Pass a public key bit length when creating a threshold key generator

[pdyraga]

So far, GetThresholdKeyGenerator accepted bit length of safe primes p and q which multiplied together create a public key n = pq. For l-bit prime p and q, public key n was a 2l-bit number.

This ia a bit clumsy. I'd rather expect to specify a bit length of the public key, especially that n (public key) defines a plaintext space. Also, I think p and q safe primes are rather implementation details.

In this PR, GenThresholdKeyGenerator accepts bit length of a public key. Two validation rules have been added:

• bit length must be an even number For an odd l-bit number, we can't find two l/2-bit numbers with two the most significant bits set on which multiplied gives an l-bit number,
• bit length must be minimum 18 we need to find two l/2-bit safe primes, p and q which are not equal. This is not possible for l<18.

I removed the comment about required threshold as I am not sure it's correct (active adversary attack against SSS). We'll investigate it separately and add the required validation.

I have also renamed AreSafePrimes to IsSafePrime - according to the safe prime definition, only the first function argument can be considered a safe prime.

Here is our internal PR with review for a reference.

[didiercrunch]

There is absolutely no reason why I would not merge this PR right away.

Next time you are in montreal I'll pay the beers.

cheers,

didier

[pdyraga]

😆 🍻