Daniel Mendler

Ok, I have to understand this better. The thing is that we also have 31 bit which is weird then. Furthermore we could add some static assertions at some places...

I think we could try to use the full digits (MP_DIGIT_BIT=8*sizeof(mp_digit)). First, addition with carry of digits must be handled differently (either by adding mp_words or by optionally using some...

Why is miller rabin still public? I would prefer something else here. * Only make mp_is_prime public * Private s_mp_prime_fermat, s_mp_prime_miller_rabin, s_mp_prime_frobenius_underwoord, s_mp_prime_lucas_selfridge, s_mp_prime_is_divisible (maybe rename to s_mp_prime_trial_divisions). * mp_is_prime...

> Because it is useful as a stand-alone function: you can make a deterministic test (the original MIller-test) without much ado. Upper limit of witnesses is rather low assuming ERH....

See here https://github.com/libtom/libtommath/pull/201. I am not a fan honestly. This function won't work in most cases. I would rather like to have mp_expt_int or mp_expt_long which doesn't depend on the...

> Neither am I but something is definitely needed for the low-mp users. Why? What is the advantage in contrast to mp_expt_int or mp_expt_long? I agree that mp_expt_d should be...

It seems this can be closed in favor of implementing mp_expt_int etc as discussed in #243.

@nomeata I didn't want to give the impression that things are already decided and closed due to your positive reaction to my second comment. I think mp_expt_bigint won't be a...

I understand your use case. If we have mp_expt_long we could discuss offering a convenience interface mp_expt_bigint which will extract the low bits for 0,+-1 and fail with MP_VAL for...

Suffix renamings #437 or #446 should be backported (only the renaming and deprecations in order to ease the transition)