Fix borks from the latest nightly

The `cargo doc` build started to fail with the rolling of `doc_auto_cfg` into
`doc_cfg`, so now we don't build docs for deps (as we can't reasonably update
`generic-array` at this time).

`home` has been patched as we are able to, not as a direct requirement of this
PR.

.github/actions/build-dependencies/action.yml

@@ -7,6 +7,10 @@ runs:
     - name: Remove unused packages
       shell: bash
       run: |
+        # Ensure the repositories are synced
+        sudo apt update -y
+
+        # Actually perform the removals
         sudo apt remove -y "*powershell*" "*nuget*" "*bazel*" "*ansible*" "*terraform*" "*heroku*" "*aws*" azure-cli
         sudo apt remove -y "*nodejs*" "*npm*" "*yarn*" "*java*" "*kotlin*" "*golang*" "*swift*" "*julia*" "*fortran*" "*android*"
         sudo apt remove -y "*apache2*" "*nginx*" "*firefox*" "*chromium*" "*chrome*" "*edge*"
@@ -14,8 +18,9 @@ runs:
         sudo apt remove -y --allow-remove-essential -f shim-signed *python3*
         # This removal command requires the prior removals due to unmet dependencies otherwise
         sudo apt remove -y "*qemu*" "*sql*" "*texinfo*" "*imagemagick*"
+
         # Reinstall python3 as a general dependency of a functional operating system
-        sudo apt install python3
+        sudo apt install -y python3 --fix-missing
       if: runner.os == 'Linux'
 
     - name: Remove unused packages
@@ -33,19 +38,23 @@ runs:
       shell: bash
       run: |
         if [ "$RUNNER_OS" == "Linux" ]; then
-          sudo apt install -y ca-certificates protobuf-compiler
+          sudo apt install -y ca-certificates protobuf-compiler libclang-dev
         elif [ "$RUNNER_OS" == "Windows" ]; then
           choco install protoc
         elif [ "$RUNNER_OS" == "macOS" ]; then
-          brew install protobuf
+          brew install protobuf llvm
+          HOMEBREW_ROOT_PATH=/opt/homebrew # Apple Silicon
+          if [ $(uname -m) = "x86_64" ]; then HOMEBREW_ROOT_PATH=/usr/local; fi # Intel
+          ls $HOMEBREW_ROOT_PATH/opt/llvm/lib | grep "libclang.dylib" # Make sure this installed `libclang`
+          echo "DYLD_LIBRARY_PATH=$HOMEBREW_ROOT_PATH/opt/llvm/lib:$DYLD_LIBRARY_PATH" >> "$GITHUB_ENV"
         fi
 
     - name: Install solc
       shell: bash
       run: |
         cargo +1.89 install svm-rs --version =0.5.18
-        svm install 0.8.25
-        svm use 0.8.25
+        svm install 0.8.26
+        svm use 0.8.26
 
     - name: Remove preinstalled Docker
       shell: bash

.github/nightly-version

@@ -1 +1 @@
-nightly-2025-08-01
+nightly-2025-11-01

.github/workflows/crypto-tests.yml

@@ -32,6 +32,7 @@ jobs:
             -p dalek-ff-group \
             -p minimal-ed448 \
             -p ciphersuite \
+            -p ciphersuite-kp256 \
             -p multiexp \
             -p schnorr-signatures \
             -p dleq \

.github/workflows/lint.yml

@@ -11,7 +11,7 @@ jobs:
   clippy:
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-13, macos-14, windows-latest]
+        os: [ubuntu-latest, macos-15-intel, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -52,7 +52,7 @@ jobs:
           key: rust-advisory-db
 
       - name: Install cargo deny
-        run: cargo +1.89 install cargo-deny --version =0.18.3
+        run: cargo +1.89 install cargo-deny --version =0.18.4
 
       - name: Run cargo deny
         run: cargo deny -L error --all-features check --hide-inclusion-graph

.github/workflows/pages.yml

@@ -46,16 +46,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
       - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb
         with:
           bundler-cache: true
           cache-version: 0
           working-directory: "${{ github.workspace }}/docs"
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b
       - name: Build with Jekyll
         run: cd ${{ github.workspace }}/docs && bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
         env:
@@ -70,11 +70,11 @@ jobs:
       - name: Buld Rust docs
         run: |
           rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c rust-docs
-          RUSTDOCFLAGS="--cfg docsrs" cargo +${{ steps.nightly.outputs.version }} doc --workspace --all-features
+          RUSTDOCFLAGS="--cfg docsrs" cargo +${{ steps.nightly.outputs.version }} doc --workspace --no-deps --all-features
           mv target/doc docs/_site/rust
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b
         with:
           path: "docs/_site/"
 
@@ -88,4 +88,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e

.gitignore

@@ -1,7 +1,14 @@
 target
+
+# Don't commit any `Cargo.lock` which aren't the workspace's
+Cargo.lock
+!./Cargo.lock
+
+# Don't commit any `Dockerfile`, as they're auto-generated, except the only one which isn't
 Dockerfile
 Dockerfile.fast-epoch
 !orchestration/runtime/Dockerfile
+
 .test-logs
 
 .vscode

Cargo.toml

@@ -1,15 +1,8 @@
 [workspace]
 resolver = "2"
 members = [
-  # Version patches
-  "patches/parking_lot_core",
-  "patches/parking_lot",
-  "patches/zstd",
-  "patches/rocksdb",
-
   # std patches
   "patches/matches",
-  "patches/is-terminal",
 
   # Rewrites/redirects
   "patches/option-ext",
@@ -28,6 +21,7 @@ members = [
   "crypto/dalek-ff-group",
   "crypto/ed448",
   "crypto/ciphersuite",
+  "crypto/ciphersuite/kp256",
 
   "crypto/multiexp",
 
@@ -134,20 +128,9 @@ modular-frost = { path = "crypto/frost" }
 # https://github.com/rust-lang-nursery/lazy-static.rs/issues/201
 lazy_static = { git = "https://github.com/rust-lang-nursery/lazy-static.rs", rev = "5735630d46572f1e5377c8f2ba0f79d18f53b10c" }
 
-parking_lot_core = { path = "patches/parking_lot_core" }
-parking_lot = { path = "patches/parking_lot" }
-# wasmtime pulls in an old version for this
-zstd = { path = "patches/zstd" }
-# Needed for WAL compression
-rocksdb = { path = "patches/rocksdb" }
-# 1.0.1 was yanked due to a breaking change (an extra field)
-# 2.0 has fewer dependencies and still works within our tree
-tiny-bip39 = { path = "patches/tiny-bip39" }
-
-# is-terminal now has an std-based solution with an equivalent API
-is-terminal = { path = "patches/is-terminal" }
-# So does matches
+# These have `std` alternatives
 matches = { path = "patches/matches" }
+home = { path = "patches/home" }
 
 # directories-next was created because directories was unmaintained
 # directories-next is now unmaintained while directories is maintained
@@ -158,6 +141,7 @@ option-ext = { path = "patches/option-ext" }
 directories-next = { path = "patches/directories-next" }
 
 [workspace.lints.clippy]
+uninlined_format_args = "allow" # TODO
 unwrap_or_default = "allow"
 manual_is_multiple_of = "allow"
 incompatible_msrv = "allow" # Manually verified with a GitHub workflow
@@ -200,8 +184,7 @@ range_plus_one = "deny"
 redundant_closure_for_method_calls = "deny"
 redundant_else = "deny"
 string_add_assign = "deny"
-unchecked_duration_subtraction = "deny"
-uninlined_format_args = "deny"
+unchecked_time_subtraction = "deny"
 unnecessary_box_returns = "deny"
 unnecessary_join = "deny"
 unnecessary_wraps = "deny"
@@ -223,6 +206,7 @@ unnecessary_map_or = "allow"
 result_large_err = "allow"
 unneeded_struct_pattern = "allow"
 [workspace.lints.rust]
+unused = "allow" # TODO: https://github.com/rust-lang/rust/issues/147648
 mismatched_lifetime_syntaxes = "allow"
 unused_attributes = "allow"
-unused-parens = "allow"
+unused_parens = "allow"

common/db/Cargo.toml

@@ -18,7 +18,7 @@ workspace = true
 
 [dependencies]
 parity-db = { version = "0.4", default-features = false, optional = true }
-rocksdb = { version = "0.21", default-features = false, features = ["zstd"], optional = true }
+rocksdb = { version = "0.24", default-features = false, features = ["zstd"], optional = true }
 
 [features]
 parity-db = ["dep:parity-db"]

common/env/src/lib.rs

@@ -1,5 +1,5 @@
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 
 // Obtain a variable from the Serai environment/secret store.
 pub fn var(variable: &str) -> Option<String> {

common/patchable-async-sleep/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![deny(missing_docs)]
 

common/request/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 
 use std::sync::Arc;

common/std-shims/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "std-shims"
-version = "0.1.3"
+version = "0.1.4"
 description = "A series of std shims to make alloc more feasible"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/common/std-shims"

common/std-shims/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 

common/std-shims/src/sync.rs

@@ -25,15 +25,6 @@ mod mutex_shim {
 }
 pub use mutex_shim::{ShimMutex as Mutex, MutexGuard};
 
-#[cfg(not(feature = "std"))]
-pub use spin::Once as OnceLock;
-#[rustversion::before(1.70)]
-#[cfg(feature = "std")]
-pub use spin::Once as OnceLock;
-#[rustversion::since(1.70)]
-#[cfg(feature = "std")]
-pub use std::sync::OnceLock;
-
 #[cfg(not(feature = "std"))]
 pub use spin::Lazy as LazyLock;
 #[rustversion::before(1.80)]

common/zalloc/src/lib.rs

@@ -1,5 +1,5 @@
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![cfg_attr(all(zalloc_rustc_nightly, feature = "allocator"), feature(allocator_api))]
 
 //! Implementation of a Zeroizing Allocator, enabling zeroizing memory on deallocation.

coordinator/Cargo.toml

@@ -25,8 +25,9 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 blake2 = { version = "0.10", default-features = false, features = ["std"] }
 
 transcript = { package = "flexible-transcript", path = "../crypto/transcript", default-features = false, features = ["std", "recommended"] }
+dalek-ff-group = { path = "../crypto/dalek-ff-group", default-features = false, features = ["std"] }
 ciphersuite = { path = "../crypto/ciphersuite", default-features = false, features = ["std"] }
-schnorr = { package = "schnorr-signatures", path = "../crypto/schnorr", default-features = false, features = ["std"] }
+schnorr = { package = "schnorr-signatures", path = "../crypto/schnorr", default-features = false, features = ["std", "aggregate"] }
 dkg-musig = { path = "../crypto/dkg/musig", default-features = false, features = ["std"] }
 frost = { package = "modular-frost", path = "../crypto/frost" }
 frost-schnorrkel = { path = "../crypto/schnorrkel" }
@@ -41,7 +42,7 @@ processor-messages = { package = "serai-processor-messages", path = "../processo
 message-queue = { package = "serai-message-queue", path = "../message-queue" }
 tributary = { package = "tributary-chain", path = "./tributary" }
 
-sp-application-crypto = { git = "https://github.com/serai-dex/substrate", default-features = false, features = ["std"] }
+sp-application-crypto = { git = "https://github.com/serai-dex/patch-polkadot-sdk", rev = "da19e1f8ca7a9e2cbf39fbfa493918eeeb45e10b", default-features = false, features = ["std"] }
 serai-client = { path = "../substrate/client", default-features = false, features = ["serai", "borsh"] }
 
 hex = { version = "0.4", default-features = false, features = ["std"] }
@@ -56,8 +57,8 @@ libp2p = { version = "0.52", default-features = false, features = ["tokio", "tcp
 
 [dev-dependencies]
 tributary = { package = "tributary-chain", path = "./tributary", features = ["tests"] }
-sp-application-crypto = { git = "https://github.com/serai-dex/substrate", default-features = false, features = ["std"] }
-sp-runtime = { git = "https://github.com/serai-dex/substrate", default-features = false, features = ["std"] }
+sp-application-crypto = { git = "https://github.com/serai-dex/patch-polkadot-sdk", rev = "da19e1f8ca7a9e2cbf39fbfa493918eeeb45e10b", default-features = false, features = ["std"] }
+sp-runtime = { git = "https://github.com/serai-dex/patch-polkadot-sdk", rev = "da19e1f8ca7a9e2cbf39fbfa493918eeeb45e10b", default-features = false, features = ["std"] }
 
 [features]
 longer-reattempts = []

coordinator/src/cosign_evaluator.rs

@@ -12,7 +12,7 @@ use tokio::{
 use borsh::BorshSerialize;
 use sp_application_crypto::RuntimePublic;
 use serai_client::{
-  primitives::{ExternalNetworkId, Signature, EXTERNAL_NETWORKS},
+  primitives::{ExternalNetworkId, EXTERNAL_NETWORKS},
   validator_sets::primitives::{ExternalValidatorSet, Session},
   Serai, SeraiError, TemporalSerai,
 };
@@ -164,7 +164,7 @@ impl<D: Db> CosignEvaluator<D> {
 
     if !keys
       .0
-      .verify(&cosign_block_msg(cosign.block_number, cosign.block), &Signature(cosign.signature))
+      .verify(&cosign_block_msg(cosign.block_number, cosign.block), &cosign.signature.into())
     {
       log::warn!("received cosigned block with an invalid signature");
       return Ok(());

coordinator/src/main.rs

@@ -1,3 +1,5 @@
+#![expect(clippy::cast_possible_truncation)]
+
 use core::ops::Deref;
 use std::{
   sync::{OnceLock, Arc},
@@ -8,12 +10,13 @@ use std::{
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::OsRng;
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{
     ff::{Field, PrimeField},
     GroupEncoding,
   },
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 use frost::Participant;
@@ -268,12 +271,15 @@ async fn handle_processor_message<D: Db, P: P2p>(
       coordinator::ProcessorMessage::SignedSlashReport { session, signature } => {
         let set = ExternalValidatorSet { network, session: *session };
         let signature: &[u8] = signature.as_ref();
-        let signature = serai_client::Signature(signature.try_into().unwrap());
+        let signature = <[u8; 64]>::try_from(signature).unwrap();
+        let signature: serai_client::Signature = signature.into();
 
         let slashes = crate::tributary::SlashReport::get(&txn, set)
           .expect("signed slash report despite not having slash report locally");
-        let slashes_pubs =
-          slashes.iter().map(|(address, points)| (Public(*address), *points)).collect::<Vec<_>>();
+        let slashes_pubs = slashes
+          .iter()
+          .map(|(address, points)| (Public::from(*address), *points))
+          .collect::<Vec<_>>();
 
         let tx = serai_client::SeraiValidatorSets::report_slashes(
           network,
@@ -283,7 +289,7 @@ async fn handle_processor_message<D: Db, P: P2p>(
             .collect::<Vec<_>>()
             .try_into()
             .unwrap(),
-          signature.clone(),
+          signature,
         );
 
         loop {
@@ -500,7 +506,7 @@ async fn handle_processor_message<D: Db, P: P2p>(
             &mut txn,
             key,
             spec,
-            &KeyPair(Public(substrate_key), network_key.try_into().unwrap()),
+            &KeyPair(Public::from(substrate_key), network_key.try_into().unwrap()),
             id.attempt,
           );
 

coordinator/src/substrate/cosign.rs

@@ -14,7 +14,8 @@
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::Ciphersuite;
 
 use borsh::{BorshSerialize, BorshDeserialize};
 

coordinator/src/substrate/mod.rs

@@ -6,7 +6,8 @@ use std::{
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use serai_client::{
   coins::CoinsEvent,

coordinator/src/tests/tributary/chain.rs

@@ -7,9 +7,10 @@ use zeroize::Zeroizing;
 use rand_core::{RngCore, CryptoRng, OsRng};
 use futures_util::{task::Poll, poll};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 
 use sp_application_crypto::sr25519;
@@ -54,7 +55,9 @@ pub fn new_spec<R: RngCore + CryptoRng>(
 
   let set_participants = keys
     .iter()
-    .map(|key| (sr25519::Public((<Ristretto as Ciphersuite>::generator() * **key).to_bytes()), 1))
+    .map(|key| {
+      (sr25519::Public::from((<Ristretto as Ciphersuite>::generator() * **key).to_bytes()), 1)
+    })
     .collect::<Vec<_>>();
 
   let res = TributarySpec::new(serai_block, start_time, set, set_participants);

coordinator/src/tests/tributary/dkg.rs

@@ -4,7 +4,8 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::{RngCore, OsRng};
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 
 use sp_runtime::traits::Verify;
@@ -315,7 +316,8 @@ async fn dkg_test() {
   OsRng.fill_bytes(&mut substrate_key);
   let mut network_key = vec![0; usize::try_from((OsRng.next_u64() % 32) + 32).unwrap()];
   OsRng.fill_bytes(&mut network_key);
-  let key_pair = KeyPair(serai_client::Public(substrate_key), network_key.try_into().unwrap());
+  let key_pair =
+    KeyPair(serai_client::Public::from(substrate_key), network_key.try_into().unwrap());
 
   let mut txs = vec![];
   for (i, key) in keys.iter().enumerate() {
@@ -360,7 +362,7 @@ async fn dkg_test() {
       assert_eq!(self.key_pair, key_pair);
       assert!(signature.verify(
         &*serai_client::validator_sets::primitives::set_keys_message(&set, &[], &key_pair),
-        &serai_client::Public(
+        &serai_client::Public::from(
           dkg_musig::musig_key_vartime::<Ristretto>(
             serai_client::validator_sets::primitives::musig_context(set.into()),
             &self.spec.validators().into_iter().map(|(validator, _)| validator).collect::<Vec<_>>()

coordinator/src/tests/tributary/mod.rs

@@ -2,7 +2,8 @@ use core::fmt::Debug;
 
 use rand_core::{RngCore, OsRng};
 
-use ciphersuite::{group::Group, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::Group, Ciphersuite};
 
 use scale::{Encode, Decode};
 use serai_client::{

coordinator/src/tests/tributary/sync.rs

@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashSet};
 
 use rand_core::OsRng;
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use tokio::{
   sync::{mpsc, broadcast},

coordinator/src/tributary/db.rs

@@ -3,7 +3,8 @@ use std::collections::HashMap;
 use scale::Encode;
 use borsh::{BorshSerialize, BorshDeserialize};
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 
 use serai_client::validator_sets::primitives::{KeyPair, ExternalValidatorSet};

coordinator/src/tributary/handle.rs

@@ -4,11 +4,12 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::dkg::Participant;
 
 use scale::{Encode, Decode};
-use serai_client::{Signature, validator_sets::primitives::KeyPair};
+use serai_client::validator_sets::primitives::KeyPair;
 
 use tributary::{Signed, TransactionKind, TransactionTrait};
 
@@ -553,7 +554,7 @@ impl<
                 self.spec.set(),
                 removed.into_iter().map(|key| key.to_bytes().into()).collect(),
                 key_pair,
-                Signature(sig),
+                sig.into(),
               )
               .await;
           }

coordinator/src/tributary/mod.rs

@@ -1,4 +1,5 @@
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use serai_client::validator_sets::primitives::ExternalValidatorSet;
 

coordinator/src/tributary/scanner.rs

@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashSet};
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use tokio::sync::broadcast;
 

coordinator/src/tributary/signing_protocol.rs

@@ -63,9 +63,10 @@ use rand_core::OsRng;
 
 use blake2::{Digest, Blake2s256};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::PrimeField, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use dkg_musig::musig;
 use frost::{FrostError, dkg::Participant, ThresholdKeys, sign::*};
@@ -294,7 +295,7 @@ impl<T: DbTxn> DkgConfirmer<'_, T> {
       threshold_i_map_to_keys_and_musig_i_map(self.spec, &self.removed, self.key, preprocesses).1;
     let msg = set_keys_message(
       &self.spec.set(),
-      &self.removed.iter().map(|key| Public(key.to_bytes())).collect::<Vec<_>>(),
+      &self.removed.iter().map(|key| Public::from(key.to_bytes())).collect::<Vec<_>>(),
       key_pair,
     );
     self.signing_protocol().share_internal(&participants, preprocesses, &msg)

coordinator/src/tributary/spec.rs

@@ -3,7 +3,8 @@ use std::{io, collections::HashMap};
 
 use transcript::{Transcript, RecommendedTranscript};
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 use frost::Participant;
 
 use scale::Encode;

coordinator/src/tributary/transaction.rs

@@ -7,9 +7,10 @@ use rand_core::{RngCore, CryptoRng};
 use blake2::{Digest, Blake2s256};
 use transcript::{Transcript, RecommendedTranscript};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::Field, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 use frost::Participant;

coordinator/tributary/Cargo.toml

@@ -27,7 +27,8 @@ rand_chacha = { version = "0.3", default-features = false, features = ["std"] }
 blake2 = { version = "0.10", default-features = false, features = ["std"] }
 transcript = { package = "flexible-transcript", path = "../../crypto/transcript", default-features = false, features = ["std", "recommended"] }
 
-ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", default-features = false, features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../../crypto/dalek-ff-group" }
+ciphersuite = { package = "ciphersuite", path = "../../crypto/ciphersuite", default-features = false, features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../../crypto/schnorr", default-features = false, features = ["std"] }
 
 hex = { version = "0.4", default-features = false, features = ["std"] }

coordinator/tributary/src/blockchain.rs

@@ -1,6 +1,7 @@
 use std::collections::{VecDeque, HashSet};
 
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use serai_db::{Get, DbTxn, Db};
 

coordinator/tributary/src/lib.rs

@@ -5,7 +5,8 @@ use async_trait::async_trait;
 
 use zeroize::Zeroizing;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::Ciphersuite;
 
 use scale::Decode;
 use futures_channel::mpsc::UnboundedReceiver;

coordinator/tributary/src/mempool.rs

@@ -1,6 +1,7 @@
 use std::collections::HashMap;
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::Ciphersuite;
 
 use serai_db::{DbTxn, Db};
 

coordinator/tributary/src/tendermint/mod.rs

@@ -11,12 +11,13 @@ use rand_chacha::ChaCha12Rng;
 
 use transcript::{Transcript, RecommendedTranscript};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{
     GroupEncoding,
     ff::{Field, PrimeField},
   },
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::{
   SchnorrSignature,

coordinator/tributary/src/tendermint/tx.rs

@@ -4,7 +4,8 @@ use scale::{Encode, Decode, IoReader};
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::Ciphersuite;
 
 use crate::{
   transaction::{Transaction, TransactionKind, TransactionError},

coordinator/tributary/src/tests/block.rs

@@ -1,9 +1,11 @@
 use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
 
 use blake2::{Digest, Blake2s256};
+
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 

coordinator/tributary/src/tests/blockchain.rs

@@ -10,7 +10,8 @@ use rand::rngs::OsRng;
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::ff::Field, Ciphersuite};
 
 use serai_db::{DbTxn, Db, MemDb};
 

coordinator/tributary/src/tests/mempool.rs

@@ -3,7 +3,8 @@ use std::{sync::Arc, collections::HashMap};
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::ff::Field, Ciphersuite};
 
 use tendermint::ext::Commit;
 

coordinator/tributary/src/tests/transaction/mod.rs

@@ -6,9 +6,10 @@ use rand::{RngCore, CryptoRng, rngs::OsRng};
 
 use blake2::{Digest, Blake2s256};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 

coordinator/tributary/src/tests/transaction/signed.rs

@@ -2,7 +2,8 @@ use rand::rngs::OsRng;
 
 use blake2::{Digest, Blake2s256};
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::ff::Field, Ciphersuite};
 
 use crate::{
   ReadWrite,

coordinator/tributary/src/tests/transaction/tendermint.rs

@@ -3,7 +3,8 @@ use std::sync::Arc;
 use zeroize::Zeroizing;
 use rand::{RngCore, rngs::OsRng};
 
-use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{Ciphersuite, group::ff::Field};
 
 use scale::Encode;
 

coordinator/tributary/src/transaction.rs

@@ -6,9 +6,10 @@ use thiserror::Error;
 
 use blake2::{Digest, Blake2b512};
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{Group, GroupEncoding},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 use schnorr::SchnorrSignature;
 

coordinator/tributary/tendermint/src/lib.rs

@@ -1,3 +1,5 @@
+#![expect(clippy::cast_possible_truncation)]
+
 use core::fmt::Debug;
 
 use std::{

crypto/ciphersuite/Cargo.toml

@@ -1,13 +1,13 @@
 [package]
 name = "ciphersuite"
-version = "0.4.1"
+version = "0.4.2"
 description = "Ciphersuites built around ff/group"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["ciphersuite", "ff", "group"]
 edition = "2021"
-rust-version = "1.73"
+rust-version = "1.66"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -24,22 +24,12 @@ rand_core = { version = "0.6", default-features = false }
 zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
 subtle = { version = "^2.4", default-features = false }
 
-digest = { version = "0.10", default-features = false }
+digest = { version = "0.10", default-features = false, features = ["core-api"] }
 transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false }
-sha2 = { version = "0.10", default-features = false, optional = true }
-sha3 = { version = "0.10", default-features = false, optional = true }
 
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
 
-dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features = false, optional = true }
-
-elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
-p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-
-minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, optional = true }
-
 [dev-dependencies]
 hex = { version = "0.4", default-features = false, features = ["std"] }
 
@@ -48,7 +38,7 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { version = "0.13", path = "../ff-group-tests" }
 
 [features]
-alloc = ["std-shims"]
+alloc = ["std-shims", "ff/alloc"]
 std = [
   "std-shims/std",
 
@@ -59,27 +49,8 @@ std = [
 
   "digest/std",
   "transcript/std",
-  "sha2?/std",
-  "sha3?/std",
 
   "ff/std",
-
-  "dalek-ff-group?/std",
-
-  "elliptic-curve?/std",
-  "p256?/std",
-  "k256?/std",
-  "minimal-ed448?/std",
 ]
 
-dalek = ["sha2", "dalek-ff-group"]
-ed25519 = ["dalek"]
-ristretto = ["dalek"]
-
-kp256 = ["sha2", "elliptic-curve"]
-p256 = ["kp256", "dep:p256"]
-secp256k1 = ["kp256", "k256"]
-
-ed448 = ["sha3", "minimal-ed448"]
-
 default = ["std"]

crypto/ciphersuite/README.md

@@ -21,6 +21,8 @@ Their `hash_to_F` is the
 [IETF's hash to curve](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html),
 yet applied to their scalar field.
 
+Please see the [`ciphersuite-kp256`](https://docs.rs/ciphersuite-kp256) crate for more info.
+
 ### Ed25519/Ristretto
 
 Ed25519/Ristretto are offered via
@@ -33,6 +35,8 @@ the draft
 [RFC-RISTRETTO](https://www.ietf.org/archive/id/draft-irtf-cfrg-ristretto255-decaf448-05.html).
 The domain-separation tag is naively prefixed to the message.
 
+Please see the [`dalek-ff-group`](https://docs.rs/dalek-ff-group) crate for more info.
+
 ### Ed448
 
 Ed448 is offered via [minimal-ed448](https://crates.io/crates/minimal-ed448), an
@@ -42,3 +46,5 @@ to its prime-order subgroup.
 Its `hash_to_F` is the wide reduction of SHAKE256, with a 114-byte output, as
 used in [RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). The
 domain-separation tag is naively prefixed to the message.
+
+Please see the [`minimal-ed448`](https://docs.rs/minimal-ed448) crate for more info.

crypto/ciphersuite/kp256/Cargo.toml

@@ -0,0 +1,55 @@
+[package]
+name = "ciphersuite-kp256"
+version = "0.4.0"
+description = "Ciphersuites built around ff/group"
+license = "MIT"
+repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ciphersuite/kp256"
+authors = ["Luke Parker <lukeparker5132@gmail.com>"]
+keywords = ["ciphersuite", "ff", "group"]
+edition = "2021"
+rust-version = "1.66"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
+
+[lints]
+workspace = true
+
+[dependencies]
+rand_core = { version = "0.6", default-features = false }
+
+zeroize = { version = "^1.5", default-features = false, features = ["derive"] }
+
+sha2 = { version = "0.10", default-features = false }
+
+elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"] }
+p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"] }
+
+ciphersuite = { path = "../", version = "0.4", default-features = false }
+
+[dev-dependencies]
+hex = { version = "0.4", default-features = false, features = ["std"] }
+
+rand_core = { version = "0.6", default-features = false, features = ["std"] }
+
+ff-group-tests = { version = "0.13", path = "../../ff-group-tests" }
+
+[features]
+alloc = ["ciphersuite/alloc"]
+std = [
+  "rand_core/std",
+
+  "zeroize/std",
+
+  "sha2/std",
+
+  "elliptic-curve/std",
+  "p256/std",
+  "k256/std",
+
+  "ciphersuite/std",
+]
+
+default = ["std"]

crypto/ciphersuite/kp256/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021-2023 Luke Parker
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

crypto/ciphersuite/kp256/README.md

@@ -0,0 +1,3 @@
+# Ciphersuite {k, p}256
+
+SECP256k1 and P-256 Ciphersuites around k256 and p256.

crypto/ciphersuite/kp256/src/lib.rs

@@ -1,16 +1,17 @@
+#![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(not(feature = "std"), no_std)]
+
 use zeroize::Zeroize;
 
 use sha2::Sha256;
 
-use group::ff::PrimeField;
-
 use elliptic_curve::{
   generic_array::GenericArray,
   bigint::{NonZero, CheckedAdd, Encoding, U384},
   hash2curve::{Expander, ExpandMsg, ExpandMsgXmd},
 };
 
-use crate::Ciphersuite;
+use ciphersuite::{group::ff::PrimeField, Ciphersuite};
 
 macro_rules! kp_curve {
   (
@@ -107,12 +108,9 @@ fn test_oversize_dst<C: Ciphersuite>() {
 /// Ciphersuite for Secp256k1.
 ///
 /// hash_to_F is implemented via the IETF draft for hash to curve's hash_to_field (v16).
-#[cfg(feature = "secp256k1")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Secp256k1;
-#[cfg(feature = "secp256k1")]
 kp_curve!("secp256k1", k256, Secp256k1, b"secp256k1");
-#[cfg(feature = "secp256k1")]
 #[test]
 fn test_secp256k1() {
   ff_group_tests::group::test_prime_group_bits::<_, k256::ProjectivePoint>(&mut rand_core::OsRng);
@@ -145,12 +143,9 @@ fn test_secp256k1() {
 /// Ciphersuite for P-256.
 ///
 /// hash_to_F is implemented via the IETF draft for hash to curve's hash_to_field (v16).
-#[cfg(feature = "p256")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct P256;
-#[cfg(feature = "p256")]
 kp_curve!("p256", p256, P256, b"P-256");
-#[cfg(feature = "p256")]
 #[test]
 fn test_p256() {
   ff_group_tests::group::test_prime_group_bits::<_, p256::ProjectivePoint>(&mut rand_core::OsRng);

crypto/ciphersuite/src/lib.md

@@ -2,7 +2,7 @@
 
 Ciphersuites for elliptic curves premised on ff/group.
 
-This library, except for the not recommended Ed448 ciphersuite, was
+This library was
 [audited by Cypher Stack in March 2023](https://github.com/serai-dex/serai/raw/e1bb2c191b7123fd260d008e31656d090d559d21/audits/Cypher%20Stack%20crypto%20March%202023/Audit.pdf),
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).

crypto/ciphersuite/src/lib.rs

@@ -1,13 +1,13 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("lib.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
 use core::fmt::Debug;
+#[cfg(any(feature = "alloc", feature = "std"))]
 #[allow(unused_imports)]
-use std_shims::{
-  prelude::*,
-  io::{self, Read},
-};
+use std_shims::prelude::*;
+#[cfg(any(feature = "alloc", feature = "std"))]
+use std_shims::io::{self, Read};
 
 use rand_core::{RngCore, CryptoRng};
 
@@ -26,25 +26,6 @@ use group::{
 #[cfg(any(feature = "alloc", feature = "std"))]
 use group::GroupEncoding;
 
-#[cfg(feature = "dalek")]
-mod dalek;
-#[cfg(feature = "ristretto")]
-pub use dalek::Ristretto;
-#[cfg(feature = "ed25519")]
-pub use dalek::Ed25519;
-
-#[cfg(feature = "kp256")]
-mod kp256;
-#[cfg(feature = "secp256k1")]
-pub use kp256::Secp256k1;
-#[cfg(feature = "p256")]
-pub use kp256::P256;
-
-#[cfg(feature = "ed448")]
-mod ed448;
-#[cfg(feature = "ed448")]
-pub use ed448::*;
-
 /// Unified trait defining a ciphersuite around an elliptic curve.
 pub trait Ciphersuite:
   'static + Send + Sync + Clone + Copy + PartialEq + Eq + Debug + Zeroize

crypto/dalek-ff-group/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dalek-ff-group"
-version = "0.4.2"
+version = "0.4.4"
 description = "ff/group bindings around curve25519-dalek"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/dalek-ff-group"
@@ -25,18 +25,22 @@ subtle = { version = "^2.4", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 
 digest = { version = "0.10", default-features = false }
+sha2 = { version = "0.10", default-features = false }
 
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
+ciphersuite = { path = "../ciphersuite", default-features = false }
 
 crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }
 
 curve25519-dalek = { version = ">= 4.0, < 4.2", default-features = false, features = ["alloc", "zeroize", "digest", "group", "precomputed-tables"] }
 
 [dev-dependencies]
+hex = "0.4"
 rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }
 
 [features]
-std = ["zeroize/std", "subtle/std", "rand_core/std", "digest/std"]
+alloc = ["zeroize/alloc", "ciphersuite/alloc"]
+std = ["alloc", "zeroize/std", "subtle/std", "rand_core/std", "digest/std", "sha2/std", "ciphersuite/std"]
 default = ["std"]

crypto/dalek-ff-group/src/ciphersuite.rs

@@ -3,9 +3,9 @@ use zeroize::Zeroize;
 use sha2::{Digest, Sha512};
 
 use group::Group;
-use dalek_ff_group::Scalar;
+use crate::Scalar;
 
-use crate::Ciphersuite;
+use ciphersuite::Ciphersuite;
 
 macro_rules! dalek_curve {
   (
@@ -15,7 +15,7 @@ macro_rules! dalek_curve {
     $Point:       ident,
     $ID:          literal
   ) => {
-    use dalek_ff_group::$Point;
+    use crate::$Point;
 
     impl Ciphersuite for $Ciphersuite {
       type F = Scalar;
@@ -40,12 +40,9 @@ macro_rules! dalek_curve {
 /// hash_to_F is implemented with a naive concatenation of the dst and data, allowing transposition
 /// between the two. This means `dst: b"abc", data: b"def"`, will produce the same scalar as
 /// `dst: "abcdef", data: b""`. Please use carefully, not letting dsts be substrings of each other.
-#[cfg(any(test, feature = "ristretto"))]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Ristretto;
-#[cfg(any(test, feature = "ristretto"))]
 dalek_curve!("ristretto", Ristretto, RistrettoPoint, b"ristretto");
-#[cfg(any(test, feature = "ristretto"))]
 #[test]
 fn test_ristretto() {
   ff_group_tests::group::test_prime_group_bits::<_, RistrettoPoint>(&mut rand_core::OsRng);
@@ -71,12 +68,9 @@ fn test_ristretto() {
 /// hash_to_F is implemented with a naive concatenation of the dst and data, allowing transposition
 /// between the two. This means `dst: b"abc", data: b"def"`, will produce the same scalar as
 /// `dst: "abcdef", data: b""`. Please use carefully, not letting dsts be substrings of each other.
-#[cfg(feature = "ed25519")]
 #[derive(Clone, Copy, PartialEq, Eq, Debug, Zeroize)]
 pub struct Ed25519;
-#[cfg(feature = "ed25519")]
 dalek_curve!("ed25519", Ed25519, EdwardsPoint, b"edwards25519");
-#[cfg(feature = "ed25519")]
 #[test]
 fn test_ed25519() {
   ff_group_tests::group::test_prime_group_bits::<_, EdwardsPoint>(&mut rand_core::OsRng);

crypto/dalek-ff-group/src/field.rs

@@ -17,7 +17,7 @@ use crypto_bigint::{
   impl_modulus,
 };
 
-use group::ff::{Field, PrimeField, FieldBits, PrimeFieldBits};
+use group::ff::{Field, PrimeField, FieldBits, PrimeFieldBits, FromUniformBytes};
 
 use crate::{u8_from_bool, constant_time, math_op, math};
 
@@ -36,6 +36,7 @@ type ResidueType = Residue<FieldModulus, { FieldModulus::LIMBS }>;
 
 /// A constant-time implementation of the Ed25519 field.
 #[derive(Clone, Copy, PartialEq, Eq, Default, Debug, Zeroize)]
+#[repr(transparent)]
 pub struct FieldElement(ResidueType);
 
 // Square root of -1.
@@ -230,12 +231,6 @@ impl FieldElement {
     FieldElement(reduce(U512::from_le_bytes(value)))
   }
 
-  /// Interpret the value as a little-endian integer, square it, and reduce it into a FieldElement.
-  pub fn from_square(value: [u8; 32]) -> FieldElement {
-    let value = U256::from_le_bytes(value);
-    FieldElement(reduce(U512::from(value.mul_wide(&value))))
-  }
-
   /// Perform an exponentiation.
   pub fn pow(&self, other: FieldElement) -> FieldElement {
     let mut table = [FieldElement::ONE; 16];
@@ -311,6 +306,12 @@ impl FieldElement {
   }
 }
 
+impl FromUniformBytes<64> for FieldElement {
+  fn from_uniform_bytes(bytes: &[u8; 64]) -> Self {
+    Self::wide_reduce(*bytes)
+  }
+}
+
 impl Sum<FieldElement> for FieldElement {
   fn sum<I: Iterator<Item = FieldElement>>(iter: I) -> FieldElement {
     let mut res = FieldElement::ZERO;

crypto/dalek-ff-group/src/lib.rs

@@ -1,5 +1,5 @@
 #![allow(deprecated)]
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![no_std] // Prevents writing new code, in what should be a simple wrapper, which requires std
 #![doc = include_str!("../README.md")]
 #![allow(clippy::redundant_closure_call)]
@@ -30,7 +30,7 @@ use dalek::{
 pub use constants::{ED25519_BASEPOINT_TABLE, RISTRETTO_BASEPOINT_TABLE};
 
 use group::{
-  ff::{Field, PrimeField, FieldBits, PrimeFieldBits},
+  ff::{Field, PrimeField, FieldBits, PrimeFieldBits, FromUniformBytes},
   Group, GroupEncoding,
   prime::PrimeGroup,
 };
@@ -38,6 +38,9 @@ use group::{
 mod field;
 pub use field::FieldElement;
 
+mod ciphersuite;
+pub use crate::ciphersuite::{Ed25519, Ristretto};
+
 // Use black_box when possible
 #[rustversion::since(1.66)]
 mod black_box {
@@ -322,6 +325,12 @@ impl PrimeFieldBits for Scalar {
   }
 }
 
+impl FromUniformBytes<64> for Scalar {
+  fn from_uniform_bytes(bytes: &[u8; 64]) -> Self {
+    Self::from_bytes_mod_order_wide(bytes)
+  }
+}
+
 impl Sum<Scalar> for Scalar {
   fn sum<I: Iterator<Item = Scalar>>(iter: I) -> Scalar {
     Self(DScalar::sum(iter))

crypto/dkg/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/crypto/dkg"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["dkg", "multisig", "threshold", "ff", "group"]
 edition = "2021"
-rust-version = "1.73"
+rust-version = "1.66"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -27,9 +27,6 @@ borsh = { version = "1", default-features = false, features = ["derive", "de_str
 
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", default-features = false, features = ["alloc"] }
 
-[dev-dependencies]
-ciphersuite = { path = "../ciphersuite", default-features = false, features = ["ristretto"] }
-
 [features]
 std = [
   "thiserror/std",

crypto/dkg/dealer/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/crypto/dkg/dealer"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["dkg", "multisig", "threshold", "ff", "group"]
 edition = "2021"
-rust-version = "1.73"
+rust-version = "1.66"
 
 [package.metadata.docs.rs]
 all-features = true

crypto/dkg/dealer/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![no_std]
 

crypto/dkg/musig/Cargo.toml

@@ -31,7 +31,7 @@ dkg = { path = "../", version = "0.6", default-features = false }
 
 [dev-dependencies]
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group" }
 dkg-recovery = { path = "../recovery", default-features = false, features = ["std"] }
 
 [features]

crypto/dkg/musig/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
@@ -150,7 +150,7 @@ pub fn musig<C: Ciphersuite>(
   }
   let group_key = multiexp::multiexp(&multiexp);
   debug_assert_eq!(our_pub_key, verification_shares[&params.i()]);
-  debug_assert_eq!(musig_key_vartime::<C>(context, keys).unwrap(), group_key);
+  debug_assert_eq!(musig_key_vartime::<C>(context, keys), Ok(group_key));
 
   ThresholdKeys::new(
     params,

crypto/dkg/musig/src/tests.rs

@@ -3,7 +3,8 @@ use std::collections::HashMap;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 
-use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{group::ff::Field, Ciphersuite};
 
 use dkg_recovery::recover_key;
 use crate::*;

crypto/dkg/pedpop/Cargo.toml

@@ -34,4 +34,4 @@ dkg = { path = "../", version = "0.6", default-features = false, features = ["st
 
 [dev-dependencies]
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group", default-features = false }

crypto/dkg/pedpop/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 // This crate requires `dleq` which doesn't support no-std via std-shims
 // #![cfg_attr(not(feature = "std"), no_std)]

crypto/dkg/pedpop/src/tests.rs

@@ -2,7 +2,8 @@ use std::collections::HashMap;
 
 use rand_core::{RngCore, CryptoRng, OsRng};
 
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::Ciphersuite;
 
 use crate::*;
 

crypto/dkg/promote/Cargo.toml

@@ -30,5 +30,5 @@ dkg = { path = "../", version = "0.6.1", default-features = false, features = ["
 [dev-dependencies]
 zeroize = { version = "^1.5", default-features = false, features = ["std", "zeroize_derive"] }
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
-ciphersuite = { path = "../../ciphersuite", default-features = false, features = ["ristretto"] }
+dalek-ff-group = { path = "../../dalek-ff-group" }
 dkg-recovery = { path = "../recovery", default-features = false, features = ["std"] }

crypto/dkg/promote/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 // This crate requires `dleq` which doesn't support no-std via std-shims
 // #![cfg_attr(not(feature = "std"), no_std)]

crypto/dkg/promote/src/tests.rs

@@ -4,9 +4,10 @@ use std::collections::HashMap;
 use zeroize::{Zeroize, Zeroizing};
 use rand_core::OsRng;
 
+use dalek_ff_group::Ristretto;
 use ciphersuite::{
   group::{ff::Field, Group},
-  Ciphersuite, Ristretto,
+  Ciphersuite,
 };
 
 use dkg::*;

crypto/dkg/recovery/Cargo.toml

@@ -7,7 +7,7 @@ repository = "https://github.com/serai-dex/serai/tree/develop/crypto/dkg/recover
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["dkg", "multisig", "threshold", "ff", "group"]
 edition = "2021"
-rust-version = "1.73"
+rust-version = "1.66"
 
 [package.metadata.docs.rs]
 all-features = true

crypto/dkg/recovery/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![no_std]
 

crypto/dkg/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 

crypto/dleq/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![cfg_attr(not(feature = "std"), no_std)]
 #![doc = include_str!("../README.md")]
 

crypto/ed448/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "minimal-ed448"
-version = "0.4.1"
+version = "0.4.2"
 description = "Unaudited, inefficient implementation of Ed448 in Rust"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/ed448"
@@ -24,8 +24,11 @@ rand_core = { version = "0.6", default-features = false }
 zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
 subtle = { version = "^2.4", default-features = false }
 
+sha3 = { version = "0.10", default-features = false }
+
 ff = { version = "0.13", default-features = false, features = ["bits"] }
 group = { version = "0.13", default-features = false }
+ciphersuite = { path = "../ciphersuite", default-features = false }
 
 generic-array = { version = "1", default-features = false }
 crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }
@@ -38,5 +41,6 @@ rand_core = { version = "0.6", default-features = false, features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }
 
 [features]
-std = ["rand_core/std", "zeroize/std", "subtle/std", "ff/std"]
+alloc = ["zeroize/alloc", "ciphersuite/alloc"]
+std = ["alloc", "rand_core/std", "zeroize/std", "subtle/std", "sha3/std", "ff/std", "ciphersuite/std"]
 default = ["std"]

crypto/ed448/src/ciphersuite.rs

@@ -1,15 +1,17 @@
 use zeroize::Zeroize;
 
-use digest::{
-  typenum::U114, core_api::BlockSizeUser, Update, Output, OutputSizeUser, FixedOutput,
-  ExtendableOutput, XofReader, HashMarker, Digest,
+use sha3::{
+  digest::{
+    typenum::U114, core_api::BlockSizeUser, Update, Output, OutputSizeUser, FixedOutput,
+    ExtendableOutput, XofReader, HashMarker, Digest,
+  },
+  Shake256,
 };
-use sha3::Shake256;
 
 use group::Group;
-use minimal_ed448::{Scalar, Point};
+use crate::{Scalar, Point};
 
-use crate::Ciphersuite;
+use ciphersuite::Ciphersuite;
 
 /// Shake256, fixed to a 114-byte output, as used by Ed448.
 #[derive(Clone, Default)]

crypto/ed448/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![no_std]
 #![allow(clippy::redundant_closure_call)]
@@ -14,3 +14,6 @@ pub use field::FieldElement;
 
 mod point;
 pub use point::Point;
+
+mod ciphersuite;
+pub use crate::ciphersuite::Ed448;

crypto/ed448/src/point.rs

@@ -50,13 +50,25 @@ fn recover_x(y: FieldElement) -> CtOption<FieldElement> {
 }
 
 /// Ed448 point.
-#[derive(Clone, Copy, Debug, Zeroize)]
+#[derive(Clone, Copy, Debug)]
 pub struct Point {
   x: FieldElement,
   y: FieldElement,
   z: FieldElement,
 }
 
+impl Zeroize for Point {
+  fn zeroize(&mut self) {
+    self.x.zeroize();
+    self.y.zeroize();
+    self.z.zeroize();
+    let identity = Self::identity();
+    self.x = identity.x;
+    self.y = identity.y;
+    self.z = identity.z;
+  }
+}
+
 const G: Point = Point { x: G_X, y: G_Y, z: FieldElement::ONE };
 
 impl ConstantTimeEq for Point {

crypto/ff-group-tests/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 
 /// Tests for the Field trait.

crypto/frost/Cargo.toml

@@ -34,6 +34,7 @@ dalek-ff-group = { path = "../dalek-ff-group", version = "0.4", default-features
 minimal-ed448 = { path = "../ed448", version = "0.4", default-features = false, features = ["std"], optional = true }
 
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", default-features = false, features = ["std"] }
+ciphersuite-kp256 = { path = "../ciphersuite/kp256", version = "0.4", default-features = false, features = ["std"], optional = true }
 
 multiexp = { path = "../multiexp", version = "0.4", default-features = false, features = ["std", "batch"] }
 
@@ -52,12 +53,12 @@ dkg-recovery = { path = "../dkg/recovery", default-features = false, features =
 dkg-dealer = { path = "../dkg/dealer", default-features = false, features = ["std"] }
 
 [features]
-ed25519 = ["dalek-ff-group", "ciphersuite/ed25519"]
-ristretto = ["dalek-ff-group", "ciphersuite/ristretto"]
+ed25519 = ["dalek-ff-group"]
+ristretto = ["dalek-ff-group"]
 
-secp256k1 = ["ciphersuite/secp256k1"]
-p256 = ["ciphersuite/p256"]
+secp256k1 = ["ciphersuite-kp256"]
+p256 = ["ciphersuite-kp256"]
 
-ed448 = ["minimal-ed448", "ciphersuite/ed448"]
+ed448 = ["minimal-ed448"]
 
-tests = ["hex", "rand_core/getrandom", "dkg-dealer" ,"dkg-recovery"]
+tests = ["hex", "rand_core/getrandom", "dkg-dealer", "dkg-recovery"]

crypto/frost/src/curve/dalek.rs

@@ -16,7 +16,7 @@ macro_rules! dalek_curve {
     $CONTEXT: literal,
     $chal: literal
   ) => {
-    pub use ciphersuite::$Curve;
+    pub use dalek_ff_group::$Curve;
 
     impl Curve for $Curve {
       const CONTEXT: &'static [u8] = $CONTEXT;

crypto/frost/src/curve/ed448.rs

@@ -1,7 +1,8 @@
 use digest::Digest;
 
 use minimal_ed448::{Scalar, Point};
-pub use ciphersuite::{group::GroupEncoding, Shake256_114, Ed448};
+pub use minimal_ed448::Ed448;
+pub use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use crate::{curve::Curve, algorithm::Hram};
 
@@ -18,7 +19,7 @@ impl Ietf8032Ed448Hram {
   #[allow(non_snake_case)]
   pub(crate) fn hram(context: &[u8], R: &Point, A: &Point, m: &[u8]) -> Scalar {
     Scalar::wide_reduce(
-      Shake256_114::digest(
+      <Ed448 as Ciphersuite>::H::digest(
         [
           &[b"SigEd448".as_ref(), &[0, u8::try_from(context.len()).unwrap()]].concat(),
           context,

crypto/frost/src/curve/kp256.rs

@@ -11,7 +11,7 @@ macro_rules! kp_curve {
 
     $CONTEXT: literal
   ) => {
-    pub use ciphersuite::$Curve;
+    pub use ciphersuite_kp256::$Curve;
 
     impl Curve for $Curve {
       const CONTEXT: &'static [u8] = $CONTEXT;

crypto/frost/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 
 use core::fmt::Debug;

crypto/multiexp/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "multiexp"
-version = "0.4.0"
+version = "0.4.2"
 description = "Multiexponentiation algorithms for ff/group"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/multiexp"

crypto/multiexp/src/batch.rs

@@ -12,7 +12,7 @@ use crate::{multiexp, multiexp_vartime};
 // Flatten the contained statements to a single Vec.
 // Wrapped in Zeroizing in case any of the included statements contain private values.
 #[allow(clippy::type_complexity)]
-fn flat<Id: Copy + Zeroize, G: Group<Scalar: PrimeFieldBits + Zeroize> + Zeroize>(
+fn flat<Id: Copy + Zeroize, G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>(
   slice: &[(Id, Vec<(G::Scalar, G)>)],
 ) -> Zeroizing<Vec<(G::Scalar, G)>> {
   Zeroizing::new(slice.iter().flat_map(|pairs| pairs.1.iter()).copied().collect::<Vec<_>>())
@@ -21,11 +21,11 @@ fn flat<Id: Copy + Zeroize, G: Group<Scalar: PrimeFieldBits + Zeroize> + Zeroize
 /// A batch verifier intended to verify a series of statements are each equivalent to zero.
 #[allow(clippy::type_complexity)]
 #[derive(Clone, Zeroize)]
-pub struct BatchVerifier<Id: Copy + Zeroize, G: Group<Scalar: PrimeFieldBits + Zeroize> + Zeroize>(
+pub struct BatchVerifier<Id: Copy + Zeroize, G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>(
   Zeroizing<Vec<(Id, Vec<(G::Scalar, G)>)>>,
 );
 
-impl<Id: Copy + Zeroize, G: Group<Scalar: PrimeFieldBits + Zeroize> + Zeroize>
+impl<Id: Copy + Zeroize, G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>
   BatchVerifier<Id, G>
 {
   /// Create a new batch verifier, expected to verify the following amount of statements.

crypto/multiexp/src/lib.rs

@@ -1,10 +1,12 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
 #[cfg(not(feature = "std"))]
 #[macro_use]
 extern crate alloc;
+#[allow(unused_imports)]
+use std_shims::prelude::*;
 use std_shims::vec::Vec;
 
 use zeroize::Zeroize;
@@ -175,7 +177,9 @@ fn algorithm(len: usize) -> Algorithm {
 
 /// Performs a multiexponentiation, automatically selecting the optimal algorithm based on the
 /// amount of pairs.
-pub fn multiexp<G: Group<Scalar: PrimeFieldBits + Zeroize>>(pairs: &[(G::Scalar, G)]) -> G {
+pub fn multiexp<G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>(
+  pairs: &[(G::Scalar, G)],
+) -> G {
   match algorithm(pairs.len()) {
     Algorithm::Null => Group::identity(),
     Algorithm::Single => pairs[0].1 * pairs[0].0,

crypto/multiexp/src/pippenger.rs

@@ -7,7 +7,7 @@ use crate::prep_bits;
 
 // Pippenger's algorithm for multiexponentiation, as published in the SIAM Journal on Computing
 // DOI: 10.1137/0209022
-pub(crate) fn pippenger<G: Group<Scalar: PrimeFieldBits>>(
+pub(crate) fn pippenger<G: Zeroize + Group<Scalar: PrimeFieldBits>>(
   pairs: &[(G::Scalar, G)],
   window: u8,
 ) -> G {
@@ -31,6 +31,8 @@ pub(crate) fn pippenger<G: Group<Scalar: PrimeFieldBits>>(
       intermediate_sum += buckets[b];
       res += intermediate_sum;
     }
+
+    buckets.zeroize();
   }
 
   bits.zeroize();

crypto/multiexp/src/straus.rs

@@ -24,12 +24,12 @@ fn prep_tables<G: Group>(pairs: &[(G::Scalar, G)], window: u8) -> Vec<Vec<G>> {
 
 // Straus's algorithm for multiexponentiation, as published in The American Mathematical Monthly
 // DOI: 10.2307/2310929
-pub(crate) fn straus<G: Group<Scalar: PrimeFieldBits + Zeroize>>(
+pub(crate) fn straus<G: Zeroize + Group<Scalar: PrimeFieldBits>>(
   pairs: &[(G::Scalar, G)],
   window: u8,
 ) -> G {
   let mut groupings = prep_bits(pairs, window);
-  let tables = prep_tables(pairs, window);
+  let mut tables = prep_tables(pairs, window);
 
   let mut res = G::identity();
   for b in (0 .. groupings[0].len()).rev() {
@@ -45,6 +45,7 @@ pub(crate) fn straus<G: Group<Scalar: PrimeFieldBits + Zeroize>>(
   }
 
   groupings.zeroize();
+  tables.zeroize();
   res
 }
 

crypto/multiexp/src/tests/batch.rs

@@ -9,7 +9,7 @@ use group::Group;
 
 use crate::BatchVerifier;
 
-pub(crate) fn test_batch<G: Group<Scalar: PrimeFieldBits + Zeroize> + Zeroize>() {
+pub(crate) fn test_batch<G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>() {
   let valid = |batch: BatchVerifier<_, G>| {
     assert!(batch.verify());
     assert!(batch.verify_vartime());

crypto/multiexp/src/tests/mod.rs

@@ -18,7 +18,7 @@ mod batch;
 use batch::test_batch;
 
 #[allow(dead_code)]
-fn benchmark_internal<G: Group<Scalar: PrimeFieldBits + Zeroize>>(straus_bool: bool) {
+fn benchmark_internal<G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>(straus_bool: bool) {
   let runs: usize = 20;
 
   let mut start = 0;
@@ -83,7 +83,7 @@ fn benchmark_internal<G: Group<Scalar: PrimeFieldBits + Zeroize>>(straus_bool: b
   }
 }
 
-fn test_multiexp<G: Group<Scalar: PrimeFieldBits + Zeroize>>() {
+fn test_multiexp<G: Zeroize + Group<Scalar: Zeroize + PrimeFieldBits>>() {
   let test = |pairs: &[_], sum| {
     // These should automatically determine the best algorithm
     assert_eq!(multiexp(pairs), sum);

crypto/schnorr/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "schnorr-signatures"
-version = "0.5.1"
+version = "0.5.2"
 description = "Minimal Schnorr signatures crate hosting common code"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/schnorr"
@@ -23,7 +23,7 @@ rand_core = { version = "0.6", default-features = false }
 
 zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
 
-transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false }
+transcript = { package = "flexible-transcript", path = "../transcript", version = "^0.3.2", default-features = false, optional = true }
 
 ciphersuite = { path = "../ciphersuite", version = "^0.4.1", default-features = false, features = ["alloc"] }
 multiexp = { path = "../multiexp", version = "0.4", default-features = false, features = ["batch"] }
@@ -36,8 +36,9 @@ rand_core = { version = "0.6", features = ["std"] }
 sha2 = "0.10"
 
 dalek-ff-group = { path =  "../dalek-ff-group" }
-ciphersuite = { path = "../ciphersuite", features = ["ed25519"] }
+ciphersuite = { path = "../ciphersuite" }
 
 [features]
-std = ["std-shims/std", "rand_core/std", "zeroize/std", "transcript/std", "ciphersuite/std", "multiexp/std"]
+aggregate = ["transcript"]
+std = ["std-shims/std", "rand_core/std", "zeroize/std", "transcript?/std", "ciphersuite/std", "multiexp/std"]
 default = ["std"]

crypto/schnorr/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
@@ -25,6 +25,7 @@ use ciphersuite::{
 use multiexp::{multiexp_vartime, BatchVerifier};
 
 /// Half-aggregation from <https://eprint.iacr.org/2021/350>.
+#[cfg(feature = "aggregate")]
 pub mod aggregate;
 
 #[cfg(test)]

crypto/schnorr/src/tests/mod.rs

@@ -3,16 +3,16 @@ use core::ops::Deref;
 use zeroize::Zeroizing;
 use rand_core::OsRng;
 
+use dalek_ff_group::Ed25519;
 use ciphersuite::{
   group::{ff::Field, Group},
-  Ciphersuite, Ed25519,
+  Ciphersuite,
 };
 use multiexp::BatchVerifier;
 
-use crate::{
-  SchnorrSignature,
-  aggregate::{SchnorrAggregator, SchnorrAggregate},
-};
+use crate::SchnorrSignature;
+#[cfg(feature = "aggregate")]
+use crate::aggregate::{SchnorrAggregator, SchnorrAggregate};
 
 mod rfc8032;
 
@@ -77,6 +77,7 @@ pub(crate) fn batch_verify<C: Ciphersuite>() {
   }
 }
 
+#[cfg(feature = "aggregate")]
 pub(crate) fn aggregate<C: Ciphersuite>() {
   const DST: &[u8] = b"Schnorr Aggregator Test";
 
@@ -117,5 +118,6 @@ fn test() {
   sign::<Ed25519>();
   verify::<Ed25519>();
   batch_verify::<Ed25519>();
+  #[cfg(feature = "aggregate")]
   aggregate::<Ed25519>();
 }

crypto/schnorr/src/tests/rfc8032.rs

@@ -5,8 +5,8 @@
 
 use sha2::{Digest, Sha512};
 
-use dalek_ff_group::Scalar;
-use ciphersuite::{group::GroupEncoding, Ciphersuite, Ed25519};
+use dalek_ff_group::{Scalar, Ed25519};
+use ciphersuite::{group::GroupEncoding, Ciphersuite};
 
 use crate::SchnorrSignature;
 

crypto/schnorrkel/Cargo.toml

@@ -24,7 +24,8 @@ transcript = { package = "flexible-transcript", path = "../transcript", version
 
 group = "0.13"
 
-ciphersuite = { path = "../ciphersuite", version = "^0.4.1", features = ["std", "ristretto"] }
+dalek-ff-group = { path = "../dalek-ff-group" }
+ciphersuite = { path = "../ciphersuite", version = "^0.4.1", features = ["std"] }
 schnorr = { package = "schnorr-signatures", path = "../schnorr", version = "^0.5.1" }
 frost = { path = "../frost", package = "modular-frost", version = "^0.10.0", features = ["ristretto"] }
 

crypto/schnorrkel/src/lib.rs

@@ -1,4 +1,4 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 
 use std::io::{self, Read};
@@ -9,8 +9,11 @@ use zeroize::Zeroizing;
 
 use transcript::{Transcript, MerlinTranscript};
 
-use group::{ff::PrimeField, GroupEncoding};
-use ciphersuite::{Ciphersuite, Ristretto};
+use dalek_ff_group::Ristretto;
+use ciphersuite::{
+  group::{ff::PrimeField, GroupEncoding},
+  Ciphersuite,
+};
 use schnorr::SchnorrSignature;
 
 use ::frost::{

crypto/transcript/Cargo.toml

@@ -1,13 +1,13 @@
 [package]
 name = "flexible-transcript"
-version = "0.3.3"
+version = "0.3.4"
 description = "A simple transcript trait definition, along with viable options"
 license = "MIT"
 repository = "https://github.com/serai-dex/serai/tree/develop/crypto/transcript"
 authors = ["Luke Parker <lukeparker5132@gmail.com>"]
 keywords = ["transcript"]
 edition = "2021"
-rust-version = "1.73"
+rust-version = "1.66"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -17,9 +17,8 @@ rustdoc-args = ["--cfg", "docsrs"]
 workspace = true
 
 [dependencies]
-rustversion = "1"
+std-shims = { path = "../../common/std-shims", version = "0.1.4", default-features = false }
 
-subtle = { version = "^2.4", default-features = false }
 zeroize = { version = "^1.5", default-features = false }
 
 digest = { version = "0.10", default-features = false, features = ["core-api"] }
@@ -32,8 +31,7 @@ sha2 = { version = "0.10", default-features = false }
 blake2 = { version = "0.10", default-features = false }
 
 [features]
-std = ["subtle/std", "zeroize/std", "digest/std", "blake2?/std", "merlin?/std"]
+std = ["std-shims/std", "zeroize/std", "digest/std", "blake2?/std", "merlin?/std"]
 recommended = ["blake2"]
-merlin = ["dep:merlin"]
 tests = []
 default = ["std"]

crypto/transcript/src/lib.rs

@@ -1,7 +1,10 @@
-#![cfg_attr(docsrs, feature(doc_auto_cfg))]
+#![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![no_std]
 
+#[allow(unused_imports)]
+use std_shims::prelude::*;
+
 use zeroize::Zeroize;
 
 use digest::{
@@ -159,35 +162,12 @@ where
     // These writes may be optimized out if they're never read
     // Attempt to get them marked as read
 
-    #[rustversion::since(1.66)]
     fn mark_read<D: Send + Clone + SecureDigest>(transcript: &DigestTranscript<D>) {
       // Just get a challenge from the state
       let mut challenge = core::hint::black_box(transcript.0.clone().finalize());
       challenge.as_mut().zeroize();
     }
 
-    #[rustversion::before(1.66)]
-    fn mark_read<D: Send + Clone + SecureDigest>(transcript: &mut DigestTranscript<D>) {
-      // Get a challenge
-      let challenge = transcript.0.clone().finalize();
-
-      // Attempt to use subtle's, non-exposed black_box function, by creating a Choice from this
-      // challenge
-
-      let mut read = 0;
-      for byte in challenge.as_ref() {
-        read ^= byte;
-      }
-      challenge.as_mut().zeroize();
-
-      // Since this Choice isn't further read, its creation may be optimized out, including its
-      // internal black_box
-      // This remains our best attempt
-      let mut choice = bool::from(subtle::Choice::from(read >> 7));
-      read.zeroize();
-      choice.zeroize();
-    }
-
     mark_read(self)
   }
 }

crypto/transcript/src/tests.rs

@@ -1,6 +1,8 @@
 use crate::Transcript;
 
 /// Test the sanity of a transcript.
+///
+/// This will panic if sanity checks fail.
 pub fn test_transcript<T: Transcript<Challenge: PartialEq>>() {
   // Ensure distinct names cause distinct challenges
   {