This update aligns the safe prime generation more with the recommendations in https://eprint.iacr.org/2003/186, particularly in eliminating candidates for q that are congruent to (r-1)/2 for the small primes that are checked.
On my system the time to generate a 256-bit safe prime is reduced by 90-95% (to about 25ms on average) and seems competitive with OpenSSL. Unit tests in anoncreds-clsignatures can run in a few minutes.
This update aligns the safe prime generation more with the recommendations in https://eprint.iacr.org/2003/186, particularly in eliminating candidates for
qthat are congruent to(r-1)/2for the small primes that are checked.On my system the time to generate a 256-bit safe prime is reduced by 90-95% (to about 25ms on average) and seems competitive with OpenSSL. Unit tests in anoncreds-clsignatures can run in a few minutes.