we encounter a prime
     group.bench_function("(U128) average sieve samples for a prime (5)", |b| {
         b.iter_batched(
-            || make_sieve::<{ nlimbs!(128) }, _>(&mut rng),
+            || make_sieve::<{ nlimbs(128) }, _>(&mut rng),
             |sieve| sieve.take(5).for_each(drop),
             BatchSize::SmallInput,
         )
@@ -86,7 +86,7 @@ fn bench_sieve(c: &mut Criterion) {
     // 42 is the average number of pre-sieved samples we need to take before we encounter a prime
     group.bench_function("(U1024) average sieve samples for a prime (42)", |b| {
         b.iter_batched(
-            || make_sieve::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_sieve::<{ nlimbs(1024) }, _>(&mut rng),
             |sieve| sieve.take(42).for_each(drop),
             BatchSize::SmallInput,
         )
@@ -96,7 +96,7 @@ fn bench_sieve(c: &mut Criterion) {
     // before we encounter a safe prime
     group.bench_function("(U1024) average sieve samples for a safe prime (42^2)", |b| {
         b.iter_batched(
-            || make_sieve::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_sieve::<{ nlimbs(1024) }, _>(&mut rng),
             |sieve| sieve.take(42 * 42).for_each(drop),
             BatchSize::SmallInput,
         )
@@ -119,7 +119,7 @@ fn bench_miller_rabin(c: &mut Criterion) {
 
     group.bench_function("(U128) random base test (pre-sieved)", |b| {
         b.iter_batched(
-            || MillerRabin::new(make_presieved_num::<{ nlimbs!(128) }, _>(&mut rng.clone())),
+            || MillerRabin::new(make_presieved_num::<{ nlimbs(128) }, _>(&mut rng.clone())),
             |mr| mr.test_random_base(&mut rng.clone()),
             BatchSize::SmallInput,
         )
@@ -135,7 +135,7 @@ fn bench_miller_rabin(c: &mut Criterion) {
 
     group.bench_function("(U1024) random base test (pre-sieved)", |b| {
         b.iter_batched(
-            || MillerRabin::new(make_presieved_num::<{ nlimbs!(1024) }, _>(&mut rng.clone())),
+            || MillerRabin::new(make_presieved_num::<{ nlimbs(1024) }, _>(&mut rng.clone())),
             |mr| mr.test_random_base(&mut rng.clone()),
             BatchSize::SmallInput,
         )
@@ -148,7 +148,7 @@ fn bench_lucas(c: &mut Criterion) {
     let mut rng = make_rng();
     group.bench_function("(U128) Selfridge base, strong check (pre-sieved)", |b| {
         b.iter_batched(
-            || make_presieved_num::<{ nlimbs!(128) }, _>(&mut rng),
+            || make_presieved_num::<{ nlimbs(128) }, _>(&mut rng),
             |n| lucas_test(n, SelfridgeBase, LucasCheck::Strong),
             BatchSize::SmallInput,
         )
@@ -157,7 +157,7 @@ fn bench_lucas(c: &mut Criterion) {
     let mut rng = make_rng();
     group.bench_function("(U1024) Selfridge base, strong check (pre-sieved)", |b| {
         b.iter_batched(
-            || make_presieved_num::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_presieved_num::<{ nlimbs(1024) }, _>(&mut rng),
             |n| lucas_test(n, SelfridgeBase, LucasCheck::Strong),
             BatchSize::SmallInput,
         )
@@ -166,7 +166,7 @@ fn bench_lucas(c: &mut Criterion) {
     let mut rng = make_rng();
     group.bench_function("(U1024) A* base, Lucas-V check (pre-sieved)", |b| {
         b.iter_batched(
-            || make_presieved_num::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_presieved_num::<{ nlimbs(1024) }, _>(&mut rng),
             |n| lucas_test(n, AStarBase, LucasCheck::LucasV),
             BatchSize::SmallInput,
         )
@@ -175,7 +175,7 @@ fn bench_lucas(c: &mut Criterion) {
     let mut rng = make_rng();
     group.bench_function("(U1024) brute force base, almost extra strong (pre-sieved)", |b| {
         b.iter_batched(
-            || make_presieved_num::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_presieved_num::<{ nlimbs(1024) }, _>(&mut rng),
             |n| lucas_test(n, BruteForceBase, LucasCheck::AlmostExtraStrong),
             BatchSize::SmallInput,
         )
@@ -184,7 +184,7 @@ fn bench_lucas(c: &mut Criterion) {
     let mut rng = make_rng();
     group.bench_function("(U1024) brute force base, extra strong (pre-sieved)", |b| {
         b.iter_batched(
-            || make_presieved_num::<{ nlimbs!(1024) }, _>(&mut rng),
+            || make_presieved_num::<{ nlimbs(1024) }, _>(&mut rng),
             |n| lucas_test(n, BruteForceBase, LucasCheck::ExtraStrong),
             BatchSize::SmallInput,
         )
@@ -405,15 +405,15 @@ fn bench_gmp(c: &mut Criterion) {
 
     group.bench_function("(U128) Random prime", |b| {
         b.iter_batched(
-            || random::<{ nlimbs!(128) }, _>(&mut rng),
+            || random::<{ nlimbs(128) }, _>(&mut rng),
             |n| n.next_prime(),
             BatchSize::SmallInput,
         )
     });
 
     group.bench_function("(U1024) Random prime", |b| {
         b.iter_batched(
-            || random::<{ nlimbs!(1024) }, _>(&mut rng),
+            || random::<{ nlimbs(1024) }, _>(&mut rng),
             |n| n.next_prime(),
             BatchSize::SmallInput,
         )

src/fips.rs

@@ -2,7 +2,7 @@
 //!
 //! [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 
-use crypto_bigint::{RandomMod, UnsignedMontyForm};
+use crypto_bigint::{RandomMod, UnsignedWithMontyForm};
 use rand_core::CryptoRng;
 
 use crate::{
@@ -84,7 +84,7 @@ impl FipsOptions {
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 pub fn is_prime<T>(rng: &mut (impl CryptoRng + ?Sized), flavor: Flavor, candidate: &T, options: FipsOptions) -> bool
 where
-    T: UnsignedMontyForm + RandomMod,
+    T: UnsignedWithMontyForm + RandomMod,
 {
     match flavor {
         Flavor::Any => {}
@@ -128,7 +128,7 @@ where
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 fn is_safe_prime<T>(rng: &mut (impl CryptoRng + ?Sized), candidate: &T, options: FipsOptions) -> bool
 where
-    T: UnsignedMontyForm + RandomMod,
+    T: UnsignedWithMontyForm + RandomMod,
 {
     // Since, by the definition of safe prime, `(candidate - 1) / 2` must also be prime,
     // and therefore odd, `candidate` has to be equal to 3 modulo 4.

src/hazmat/float.rs

@@ -114,6 +114,7 @@ pub(crate) const fn floor_sqrt(x: u32) -> u32 {
 
 // Calculate the natural logarithm of a big integer using the relation ln(x) = log₂(x) / log₂(e).
 // Uses fixed-point arithmetic for large values of x (> 2^53).
+#[allow(trivial_numeric_casts)]
 pub(crate) fn ln<const LIMBS: usize>(x: &Uint<LIMBS>) -> f64 {
     if x <= &Uint::ONE {
         return 0.0;

src/hazmat/lucas.rs

@@ -1,6 +1,6 @@
 //! Lucas primality test.
 use core::num::NonZero;
-use crypto_bigint::{Limb, MontyForm, MontyMultiplier, Odd, Square, UnsignedMontyForm, Word};
+use crypto_bigint::{Limb, MontyForm, MontyMultiplier, Odd, Square, UnsignedWithMontyForm, Word};
 
 use super::{
     Primality,
@@ -28,7 +28,7 @@ pub trait LucasBase {
     /// Given an odd integer, returns `Ok((P, abs(Q), is_negative(Q)))` on success,
     /// or `Err(Primality)` if the primality for the given integer was discovered
     /// during the search for a base.
-    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality>;
+    fn generate<T: UnsignedWithMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality>;
 }
 
 /// "Method A" for selecting the base given in Baillie & Wagstaff[^Baillie1980],
@@ -45,7 +45,7 @@ pub trait LucasBase {
 pub struct SelfridgeBase;
 
 impl LucasBase for SelfridgeBase {
-    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedWithMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         let mut abs_d = 5;
         let mut d_is_negative = false;
         let n_is_small = n.bits_vartime() < Word::BITS; // if true, `n` fits into one `Word`
@@ -109,7 +109,7 @@ impl LucasBase for SelfridgeBase {
 pub struct AStarBase;
 
 impl LucasBase for AStarBase {
-    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedWithMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         SelfridgeBase.generate(n).map(|(p, abs_q, q_is_negative)| {
             if abs_q == 1 && q_is_negative {
                 (5, 5, false)
@@ -131,7 +131,7 @@ impl LucasBase for AStarBase {
 pub struct BruteForceBase;
 
 impl LucasBase for BruteForceBase {
-    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedWithMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         let mut p = 3;
         let mut attempts = 0;
 
@@ -178,7 +178,7 @@ impl LucasBase for BruteForceBase {
 /// For the given odd `n`, finds `s` and odd `d` such that `n + 1 == 2^s * d`.
 fn decompose<T>(n: &Odd<T>) -> (u32, Odd<T>)
 where
-    T: UnsignedMontyForm,
+    T: UnsignedWithMontyForm,
 {
     // Need to be careful here since `n + 1` can overflow.
     // Instead of adding 1 and counting trailing 0s, we count trailing ones on the original `n`.
@@ -320,7 +320,7 @@ pub enum LucasCheck {
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 pub fn lucas_test<T>(candidate: Odd<T>, base: impl LucasBase, check: LucasCheck) -> Primality
 where
-    T: UnsignedMontyForm,
+    T: UnsignedWithMontyForm,
 {
     // The comments in this function use references in `LucasCheck`, plus this one:
     //
@@ -375,10 +375,10 @@ where
     let (s, d) = decompose(&candidate);
 
     // Some constants in Montgomery form
-    let params = <T as UnsignedMontyForm>::MontyForm::new_params_vartime(candidate.clone());
+    let params = <T as UnsignedWithMontyForm>::MontyForm::new_params_vartime(candidate.clone());
 
-    let zero = <T as UnsignedMontyForm>::MontyForm::zero(&params);
-    let one = <T as UnsignedMontyForm>::MontyForm::one(&params);
+    let zero = <T as UnsignedWithMontyForm>::MontyForm::zero(&params);
+    let one = <T as UnsignedWithMontyForm>::MontyForm::one(&params);
     let two = one.clone() + &one;
     let minus_two = -two.clone();
 
@@ -387,7 +387,7 @@ where
     let q = if q_is_one {
         one.clone()
     } else {
-        let abs_q = <T as UnsignedMontyForm>::MontyForm::new(to_integer(abs_q), &params);
+        let abs_q = <T as UnsignedWithMontyForm>::MontyForm::new(to_integer(abs_q), &params);
         if q_is_negative { -abs_q } else { abs_q }
     };
 
@@ -396,7 +396,7 @@ where
     let p = if p_is_one {
         one.clone()
     } else {
-        <T as UnsignedMontyForm>::MontyForm::new(to_integer(p), &params)
+        <T as UnsignedWithMontyForm>::MontyForm::new(to_integer(p), &params)
     };
 
     // Compute d-th element of Lucas sequence (U_d(P, Q), V_d(P, Q)), where:
@@ -415,15 +415,15 @@ where
 
     // Starting with k = 0
     let mut vk = two.clone(); // keeps V_k
-    let mut uk = <T as UnsignedMontyForm>::MontyForm::zero(&params); // keeps U_k
+    let mut uk = <T as UnsignedWithMontyForm>::MontyForm::zero(&params); // keeps U_k
     let mut qk = one.clone(); // keeps Q^k
 
-    let mut temp = <T as UnsignedMontyForm>::MontyForm::zero(&params);
+    let mut temp = <T as UnsignedWithMontyForm>::MontyForm::zero(&params);
 
-    let mut mm = <<T as UnsignedMontyForm>::MontyForm as MontyForm>::Multiplier::from(&params);
+    let mut mm = <<T as UnsignedWithMontyForm>::MontyForm as MontyForm>::Multiplier::from(&params);
 
     // D in Montgomery representation - note that it can be negative.
-    let abs_d = <T as UnsignedMontyForm>::MontyForm::new(to_integer(abs_d), &params);
+    let abs_d = <T as UnsignedWithMontyForm>::MontyForm::new(to_integer(abs_d), &params);
     let d_m = if d_is_negative { -abs_d } else { abs_d };
 
     for i in (0..d.bits_vartime()).rev() {
@@ -606,7 +606,7 @@ mod tests {
 
     use alloc::format;
 
-    use crypto_bigint::{Odd, U64, U128, Uint, UnsignedMontyForm, Word};
+    use crypto_bigint::{Odd, U64, U128, Uint, UnsignedWithMontyForm, Word};
 
     #[cfg(feature = "tests-exhaustive")]
     use num_prime::nt_funcs::is_prime64;
@@ -657,7 +657,7 @@ mod tests {
         struct TestBase;
 
         impl LucasBase for TestBase {
-            fn generate<T: UnsignedMontyForm>(&self, _n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+            fn generate<T: UnsignedWithMontyForm>(&self, _n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
                 Ok((5, 5, false))
             }
         }

src/hazmat/miller_rabin.rs

@@ -1,6 +1,8 @@
 //! Miller-Rabin primality test.
 
-use crypto_bigint::{Limb, MontyForm, NonZero as CTNonZero, Odd, PowBoundedExp, RandomMod, Square, UnsignedMontyForm};
+use crypto_bigint::{
+    Limb, MontyForm, NonZero as CTNonZero, Odd, PowBoundedExp, RandomMod, Square, UnsignedWithMontyForm,
+};
 use rand_core::CryptoRng;
 
 use super::{
@@ -21,18 +23,18 @@ use super::{
 ///
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct MillerRabin<T: UnsignedMontyForm> {
+pub struct MillerRabin<T: UnsignedWithMontyForm> {
     // The odd number that may or may not be a prime.
     candidate: T,
     /// The number of bits necessary to represent the candidate. Note: this is not the number of
     /// bits used by a `T` in memory.
     bits: u32,
     /// Pre-computed parameters for the Montgomery form of `T`.
-    montgomery_params: <<T as UnsignedMontyForm>::MontyForm as MontyForm>::Params,
+    montgomery_params: <<T as UnsignedWithMontyForm>::MontyForm as MontyForm>::Params,
     /// The number 1 in Montgomery form.
-    one: <T as UnsignedMontyForm>::MontyForm,
+    one: <T as UnsignedWithMontyForm>::MontyForm,
     /// The number -1 in Montgomery form.
-    minus_one: <T as UnsignedMontyForm>::MontyForm,
+    minus_one: <T as UnsignedWithMontyForm>::MontyForm,
     /// The `s` exponent in the Miller-Rabin test, that finds `s` and `d` odd s.t. `candidate - 1 ==
     /// 2^s * d` (the pair `s` and `d` is unique).
     s: u32,
@@ -41,11 +43,11 @@ pub struct MillerRabin<T: UnsignedMontyForm> {
     d: T,
 }
 
-impl<T: UnsignedMontyForm + RandomMod> MillerRabin<T> {
+impl<T: UnsignedWithMontyForm + RandomMod> MillerRabin<T> {
     /// Initializes a Miller-Rabin test for `candidate`.
     pub fn new(candidate: Odd<T>) -> Self {
-        let params = <T as UnsignedMontyForm>::MontyForm::new_params_vartime(candidate.clone());
-        let m_one = <T as UnsignedMontyForm>::MontyForm::one(&params);
+        let params = <T as UnsignedWithMontyForm>::MontyForm::new_params_vartime(candidate.clone());
+        let m_one = <T as UnsignedWithMontyForm>::MontyForm::one(&params);
         let m_minus_one = -m_one.clone();
 
         let one = T::one_like(candidate.as_ref());
@@ -79,7 +81,7 @@ impl<T: UnsignedMontyForm + RandomMod> MillerRabin<T> {
         // One could check here if `gcd(base, candidate) == 1` and return `Composite` otherwise.
         // In practice it doesn't make any performance difference in normal operation.
 
-        let base = <T as UnsignedMontyForm>::MontyForm::new(base.clone(), &self.montgomery_params);
+        let base = <T as UnsignedWithMontyForm>::MontyForm::new(base.clone(), &self.montgomery_params);
 
         // Implementation detail: bounded exp gets faster every time we decrease the bound
         // by the window length it uses, which is currently 4 bits.
@@ -233,7 +235,7 @@ mod tests {
     use alloc::format;
     use core::num::NonZero;
 
-    use crypto_bigint::{Odd, RandomMod, U64, U128, U1024, U1536, Uint, UnsignedMontyForm};
+    use crypto_bigint::{Odd, RandomMod, U64, U128, U1024, U1536, Uint, UnsignedWithMontyForm};
     use rand::rngs::ChaCha8Rng;
     use rand_core::{CryptoRng, SeedableRng};
 
@@ -265,7 +267,7 @@ mod tests {
         pseudoprimes::STRONG_BASE_2.contains(&num)
     }
 
-    fn random_checks<T: UnsignedMontyForm + RandomMod, R: CryptoRng + ?Sized>(
+    fn random_checks<T: UnsignedWithMontyForm + RandomMod, R: CryptoRng + ?Sized>(
         rng: &mut R,
         mr: &MillerRabin<T>,
         count: usize,