This addresses #17, with the exception of the mod proof, which is complicated enough to warrant a separate PR.
The general pattern here is to implement the proof generation using secret numbers to not leak the private values, or intermediate secrets that are generated. Eventually (i.e. once we expose safenum stuff in public interfaces, and finish all of the glue) we'll represent private values with safenum stuff directly, which should simplify things a lot.
This addresses #17, with the exception of the mod proof, which is complicated enough to warrant a separate PR.
The general pattern here is to implement the proof generation using secret numbers to not leak the private values, or intermediate secrets that are generated. Eventually (i.e. once we expose safenum stuff in public interfaces, and finish all of the glue) we'll represent private values with safenum stuff directly, which should simplify things a lot.