v0.6.0

[tarcieri]

Added

• TryFrom<&[u8]> bound on Encoding::Repr (#261)
• New Uint functionality:
  • New methods: bitand_limb (#322), gcd (#472), from_str_radix_vartime (#603),
    to_string_radix_vartime (#659)
  • New trait impls: MulMod (#313), Div/Rem (#720)
• New BoxedUint functionality:
  • New methods: sbb/wrapping_sub/checked_sub (#303), mul (#306),
    from_be_slice/from_le_slice (#307), to_be_bytes/to_le_bytes (#308),
    bits (#328), conditional_select (#329), shl_vartime (#330), shr_vartime (#331),
    rem_vartime (#332), inv_mod2k/bitor (#334), pow (#337), inv_mod (#341),
    random (#349), cond_map/cond_and_then (#352), map_limbs (#357),
    div_rem/rem (#398), new_with_arc (#407), gcd (#497),
    from_str_radix_vartime (#603), to_string_radix_vartime (#659)
  • New trait impls: BitAnd* (#314), ConstantTimeGreater/Less/PartialOrd/Ord (#316),
    AddMod (#317), SubMod (#320), Hash/BoxedUint (#350),
    MulMod/BoxedUint (#343), RandomMod (#349), Rem (#356), BitNot/BitXor (#358),
    CheckedMul/Mul (#361), NegMod (#362), Div (#366), Integer (#367)
  • Montgomery multiplication support (#323)
• New traits: FixedInteger (#363), CheckedDiv (#369), WideningMul (#371),
  ConstantTimeSelect (#454), SquareAssign (#431), Gcd (#499),
  DivRemLimb/RemLimb (#496), InvMod (#505, #741), SquareRoot (#508),
  BitOperations (#507), ShrVartime/ShlVartime (#509), RandomBits (#510),
  RemMixed (#746)
• num-traits impls: Wrapping* (#425), Zero/One (#433), ConstZero (#573),
  Num (#720)
• safegcd (Bernstein-Yang) GCD + inv mod algorithm (#372, #493, #632, #635, #655)
• Constant-time square root and division (#376)
• Implement Zeroize for NonZero wrapper (#406)
• Zero::set_zero method (#426)
• Inverter/PrecomputeInverter traits (#438, #444)
• Uint: const fn encoders (#453)
• Traits to connect integers and Montgomery form representations (#431):
  • Integer::Monty associated type
  • Monty trait with arithmetic bounds and an associated Monty::Integer type
• Odd wrapper type (#487)
• NonZero::new_unwrap (#602)
• Implement Karatsuba multiplication for Uint and BoxedUint (#649)
• Efficient linear combination for Montgomery forms (#666)
• Doc comment support for impl_modulus! (#676)
• core::error::Error support (#680)
• Int type providing initial signed integer support using two's complement (#695, #730)
• Variable-time modular inversion support (#731)

Changed

• Toplevel modular module now contains all modular functionality (#300, #324)
• Integer trait: expand bounds to include *Mod (#318), Add/Sub/Mul (#435),
  RemAssign (#709), AddAssign/MulAssign/SubAssign (#716)
• Integer trait: add new methods bits(_vartime)/leading_zeros (#368),
  from_limb_like/one_like/zero_like` (#533)
• Replace BoxedUint::new with ::zero_with_precision (#327)
• Split Zero trait into Zero + ZeroConstant (#335)
• Refactor Integer trait; add Constants/LimbsConstant (#355)
  • The existing Bounded trait subsumes BITS/BYTES
  • Constants provides ONE and MAX
  • LimbsConstant provides LIMBS
• Rename BoxedUint::mul_wide to mul (#359)
• Round up bits_precision when creating BoxedUint (#365)
• Make bit ops use u32 for shifts and bit counts (#373)
• Align with core/std on overflow behavior for bit shifts (#395)
• Make inv_mod2k(_vartime) return a CtChoice (#416)
• Rename CtChoice to ConstChoice (#417)
• Make division methods take NonZero-wrapped divisors (#419)
• Align with core/std on overflowing_sh* for functions which return an overflow flag (#430)
• Uint: rename HLIMBS to RHS_LIMBS (#432)
• Bring Checked* traits in line with Wrapping* (#434)
• Rename *Residue* types i.e. Montgomery form representations (#485):
  • Residue -> ConstMontyForm
  • DynResidue -> MontyForm
  • BoxedResidue -> BoxedMontyForm
  • *ResidueParams -> *MontyParams
  • residue_params -> params
  • params.r -> params.one
• Make Monty::new_params() take an Odd-wrapped modulus (#488)
• Expand Uint support for const fn: square (#514), widening_mul (#515),
  to_le_bytes (#555)
• Have (Boxed)MontyParams::modulus return &Odd<_> (#517)
• Split MontyParams::new and new_vartime ([Rename MontyParams::new => ::new_vartime #516], #518)
• Reverse Concat(Mixed)/Split(Mixed) argument ordering (#526)
• Migrate from generic-array to hybrid-array (#544)
• Replace ZeroConstant with ConstZero trait from num-traits (#546, #573)
• Change Uint::concat_mixed and split_mixed to accept self; make pub (#556, #558)
• Make Uint::concat and split const generic over inputs (#557, #558)
• Split Uint::mul_mod and Uint::mul_mod_vartime (#623)
• Faster constant-time division (#643)
• BoxedMontyForm: always use Arc for params (#645)
• Leverage const_mut_refs; MSRV 1.83 (#667)
• Bump rlp dependency from 0.5 to 0.6 (#673)
• Require RngCore instead of CryptoRngCore for various random methods (#710)
• Bump serdect dependency to v0.3 (#719)
• Have rand feature enable rand_core/getrandom instead of rand_core/std (#745)

Fixed

• Argument ordering to BoxedUint::chain (#315)
• Modulus leading zeros calculation for MontyForm/BoxedMontyForm (#713)

Removed

• ct_* prefixes from method names since we're constant-time by default (#417)
• const_assert_* macros (#452, #690)

[dvdplm]

lgtm as pertains to the stuff I've been following.

[erik-3milabs]

LGTM. The "changed" section lists the major difficulties I had transferring a project from 0.5.5 to 0.6.