ff 0.13 (#269)

* Partial move to ff 0.13

It turns out the newly released k256 0.12 isn't on ff 0.13, preventing further
work at this time.

* Update all crates to work on ff 0.13

The provided curves still need to be expanded to fit the new API.

* Finish adding dalek-ff-group ff 0.13 constants

* Correct FieldElement::product definition

Also stops exporting macros.

* Test most new parts of ff 0.13

* Additionally test ff-group-tests with BLS12-381 and the pasta curves

We only tested curves from RustCrypto. Now we test a curve offered by zk-crypto,
the group behind ff/group, and the pasta curves, which is by Zcash (though
Zcash developers are also behind zk-crypto).

* Finish Ed448

Fully specifies all constants, passes all tests in ff-group-tests, and finishes moving to ff-0.13.

* Add RustCrypto/elliptic-curves to allowed git repos

Needed due to k256/p256 incorrectly defining product.

* Finish writing ff 0.13 tests

* Add additional comments to dalek

* Further comments

* Update ethereum-serai to ff 0.13

crypto/ed448/src/point.rs

@@ -37,13 +37,13 @@ fn recover_x(y: FieldElement) -> CtOption<FieldElement> {
   let ysq = y.square();
   #[allow(non_snake_case)]
   let D_ysq = D * ysq;
-  (D_ysq - FieldElement::one()).invert().and_then(|inverted| {
-    let temp = (ysq - FieldElement::one()) * inverted;
+  (D_ysq - FieldElement::ONE).invert().and_then(|inverted| {
+    let temp = (ysq - FieldElement::ONE) * inverted;
     let mut x = temp.pow(Q_4);
     x.conditional_negate(x.is_odd());
 
     let xsq = x.square();
-    CtOption::new(x, (xsq + ysq).ct_eq(&(FieldElement::one() + (xsq * D_ysq))))
+    CtOption::new(x, (xsq + ysq).ct_eq(&(FieldElement::ONE + (xsq * D_ysq))))
   })
 }
 
@@ -56,7 +56,7 @@ pub struct Point {
 }
 
 lazy_static! {
-  static ref G: Point = Point { x: recover_x(G_Y).unwrap(), y: G_Y, z: FieldElement::one() };
+  static ref G: Point = Point { x: recover_x(G_Y).unwrap(), y: G_Y, z: FieldElement::ONE };
 }
 
 impl ConstantTimeEq for Point {
@@ -180,7 +180,7 @@ impl Group for Point {
     }
   }
   fn identity() -> Self {
-    Point { x: FieldElement::zero(), y: FieldElement::one(), z: FieldElement::one() }
+    Point { x: FieldElement::ZERO, y: FieldElement::ONE, z: FieldElement::ONE }
   }
   fn generator() -> Self {
     *G
@@ -291,7 +291,7 @@ impl GroupEncoding for Point {
       recover_x(y).and_then(|mut x| {
         x.conditional_negate(x.is_odd().ct_eq(&!sign));
         let not_negative_zero = !(x.is_zero() & sign);
-        let point = Point { x, y, z: FieldElement::one() };
+        let point = Point { x, y, z: FieldElement::ONE };
         CtOption::new(point, not_negative_zero & point.is_torsion_free())
       })
     })
@@ -317,22 +317,7 @@ impl PrimeGroup for Point {}
 
 #[test]
 fn test_group() {
-  // TODO: Move to test_prime_group_bits once the impl is finished
-  use ff_group_tests::group::*;
-
-  test_eq::<Point>();
-  test_identity::<Point>();
-  test_generator::<Point>();
-  test_double::<Point>();
-  test_add::<Point>();
-  test_sum::<Point>();
-  test_neg::<Point>();
-  test_sub::<Point>();
-  test_mul::<Point>();
-  test_order::<Point>();
-  test_random::<_, Point>(&mut rand_core::OsRng);
-
-  test_encoding::<Point>();
+  ff_group_tests::group::test_prime_group_bits::<_, Point>(&mut rand_core::OsRng);
 }
 
 #[test]
@@ -350,7 +335,7 @@ fn torsion() {
     .unwrap(),
   ))
   .unwrap();
-  let old = Point { x: -recover_x(old_y).unwrap(), y: old_y, z: FieldElement::one() };
+  let old = Point { x: -recover_x(old_y).unwrap(), y: old_y, z: FieldElement::ONE };
   assert!(bool::from(!old.is_torsion_free()));
 }