Bump crypto-bigint to v0.7.0-rc.22 (#110)

Also bumps: `rand_core` v0.10.0-rc-6

This release brought a few breaking changes:
- For this crate's purposes: `Unsigned` => `UnsignedMontyForm`. I moved
  the associated type here, which has now been renamed `MontyForm`,
  because...
- `Monty` => `MontyForm`: the stack-allocated type previously known as
  `MontyForm` is now known as `FixedMontyForm`, and the `Monty` trait is
  now `MontyForm`.
- `Monty(Form)` methods that take a `params` argument now borrow: this
  gets rid of the params cloning that was happening before. It now
  clones (an `Arc`) for you, or copies, as need be.

Word of warning: as of this `rand_core` release, `(Try)RngCore` is now
`(Try)Rng`. This crate wasn't impacted, however, since it uses
`CryptoRng` which didn't change.

Author: tarcieri

Cargo.toml

@@ -10,9 +10,9 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
-crypto-bigint = { version = "0.7.0-rc.21", default-features = false, features = ["rand_core"] }
+crypto-bigint = { version = "0.7.0-rc.22", default-features = false, features = ["rand_core"] }
 libm = { version = "0.2.13", default-features = false, features = ["arch"] }
-rand_core = { version = "0.10.0-rc-5", default-features = false }
+rand_core = { version = "0.10.0-rc-6", default-features = false }
 rayon = { version = "1", optional = true, default-features = false }
 
 # Optional dependencies used in tests and benchmarks
@@ -23,7 +23,7 @@ glass_pumpkin = { version = "1", optional = true }
 [dev-dependencies]
 rand = { version = "0.10.0-rc.7", features = ["chacha"] }
 # need `crypto-bigint` with `alloc` to test `BoxedUint`
-crypto-bigint = { version = "0.7.0-pre.21", default-features = false, features = ["alloc"] }
+crypto-bigint = { version = "0.7.0-pre.22", default-features = false, features = ["alloc"] }
 criterion = { version = "0.5", features = ["html_reports"] }
 num-modular = { version = "0.5", features = ["num-bigint"] }
 num-bigint = "0.4"
@@ -61,3 +61,7 @@ harness = false
 [[bench]]
 name = "cctv"
 harness = false
+
+[patch.crates-io.rand]
+git = "https://github.com/rust-random/rand"
+branch = "rand_core/v0.10.0-rc-6"

src/fips.rs

@@ -2,7 +2,7 @@
 //!
 //! [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 
-use crypto_bigint::{RandomMod, Unsigned};
+use crypto_bigint::{RandomMod, UnsignedMontyForm};
 use rand_core::CryptoRng;
 
 use crate::{
@@ -84,7 +84,7 @@ impl FipsOptions {
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 pub fn is_prime<T>(rng: &mut (impl CryptoRng + ?Sized), flavor: Flavor, candidate: &T, options: FipsOptions) -> bool
 where
-    T: Unsigned + RandomMod,
+    T: UnsignedMontyForm + RandomMod,
 {
     match flavor {
         Flavor::Any => {}
@@ -128,7 +128,7 @@ where
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 fn is_safe_prime<T>(rng: &mut (impl CryptoRng + ?Sized), candidate: &T, options: FipsOptions) -> bool
 where
-    T: Unsigned + RandomMod,
+    T: UnsignedMontyForm + RandomMod,
 {
     // Since, by the definition of safe prime, `(candidate - 1) / 2` must also be prime,
     // and therefore odd, `candidate` has to be equal to 3 modulo 4.

src/hazmat/lucas.rs

@@ -1,6 +1,6 @@
 //! Lucas primality test.
 use core::num::NonZero;
-use crypto_bigint::{Limb, Monty, MontyMultiplier, Odd, Square, Unsigned, Word};
+use crypto_bigint::{Limb, MontyForm, MontyMultiplier, Odd, Square, UnsignedMontyForm, Word};
 
 use super::{
     Primality,
@@ -28,7 +28,7 @@ pub trait LucasBase {
     /// Given an odd integer, returns `Ok((P, abs(Q), is_negative(Q)))` on success,
     /// or `Err(Primality)` if the primality for the given integer was discovered
     /// during the search for a base.
-    fn generate<T: Unsigned>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality>;
+    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality>;
 }
 
 /// "Method A" for selecting the base given in Baillie & Wagstaff[^Baillie1980],
@@ -45,7 +45,7 @@ pub trait LucasBase {
 pub struct SelfridgeBase;
 
 impl LucasBase for SelfridgeBase {
-    fn generate<T: Unsigned>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         let mut abs_d = 5;
         let mut d_is_negative = false;
         let n_is_small = n.bits_vartime() < Word::BITS; // if true, `n` fits into one `Word`
@@ -109,7 +109,7 @@ impl LucasBase for SelfridgeBase {
 pub struct AStarBase;
 
 impl LucasBase for AStarBase {
-    fn generate<T: Unsigned>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         SelfridgeBase.generate(n).map(|(p, abs_q, q_is_negative)| {
             if abs_q == 1 && q_is_negative {
                 (5, 5, false)
@@ -131,7 +131,7 @@ impl LucasBase for AStarBase {
 pub struct BruteForceBase;
 
 impl LucasBase for BruteForceBase {
-    fn generate<T: Unsigned>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+    fn generate<T: UnsignedMontyForm>(&self, n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
         let mut p = 3;
         let mut attempts = 0;
 
@@ -178,7 +178,7 @@ impl LucasBase for BruteForceBase {
 /// For the given odd `n`, finds `s` and odd `d` such that `n + 1 == 2^s * d`.
 fn decompose<T>(n: &Odd<T>) -> (u32, Odd<T>)
 where
-    T: Unsigned,
+    T: UnsignedMontyForm,
 {
     // Need to be careful here since `n + 1` can overflow.
     // Instead of adding 1 and counting trailing 0s, we count trailing ones on the original `n`.
@@ -320,7 +320,7 @@ pub enum LucasCheck {
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 pub fn lucas_test<T>(candidate: Odd<T>, base: impl LucasBase, check: LucasCheck) -> Primality
 where
-    T: Unsigned,
+    T: UnsignedMontyForm,
 {
     // The comments in this function use references in `LucasCheck`, plus this one:
     //
@@ -375,10 +375,10 @@ where
     let (s, d) = decompose(&candidate);
 
     // Some constants in Montgomery form
-    let params = <T as Unsigned>::Monty::new_params_vartime(candidate.clone());
+    let params = <T as UnsignedMontyForm>::MontyForm::new_params_vartime(candidate.clone());
 
-    let zero = <T as Unsigned>::Monty::zero(params.clone());
-    let one = <T as Unsigned>::Monty::one(params.clone());
+    let zero = <T as UnsignedMontyForm>::MontyForm::zero(&params);
+    let one = <T as UnsignedMontyForm>::MontyForm::one(&params);
     let two = one.clone() + &one;
     let minus_two = -two.clone();
 
@@ -387,7 +387,7 @@ where
     let q = if q_is_one {
         one.clone()
     } else {
-        let abs_q = <T as Unsigned>::Monty::new(to_integer(abs_q), &params);
+        let abs_q = <T as UnsignedMontyForm>::MontyForm::new(to_integer(abs_q), &params);
         if q_is_negative { -abs_q } else { abs_q }
     };
 
@@ -396,7 +396,7 @@ where
     let p = if p_is_one {
         one.clone()
     } else {
-        <T as Unsigned>::Monty::new(to_integer(p), &params)
+        <T as UnsignedMontyForm>::MontyForm::new(to_integer(p), &params)
     };
 
     // Compute d-th element of Lucas sequence (U_d(P, Q), V_d(P, Q)), where:
@@ -415,15 +415,15 @@ where
 
     // Starting with k = 0
     let mut vk = two.clone(); // keeps V_k
-    let mut uk = <T as Unsigned>::Monty::zero(params.clone()); // keeps U_k
+    let mut uk = <T as UnsignedMontyForm>::MontyForm::zero(&params); // keeps U_k
     let mut qk = one.clone(); // keeps Q^k
 
-    let mut temp = <T as Unsigned>::Monty::zero(params.clone());
+    let mut temp = <T as UnsignedMontyForm>::MontyForm::zero(&params);
 
-    let mut mm = <<T as Unsigned>::Monty as Monty>::Multiplier::from(&params);
+    let mut mm = <<T as UnsignedMontyForm>::MontyForm as MontyForm>::Multiplier::from(&params);
 
     // D in Montgomery representation - note that it can be negative.
-    let abs_d = <T as Unsigned>::Monty::new(to_integer(abs_d), &params);
+    let abs_d = <T as UnsignedMontyForm>::MontyForm::new(to_integer(abs_d), &params);
     let d_m = if d_is_negative { -abs_d } else { abs_d };
 
     for i in (0..d.bits_vartime()).rev() {
@@ -606,7 +606,7 @@ mod tests {
 
     use alloc::format;
 
-    use crypto_bigint::{Odd, U64, U128, Uint, Unsigned, Word};
+    use crypto_bigint::{Odd, U64, U128, Uint, UnsignedMontyForm, Word};
 
     #[cfg(feature = "tests-exhaustive")]
     use num_prime::nt_funcs::is_prime64;
@@ -657,7 +657,7 @@ mod tests {
         struct TestBase;
 
         impl LucasBase for TestBase {
-            fn generate<T: Unsigned>(&self, _n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
+            fn generate<T: UnsignedMontyForm>(&self, _n: &Odd<T>) -> Result<(Word, Word, bool), Primality> {
                 Ok((5, 5, false))
             }
         }

src/hazmat/miller_rabin.rs

@@ -1,6 +1,6 @@
 //! Miller-Rabin primality test.
 
-use crypto_bigint::{Limb, Monty, NonZero as CTNonZero, Odd, PowBoundedExp, RandomMod, Square, Unsigned};
+use crypto_bigint::{Limb, MontyForm, NonZero as CTNonZero, Odd, PowBoundedExp, RandomMod, Square, UnsignedMontyForm};
 use rand_core::CryptoRng;
 
 use super::{
@@ -21,18 +21,18 @@ use super::{
 ///
 /// [^FIPS]: FIPS-186.5 standard, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf>
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct MillerRabin<T: Unsigned> {
+pub struct MillerRabin<T: UnsignedMontyForm> {
     // The odd number that may or may not be a prime.
     candidate: T,
     /// The number of bits necessary to represent the candidate. Note: this is not the number of
     /// bits used by a `T` in memory.
     bits: u32,
     /// Pre-computed parameters for the Montgomery form of `T`.
-    montgomery_params: <<T as Unsigned>::Monty as Monty>::Params,
+    montgomery_params: <<T as UnsignedMontyForm>::MontyForm as MontyForm>::Params,
     /// The number 1 in Montgomery form.
-    one: <T as Unsigned>::Monty,
+    one: <T as UnsignedMontyForm>::MontyForm,
     /// The number -1 in Montgomery form.
-    minus_one: <T as Unsigned>::Monty,
+    minus_one: <T as UnsignedMontyForm>::MontyForm,
     /// The `s` exponent in the Miller-Rabin test, that finds `s` and `d` odd s.t. `candidate - 1 ==
     /// 2^s * d` (the pair `s` and `d` is unique).
     s: u32,
@@ -41,11 +41,11 @@ pub struct MillerRabin<T: Unsigned> {
     d: T,
 }
 
-impl<T: Unsigned + RandomMod> MillerRabin<T> {
+impl<T: UnsignedMontyForm + RandomMod> MillerRabin<T> {
     /// Initializes a Miller-Rabin test for `candidate`.
     pub fn new(candidate: Odd<T>) -> Self {
-        let params = <T as Unsigned>::Monty::new_params_vartime(candidate.clone());
-        let m_one = <T as Unsigned>::Monty::one(params.clone());
+        let params = <T as UnsignedMontyForm>::MontyForm::new_params_vartime(candidate.clone());
+        let m_one = <T as UnsignedMontyForm>::MontyForm::one(&params);
         let m_minus_one = -m_one.clone();
 
         let one = T::one_like(candidate.as_ref());
@@ -79,7 +79,7 @@ impl<T: Unsigned + RandomMod> MillerRabin<T> {
         // One could check here if `gcd(base, candidate) == 1` and return `Composite` otherwise.
         // In practice it doesn't make any performance difference in normal operation.
 
-        let base = <T as Unsigned>::Monty::new(base.clone(), &self.montgomery_params);
+        let base = <T as UnsignedMontyForm>::MontyForm::new(base.clone(), &self.montgomery_params);
 
         // Implementation detail: bounded exp gets faster every time we decrease the bound
         // by the window length it uses, which is currently 4 bits.
@@ -233,7 +233,7 @@ mod tests {
     use alloc::format;
     use core::num::NonZero;
 
-    use crypto_bigint::{Odd, RandomMod, U64, U128, U1024, U1536, Uint, Unsigned};
+    use crypto_bigint::{Odd, RandomMod, U64, U128, U1024, U1536, Uint, UnsignedMontyForm};
     use rand::rngs::ChaCha8Rng;
     use rand_core::{CryptoRng, SeedableRng};
 
@@ -265,7 +265,7 @@ mod tests {
         pseudoprimes::STRONG_BASE_2.contains(&num)
     }
 
-    fn random_checks<T: Unsigned + RandomMod, R: CryptoRng + ?Sized>(
+    fn random_checks<T: UnsignedMontyForm + RandomMod, R: CryptoRng + ?Sized>(
         rng: &mut R,
         mr: &MillerRabin<T>,
         count: usize,

src/multicore.rs

@@ -1,6 +1,6 @@
 //! Prime-finding functions that can parallelize across multiple cores.
 
-use crypto_bigint::{RandomBits, RandomMod, Unsigned};
+use crypto_bigint::{RandomBits, RandomMod, UnsignedMontyForm};
 use rand_core::{CryptoRng, SeedableRng};
 use rayon::iter::{ParallelBridge, ParallelIterator};
 
@@ -105,7 +105,7 @@ where
 /// Panics if the platform is unable to spawn threads.
 pub fn random_prime<T, R>(rng: &mut R, flavor: Flavor, bit_length: u32, threadcount: usize) -> T
 where
-    T: Unsigned + RandomBits + RandomMod,
+    T: UnsignedMontyForm + RandomBits + RandomMod,
     R: CryptoRng + Send + Sync + SeedableRng,
 {
     let factory = SmallFactorsSieveFactory::new(flavor, bit_length, SetBits::Msb)

src/presets.rs

@@ -1,4 +1,4 @@
-use crypto_bigint::{RandomBits, RandomMod, Unsigned};
+use crypto_bigint::{RandomBits, RandomMod, UnsignedMontyForm};
 use rand_core::CryptoRng;
 
 use crate::{
@@ -27,7 +27,7 @@ pub enum Flavor {
 /// See [`is_prime`] for details about the performed checks.
 pub fn random_prime<T, R>(rng: &mut R, flavor: Flavor, bit_length: u32) -> T
 where
-    T: Unsigned + RandomBits + RandomMod,
+    T: UnsignedMontyForm + RandomBits + RandomMod,
     R: CryptoRng + ?Sized,
 {
     let factory = SmallFactorsSieveFactory::new(flavor, bit_length, SetBits::Msb)
@@ -63,7 +63,7 @@ where
 ///       DOI: [10.1090/mcom/3616](https://doi.org/10.1090/mcom/3616)
 pub fn is_prime<T>(flavor: Flavor, candidate: &T) -> bool
 where
-    T: Unsigned + RandomMod,
+    T: UnsignedMontyForm + RandomMod,
 {
     match flavor {
         Flavor::Any => {}
@@ -94,7 +94,7 @@ where
 /// See [`is_prime`] for details about the performed checks.
 fn is_safe_prime<T>(candidate: &T) -> bool
 where
-    T: Unsigned + RandomMod,
+    T: UnsignedMontyForm + RandomMod,
 {
     // Since, by the definition of safe prime, `(candidate - 1) / 2` must also be prime,
     // and therefore odd, `candidate` has to be equal to 3 modulo 4.
@@ -115,7 +115,7 @@ where
 
 #[cfg(test)]
 mod tests {
-    use crypto_bigint::{BoxedUint, CheckedAdd, RandomMod, U64, U128, Uint, Unsigned, Word, nlimbs};
+    use crypto_bigint::{BoxedUint, CheckedAdd, RandomMod, U64, U128, Uint, UnsignedMontyForm, Word, nlimbs};
     use num_prime::nt_funcs::is_prime64;
 
     use super::{Flavor, is_prime, random_prime};
@@ -124,7 +124,7 @@ mod tests {
         hazmat::{primes, pseudoprimes},
     };
 
-    fn fips_is_prime<T: Unsigned + RandomMod>(flavor: Flavor, num: &T) -> bool {
+    fn fips_is_prime<T: UnsignedMontyForm + RandomMod>(flavor: Flavor, num: &T) -> bool {
         let mut rng = rand::rng();
         fips::is_prime(
             &mut rng,
@@ -134,7 +134,7 @@ mod tests {
         )
     }
 
-    fn fips_is_prime_trial_division<T: Unsigned + RandomMod>(flavor: Flavor, num: &T) -> bool {
+    fn fips_is_prime_trial_division<T: UnsignedMontyForm + RandomMod>(flavor: Flavor, num: &T) -> bool {
         let mut rng = rand::rng();
         fips::is_prime(
             &mut rng,