Function squeeze_field_order_num_limbs 

pub fn squeeze_field_order_num_limbs<PF: PrimeField, TF: PrimeField32>() -> usize

Number of TF limbs with statistical bias < 1/|TF| when decomposing a uniformly random PF element in base |TF| (see split_pf_to_field_order_limbs).

Returns the largest k such that TF::ORDER^{k+1} < PF::ORDER. Each retained limb c_i (i < k) has bias ≈ 1/⌊PF::ORDER / TF::ORDER^{i+2}⌋ < 1/TF::ORDER.

Unlike the power-of-two radix variant (split_pf_to_packed_limbs with radix_bits = injective_pack_bits::<TF>()), which confines each challenge to [0, 2^{radix_bits}) (≈ 50% of TF’s domain for BabyBear), this gives limbs that are near-uniform over the entire TF domain.

BabyBear concrete values

PF	Good limbs
Goldilocks (64-bit)	1
BN254 (254-bit)	7