fjarri
commented
1 year ago Thanks for your interest! We were in fact planning to switch to MIT/Apache, I just got distracted by other tasks. I will relicense it in 0.3.1, which will be released shortly. We were also planning to move this library under RustCrypto umbrella, but there are still some ongoing discussions about the details (in particular, whether it should be a standalone crate, or a submodule of crypto-bigint).
Incidentally, this crate is currently undergoing a security audit, along with crypto-bigint. Nothing serious has been found yet, a few minor fixes will be merged with https://github.com/entropyxyz/crypto-primes/pull/26.
If you're planning to use it for RSA, you may want to have FIPS compatibility (#4). While in general the low-level algorithms should be compatible, there are two known deviations at the moment:
- We are using method A to get the initial parameters for the Lucas test, instead of A*. This will be fixed in 0.3.1.
- We are using one random-base MR test, while FIPS requires several. If you trust Baillie et al, even one is technically an overkill. In general I would feel safer with their new strengthened BPSW test (#21) as opposed to what FIPS requires.
Also, I looked through your code, and I wonder: is there any specific reason you're using almost-extra-strong check in the Lucas test? BPSW and FIPS both prefer the strong one. I initially implemented almost-extra-strong for testing purposes, and I was thinking of removing it from the public API, to avoid confusion.
dignifiedquire
Hey, I was just starting to look around what pieces are missing to move
RustCrypto/RSAto usecrypto-bigint. One big one of course is implementing primality checks. It seems you have done a much more detailed job here, than I did fornum-bigint-dig, and I would love to use this code in the future. But the licensing of all those crates is MIT/Apache2 which will be incompatible with AGPL unfortunately.