Zero-allocation hash_to_prime via custom U256/U512

[eddiew]

Improves runtime for hash_to_prime from 380us to 320us while keeping the function signature unchanged.

[whaatt]

Looks good at a general glance (but haven't dug into the gmp calls yet) and seems to pass existing tests.

Without digging deeper, the only two suggestions I have are:

• rename u256.rs to u_types.rs since the U512 type can still leak from U256 ops
• add more tests for U256 -- it's likely correct since it passes all of our "integration" tests but more U256 tests are something we eventually want

will wait for @lucasege to look through this as well

[lucasege]

I agree with Sanj's suggestions - although if you think the current tests offer sufficient coverage then it might not be worth too much time to add redundant tests.

My only suggestion is regarding some functions in gmp which have undefined behavior on certain inputs, such as mpz_invert which has undefined behavior when op2 is zero. Up to you how/if we want to handle this, just want us to be aware of it.

[eddiew]

Your reviews should be addressed in the latest commits. I went with uint.rs instead of u_types.rs, and we could still add more tests but I think what we have now is ok.

Good point re undefined behavior - most of the time the programs will crash with SIGFPE if bad inputs are given to gmp functions. But since this really only can occur for functions that take a modulus and the modulus happens to be 0, I don't think it's worth checking at runtime. I left comments in places where that might happen though