add multiplication helper and implement exponentiation methods for BoxedUint

Signed-off-by: Andrew Whitehead <cywolf@gmail.com>

Author: andrewwhitehead

benches/boxed_uint.rs

@@ -108,6 +108,32 @@ fn bench_mul(c: &mut Criterion) {
             BatchSize::SmallInput,
         );
     });
+
+    group.bench_function("boxed_wrapping_pow", |b| {
+        b.iter_batched(
+            || {
+                (
+                    BoxedUint::random_bits(&mut rng, UINT_BITS),
+                    BoxedUint::random_bits(&mut rng, UINT_BITS),
+                )
+            },
+            |(x, y)| black_box(x.wrapping_pow(&y)),
+            BatchSize::SmallInput,
+        );
+    });
+
+    group.bench_function("boxed_wrapping_pow_vartime", |b| {
+        b.iter_batched(
+            || {
+                (
+                    BoxedUint::random_bits(&mut rng, UINT_BITS),
+                    BoxedUint::random_bits(&mut rng, UINT_BITS),
+                )
+            },
+            |(x, y)| black_box(x.wrapping_pow_vartime(&y)),
+            BatchSize::SmallInput,
+        );
+    });
 }
 
 fn bench_division(c: &mut Criterion) {

src/uint/boxed.rs

@@ -18,6 +18,7 @@ mod mul;
 mod mul_mod;
 mod neg;
 mod neg_mod;
+mod pow;
 mod pow_mod;
 mod shl;
 mod shr;

src/uint/boxed/mul.rs

@@ -1,64 +1,72 @@
 //! [`BoxedUint`] multiplication operations.
 
 use crate::{
-    BoxedUint, CheckedMul, ConcatenatingMul, CtOption, Limb, Mul, MulAssign, Uint, UintRef,
+    BoxedUint, CheckedMul, Choice, ConcatenatingMul, CtOption, Limb, Mul, MulAssign, Uint, UintRef,
     Wrapping, WrappingMul,
-    uint::mul::{karatsuba, wrapping_mul_overflow},
 };
 
+mod helper;
+pub(crate) use helper::BoxedMultiplier;
+
 impl BoxedUint {
     /// Multiply `self` by `rhs`.
     ///
     /// Returns a widened output with a limb count equal to the sums of the input limb counts.
     #[must_use]
     pub fn mul(&self, rhs: &Self) -> Self {
-        self.wrapping_mul_carry(rhs.as_limbs(), self.nlimbs() + rhs.nlimbs())
+        self.wrapping_mul_carry(rhs.as_uint_ref(), self.nlimbs() + rhs.nlimbs())
             .0
     }
 
     /// Multiply `self` by `rhs`.
     ///
     /// Returns a widened output with a limb count equal to the sums of the input limb counts.
+    #[must_use]
     pub(crate) fn mul_unsigned<const LIMBS: usize>(&self, rhs: &Uint<LIMBS>) -> Self {
-        self.wrapping_mul_carry(rhs.as_limbs(), self.nlimbs() + LIMBS)
+        self.wrapping_mul_carry(rhs.as_uint_ref(), self.nlimbs() + LIMBS)
             .0
     }
 
     /// Perform wrapping multiplication, wrapping to the width of `self`.
     #[must_use]
     pub fn wrapping_mul(&self, rhs: &Self) -> Self {
-        self.wrapping_mul_carry(rhs.as_limbs(), self.nlimbs()).0
+        self.wrapping_mul_carry(rhs.as_uint_ref(), self.nlimbs()).0
     }
 
     /// Multiply `self` by `rhs`, wrapping to the width of `self`.
     /// Returns `CtOption::None` if the result overflowed the precision of `self`.
     #[must_use]
     pub fn checked_mul(&self, rhs: &Self) -> CtOption<Self> {
-        let (res, carry) = self.wrapping_mul_carry(rhs.as_limbs(), self.nlimbs());
-        let overflow =
-            wrapping_mul_overflow(self.as_uint_ref(), self.as_uint_ref(), carry.is_nonzero());
+        let (res, overflow) = self.overflowing_mul(rhs.as_uint_ref(), self.nlimbs());
         CtOption::new(res, overflow.not())
     }
 
     /// Perform saturating multiplication, returning `MAX` on overflow.
     #[must_use]
-    pub fn saturating_mul(&self, rhs: &BoxedUint) -> Self {
-        let (mut res, carry) = self.wrapping_mul_carry(rhs.as_limbs(), self.nlimbs());
-        let overflow =
-            wrapping_mul_overflow(self.as_uint_ref(), rhs.as_uint_ref(), carry.is_nonzero());
+    pub fn saturating_mul(&self, rhs: &Self) -> Self {
+        let (mut res, overflow) = self.overflowing_mul(rhs.as_uint_ref(), self.nlimbs());
         res.as_mut_uint_ref().conditional_set_max(overflow);
         res
     }
 
+    /// Multiply `self` by `rhs`, wrapping to the width of `self`.
+    /// Returns a `Choice` indicating if the result overflowed the precision of `self`.
+    #[inline(always)]
+    #[must_use]
+    pub(crate) fn overflowing_mul(&self, rhs: &UintRef, size: usize) -> (Self, Choice) {
+        let mut limbs = vec![Limb::ZERO; size];
+        let overflow = self
+            .as_uint_ref()
+            .overflowing_mul(rhs, UintRef::new_mut(&mut limbs));
+        (limbs.into(), overflow)
+    }
+
     #[inline(always)]
-    fn wrapping_mul_carry(&self, rhs: &[Limb], size: usize) -> (Self, Limb) {
+    fn wrapping_mul_carry(&self, rhs: &UintRef, size: usize) -> (Self, Limb) {
         let mut limbs = vec![Limb::ZERO; size];
-        let carry = karatsuba::wrapping_mul(
-            self.as_uint_ref(),
-            UintRef::new(rhs),
-            UintRef::new_mut(limbs.as_mut_slice()),
-            false,
-        );
+        let carry = self
+            .as_uint_ref()
+            .wrapping_mul(rhs, UintRef::new_mut(limbs.as_mut_slice()));
         (limbs.into(), carry)
     }
 
@@ -78,29 +86,39 @@ impl BoxedUint {
     /// Returns `CtOption::None` if the result overflowed the precision of `self`.
     #[must_use]
     pub fn checked_square(&self) -> CtOption<Self> {
-        let (res, carry) = self.wrapping_square_carry(self.nlimbs());
-        let overflow =
-            wrapping_mul_overflow(self.as_uint_ref(), self.as_uint_ref(), carry.is_nonzero());
+        let (res, overflow) = self.overflowing_square(self.nlimbs());
         CtOption::new(res, overflow.not())
     }
 
     /// Perform saturating squaring, returning `MAX` on overflow.
     #[must_use]
     pub fn saturating_square(&self) -> Self {
-        let (mut res, carry) = self.wrapping_square_carry(self.nlimbs());
-        let overflow =
-            wrapping_mul_overflow(self.as_uint_ref(), self.as_uint_ref(), carry.is_nonzero());
+        let (mut res, overflow) = self.overflowing_square(self.nlimbs());
         res.as_mut_uint_ref().conditional_set_max(overflow);
         res
     }
 
+    /// Multiply `self` by itself, wrapping to the width of `self`.
+    /// Returns a `Choice` indicating if the result overflowed the precision of `self`.
+    #[inline(always)]
+    #[must_use]
+    pub(crate) fn overflowing_square(&self, size: usize) -> (Self, Choice) {
+        let mut limbs = vec![Limb::ZERO; size];
+        let overflow = self
+            .as_uint_ref()
+            .overflowing_square(UintRef::new_mut(&mut limbs));
+        (limbs.into(), overflow)
+    }
+
     /// Multiply `self` by itself, wrapping to the width of `self`.
     /// Returns a pair of the wrapped product and a Limb representing the carry.
     #[inline(always)]
+    #[must_use]
     fn wrapping_square_carry(&self, size: usize) -> (Self, Limb) {
         let mut limbs = vec![Limb::ZERO; size];
-        let carry =
-            karatsuba::wrapping_square(self.as_uint_ref(), UintRef::new_mut(limbs.as_mut_slice()));
+        let carry = self
+            .as_uint_ref()
+            .wrapping_square(UintRef::new_mut(limbs.as_mut_slice()));
         (limbs.into(), carry)
     }
 }
@@ -152,7 +170,7 @@ impl MulAssign<BoxedUint> for BoxedUint {
 
 impl MulAssign<&BoxedUint> for BoxedUint {
     fn mul_assign(&mut self, rhs: &BoxedUint) {
-        *self = self.clone().mul(rhs);
+        *self = BoxedUint::mul(self, rhs);
     }
 }
 

src/uint/boxed/mul/helper.rs

@@ -0,0 +1,79 @@
+//! [`BoxedUint`] multiplication helper to reduce allocations.
+
+use alloc::vec::Vec;
+
+use crate::{BoxedUint, Choice, Limb, UintRef};
+
+/// Boxed multiplier with a pre-allocated internal buffer to avoid additional allocations.
+#[derive(Debug, Clone)]
+pub struct BoxedMultiplier {
+    product: Vec<Limb>,
+}
+
+impl BoxedMultiplier {
+    pub fn new() -> Self {
+        Self {
+            product: Vec::new(),
+        }
+    }
+
+    fn get_buffer(&mut self, limbs: usize) -> &mut UintRef {
+        self.product.clear();
+        self.product.resize(limbs, Limb::ZERO);
+        UintRef::new_mut(&mut self.product[..limbs])
+    }
+
+    pub fn overflowing_mul(&mut self, lhs: &BoxedUint, rhs: &BoxedUint) -> (&mut UintRef, Choice) {
+        let buf = self.get_buffer(lhs.nlimbs());
+        let overflow = lhs.as_uint_ref().overflowing_mul(rhs.as_uint_ref(), buf);
+        (buf, overflow)
+    }
+
+    pub fn overflowing_mul_assign(&mut self, lhs: &mut BoxedUint, rhs: &BoxedUint) -> Choice {
+        let (buf, overflow) = self.overflowing_mul(lhs, rhs);
+        lhs.as_mut_uint_ref().copy_from(buf);
+        overflow
+    }
+
+    pub fn overflowing_square(&mut self, lhs: &BoxedUint) -> (&mut UintRef, Choice) {
+        let buf = self.get_buffer(lhs.nlimbs());
+        let overflow = lhs.as_uint_ref().overflowing_square(buf);
+        (buf, overflow)
+    }
+
+    pub fn overflowing_square_assign(&mut self, lhs: &mut BoxedUint) -> Choice {
+        let (buf, overflow) = self.overflowing_square(lhs);
+        lhs.as_mut_uint_ref().copy_from(buf);
+        overflow
+    }
+
+    pub fn wrapping_mul(&mut self, lhs: &BoxedUint, rhs: &BoxedUint) -> &mut UintRef {
+        self.wrapping_mul_with_carry(lhs, rhs).0
+    }
+
+    pub fn wrapping_mul_assign(&mut self, lhs: &mut BoxedUint, rhs: &BoxedUint) {
+        let (buf, _) = self.wrapping_mul_with_carry(lhs, rhs);
+        lhs.as_mut_uint_ref().copy_from(buf);
+    }
+
+    fn wrapping_mul_with_carry(
+        &mut self,
+        lhs: &BoxedUint,
+        rhs: &BoxedUint,
+    ) -> (&mut UintRef, Limb) {
+        let buf = self.get_buffer(lhs.nlimbs());
+        let carry = lhs.as_uint_ref().wrapping_mul(rhs.as_uint_ref(), buf);
+        (buf, carry)
+    }
+
+    pub fn wrapping_square_assign(&mut self, lhs: &mut BoxedUint) {
+        let (buf, _) = self.wrapping_square_with_carry(lhs);
+        lhs.as_mut_uint_ref().copy_from(buf);
+    }
+
+    fn wrapping_square_with_carry(&mut self, lhs: &BoxedUint) -> (&mut UintRef, Limb) {
+        let buf = self.get_buffer(lhs.nlimbs());
+        let carry = lhs.as_uint_ref().wrapping_square(buf);
+        (buf, carry)
+    }
+}