Have <ed448::Point as Zeroize>::zeroize yield a well-defined value

Add missing feature in substrate/client
Fix dirty Cargo.lock
2025-12-12 22:19:26 +00:00 · 2025-08-20 08:14:00 -04:00 · 2025-08-20 06:38:25 -04:00 · 2025-08-20 05:20:47 -04:00 · 2025-08-20 05:12:36 -04:00 · 2025-08-20 01:15:56 -04:00
96 changed files with 339 additions and 188 deletions
--- a/.github/workflows/crypto-tests.yml
+++ b/.github/workflows/crypto-tests.yml
@@ -32,6 +32,7 @@ jobs:
            -p dalek-ff-group \
            -p minimal-ed448 \
            -p ciphersuite \
            -p ciphersuite-kp256 \
            -p multiexp \
            -p schnorr-signatures \
            -p dleq \
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1529,22 +1529,30 @@ dependencies = [
 name = "ciphersuite"
 version = "0.4.2"
 dependencies = [
 "dalek-ff-group",
 "digest 0.10.7",
 "elliptic-curve",
 "ff",
 "ff-group-tests",
 "flexible-transcript",
 "group",
 "hex",
 "rand_core",
 "std-shims",
 "subtle",
 "zeroize",
 ]
 [[package]]
 name = "ciphersuite-kp256"
 version = "0.4.0"
 dependencies = [
 "ciphersuite",
 "elliptic-curve",
 "ff-group-tests",
 "hex",
 "k256",
 "minimal-ed448",
 "p256",
 "rand_core",
 "sha2",
 "sha3",
 "std-shims",
 "subtle",
 "zeroize",
 ]
@@ -1982,14 +1990,17 @@ dependencies = [
 name = "dalek-ff-group"
 version = "0.4.3"
 dependencies = [
 "ciphersuite",
 "crypto-bigint",
 "curve25519-dalek",
 "digest 0.10.7",
 "ff",
 "ff-group-tests",
 "group",
 "hex",
 "rand_core",
 "rustversion",
 "sha2",
 "subtle",
 "zeroize",
 ]
@@ -2237,6 +2248,7 @@ name = "dkg-musig"
 version = "0.6.0"
 dependencies = [
 "ciphersuite",
 "dalek-ff-group",
 "dkg",
 "dkg-recovery",
 "multiexp",
@@ -2252,6 +2264,7 @@ version = "0.6.0"
 dependencies = [
 "chacha20",
 "ciphersuite",
 "dalek-ff-group",
 "dkg",
 "dleq",
 "flexible-transcript",
@@ -2267,6 +2280,7 @@ name = "dkg-promote"
 version = "0.6.1"
 dependencies = [
 "ciphersuite",
 "dalek-ff-group",
 "dkg",
 "dkg-recovery",
 "dleq",
@@ -2918,6 +2932,7 @@ name = "frost-schnorrkel"
 version = "0.2.0"
 dependencies = [
 "ciphersuite",
 "dalek-ff-group",
 "flexible-transcript",
 "group",
 "modular-frost",
@@ -4812,8 +4827,9 @@ dependencies = [
 [[package]]
 name = "minimal-ed448"
-version = "0.4.1"
+version = "0.4.2"
 dependencies = [
 "ciphersuite",
 "crypto-bigint",
 "ff",
 "ff-group-tests",
@@ -4822,6 +4838,7 @@ dependencies = [
 "hex",
 "rand_core",
 "rustversion",
 "sha3",
 "subtle",
 "zeroize",
 ]
@@ -4885,6 +4902,7 @@ name = "modular-frost"
 version = "0.10.1"
 dependencies = [
 "ciphersuite",
 "ciphersuite-kp256",
 "dalek-ff-group",
 "digest 0.10.7",
 "dkg",
@@ -5118,7 +5136,7 @@ dependencies = [
 [[package]]
 name = "multiexp"
-version = "0.4.1"
+version = "0.4.2"
 dependencies = [
 "dalek-ff-group",
 "ff",
@@ -8049,6 +8067,7 @@ dependencies = [
 "bitcoin",
 "blake2",
 "ciphersuite",
 "dalek-ff-group",
 "dkg-musig",
 "dockertest",
 "frame-system",
@@ -8109,6 +8128,7 @@ dependencies = [
 "blake2",
 "borsh",
 "ciphersuite",
 "dalek-ff-group",
 "dkg-musig",
 "env_logger",
 "flexible-transcript",
@@ -8142,6 +8162,8 @@ dependencies = [
 "blake2",
 "borsh",
 "ciphersuite",
 "ciphersuite-kp256",
 "dalek-ff-group",
 "dkg",
 "dockertest",
 "hex",
@@ -8349,6 +8371,7 @@ version = "0.1.0"
 dependencies = [
 "borsh",
 "ciphersuite",
 "dalek-ff-group",
 "env_logger",
 "flexible-transcript",
 "hex",
@@ -8369,6 +8392,7 @@ name = "serai-message-queue-tests"
 version = "0.1.0"
 dependencies = [
 "ciphersuite",
 "dalek-ff-group",
 "dockertest",
 "hex",
 "rand_core",
@@ -8385,6 +8409,7 @@ version = "0.1.0"
 dependencies = [
 "bitcoin-serai",
 "ciphersuite",
 "ciphersuite-kp256",
 "dalek-ff-group",
 "dkg",
 "dkg-dealer",
@@ -8448,6 +8473,7 @@ name = "serai-orchestrator"
 version = "0.0.1"
 dependencies = [
 "ciphersuite",
 "dalek-ff-group",
 "flexible-transcript",
 "hex",
 "home",
@@ -8484,6 +8510,7 @@ dependencies = [
 "blake2",
 "borsh",
 "ciphersuite",
 "ciphersuite-kp256",
 "const-hex",
 "dalek-ff-group",
 "dkg-pedpop",
@@ -8536,7 +8563,9 @@ dependencies = [
 "bitcoin-serai",
 "borsh",
 "ciphersuite",
 "ciphersuite-kp256",
 "curve25519-dalek",
 "dalek-ff-group",
 "dkg",
 "dockertest",
 "ethereum-serai",
@@ -8671,6 +8700,7 @@ version = "0.1.0"
 dependencies = [
 "borsh",
 "ciphersuite",
 "dalek-ff-group",
 "dkg-musig",
 "parity-scale-codec",
 "scale-info",
@@ -10419,6 +10449,7 @@ dependencies = [
 "async-trait",
 "blake2",
 "ciphersuite",
 "dalek-ff-group",
 "flexible-transcript",
 "futures-channel",
 "futures-util",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -28,6 +28,7 @@ members = [
  "crypto/dalek-ff-group",
  "crypto/ed448",
  "crypto/ciphersuite",
  "crypto/ciphersuite/kp256",
  "crypto/multiexp",
--- a/common/std-shims/src/sync.rs
+++ b/common/std-shims/src/sync.rs
@@ -25,15 +25,6 @@ mod mutex_shim {
 }
 pub use mutex_shim::{ShimMutex as Mutex, MutexGuard};
 #[cfg(not(feature = "std"))]
 pub use spin::Once as OnceLock;
 #[rustversion::before(1.70)]
 #[cfg(feature = "std")]
 pub use spin::Once as OnceLock;
 #[rustversion::since(1.70)]
 #[cfg(feature = "std")]
 pub use std::sync::OnceLock;
 #[cfg(not(feature = "std"))]
 pub use spin::Lazy as LazyLock;
 #[rustversion::before(1.80)]
--- a/coordinator/Cargo.toml
+++ b/coordinator/Cargo.toml
@@ -25,6 +25,7 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 blake2 = { version = "0.10", default-features = false, features = ["std"] }
 transcript = { package = "flexible-transcript", path = "../crypto/transcript", default-features = false, features = ["std", "recommended"] }
 dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../crypto/schnorr", default-features = false, features = ["std", "aggregate"] }
 dkg-musig = { path = "../crypto/dkg/musig", default-features = false, features = ["std"] }
--- a/coordinator/src/main.rs
+++ b/coordinator/src/main.rs
@@ -8,12 +8,13 @@ use std::{
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::OsRng;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{
    ff::{Field, PrimeField},
    GroupEncoding,
  },
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 use frost::Participant;
--- a/coordinator/src/substrate/cosign.rs
+++ b/coordinator/src/substrate/cosign.rs
@@ -14,7 +14,8 @@
 use zeroize::Zeroizing;
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use borsh::{BorshSerialize, BorshDeserialize};
--- a/coordinator/src/substrate/mod.rs
+++ b/coordinator/src/substrate/mod.rs
@@ -6,7 +6,8 @@ use std::{
 use zeroize::Zeroizing;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use serai_client::{
  coins::CoinsEvent,
--- a/coordinator/src/tests/tributary/chain.rs
+++ b/coordinator/src/tests/tributary/chain.rs
@@ -7,9 +7,10 @@ use zeroize::Zeroizing;
 use rand_core::{RngCore, CryptoRng, OsRng};
 use futures_util::{task::Poll, poll};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use sp_application_crypto::sr25519;
--- a/coordinator/src/tests/tributary/dkg.rs
+++ b/coordinator/src/tests/tributary/dkg.rs
@@ -4,7 +4,8 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::{RngCore, OsRng};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 use sp_runtime::traits::Verify;
--- a/coordinator/src/tests/tributary/mod.rs
+++ b/coordinator/src/tests/tributary/mod.rs
@@ -2,7 +2,8 @@ use core::fmt::Debug;
 use rand_core::{RngCore, OsRng};
-use ciphersuite::{group::Group, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::Group, Ciphersuite};
 use scale::{Encode, Decode};
 use serai_client::{
--- a/coordinator/src/tests/tributary/sync.rs
+++ b/coordinator/src/tests/tributary/sync.rs
@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashSet};
 use rand_core::OsRng;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use tokio::{
  sync::{mpsc, broadcast},
--- a/coordinator/src/tributary/db.rs
+++ b/coordinator/src/tributary/db.rs
@@ -3,7 +3,8 @@ use std::collections::HashMap;
 use scale::Encode;
 use borsh::{BorshSerialize, BorshDeserialize};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 use serai_client::validator_sets::primitives::{KeyPair, ExternalValidatorSet};
--- a/coordinator/src/tributary/handle.rs
+++ b/coordinator/src/tributary/handle.rs
@@ -4,7 +4,8 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::dkg::Participant;
 use scale::{Encode, Decode};
--- a/coordinator/src/tributary/mod.rs
+++ b/coordinator/src/tributary/mod.rs
@@ -1,4 +1,5 @@
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use serai_client::validator_sets::primitives::ExternalValidatorSet;
--- a/coordinator/src/tributary/scanner.rs
+++ b/coordinator/src/tributary/scanner.rs
@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashSet};
 use zeroize::Zeroizing;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use tokio::sync::broadcast;
--- a/coordinator/src/tributary/signing_protocol.rs
+++ b/coordinator/src/tributary/signing_protocol.rs
@@ -63,9 +63,10 @@ use rand_core::OsRng;
 use blake2::{Digest, Blake2s256};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::PrimeField, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use dkg_musig::musig;
 use frost::{FrostError, dkg::Participant, ThresholdKeys, sign::*};
--- a/coordinator/src/tributary/spec.rs
+++ b/coordinator/src/tributary/spec.rs
@@ -3,7 +3,8 @@ use std::{io, collections::HashMap};
 use transcript::{Transcript, RecommendedTranscript};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 use scale::Encode;
--- a/coordinator/src/tributary/transaction.rs
+++ b/coordinator/src/tributary/transaction.rs
@@ -7,9 +7,10 @@ use rand_core::{RngCore, CryptoRng};
 use blake2::{Digest, Blake2s256};
 use transcript::{Transcript, RecommendedTranscript};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 use frost::Participant;
--- a/coordinator/tributary/Cargo.toml
+++ b/coordinator/tributary/Cargo.toml
@@ -27,7 +27,8 @@ rand_chacha = { version = "0.3", default-features = false, features = ["std"] }
 blake2 = { version = "0.10", default-features = false, features = ["std"] }
 transcript = { package = "flexible-transcript", path = "../../crypto/transcript", default-features = false, features = ["std", "recommended"] }
-ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group" }
 ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", default-features = false, features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", default-features = false, features = ["std"] }
 hex = { version = "0.4", default-features = false, features = ["std"] }
--- a/coordinator/tributary/src/blockchain.rs
+++ b/coordinator/tributary/src/blockchain.rs
@@ -1,6 +1,7 @@
 use std::collections::{VecDeque, HashSet};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use serai_db::{Get, DbTxn, Db};
--- a/coordinator/tributary/src/lib.rs
+++ b/coordinator/tributary/src/lib.rs
@@ -5,7 +5,8 @@ use async_trait::async_trait;
 use zeroize::Zeroizing;
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use scale::Decode;
 use futures_channel::mpsc::UnboundedReceiver;
--- a/coordinator/tributary/src/mempool.rs
+++ b/coordinator/tributary/src/mempool.rs
@@ -1,6 +1,7 @@
 use std::collections::HashMap;
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use serai_db::{DbTxn, Db};
--- a/coordinator/tributary/src/tendermint/mod.rs
+++ b/coordinator/tributary/src/tendermint/mod.rs
@@ -11,12 +11,13 @@ use rand_chacha::ChaCha12Rng;
 use transcript::{Transcript, RecommendedTranscript};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{
    GroupEncoding,
    ff::{Field, PrimeField},
  },
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::{
  SchnorrSignature,
--- a/coordinator/tributary/src/tendermint/tx.rs
+++ b/coordinator/tributary/src/tendermint/tx.rs
@@ -4,7 +4,8 @@ use scale::{Encode, Decode, IoReader};
 use blake2::{Digest, Blake2s256};
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use crate::{
  transaction::{Transaction, TransactionKind, TransactionError},
--- a/coordinator/tributary/src/tests/block.rs
+++ b/coordinator/tributary/src/tests/block.rs
@@ -1,9 +1,11 @@
 use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
 use blake2::{Digest, Blake2s256};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
--- a/coordinator/tributary/src/tests/blockchain.rs
+++ b/coordinator/tributary/src/tests/blockchain.rs
@@ -10,7 +10,8 @@ use rand::rngs::OsRng;
 use blake2::{Digest, Blake2s256};
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::Field, Ciphersuite};
 use serai_db::{DbTxn, Db, MemDb};
--- a/coordinator/tributary/src/tests/mempool.rs
+++ b/coordinator/tributary/src/tests/mempool.rs
@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashMap};
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::Field, Ciphersuite};
 use tendermint::ext::Commit;
--- a/coordinator/tributary/src/tests/transaction/mod.rs
+++ b/coordinator/tributary/src/tests/transaction/mod.rs
@@ -6,9 +6,10 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};
 use blake2::{Digest, Blake2s256};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
--- a/coordinator/tributary/src/tests/transaction/signed.rs
+++ b/coordinator/tributary/src/tests/transaction/signed.rs
@@ -2,7 +2,8 @@ use rand::rngs::OsRng;
 use blake2::{Digest, Blake2s256};
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::Field, Ciphersuite};
 use crate::{
  ReadWrite,
--- a/coordinator/tributary/src/tests/transaction/tendermint.rs
+++ b/coordinator/tributary/src/tests/transaction/tendermint.rs
@@ -3,7 +3,8 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
-use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{Ciphersuite, group::ff::Field};
 use scale::Encode;
--- a/coordinator/tributary/src/transaction.rs
+++ b/coordinator/tributary/src/transaction.rs
@@ -6,9 +6,10 @@ use thiserror::Error;
 use blake2::{Digest, Blake2b512};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
--- a/crypto/ciphersuite/Cargo.toml
+++ b/crypto/ciphersuite/Cargo.toml
@@ -26,20 +26,10 @@ subtle = { version = "^2.4", default-features = false }
 digest = { version = "0.10", default-features = false, features = ["core-api"] }
 transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false }
 sha2 = { version = "0.10", default-features = false, optional = true }
 sha3 = { version = "0.10", default-features = false, optional = true }
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
 dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features = false, optional = true }
 elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
 p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
 k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
 minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, optional = true }
 [dev-dependencies]
 hex = { version = "0.4", default-features = false, features = ["std"] }
@@ -59,27 +49,8 @@ std = [
  "digest/std",
  "transcript/std",
  "sha2?/std",
  "sha3?/std",
  "ff/std",
  "dalek-ff-group?/std",
  "elliptic-curve?/std",
  "p256?/std",
  "k256?/std",
  "minimal-ed448?/std",
 ]
 dalek = ["sha2", "dalek-ff-group"]
 ed25519 = ["dalek"]
 ristretto = ["dalek"]
 kp256 = ["sha2", "elliptic-curve"]
 p256 = ["kp256", "dep:p256"]
 secp256k1 = ["kp256", "k256"]
 ed448 = ["sha3", "minimal-ed448"]
 default = ["std"]
--- a/crypto/ciphersuite/README.md
+++ b/crypto/ciphersuite/README.md
@@ -21,6 +21,8 @@ Their `hash_to_F` is the
 [IETF's hash to curve](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html),
 yet applied to their scalar field.
 Please see the [`ciphersuite-kp256`](https://docs.rs/ciphersuite-kp256) crate for more info.
 ### Ed25519/Ristretto
 Ed25519/Ristretto are offered via
@@ -33,6 +35,8 @@ the draft
 [RFC-RISTRETTO](https://www.ietf.org/archive/id/draft-irtf-cfrg-ristretto255-decaf448-05.html).
 The domain-separation tag is naively prefixed to the message.
 Please see the [`dalek-ff-group`](https://docs.rs/dalek-ff-group) crate for more info.
 ### Ed448
 Ed448 is offered via [minimal-ed448](https://crates.io/crates/minimal-ed448), an
@@ -42,3 +46,5 @@ to its prime-order subgroup.
 Its `hash_to_F` is the wide reduction of SHAKE256, with a 114-byte output, as
 used in [RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). The
 domain-separation tag is naively prefixed to the message.
 Please see the [`minimal-ed448`](https://docs.rs/minimal-ed448) crate for more info.
--- a/crypto/ciphersuite/kp256/Cargo.toml
+++ b/crypto/ciphersuite/kp256/Cargo.toml
@@ -0,0 +1,55 @@
 [package]
 name = "ciphersuite-kp256"
 version = "0.4.0"
 description = "Ciphersuites built around ff/group"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite/kp256"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["ciphersuite", "ff", "group"]
 edition = "2021"
 rust-version = "1.66"
 [package.metadata.docs.rs]
 all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 [lints]
 workspace = true
 [dependencies]
 rand_core = { version = "0.6", default-features = false }
 zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
 sha2 = { version = "0.10", default-features = false }
 elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"] }
 p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
 k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
 ciphersuite = { path = "../", version = "0.4", default-features = false }
 [dev-dependencies]
 hex = { version = "0.4", default-features = false, features = ["std"] }
 rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { version = "0.13", path = "../../ff-group-tests" }
 [features]
 alloc = ["ciphersuite/alloc"]
 std = [
  "rand_core/std",
  "zeroize/std",
  "sha2/std",
  "elliptic-curve/std",
  "p256/std",
  "k256/std",
  "ciphersuite/std",
 ]
 default = ["std"]
--- a/crypto/ciphersuite/kp256/LICENSE
+++ b/crypto/ciphersuite/kp256/LICENSE
@@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2021-2023 Luke Parker
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/crypto/ciphersuite/kp256/README.md
+++ b/crypto/ciphersuite/kp256/README.md
@@ -0,0 +1,3 @@
 # Ciphersuite {k, p}256
 SECP256k1 and P-256 Ciphersuites around k256 and p256.
--- a/crypto/ciphersuite/kp256/src/lib.rs
+++ b/crypto/ciphersuite/kp256/src/lib.rs
@@ -1,16 +1,17 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![cfg_attr(not(feature = "std"), no_std)]
 use zeroize::Zeroize;
 use sha2::Sha256;
 use group::ff::PrimeField;
 use elliptic_curve::{
  generic_array::GenericArray,
  bigint::{NonZero, CheckedAdd, Encoding, U384},
  hash2curve::{Expander, ExpandMsg, ExpandMsgXmd},
 };
-use crate::Ciphersuite;
+use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 macro_rules! kp_curve {
  (
@@ -107,12 +108,9 @@ fn test_oversize_dst<C: Ciphersuite>() {
 /// Ciphersuite for Secp256k1.
 ///
 /// hash_to_F is implemented via the IETF draft for hash to curve's hash_to_field (v16).
 #[cfg(feature = "secp256k1")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Secp256k1;
 #[cfg(feature = "secp256k1")]
 kp_curve!("secp256k1", k256, Secp256k1, b"secp256k1");
 #[cfg(feature = "secp256k1")]
 #[test]
 fn test_secp256k1() {
  ff_group_tests::group::test_prime_group_bits::<_, k256::ProjectivePoint>(&mut rand_core::OsRng);
@@ -145,12 +143,9 @@ fn test_secp256k1() {
 /// Ciphersuite for P-256.
 ///
 /// hash_to_F is implemented via the IETF draft for hash to curve's hash_to_field (v16).
 #[cfg(feature = "p256")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct P256;
 #[cfg(feature = "p256")]
 kp_curve!("p256", p256, P256, b"P-256");
 #[cfg(feature = "p256")]
 #[test]
 fn test_p256() {
  ff_group_tests::group::test_prime_group_bits::<_, p256::ProjectivePoint>(&mut rand_core::OsRng);
--- a/crypto/ciphersuite/src/lib.md
+++ b/crypto/ciphersuite/src/lib.md
@@ -2,7 +2,7 @@
 Ciphersuites for elliptic curves premised on ff/group.
-This library, except for the not recommended Ed448 ciphersuite, was
+This library was
 [audited by Cypher Stack in March 2023](https://github.com/serai-dex/serai/raw/e1bb2c191b7123fd260d008e31656d090d559d21/audits/Cypher%20Stack%20crypto%20March%202023/Audit.pdf),
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
--- a/crypto/ciphersuite/src/lib.rs
+++ b/crypto/ciphersuite/src/lib.rs
@@ -26,25 +26,6 @@ use group::{
 #[cfg(any(feature = "alloc", feature = "std"))]
 use group::GroupEncoding;
 #[cfg(feature = "dalek")]
 mod dalek;
 #[cfg(feature = "ristretto")]
 pub use dalek::Ristretto;
 #[cfg(feature = "ed25519")]
 pub use dalek::Ed25519;
 #[cfg(feature = "kp256")]
 mod kp256;
 #[cfg(feature = "secp256k1")]
 pub use kp256::Secp256k1;
 #[cfg(feature = "p256")]
 pub use kp256::P256;
 #[cfg(feature = "ed448")]
 mod ed448;
 #[cfg(feature = "ed448")]
 pub use ed448::*;
 /// Unified trait defining a ciphersuite around an elliptic curve.
 pub trait Ciphersuite:
  'static + Send + Sync + Clone + Copy + PartialEq + Eq + Debug + Zeroize
--- a/crypto/dalek-ff-group/Cargo.toml
+++ b/crypto/dalek-ff-group/Cargo.toml
@@ -25,18 +25,22 @@ subtle = { version = "^2.4", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 digest = { version = "0.10", default-features = false }
 sha2 = { version = "0.10", default-features = false }
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
 ciphersuite = { path = "../ciphersuite", default-features = false }
 crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }
 curve25519-dalek = { version = ">= 4.0, < 4.2", default-features = false, features = ["alloc", "zeroize", "digest", "group", "precomputed-tables"] }
 [dev-dependencies]
 hex = "0.4"
 rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }
 [features]
-std = ["zeroize/std", "subtle/std", "rand_core/std", "digest/std"]
+alloc = ["zeroize/alloc", "ciphersuite/alloc"]
 std = ["alloc", "zeroize/std", "subtle/std", "rand_core/std", "digest/std", "sha2/std", "ciphersuite/std"]
 default = ["std"]
--- a/crypto/dalek-ff-group/src/ciphersuite.rs
+++ b/crypto/dalek-ff-group/src/ciphersuite.rs
@@ -3,9 +3,9 @@ use zeroize::Zeroize;
 use sha2::{Digest, Sha512};
 use group::Group;
-use dalek_ff_group::Scalar;
+use crate::Scalar;
-use crate::Ciphersuite;
+use ciphersuite::Ciphersuite;
 macro_rules! dalek_curve {
  (
@@ -15,7 +15,7 @@ macro_rules! dalek_curve {
    $Point:       ident,
    $ID:          literal
  ) => {
-    use dalek_ff_group::$Point;
+    use crate::$Point;
    impl Ciphersuite for $Ciphersuite {
      type F = Scalar;
@@ -40,12 +40,9 @@ macro_rules! dalek_curve {
 /// hash_to_F is implemented with a naive concatenation of the dst and data, allowing transposition
 /// between the two. This means `dst: b"abc", data: b"def"`, will produce the same scalar as
 /// `dst: "abcdef", data: b""`. Please use carefully, not letting dsts be substrings of each other.
 #[cfg(any(test, feature = "ristretto"))]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Ristretto;
 #[cfg(any(test, feature = "ristretto"))]
 dalek_curve!("ristretto", Ristretto, RistrettoPoint, b"ristretto");
 #[cfg(any(test, feature = "ristretto"))]
 #[test]
 fn test_ristretto() {
  ff_group_tests::group::test_prime_group_bits::<_, RistrettoPoint>(&mut rand_core::OsRng);
@@ -71,12 +68,9 @@ fn test_ristretto() {
 /// hash_to_F is implemented with a naive concatenation of the dst and data, allowing transposition
 /// between the two. This means `dst: b"abc", data: b"def"`, will produce the same scalar as
 /// `dst: "abcdef", data: b""`. Please use carefully, not letting dsts be substrings of each other.
 #[cfg(feature = "ed25519")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Ed25519;
 #[cfg(feature = "ed25519")]
 dalek_curve!("ed25519", Ed25519, EdwardsPoint, b"edwards25519");
 #[cfg(feature = "ed25519")]
 #[test]
 fn test_ed25519() {
  ff_group_tests::group::test_prime_group_bits::<_, EdwardsPoint>(&mut rand_core::OsRng);
--- a/crypto/dalek-ff-group/src/lib.rs
+++ b/crypto/dalek-ff-group/src/lib.rs
@@ -38,6 +38,9 @@ use group::{
 mod field;
 pub use field::FieldElement;
 mod ciphersuite;
 pub use crate::ciphersuite::{Ed25519, Ristretto};
 // Use black_box when possible
 #[rustversion::since(1.66)]
 mod black_box {
--- a/crypto/dkg/Cargo.toml
+++ b/crypto/dkg/Cargo.toml
@@ -27,9 +27,6 @@ borsh = { version = "1", default-features = false, features = ["derive", "de_str
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", default-features = false, features = ["alloc"] }
 [dev-dependencies]
 ciphersuite = { path = "../ciphersuite", default-features = false, features = ["ristretto"] }
 [features]
 std = [
  "thiserror/std",
--- a/crypto/dkg/musig/Cargo.toml
+++ b/crypto/dkg/musig/Cargo.toml
@@ -31,7 +31,7 @@ dkg = { path = "../", version = "0.6", default-features = false }
 [dev-dependencies]
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group" }
 dkg-recovery = { path = "../recovery", default-features = false, features = ["std"] }
 [features]
--- a/crypto/dkg/musig/src/tests.rs
+++ b/crypto/dkg/musig/src/tests.rs
@@ -3,7 +3,8 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::Field, Ciphersuite};
 use dkg_recovery::recover_key;
 use crate::*;
--- a/crypto/dkg/pedpop/Cargo.toml
+++ b/crypto/dkg/pedpop/Cargo.toml
@@ -34,4 +34,4 @@ dkg = { path = "../", version = "0.6", default-features = false, features = ["st
 [dev-dependencies]
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group", default-features = false }
--- a/crypto/dkg/pedpop/src/tests.rs
+++ b/crypto/dkg/pedpop/src/tests.rs
@@ -2,7 +2,8 @@ use std::collections::HashMap;
 use rand_core::{RngCore, CryptoRng, OsRng};
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use crate::*;
--- a/crypto/dkg/promote/Cargo.toml
+++ b/crypto/dkg/promote/Cargo.toml
@@ -30,5 +30,5 @@ dkg = { path = "../", version = "0.6.1", default-features = false, features = ["
 [dev-dependencies]
 zeroize = { version = "^1.5", default-features = false, features = ["std", "zeroize_derive"] }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group" }
 dkg-recovery = { path = "../recovery", default-features = false, features = ["std"] }
--- a/crypto/dkg/promote/src/tests.rs
+++ b/crypto/dkg/promote/src/tests.rs
@@ -4,9 +4,10 @@ use std::collections::HashMap;
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::OsRng;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use dkg::*;
--- a/crypto/ed448/Cargo.toml
+++ b/crypto/ed448/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "minimal-ed448"
-version = "0.4.1"
+version = "0.4.2"
 description = "Unaudited, inefficient implementation of Ed448 in Rust"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ed448"
@@ -24,8 +24,11 @@ rand_core = { version = "0.6", default-features = false }
 zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
 subtle = { version = "^2.4", default-features = false }
 sha3 = { version = "0.10", default-features = false }
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
 ciphersuite = { path = "../ciphersuite", default-features = false }
 generic-array = { version = "1", default-features = false }
 crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }
@@ -38,5 +41,6 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }
 [features]
-std = ["rand_core/std", "zeroize/std", "subtle/std", "ff/std"]
+alloc = ["zeroize/alloc", "ciphersuite/alloc"]
 std = ["alloc", "rand_core/std", "zeroize/std", "subtle/std", "sha3/std", "ff/std", "ciphersuite/std"]
 default = ["std"]
--- a/crypto/ed448/src/ciphersuite.rs
+++ b/crypto/ed448/src/ciphersuite.rs
@@ -1,15 +1,17 @@
 use zeroize::Zeroize;
-use digest::{
+use sha3::{
  digest::{
    typenum::U114, core_api::BlockSizeUser, Update, Output, OutputSizeUser, FixedOutput,
    ExtendableOutput, XofReader, HashMarker, Digest,
  },
  Shake256,
 };
 use sha3::Shake256;
 use group::Group;
-use minimal_ed448::{Scalar, Point};
+use crate::{Scalar, Point};
-use crate::Ciphersuite;
+use ciphersuite::Ciphersuite;
 /// Shake256, fixed to a 114-byte output, as used by Ed448.
 #[derive(Clone, Default)]
--- a/crypto/ed448/src/lib.rs
+++ b/crypto/ed448/src/lib.rs
@@ -14,3 +14,6 @@ pub use field::FieldElement;
 mod point;
 pub use point::Point;
 mod ciphersuite;
 pub use crate::ciphersuite::Ed448;
--- a/crypto/ed448/src/point.rs
+++ b/crypto/ed448/src/point.rs
@@ -50,13 +50,25 @@ fn recover_x(y: FieldElement) -> CtOption<FieldElement> {
 }
 /// Ed448 point.
-#[derive(Clone, Copy, Debug, Zeroize)]
+#[derive(Clone, Copy, Debug)]
 pub struct Point {
  x: FieldElement,
  y: FieldElement,
  z: FieldElement,
 }
 impl Zeroize for Point {
  fn zeroize(&mut self) {
    self.x.zeroize();
    self.y.zeroize();
    self.z.zeroize();
    let identity = Self::identity();
    self.x = identity.x;
    self.y = identity.y;
    self.z = identity.z;
  }
 }
 const G: Point = Point { x: G_X, y: G_Y, z: FieldElement::ONE };
 impl ConstantTimeEq for Point {
--- a/crypto/frost/Cargo.toml
+++ b/crypto/frost/Cargo.toml
@@ -34,6 +34,7 @@ dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features
 minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, features = ["std"], optional = true }
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", default-features = false, features = ["std"] }
 ciphersuite-kp256 = { path = "../ciphersuite/kp256", version = "0.4", default-features = false, features = ["std"], optional = true }
 multiexp = { path = "../multiexp", version = "0.4", default-features = false, features = ["std", "batch"] }
@@ -52,12 +53,12 @@ dkg-recovery = { path = "../dkg/recovery", default-features = false, features =
 dkg-dealer = { path = "../dkg/dealer", default-features = false, features = ["std"] }
 [features]
-ed25519 = ["dalek-ff-group", "ciphersuite/ed25519"]
+ed25519 = ["dalek-ff-group"]
-ristretto = ["dalek-ff-group", "ciphersuite/ristretto"]
+ristretto = ["dalek-ff-group"]
-secp256k1 = ["ciphersuite/secp256k1"]
+secp256k1 = ["ciphersuite-kp256"]
-p256 = ["ciphersuite/p256"]
+p256 = ["ciphersuite-kp256"]
-ed448 = ["minimal-ed448", "ciphersuite/ed448"]
+ed448 = ["minimal-ed448"]
-tests = ["hex", "rand_core/getrandom", "dkg-dealer" ,"dkg-recovery"]
+tests = ["hex", "rand_core/getrandom", "dkg-dealer", "dkg-recovery"]
--- a/crypto/frost/src/curve/dalek.rs
+++ b/crypto/frost/src/curve/dalek.rs
@@ -16,7 +16,7 @@ macro_rules! dalek_curve {
    $CONTEXT: literal,
    $chal: literal
  ) => {
-    pub use ciphersuite::$Curve;
+    pub use dalek_ff_group::$Curve;
    impl Curve for $Curve {
      const CONTEXT: &'static [u8] = $CONTEXT;
--- a/crypto/frost/src/curve/ed448.rs
+++ b/crypto/frost/src/curve/ed448.rs
@@ -1,7 +1,8 @@
 use digest::Digest;
 use minimal_ed448::{Scalar, Point};
-pub use ciphersuite::{group::GroupEncoding, Shake256_114, Ed448};
+pub use minimal_ed448::Ed448;
 pub use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use crate::{curve::Curve, algorithm::Hram};
@@ -18,7 +19,7 @@ impl Ietf8032Ed448Hram {
  #[allow(non_snake_case)]
  pub(crate) fn hram(context: &[u8], R: &Point, A: &Point, m: &[u8]) -> Scalar {
    Scalar::wide_reduce(
-      Shake256_114::digest(
+      <Ed448 as Ciphersuite>::H::digest(
        [
          &[b"SigEd448".as_ref(), &[0, u8::try_from(context.len()).unwrap()]].concat(),
          context,
--- a/crypto/frost/src/curve/kp256.rs
+++ b/crypto/frost/src/curve/kp256.rs
@@ -11,7 +11,7 @@ macro_rules! kp_curve {
    $CONTEXT: literal
  ) => {
-    pub use ciphersuite::$Curve;
+    pub use ciphersuite_kp256::$Curve;
    impl Curve for $Curve {
      const CONTEXT: &'static [u8] = $CONTEXT;
--- a/crypto/schnorr/Cargo.toml
+++ b/crypto/schnorr/Cargo.toml
@@ -36,7 +36,7 @@ rand_core = { version = "0.6", features = ["std"] }
 sha2 = "0.10"
 dalek-ff-group = { path =  "../dalek-ff-group" }
-ciphersuite = { path = "../ciphersuite", features = ["ed25519"] }
+ciphersuite = { path = "../ciphersuite" }
 [features]
 aggregate = ["transcript"]
--- a/crypto/schnorr/src/tests/mod.rs
+++ b/crypto/schnorr/src/tests/mod.rs
@@ -3,9 +3,10 @@ use core::ops::Deref;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 use dalek_ff_group::Ed25519;
 use ciphersuite::{
  group::{ff::Field, Group},
-  Ciphersuite, Ed25519,
+  Ciphersuite,
 };
 use multiexp::BatchVerifier;
--- a/crypto/schnorr/src/tests/rfc8032.rs
+++ b/crypto/schnorr/src/tests/rfc8032.rs
@@ -5,8 +5,8 @@
 use sha2::{Digest, Sha512};
-use dalek_ff_group::Scalar;
+use dalek_ff_group::{Scalar, Ed25519};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ed25519};
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use crate::SchnorrSignature;
--- a/crypto/schnorrkel/Cargo.toml
+++ b/crypto/schnorrkel/Cargo.toml
@@ -24,7 +24,8 @@ transcript = { package = "flexible-transcript", path = "../transcript", version
 group = "0.13"
-ciphersuite = { path = "../ciphersuite", version = "^0.4.1", features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../dalek-ff-group" }
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../schnorr", version = "^0.5.1" }
 frost = { path = "../frost", package = "modular-frost", version = "^0.10.0", features = ["ristretto"] }
--- a/crypto/schnorrkel/src/lib.rs
+++ b/crypto/schnorrkel/src/lib.rs
@@ -9,8 +9,11 @@ use zeroize::Zeroizing;
 use transcript::{Transcript, MerlinTranscript};
-use group::{ff::PrimeField, GroupEncoding};
+use dalek_ff_group::Ristretto;
-use ciphersuite::{Ciphersuite, Ristretto};
+use ciphersuite::{
  group::{ff::PrimeField, GroupEncoding},
  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 use ::frost::{
--- a/message-queue/Cargo.toml
+++ b/message-queue/Cargo.toml
@@ -30,7 +30,8 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 # Cryptography
 transcript = { package = "flexible-transcript", path = "../crypto/transcript", default-features = false, features = ["std", "recommended"] }
-ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
 schnorr-signatures = { path = "../crypto/schnorr", default-features = false, features = ["std"] }
 # Application
--- a/message-queue/src/client.rs
+++ b/message-queue/src/client.rs
@@ -3,9 +3,10 @@ use core::ops::Deref;
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::OsRng;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::ff::{Field, PrimeField},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr_signatures::SchnorrSignature;
--- a/message-queue/src/main.rs
+++ b/message-queue/src/main.rs
@@ -3,7 +3,8 @@ pub(crate) use std::{
  collections::HashMap,
 };
-pub(crate) use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 pub(crate) use ciphersuite::{group::GroupEncoding, Ciphersuite};
 pub(crate) use schnorr_signatures::SchnorrSignature;
 pub(crate) use serai_primitives::ExternalNetworkId;
--- a/message-queue/src/messages.rs
+++ b/message-queue/src/messages.rs
@@ -1,5 +1,6 @@
 use transcript::{Transcript, RecommendedTranscript};
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use borsh::{BorshSerialize, BorshDeserialize};
--- a/orchestration/Cargo.toml
+++ b/orchestration/Cargo.toml
@@ -23,7 +23,8 @@ rand_core = { version = "0.6", default-features = false, features = ["std", "get
 rand_chacha = { version = "0.3", default-features = false, features = ["std"] }
 transcript = { package = "flexible-transcript", path = "../crypto/transcript", default-features = false, features = ["std", "recommended"] }
-ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
 zalloc = { path = "../common/zalloc" }
--- a/orchestration/src/coordinator.rs
+++ b/orchestration/src/coordinator.rs
@@ -2,7 +2,8 @@ use std::path::Path;
 use zeroize::Zeroizing;
-use ciphersuite::{group::ff::PrimeField, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 use crate::{Network, Os, mimalloc, os, build_serai_service, write_dockerfile};
--- a/orchestration/src/main.rs
+++ b/orchestration/src/main.rs
@@ -18,12 +18,13 @@ use rand_chacha::ChaCha20Rng;
 use transcript::{Transcript, RecommendedTranscript};
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{
    ff::{Field, PrimeField},
    GroupEncoding,
  },
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 mod mimalloc;
--- a/orchestration/src/message_queue.rs
+++ b/orchestration/src/message_queue.rs
@@ -1,6 +1,7 @@
 use std::path::Path;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use crate::{Network, Os, mimalloc, os, build_serai_service, write_dockerfile};
--- a/orchestration/src/processor.rs
+++ b/orchestration/src/processor.rs
@@ -2,7 +2,8 @@ use std::path::Path;
 use zeroize::Zeroizing;
-use ciphersuite::{group::ff::PrimeField, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 use crate::{Network, Os, mimalloc, os, build_serai_service, write_dockerfile};
--- a/orchestration/src/serai.rs
+++ b/orchestration/src/serai.rs
@@ -1,7 +1,8 @@
 use std::path::Path;
 use zeroize::Zeroizing;
-use ciphersuite::{group::ff::PrimeField, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 use crate::{Network, Os, mimalloc, os, build_serai_service, write_dockerfile};
--- a/processor/Cargo.toml
+++ b/processor/Cargo.toml
@@ -35,7 +35,8 @@ serde_json = { version = "1", default-features = false, features = ["std"] }
 # Cryptography
 blake2 = { version = "0.10", default-features = false, features = ["std"] }
-ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
 transcript = { package = "flexible-transcript", path = "../crypto/transcript", default-features = false, features = ["std"] }
 dkg-pedpop = { path = "../crypto/dkg/pedpop", default-features = false }
@@ -50,10 +51,10 @@ secp256k1 = { version = "0.29", default-features = false, features = ["std", "gl
 bitcoin-serai = { path = "../networks/bitcoin", default-features = false, features = ["std"], optional = true }
 # Ethereum
 ciphersuite-kp256 = { path = "../crypto/ciphersuite/kp256", default-features = false, features = ["std"], optional = true }
 ethereum-serai = { path = "../networks/ethereum", default-features = false, optional = true }
 # Monero
 dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"], optional = true }
 monero-simple-request-rpc = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a74f41c2270707e340a9cb57fcd97a762d04975b", default-features = false, optional = true }
 monero-wallet = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a74f41c2270707e340a9cb57fcd97a762d04975b", default-features = false, features = ["std", "multisig", "compile-time-generators"], optional = true }
@@ -86,9 +87,9 @@ serai-docker-tests = { path = "../tests/docker" }
 secp256k1 = ["k256", "frost/secp256k1"]
 bitcoin = ["dep:secp256k1", "secp256k1", "bitcoin-serai", "serai-client/bitcoin"]
-ethereum = ["secp256k1", "ethereum-serai/tests"]
+ethereum = ["secp256k1", "ciphersuite-kp256", "ethereum-serai/tests"]
-ed25519 = ["dalek-ff-group", "frost/ed25519"]
+ed25519 = ["frost/ed25519"]
 monero = ["ed25519", "monero-simple-request-rpc", "monero-wallet", "serai-client/monero"]
 binaries = ["env_logger", "serai-env", "message-queue"]
--- a/processor/src/networks/ethereum.rs
+++ b/processor/src/networks/ethereum.rs
@@ -7,7 +7,8 @@ use std::{
 use async_trait::async_trait;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Secp256k1};
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use ciphersuite_kp256::Secp256k1;
 use frost::ThresholdKeys;
 use ethereum_serai::{
--- a/processor/src/tests/literal/mod.rs
+++ b/processor/src/tests/literal/mod.rs
@@ -286,7 +286,8 @@ mod monero {
 mod ethereum {
  use super::*;
-  use ciphersuite::{Ciphersuite, Secp256k1};
+  use ciphersuite::Ciphersuite;
  use ciphersuite_kp256::Secp256k1;
  use serai_client::validator_sets::primitives::Session;
--- a/substrate/client/Cargo.toml
+++ b/substrate/client/Cargo.toml
@@ -38,6 +38,7 @@ simple-request = { path = "../../common/request", version = "0.1", optional = tr
 bitcoin = { version = "0.32", optional = true }
 dalek-ff-group = { path = "../../crypto/dalek-ff-group", optional = true }
 ciphersuite = { path = "../../crypto/ciphersuite", version = "0.4", optional = true }
 monero-wallet = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a74f41c2270707e340a9cb57fcd97a762d04975b", version = "0.1.0", default-features = false, features = ["std"], optional = true }
@@ -47,7 +48,8 @@ hex = "0.4"
 blake2 = "0.10"
-ciphersuite = { path = "../../crypto/ciphersuite", features = ["ristretto"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group" }
 ciphersuite = { path = "../../crypto/ciphersuite" }
 dkg-musig = { path = "../../crypto/dkg/musig" }
 frost = { package = "modular-frost", path = "../../crypto/frost", features = ["tests"] }
 schnorrkel = { path = "../../crypto/schnorrkel", package = "frost-schnorrkel" }
@@ -63,7 +65,7 @@ borsh = ["serai-abi/borsh"]
 networks = []
 bitcoin = ["networks", "dep:bitcoin"]
-monero = ["networks", "ciphersuite/ed25519", "monero-wallet"]
+monero = ["networks", "dalek-ff-group", "ciphersuite", "monero-wallet"]
 # Assumes the default usage is to use Serai as a DEX, which doesn't actually
 # require connecting to a Serai node
--- a/substrate/client/src/networks/monero.rs
+++ b/substrate/client/src/networks/monero.rs
@@ -2,7 +2,8 @@ use core::{str::FromStr, fmt};
 use scale::{Encode, Decode};
-use ciphersuite::{Ciphersuite, Ed25519};
+use dalek_ff_group::Ed25519;
 use ciphersuite::Ciphersuite;
 use monero_wallet::address::{AddressError, Network, AddressType, MoneroAddress};
--- a/substrate/client/tests/common/genesis_liquidity.rs
+++ b/substrate/client/tests/common/genesis_liquidity.rs
@@ -3,7 +3,8 @@ use std::collections::HashMap;
 use rand_core::{RngCore, OsRng};
 use zeroize::Zeroizing;
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use dkg_musig::musig;
 use schnorrkel::Schnorrkel;
--- a/substrate/client/tests/common/validator_sets.rs
+++ b/substrate/client/tests/common/validator_sets.rs
@@ -9,7 +9,8 @@ use sp_core::{
  Pair as PairTrait,
 };
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use dkg_musig::musig;
 use schnorrkel::Schnorrkel;
--- a/substrate/validator-sets/primitives/Cargo.toml
+++ b/substrate/validator-sets/primitives/Cargo.toml
@@ -18,7 +18,8 @@ workspace = true
 [dependencies]
 zeroize = { version = "^1.5", features = ["derive"], optional = true }
-ciphersuite = { path = "../../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["alloc", "ristretto"] }
+dalek-ff-group = { path = "../../../crypto/dalek-ff-group", default-features = false, features = ["alloc"] }
 ciphersuite = { path = "../../../crypto/ciphersuite", version = "0.4", default-features = false, features = ["alloc"] }
 dkg-musig = { path = "../../../crypto/dkg/musig", default-features = false }
 borsh = { version = "1", default-features = false, features = ["derive", "de_strict_order"], optional = true }
--- a/substrate/validator-sets/primitives/src/lib.rs
+++ b/substrate/validator-sets/primitives/src/lib.rs
@@ -3,7 +3,8 @@
 #[cfg(feature = "std")]
 use zeroize::Zeroize;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use scale::{Encode, Decode, MaxEncodedLen};
 use scale_info::TypeInfo;
--- a/tests/coordinator/Cargo.toml
+++ b/tests/coordinator/Cargo.toml
@@ -24,7 +24,9 @@ zeroize = { version = "1", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 blake2 = "0.10"
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["ristretto", "secp256k1"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false }
 ciphersuite = { path = "../../crypto/ciphersuite", default-features = false }
 ciphersuite-kp256 = { path = "../../crypto/ciphersuite/kp256", default-features = false }
 schnorrkel = "0.11"
 dkg = { path = "../../crypto/dkg", default-features = false }
--- a/tests/coordinator/src/lib.rs
+++ b/tests/coordinator/src/lib.rs
@@ -14,9 +14,10 @@ use rand_core::{RngCore, OsRng};
 use zeroize::Zeroizing;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::PrimeField, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use serai_client::primitives::ExternalNetworkId;
--- a/tests/coordinator/src/tests/batch.rs
+++ b/tests/coordinator/src/tests/batch.rs
@@ -10,7 +10,10 @@ use blake2::{
  digest::{consts::U32, Digest},
  Blake2b,
 };
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto, Secp256k1};
+
 use dalek_ff_group::Ristretto;
 use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use ciphersuite_kp256::Secp256k1;
 use dkg::Participant;
 use scale::Encode;
--- a/tests/coordinator/src/tests/key_gen.rs
+++ b/tests/coordinator/src/tests/key_gen.rs
@@ -6,10 +6,12 @@ use std::{
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto, Secp256k1,
+  Ciphersuite,
 };
 use ciphersuite_kp256::Secp256k1;
 use dkg::ThresholdParams;
 use serai_client::{
--- a/tests/coordinator/src/tests/rotation.rs
+++ b/tests/coordinator/src/tests/rotation.rs
@@ -1,6 +1,6 @@
 use tokio::time::{sleep, Duration};
-use ciphersuite::Secp256k1;
+use ciphersuite_kp256::Secp256k1;
 use serai_client::{
  primitives::{insecure_pair_from_name, NetworkId},
--- a/tests/coordinator/src/tests/sign.rs
+++ b/tests/coordinator/src/tests/sign.rs
@@ -5,7 +5,7 @@ use std::{
 use rand_core::{RngCore, OsRng};
-use ciphersuite::Secp256k1;
+use ciphersuite_kp256::Secp256k1;
 use dkg::Participant;
--- a/tests/message-queue/Cargo.toml
+++ b/tests/message-queue/Cargo.toml
@@ -22,7 +22,8 @@ hex = "0.4"
 zeroize = { version = "1", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false }
 ciphersuite = { path = "../../crypto/ciphersuite", default-features = false }
 serai-primitives = { path = "../../substrate/primitives" }
 serai-message-queue = { path = "../../message-queue" }
--- a/tests/message-queue/src/lib.rs
+++ b/tests/message-queue/src/lib.rs
@@ -2,9 +2,10 @@ use std::collections::HashMap;
 use rand_core::OsRng;
 use dalek_ff_group::Ristretto;
 use ciphersuite::{
  group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use serai_primitives::{ExternalNetworkId, EXTERNAL_NETWORKS};
--- a/tests/no-std/Cargo.toml
+++ b/tests/no-std/Cargo.toml
@@ -19,10 +19,11 @@ workspace = true
 [dependencies]
 flexible-transcript = { path = "../../crypto/transcript", default-features = false, features = ["recommended", "merlin"] }
-dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false, features = ["alloc"] }
-minimal-ed448 = { path = "../../crypto/ed448", default-features = false }
+minimal-ed448 = { path = "../../crypto/ed448", default-features = false, features = ["alloc"] }
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["alloc", "secp256k1", "p256", "ed25519", "ristretto", "ed448"] }
+ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["alloc"] }
 ciphersuite-kp256 = { path = "../../crypto/ciphersuite/kp256", default-features = false, features = ["alloc"] }
 multiexp = { path = "../../crypto/multiexp", default-features = false, features = ["batch"] }
--- a/tests/no-std/src/lib.rs
+++ b/tests/no-std/src/lib.rs
@@ -6,6 +6,7 @@ pub use dalek_ff_group;
 pub use minimal_ed448;
 pub use ciphersuite;
 pub use ciphersuite_kp256;
 pub use multiexp;
--- a/tests/processor/Cargo.toml
+++ b/tests/processor/Cargo.toml
@@ -23,7 +23,9 @@ zeroize = { version = "1", default-features = false }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
 curve25519-dalek = "4"
-ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["secp256k1", "ristretto"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group", default-features = false }
 ciphersuite = { path = "../../crypto/ciphersuite", default-features = false }
 ciphersuite-kp256 = { path = "../../crypto/ciphersuite/kp256", default-features = false }
 dkg = { path = "../../crypto/dkg", default-features = false }
 bitcoin-serai = { path = "../../networks/bitcoin" }
--- a/tests/processor/src/lib.rs
+++ b/tests/processor/src/lib.rs
@@ -5,7 +5,8 @@ use std::sync::{OnceLock, Mutex};
 use zeroize::Zeroizing;
 use rand_core::{RngCore, OsRng};
-use ciphersuite::{group::ff::PrimeField, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 use serai_client::primitives::ExternalNetworkId;
 use messages::{ProcessorMessage, CoordinatorMessage};
--- a/tests/processor/src/networks.rs
+++ b/tests/processor/src/networks.rs
@@ -90,7 +90,7 @@ pub enum Wallet {
  },
  Ethereum {
    rpc_url: String,
-    key: <ciphersuite::Secp256k1 as Ciphersuite>::F,
+    key: <ciphersuite_kp256::Secp256k1 as Ciphersuite>::F,
    nonce: u64,
  },
  Monero {
@@ -149,7 +149,8 @@ impl Wallet {
      }
      ExternalNetworkId::Ethereum => {
-        use ciphersuite::{group::ff::Field, Secp256k1};
+        use ciphersuite::group::ff::Field;
        use ciphersuite_kp256::Secp256k1;
        use ethereum_serai::alloy::{
          primitives::{U256, Address},
          simple_request_transport::SimpleRequest,
@@ -321,7 +322,7 @@ impl Wallet {
        ));
        let to_as_key = PublicKey::new(
-          <ciphersuite::Secp256k1 as Ciphersuite>::read_G(&mut to.as_slice()).unwrap(),
+          <ciphersuite_kp256::Secp256k1 as Ciphersuite>::read_G(&mut to.as_slice()).unwrap(),
        )
        .unwrap();
        let router_addr = {
@@ -502,7 +503,7 @@ impl Wallet {
        .unwrap()
      }
      Wallet::Ethereum { key, .. } => ExternalAddress::new(
-        ethereum_serai::crypto::address(&(ciphersuite::Secp256k1::generator() * key)).into(),
+        ethereum_serai::crypto::address(&(ciphersuite_kp256::Secp256k1::generator() * key)).into(),
      )
      .unwrap(),
      Wallet::Monero { view_pair, .. } => {
--- a/tests/processor/src/tests/mod.rs
+++ b/tests/processor/src/tests/mod.rs
@@ -1,6 +1,7 @@
 use std::collections::HashMap;
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
 use ciphersuite::Ciphersuite;
 use dockertest::DockerTest;
Author	SHA1	Message	Date
Luke Parker	758d422595	Have <ed448::Point as Zeroize>::zeroize yield a well-defined value	2025-08-20 08:14:00 -04:00
Luke Parker	9841061b49	Add missing feature in substrate/client	2025-08-20 06:38:25 -04:00
Luke Parker	4122a0135f	Fix dirty Cargo.lock	2025-08-20 05:20:47 -04:00
Luke Parker	b63ef32864	Smash Ciphersuite definitions into their own crates Uses dalek-ff-group for Ed25519 and Ristretto. Uses minimal-ed448 for Ed448. Adds ciphersuite-kp256 for Secp256k1 and P-256.	2025-08-20 05:12:36 -04:00
Luke Parker	8be03a8fc2	Fix dirty lockfile	2025-08-20 01:15:56 -04:00
		`@@ -0,0 +1,3 @@`
							`# Ciphersuite {k, p}256`

							`SECP256k1 and P-256 Ciphersuites around k256 and p256.`