Add Odd newtype (#487)

Adds a newtype similar to `NonZero` which identifies odd integers at the
type level.

This can be used for infallible conversions for moduli, i.e. reusing a
`*MontParams` modulus as a Bernstein-Yang modulus infallibly.

Author: tarcieri

benches/boxed_monty.rs

@@ -4,7 +4,7 @@ use criterion::{
 };
 use crypto_bigint::{
     modular::{BoxedMontyForm, BoxedMontyParams},
-    BoxedUint, NonZero, RandomMod,
+    BoxedUint, NonZero, Odd, RandomMod,
 };
 use num_bigint::BigUint;
 use rand_core::OsRng;
@@ -17,10 +17,7 @@ fn to_biguint(uint: &BoxedUint) -> BigUint {
 }
 
 fn bench_montgomery_ops<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
-    let params = BoxedMontyParams::new(
-        BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS),
-    )
-    .unwrap();
+    let params = BoxedMontyParams::new(Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS));
 
     group.bench_function("invert, U256", |b| {
         b.iter_batched(
@@ -60,8 +57,8 @@ fn bench_montgomery_ops<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
         )
     });
 
-    let m = BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS);
-    let params = BoxedMontyParams::new(m).unwrap();
+    let m = Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS);
+    let params = BoxedMontyParams::new(m);
     group.bench_function("modpow, BoxedUint^BoxedUint", |b| {
         b.iter_batched(
             || {
@@ -96,24 +93,21 @@ fn bench_montgomery_ops<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
 fn bench_montgomery_conversion<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
     group.bench_function("BoxedMontyParams::new", |b| {
         b.iter_batched(
-            || BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS),
+            || Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS),
             |modulus| black_box(BoxedMontyParams::new(modulus)),
             BatchSize::SmallInput,
         )
     });
 
     group.bench_function("BoxedMontyParams::new_vartime", |b| {
         b.iter_batched(
-            || BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS),
+            || Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS),
             |modulus| black_box(BoxedMontyParams::new_vartime(modulus)),
             BatchSize::SmallInput,
         )
     });
 
-    let params = BoxedMontyParams::new(
-        BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS),
-    )
-    .unwrap();
+    let params = BoxedMontyParams::new(Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS));
     group.bench_function("BoxedMontyForm::new", |b| {
         b.iter_batched(
             || BoxedUint::random(&mut OsRng, UINT_BITS),
@@ -122,10 +116,7 @@ fn bench_montgomery_conversion<M: Measurement>(group: &mut BenchmarkGroup<'_, M>
         )
     });
 
-    let params = BoxedMontyParams::new(
-        BoxedUint::random(&mut OsRng, UINT_BITS) | BoxedUint::one_with_precision(UINT_BITS),
-    )
-    .unwrap();
+    let params = BoxedMontyParams::new(Odd::<BoxedUint>::random(&mut OsRng, UINT_BITS));
     group.bench_function("BoxedMontyForm::retrieve", |b| {
         b.iter_batched(
             || BoxedMontyForm::new(BoxedUint::random(&mut OsRng, UINT_BITS), params.clone()),

benches/monty.rs

@@ -4,7 +4,7 @@ use criterion::{
 };
 use crypto_bigint::{
     modular::{MontyForm, MontyParams},
-    Invert, Inverter, PrecomputeInverter, Random, U256,
+    Invert, Inverter, Odd, PrecomputeInverter, Random, U256,
 };
 use rand_core::OsRng;
 
@@ -14,22 +14,22 @@ use crypto_bigint::MultiExponentiate;
 fn bench_montgomery_conversion<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
     group.bench_function("MontyParams creation", |b| {
         b.iter_batched(
-            || U256::random(&mut OsRng) | U256::ONE,
-            |modulus| black_box(MontyParams::new(&modulus)),
+            || Odd::<U256>::random(&mut OsRng),
+            |modulus| black_box(MontyParams::new(modulus)),
             BatchSize::SmallInput,
         )
     });
 
-    let params = MontyParams::new(&(U256::random(&mut OsRng) | U256::ONE)).unwrap();
+    let params = MontyParams::new(Odd::<U256>::random(&mut OsRng));
     group.bench_function("MontyForm creation", |b| {
         b.iter_batched(
-            || U256::random(&mut OsRng),
+            || Odd::<U256>::random(&mut OsRng),
             |x| black_box(MontyForm::new(&x, params)),
             BatchSize::SmallInput,
         )
     });
 
-    let params = MontyParams::new(&(U256::random(&mut OsRng) | U256::ONE)).unwrap();
+    let params = MontyParams::new(Odd::<U256>::random(&mut OsRng));
     group.bench_function("MontyForm retrieve", |b| {
         b.iter_batched(
             || MontyForm::new(&U256::random(&mut OsRng), params),
@@ -40,7 +40,7 @@ fn bench_montgomery_conversion<M: Measurement>(group: &mut BenchmarkGroup<'_, M>
 }
 
 fn bench_montgomery_ops<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
-    let params = MontyParams::new(&(U256::random(&mut OsRng) | U256::ONE)).unwrap();
+    let params = MontyParams::new(Odd::<U256>::random(&mut OsRng));
 
     group.bench_function("invert, U256", |b| {
         b.iter_batched(

src/const_choice.rs

@@ -1,6 +1,6 @@
 use subtle::{Choice, CtOption};
 
-use crate::{modular::BernsteinYangInverter, NonZero, Uint, Word};
+use crate::{modular::BernsteinYangInverter, NonZero, Odd, Uint, Word};
 
 /// A boolean value returned by constant-time `const fn`s.
 // TODO: should be replaced by `subtle::Choice` or `CtOption`
@@ -305,6 +305,20 @@ impl<const LIMBS: usize> ConstCtOption<NonZero<Uint<LIMBS>>> {
     }
 }
 
+impl<const LIMBS: usize> ConstCtOption<Odd<Uint<LIMBS>>> {
+    /// Returns the contained value, consuming the `self` value.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the value is none with a custom panic message provided by
+    /// `msg`.
+    #[inline]
+    pub const fn expect(self, msg: &str) -> Odd<Uint<LIMBS>> {
+        assert!(self.is_some.is_true_vartime(), "{}", msg);
+        self.value
+    }
+}
+
 impl<const SAT_LIMBS: usize, const UNSAT_LIMBS: usize>
     ConstCtOption<BernsteinYangInverter<SAT_LIMBS, UNSAT_LIMBS>>
 {

src/lib.rs

@@ -170,6 +170,7 @@ mod checked;
 mod const_choice;
 mod limb;
 mod non_zero;
+mod odd;
 mod primitives;
 mod traits;
 mod uint;
@@ -180,6 +181,7 @@ pub use crate::{
     const_choice::{ConstChoice, ConstCtOption},
     limb::{Limb, WideWord, Word},
     non_zero::NonZero,
+    odd::Odd,
     traits::*,
     uint::div_limb::Reciprocal,
     uint::*,

src/limb/bit_and.rs

@@ -1,7 +1,7 @@
 //! Limb bit and operations.
 
 use super::Limb;
-use core::ops::BitAnd;
+use core::ops::{BitAnd, BitAndAssign};
 
 impl Limb {
     /// Calculates `a & b`.
@@ -19,3 +19,15 @@ impl BitAnd for Limb {
         self.bitand(rhs)
     }
 }
+
+impl BitAndAssign for Limb {
+    fn bitand_assign(&mut self, rhs: Self) {
+        self.0 &= rhs.0;
+    }
+}
+
+impl BitAndAssign<&Limb> for Limb {
+    fn bitand_assign(&mut self, rhs: &Limb) {
+        self.0 &= rhs.0;
+    }
+}

src/limb/bit_xor.rs

@@ -1,7 +1,7 @@
 //! Limb bit xor operations.
 
 use super::Limb;
-use core::ops::BitXor;
+use core::ops::{BitXor, BitXorAssign};
 
 impl Limb {
     /// Calculates `a ^ b`.
@@ -18,3 +18,9 @@ impl BitXor for Limb {
         self.bitxor(rhs)
     }
 }
+
+impl BitXorAssign for Limb {
+    fn bitxor_assign(&mut self, rhs: Self) {
+        self.0 ^= rhs.0;
+    }
+}

src/modular/add.rs

@@ -1,9 +1,9 @@
-use crate::Uint;
+use crate::{Odd, Uint};
 
 pub(crate) const fn add_montgomery_form<const LIMBS: usize>(
     a: &Uint<LIMBS>,
     b: &Uint<LIMBS>,
-    modulus: &Uint<LIMBS>,
+    modulus: &Odd<Uint<LIMBS>>,
 ) -> Uint<LIMBS> {
-    a.add_mod(b, modulus)
+    a.add_mod(b, &modulus.0)
 }

src/modular/bernstein_yang.rs

@@ -13,7 +13,7 @@
 #[macro_use]
 mod macros;
 
-use crate::{ConstChoice, ConstCtOption, Inverter, Limb, Uint, Word};
+use crate::{ConstChoice, ConstCtOption, Inverter, Limb, Odd, Uint, Word};
 use subtle::CtOption;
 
 /// Modular multiplicative inverter based on the Bernstein-Yang method.
@@ -61,14 +61,12 @@ impl<const SAT_LIMBS: usize, const UNSAT_LIMBS: usize>
     /// Creates the inverter for specified modulus and adjusting parameter.
     ///
     /// Modulus must be odd. Returns `None` if it is not.
-    pub const fn new(modulus: &Uint<SAT_LIMBS>, adjuster: &Uint<SAT_LIMBS>) -> ConstCtOption<Self> {
-        let ret = Self {
-            modulus: Int62L::from_uint(modulus),
+    pub const fn new(modulus: &Odd<Uint<SAT_LIMBS>>, adjuster: &Uint<SAT_LIMBS>) -> Self {
+        Self {
+            modulus: Int62L::from_uint(&modulus.0),
             adjuster: Int62L::from_uint(adjuster),
-            inverse: inv_mod2_62(modulus.as_words()),
-        };
-
-        ConstCtOption::new(ret, modulus.is_odd())
+            inverse: inv_mod2_62(modulus.0.as_words()),
+        }
     }
 
     /// Returns either the adjusted modular multiplicative inverse for the argument or `None`