Erik

Hmmm. It looks like the miri target is on the slow side... It is probably getting stuck on the randomized tests. Any proposals on how to approach this such that...

> For some 200-bit inputs, after hundreds? of calls, I get invalid `x, y` coefficients. Specifically, both are negative, for the positive `gcd = 2`. This is with `Uint::binxgcd(a, b)`...

> Sorry, I think that may be the wrong pair. The first pair you sent is already producing an incorrect output on my end. Still, thanks for the second pair!

@kayabaNerve, thank you for being a persistent tester! I hope to find some time later this week to debug the issue you presented. I appreciate your patience! (I'm delighted I...

> ``` > crypto-bigint/src/modular/bingcd/xgcd.rs:309:13: > b is never negative > ``` > > This is from the "Fix bug" commit I prior commented worked for my prior noted issues. I'm...

I've worked on this here-and-there for the past couple days, without much luck. ## The problem The [failing input](https://github.com/RustCrypto/crypto-bigint/pull/761#issuecomment-2782912608) presented by @kayabaNerve illustrates that [the trick](https://github.com/RustCrypto/crypto-bigint/pull/761#discussion_r2005435361) does not always apply....

Alright, it took some time, but I think I managed to fix the bug. > @erik-3milabs if it's just a single extra limb, with some effort you could always make...

The content of this PR is moved to #854 and #856

Closing this PR; it is superseded by #854 and #856

I'm working on cryptography involving class groups. In these groups, each element can be represented as a tuple `(a, b, c)` with `a, b, c \in \mathbb{Z}` (called 'form representation')....