Further coverage of UintLike

[xuganyu96]

This PR is a continuation of #36 (and thus is a halfway point to #34), though it is still WIP.

#36 in its current state will not compile. There are many unimplemented!(). Some of the API's from crypto-bigint has also changed.

This PR improves on #36 by:

• Completing the implementation of jacobi_small and gcd_small, which includes transitioning hazmat::jacobi and hazmat::gcd to be implemented using <T: UintLike> instead of Uint<L>
• Implement random_bits correctly
• Try implement UintLike for BoxedUint
• Write test cases and bench marks for prime generation using BoxedUint

As of ba9d3c5633020e7b50e5569e6ddb8e831fbd3d2c the crate will compile, but not all tests will pass:

[xuganyu96]

Now all tests pass.

[fjarri]

This whole thing can be vartime, so you can just use shr_vartime(s).unwrap_or(T::zero())

[fjarri]

I think bit_length is more appropriate in this context.

[xuganyu96]

Sorry for the confusion. I put to TODO here to remind myself to add documentation for the parameter bits_length. Previously the precision is implied with the generics <const L: usize>, but now since we need to accommodate both Uint and BoxedUint, the size of the big integer will have to be passed in at runtime as an extra parameter.

[tarcieri]

Related: RustCrypto/crypto-bigint#425

[xuganyu96]

I made an attempt to implement UintLike for BoxedUint and UintModLike for BoxedResidue. There are a few missing implementations that will need to be merged into RustCrypto/crypto-bigint

• BoxedUint::bit_vartime (trivial implementation)
• BoxedUint::trailing_ones (trivial implementation)
• BoxedUint::sqrt_vartime, which is non-trivial
  • Needs cmp_vartime?
  • Needs wrapping_div_vartime?
  • Needs is_nonzero?
• BoxedUint::shr_vartime, which is already implemented, but behaves differently from Uint::shr_vartime
• BoxedUint::shl_vartime, same as BoxedUint::shr_vartime
• BoxedUint::div_rem_limb_with_reciprocal and BoxedUint::div_rem_limb
  • both makes call to div_rem_limb_with_reciprocal
  • div_rem_limb_with_reciprocal makes call to shl_limb
  • div2by1 can be reused from src/uint/div_limb.rs
  • BoxedUint needs to be instantiated from an array of Limb
• BoxedResidue::div_by_2

[xuganyu96]

There seems to be a bug with BoxedResidue::square (see RustCrypto/crypto-bigint#441). This can be temporarily side-stepped by calling retrieving and re-instantiating the BoxedResidue, although it is certainly not the ideal solution.

At least for now, it is possible to run generate_prime and generate_safe_prime with BoxedUint. Two simple tests have been added to presets.rs to demonstrate the progress.

[xuganyu96]

@fjarri @tarcieri
Missing arithmetic operations for BoxedUint have been implemented: RustCrypto/crypto-bigint#436. Prime generation for BoxedUint is tested in presets.rs.

There are a two awkward API's. T::one() and T:zero() both need to be replaced with T::one_with_precision() and T::zero_with_precision, which is a bit weird for stack-allocated Uint; also, many T::from(u32) must be immediately followed by a widen(bits_precision), which is also weird for stack-allocated Uint.

Also, the main public API generate_prime and generate_safe_prime need to accommodate the new argument bits_precision. I think with some clear explanation in the documentation, the user should be able to understand, but maybe we can do better. I am open to ideas (maybe we can make generate_prime into a macro?)

Thank you!

[xuganyu96]

Closing this PR to consolidate work on #36