Add no_std support to transcript, dalek-ff-group, ed448, ciphersuite, multiexp, schnorr, and monero-generators

transcript, dalek-ff-group, ed449, and ciphersuite are all usable with no_std alone. The rest additionally require alloc. Part of #279.
2025-12-08 04:09:23 +00:00 · 2023-04-22 04:38:47 -04:00
parent ef0c901455
commit 1e448dec21
38 changed files with 445 additions and 76 deletions
--- a/crypto/ciphersuite/Cargo.toml
+++ b/crypto/ciphersuite/Cargo.toml
@@ -13,34 +13,39 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]

 [dependencies]
-rand_core = "0.6"
+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false, optional = true }

-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
-subtle = "^2.4"
+rand_core = { version = "0.6", default-features = false }

-digest = "0.10"
+zeroize = { version = "^1.5", default-features = false }
+subtle = { version = "^2.4", default-features = false }
+
+digest = { version = "0.10", default-features = false }
 transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3" }
-sha2 = { version = "0.10", optional = true }
-sha3 = { version = "0.10", optional = true }
+sha2 = { version = "0.10", default-features = false, optional = true }
+sha3 = { version = "0.10", default-features = false, optional = true }

-ff = { version = "0.13", features = ["bits"] }
-group = "0.13"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
+group = { version = "0.13", default-features = false }

 dalek-ff-group = { path = "../dalek-ff-group", version = "0.3", optional = true }

-elliptic-curve = { version = "0.13", features = ["hash2curve"], optional = true }
-p256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits", "hash2curve"], optional = true }
-k256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits", "hash2curve"], optional = true }
+elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
+p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }

 minimal-ed448 = { path = "../ed448", version = "0.3", optional = true }

 [dev-dependencies]
 hex = "0.4"

+rand_core = { version = "0.6", features = ["std"] }
+
 ff-group-tests = { version = "0.13", path = "../ff-group-tests" }

 [features]
-std = []
+alloc = ["std-shims"]
+std = ["std-shims/std"]

 dalek = ["sha2", "dalek-ff-group"]
 ed25519 = ["dalek"]
--- a/crypto/ciphersuite/README.md
+++ b/crypto/ciphersuite/README.md
@@ -8,6 +8,9 @@ culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.

+This library is usable under no_std. The `alloc` and `std` features enable
+reading from the `io::Read` trait, shimmed by `std-shims` under `alloc`.
+
 ### Secp256k1/P-256

 Secp256k1 and P-256 are offered via [k256](https://crates.io/crates/k256) and
--- a/crypto/ciphersuite/src/ed448.rs
+++ b/crypto/ciphersuite/src/ed448.rs
@@ -75,8 +75,7 @@ impl Ciphersuite for Ed448 {
 fn test_ed448() {
  use ff::PrimeField;

-  // TODO: Enable once ed448 passes these tests
-  //ff_group_tests::group::test_prime_group_bits::<Point>();
+  ff_group_tests::group::test_prime_group_bits::<_, Point>(&mut rand_core::OsRng);

  // Ideally, a test vector from RFC-8032 (not FROST) would be here
  // Unfortunately, the IETF draft doesn't provide any vectors for the derived challenges
--- a/crypto/ciphersuite/src/lib.md
+++ b/crypto/ciphersuite/src/lib.md
@@ -7,3 +7,6 @@ This library, except for the not recommended Ed448 ciphersuite, was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std. The `alloc` and `std` features enable
+reading from the `io::Read` trait, shimmed by `std-shims` under `alloc`.
--- a/crypto/ciphersuite/src/lib.rs
+++ b/crypto/ciphersuite/src/lib.rs
@@ -1,10 +1,10 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![cfg_attr(not(feature = "std"), no_std)]
 #![doc = include_str!("lib.md")]
+#![cfg_attr(not(feature = "std"), no_std)]

 use core::fmt::Debug;
-#[cfg(feature = "std")]
-use std::io::{self, Read};
+#[cfg(any(feature = "alloc", feature = "std"))]
+use std_shims::io::{self, Read};

 use rand_core::{RngCore, CryptoRng};

@@ -20,7 +20,7 @@ use group::{
  Group, GroupOps,
  prime::PrimeGroup,
 };
-#[cfg(feature = "std")]
+#[cfg(any(feature = "alloc", feature = "std"))]
 use group::GroupEncoding;

 #[cfg(feature = "dalek")]
@@ -85,7 +85,7 @@ pub trait Ciphersuite:
  }

  /// Read a canonical scalar from something implementing std::io::Read.
-  #[cfg(feature = "std")]
+  #[cfg(any(feature = "alloc", feature = "std"))]
  #[allow(non_snake_case)]
  fn read_F<R: Read>(reader: &mut R) -> io::Result<Self::F> {
    let mut encoding = <Self::F as PrimeField>::Repr::default();
@@ -99,7 +99,7 @@ pub trait Ciphersuite:
  }

  /// Read a canonical point from something implementing std::io::Read.
-  #[cfg(feature = "std")]
+  #[cfg(any(feature = "alloc", feature = "std"))]
  #[allow(non_snake_case)]
  fn read_G<R: Read>(reader: &mut R) -> io::Result<Self::G> {
    let mut encoding = <Self::G as GroupEncoding>::Repr::default();
--- a/crypto/dalek-ff-group/Cargo.toml
+++ b/crypto/dalek-ff-group/Cargo.toml
@@ -15,20 +15,22 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"

-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
-subtle = "^2.4"
+zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
+subtle = { version = "^2.4", default-features = false }

-rand_core = "0.6"
+rand_core = { version = "0.6", default-features = false }

-digest = "0.10"
+digest = { version = "0.10", default-features = false }

-ff = "0.13"
-group = "0.13"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
+group = { version = "0.13", default-features = false }

-crypto-bigint = "0.5"
+crypto-bigint = { version = "0.5", default-features = false }

-sha2 = "0.9"
-curve25519-dalek = "^3.2"
+sha2 = { version = "0.9", default-features = false }
+# The default features are ["std", "u64_backend"]
+curve25519-dalek = { version = "^3.2", default-features = false, features = ["alloc", "u64_backend"] }

 [dev-dependencies]
+rand_core = { version = "0.6", features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }
--- a/crypto/dalek-ff-group/README.md
+++ b/crypto/dalek-ff-group/README.md
@@ -8,3 +8,5 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std.
--- a/crypto/ed448/Cargo.toml
+++ b/crypto/ed448/Cargo.toml
@@ -15,20 +15,20 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"

-lazy_static = "1"
+rand_core = { version = "0.6", default-features = false }

-rand_core = "0.6"
+zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
+subtle = { version = "^2.4", default-features = false }

-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
-subtle = "^2.4"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
+group = { version = "0.13", default-features = false }

-ff = "0.13"
-group = "0.13"
-
-generic-array = "0.14"
-crypto-bigint = { version = "0.5", features = ["zeroize"] }
+generic-array = { version = "0.14", default-features = false }
+crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }

 [dev-dependencies]
 hex = "0.4"

+rand_core = { version = "0.6", features = ["std"] }
+
 ff-group-tests = { path = "../ff-group-tests" }
--- a/crypto/ed448/src/lib.rs
+++ b/crypto/ed448/src/lib.rs
@@ -1,6 +1,6 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![no_std]
 #![doc = include_str!("../README.md")]
+#![no_std]

 #[macro_use]
 mod backend;
--- a/crypto/ed448/src/point.rs
+++ b/crypto/ed448/src/point.rs
@@ -3,8 +3,6 @@ use core::{
  iter::Sum,
 };

-use lazy_static::lazy_static;
-
 use rand_core::RngCore;

 use zeroize::Zeroize;
@@ -34,6 +32,13 @@ const G_Y: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!(
  "05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14",
 ))));

+const G_X: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!(
+  "00000000000000",
+  "00",
+  "4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324",
+  "a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e",
+))));
+
 fn recover_x(y: FieldElement) -> CtOption<FieldElement> {
  let ysq = y.square();
  #[allow(non_snake_case)]
@@ -56,9 +61,7 @@ pub struct Point {
  z: FieldElement,
 }

-lazy_static! {
-  static ref G: Point = Point { x: recover_x(G_Y).unwrap(), y: G_Y, z: FieldElement::ONE };
-}
+const G: Point = Point { x: G_X, y: G_Y, z: FieldElement::ONE };

 impl ConstantTimeEq for Point {
  fn ct_eq(&self, other: &Self) -> Choice {
@@ -184,7 +187,7 @@ impl Group for Point {
    Point { x: FieldElement::ZERO, y: FieldElement::ONE, z: FieldElement::ONE }
  }
  fn generator() -> Self {
-    *G
+    G
  }
  fn is_identity(&self) -> Choice {
    self.ct_eq(&Self::identity())
@@ -321,6 +324,13 @@ fn test_group() {
  ff_group_tests::group::test_prime_group_bits::<_, Point>(&mut rand_core::OsRng);
 }

+#[test]
+fn generator() {
+  assert!(G.x == G_X);
+  assert!(G.y == G_Y);
+  assert!(recover_x(G.y).unwrap() == G.x);
+}
+
 #[test]
 fn torsion() {
  use generic_array::GenericArray;
--- a/crypto/multiexp/Cargo.toml
+++ b/crypto/multiexp/Cargo.toml
@@ -15,18 +15,24 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"

+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false }
+
 zeroize = { version = "^1.5", features = ["zeroize_derive"] }

-ff = "0.13"
-group = "0.13"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
+group = { version = "0.13", default-features = false }

-rand_core = { version = "0.6", optional = true }
+rand_core = { version = "0.6", default-features = false, optional = true }

 [dev-dependencies]
-rand_core = "0.6"
+rand_core = { version = "0.6", features = ["std"] }

-k256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits"] }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits"] }
 dalek-ff-group = { path = "../dalek-ff-group" }

 [features]
+std = ["std-shims/std"]
+
 batch = ["rand_core"]
+
+default = ["std"]
--- a/crypto/multiexp/README.md
+++ b/crypto/multiexp/README.md
@@ -3,10 +3,14 @@
 A multiexp implementation for ff/group implementing Straus and Pippenger. A
 batch verification API is also available via the "batch" feature, which enables
 secure multiexponentation batch verification given a series of values which
-should sum to 0, identifying which doesn't via binary search if they don't.
+should sum to the identity, identifying which doesn't via binary search if they
+don't.

 This library was
 [audited by Cypher Stack in March 2023](https://github.com/serai-dex/serai/raw/e1bb2c191b7123fd260d008e31656d090d559d21/audits/Cypher%20Stack%20crypto%20March%202023/Audit.pdf),
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std, via alloc, when the default features are
+disabled.
--- a/crypto/multiexp/src/batch.rs
+++ b/crypto/multiexp/src/batch.rs
@@ -1,3 +1,5 @@
+use std_shims::vec::Vec;
+
 use rand_core::{RngCore, CryptoRng};

 use zeroize::{Zeroize, Zeroizing};
--- a/crypto/multiexp/src/lib.rs
+++ b/crypto/multiexp/src/lib.rs
@@ -1,7 +1,12 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
+#![cfg_attr(not(feature = "std"), no_std)]

 use core::ops::DerefMut;
+#[cfg(not(feature = "std"))]
+#[macro_use]
+extern crate alloc;
+use std_shims::vec::Vec;

 use zeroize::Zeroize;

--- a/crypto/multiexp/src/straus.rs
+++ b/crypto/multiexp/src/straus.rs
@@ -1,3 +1,5 @@
+use std_shims::vec::Vec;
+
 use zeroize::Zeroize;

 use ff::PrimeFieldBits;
--- a/crypto/schnorr/Cargo.toml
+++ b/crypto/schnorr/Cargo.toml
@@ -13,17 +13,27 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]

 [dependencies]
-rand_core = "0.6"
+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false }
+
+rand_core = { version = "0.6", default-features = false }

 zeroize = { version = "^1.5", features = ["zeroize_derive"] }

-transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3" }
+transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3", default-features = false }

-ciphersuite = { path = "../ciphersuite", version = "0.3" }
-multiexp = { path = "../multiexp", version = "0.3", features = ["batch"] }
+ciphersuite = { path = "../ciphersuite", version = "0.3", default-features = false, features = ["alloc"] }
+multiexp = { path = "../multiexp", version = "0.3", default-features = false, features = ["batch"] }

 [dev-dependencies]
 hex = "0.4"
+
+rand_core = { version = "0.6", features = ["std"] }
+
 sha2 = "0.10"
+
 dalek-ff-group = { path =  "../dalek-ff-group", version = "0.3" }
 ciphersuite = { path = "../ciphersuite", version = "0.3", features = ["ed25519"] }
+
+[features]
+std = ["std-shims/std", "ciphersuite/std"]
+default = ["std"]
--- a/crypto/schnorr/README.md
+++ b/crypto/schnorr/README.md
@@ -14,3 +14,6 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std, via alloc, when the default features are
+disabled.
--- a/crypto/schnorr/src/aggregate.rs
+++ b/crypto/schnorr/src/aggregate.rs
@@ -1,4 +1,7 @@
-use std::io::{self, Read, Write};
+use std_shims::{
+  vec::Vec,
+  io::{self, Read, Write},
+};

 use zeroize::Zeroize;

--- a/crypto/schnorr/src/lib.rs
+++ b/crypto/schnorr/src/lib.rs
@@ -1,8 +1,15 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
+#![cfg_attr(not(feature = "std"), no_std)]

 use core::ops::Deref;
-use std::io::{self, Read, Write};
+#[cfg(not(feature = "std"))]
+#[macro_use]
+extern crate alloc;
+use std_shims::{
+  vec::Vec,
+  io::{self, Read, Write},
+};

 use rand_core::{RngCore, CryptoRng};

--- a/crypto/transcript/Cargo.toml
+++ b/crypto/transcript/Cargo.toml
@@ -15,17 +15,17 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"

-subtle = "^2.4"
-zeroize = "^1.5"
+subtle = { version = "^2.4", default-features = false }
+zeroize = { version = "^1.5", default-features = false }

-digest = "0.10"
+digest = { version = "0.10", default-features = false, features = ["core-api"] }

-blake2 = { version = "0.10", optional = true }
-merlin = { version = "3", optional = true }
+blake2 = { version = "0.10", default-features = false, optional = true }
+merlin = { version = "3", default-features = false, optional = true }

 [dev-dependencies]
-sha2 = "0.10"
-blake2 = "0.10"
+sha2 = { version = "0.10", default-features = false }
+blake2 = { version = "0.10", default-features = false }

 [features]
 recommended = ["blake2"]
--- a/crypto/transcript/README.md
+++ b/crypto/transcript/README.md
@@ -31,3 +31,5 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std.