Replace lazy_static with OnceLock inside monero-serai

lazy_static, if no_std environments were used, effectively required always
using spin locks. This resolves the ergonomics of that while adopting Rust std
code.

no_std does still use a spin based solution. Theoretically, we could use
atomics, yet writing our own Mutex wasn't a priority.

coins/monero/src/ringct/bulletproofs/plus.rs

@@ -1,4 +1,5 @@
-use lazy_static::lazy_static;
+use std_shims::sync::OnceLock;
+
 use rand_core::{RngCore, CryptoRng};
 
 use zeroize::Zeroize;
@@ -17,15 +18,17 @@ use crate::{
 
 include!(concat!(env!("OUT_DIR"), "/generators_plus.rs"));
 
-lazy_static! {
-  static ref TRANSCRIPT: [u8; 32] =
-    EdwardsPoint(raw_hash_to_point(hash(b"bulletproof_plus_transcript"))).compress().to_bytes();
+static TRANSCRIPT_CELL: OnceLock<[u8; 32]> = OnceLock::new();
+pub(crate) fn TRANSCRIPT() -> [u8; 32] {
+  *TRANSCRIPT_CELL.get_or_init(|| {
+    EdwardsPoint(raw_hash_to_point(hash(b"bulletproof_plus_transcript"))).compress().to_bytes()
+  })
 }
 
 // TRANSCRIPT isn't a Scalar, so we need this alternative for the first hash
 fn hash_plus<C: IntoIterator<Item = DalekPoint>>(commitments: C) -> (Scalar, Vec<EdwardsPoint>) {
   let (cache, commitments) = hash_commitments(commitments);
-  (hash_to_scalar(&[&*TRANSCRIPT as &[u8], &cache.to_bytes()].concat()), commitments)
+  (hash_to_scalar(&[TRANSCRIPT().as_ref(), &cache.to_bytes()].concat()), commitments)
 }
 
 // d[j*N+i] = z**(2*(j+1)) * 2**i
@@ -34,7 +37,7 @@ fn d(z: Scalar, M: usize, MN: usize) -> (ScalarVector, ScalarVector) {
   let mut d = vec![Scalar::ZERO; MN];
   for j in 0 .. M {
     for i in 0 .. N {
-      d[(j * N) + i] = zpow[j] * TWO_N[i];
+      d[(j * N) + i] = zpow[j] * TWO_N()[i];
     }
   }
   (zpow, ScalarVector(d))
@@ -57,12 +60,14 @@ impl PlusStruct {
     rng: &mut R,
     commitments: &[Commitment],
   ) -> PlusStruct {
+    let generators = GENERATORS();
+
     let (logMN, M, MN) = MN(commitments.len());
 
     let (aL, aR) = bit_decompose(commitments);
     let commitments_points = commitments.iter().map(Commitment::calculate).collect::<Vec<_>>();
     let (mut cache, _) = hash_plus(commitments_points.clone());
-    let (mut alpha1, A) = alpha_rho(&mut *rng, &GENERATORS, &aL, &aR);
+    let (mut alpha1, A) = alpha_rho(&mut *rng, generators, &aL, &aR);
 
     let y = hash_cache(&mut cache, &[A.compress().to_bytes()]);
     let mut cache = hash_to_scalar(&y.to_bytes());
@@ -87,8 +92,8 @@ impl PlusStruct {
     let yinv = y.invert().unwrap();
     let yinvpow = ScalarVector::powers(yinv, MN);
 
-    let mut G_proof = GENERATORS.G[.. a.len()].to_vec();
-    let mut H_proof = GENERATORS.H[.. a.len()].to_vec();
+    let mut G_proof = generators.G[.. a.len()].to_vec();
+    let mut H_proof = generators.H[.. a.len()].to_vec();
 
     let mut L = Vec::with_capacity(logMN);
     let mut R = Vec::with_capacity(logMN);
@@ -105,12 +110,12 @@ impl PlusStruct {
       let (G_L, G_R) = G_proof.split_at(aL.len());
       let (H_L, H_R) = H_proof.split_at(aL.len());
 
-      let mut L_i = LR_statements(&(&aL * yinvpow[aL.len()]), G_R, &bR, H_L, cL, *H);
+      let mut L_i = LR_statements(&(&aL * yinvpow[aL.len()]), G_R, &bR, H_L, cL, H());
       L_i.push((dL, G));
       let L_i = prove_multiexp(&L_i);
       L.push(L_i);
 
-      let mut R_i = LR_statements(&(&aR * ypow[aR.len()]), G_L, &bL, H_R, cR, *H);
+      let mut R_i = LR_statements(&(&aR * ypow[aR.len()]), G_L, &bL, H_R, cR, H());
       R_i.push((dR, G));
       let R_i = prove_multiexp(&R_i);
       R.push(R_i);
@@ -139,9 +144,9 @@ impl PlusStruct {
       (r, G_proof[0]),
       (s, H_proof[0]),
       (d, G),
-      ((r * y * b[0]) + (s * y * a[0]), *H),
+      ((r * y * b[0]) + (s * y * a[0]), H()),
     ]);
-    let B = prove_multiexp(&[(r * y * s, *H), (eta, G)]);
+    let B = prove_multiexp(&[(r * y * s, H()), (eta, G)]);
     let e = hash_cache(&mut cache, &[A1.compress().to_bytes(), B.compress().to_bytes()]);
 
     let r1 = (a[0] * e) + r;
@@ -248,7 +253,7 @@ impl PlusStruct {
     let y_sum = weighted_powers(y, MN).sum();
     proof.push((
       Scalar(self.r1 * y.0 * self.s1) + (esq * ((yMNy * z * d_sum) + ((zsq - z) * y_sum))),
-      *H,
+      H(),
     ));
 
     let w_cache = challenge_products(&w, &winv);
@@ -259,11 +264,12 @@ impl PlusStruct {
     let minus_esq_z = -esq_z;
     let mut minus_esq_y = minus_esq * yMN;
 
+    let generators = GENERATORS();
     for i in 0 .. MN {
-      proof.push((e_r1_y * w_cache[i] + esq_z, GENERATORS.G[i]));
+      proof.push((e_r1_y * w_cache[i] + esq_z, generators.G[i]));
       proof.push((
         (e_s1 * w_cache[(!i) & (MN - 1)]) + minus_esq_z + (minus_esq_y * d[i]),
-        GENERATORS.H[i],
+        generators.H[i],
       ));
 
       e_r1_y *= yinv;