bech32: use correct generator exponents

There are two parameterizations of the bech32 checksum (see the "roots"
unit test in src/primitives/polynomial.rs for what they are). In #203
we mixed them up, using the generator from one but the exponents from
the other.

We made the same mistake with codex32 apparently.

When we implement error correction this will cause failures. Fix it.

Author: apoelstra

src/lib.rs

@@ -105,7 +105,7 @@
 //!     type MidstateRepr = u128;
 //!     type CorrectionField = bech32::primitives::gf32_ext::Fe32Ext<2>;
 //!     const ROOT_GENERATOR: Self::CorrectionField = Fe1024::new([Fe32::_9, Fe32::_9]);
-//!     const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 77..=84;
+//!     const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 9..=16;
 //!
 //!     const CHECKSUM_LENGTH: usize = 13;
 //!     const CODE_LENGTH: usize = 93;

src/primitives/mod.rs

@@ -60,7 +60,7 @@ impl Checksum for Bech32 {
 
     type CorrectionField = Fe1024;
     const ROOT_GENERATOR: Self::CorrectionField = Fe1024::new([Fe32::P, Fe32::X]);
-    const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 997..=999;
+    const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 24..=26;
 
     const CODE_LENGTH: usize = 1023;
     const CHECKSUM_LENGTH: usize = 6;
@@ -73,7 +73,7 @@ impl Checksum for Bech32m {
 
     type CorrectionField = Fe1024;
     const ROOT_GENERATOR: Self::CorrectionField = Fe1024::new([Fe32::P, Fe32::X]);
-    const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 997..=999;
+    const ROOT_EXPONENTS: core::ops::RangeInclusive<usize> = 24..=26;
 
     const CODE_LENGTH: usize = 1023;
     const CHECKSUM_LENGTH: usize = 6;