secp256k1-tr: fix no-std support (#782)

* secp256k1-tr: fix no-std support

* apply recent secp256k1 changes

Author: conradoplg

frost-ed25519/dkg.md

@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds

frost-ed448/dkg.md

@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds

frost-secp256k1-tr/Cargo.toml

@@ -23,17 +23,16 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
 document-features = "0.2.7"
-frost-core = { path = "../frost-core", version = "2.0.0-rc.0", default-features = false }
-frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0-rc.0", default-features = false }
+frost-core = { path = "../frost-core", version = "2.0.0", default-features = false }
+frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0", default-features = false }
 k256 = { version = "0.13.0", features = ["arithmetic", "expose-field", "hash2curve"], default-features = false }
-serde = { version = "1.0.160", features = ["derive"], optional = true }
 rand_core = "0.6"
 sha2 = { version = "0.10.2", default-features = false }
 
 [dev-dependencies]
 criterion = "0.5"
-frost-core = { path = "../frost-core", version = "2.0.0-rc.0", features = ["test-impl"] }
-frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0-rc.0", features = ["test-impl"] }
+frost-core = { path = "../frost-core", version = "2.0.0", features = ["test-impl"] }
+frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0", features = ["test-impl"] }
 insta = { version = "1.31.0", features = ["yaml"] }
 hex = { version  = "0.4.3", default-features = false, features = ["alloc"] }
 lazy_static = "1.4"
@@ -52,7 +51,7 @@ std = ["frost-core/std"]
 ## Enable `serde` support for types that need to be communicated. You
 ## can use `serde` to serialize structs with any encoder that supports
 ## `serde` (e.g. JSON with `serde_json`).
-serde = ["frost-core/serde", "dep:serde"]
+serde = ["frost-core/serde"]
 ## Enable a default serialization format. Enables `serde`.
 serialization = ["serde", "frost-core/serialization", "frost-rerandomized/serialization"]
 ## Enable cheater detection

frost-secp256k1-tr/dkg.md

@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds

frost-secp256k1-tr/src/lib.rs

@@ -1,3 +1,4 @@
+#![cfg_attr(not(feature = "std"), no_std)]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@@ -7,10 +8,8 @@
 
 extern crate alloc;
 
-use alloc::borrow::Cow;
-use alloc::borrow::ToOwned;
-use alloc::collections::BTreeMap;
-use alloc::vec::Vec;
+use alloc::vec;
+use alloc::{borrow::Cow, collections::BTreeMap, vec::Vec};
 
 use frost_rerandomized::RandomizedCiphersuite;
 use k256::elliptic_curve::ops::Reduce;
@@ -168,9 +167,9 @@ fn hash_to_array(inputs: &[&[u8]]) -> [u8; 32] {
     output
 }
 
-fn hash_to_scalar(domain: &[u8], msg: &[u8]) -> Scalar {
+fn hash_to_scalar(domain: &[&[u8]], msg: &[u8]) -> Scalar {
     let mut u = [Secp256K1ScalarField::zero()];
-    hash_to_field::<ExpandMsgXmd<Sha256>, Scalar>(&[msg], &[domain], &mut u)
+    hash_to_field::<ExpandMsgXmd<Sha256>, Scalar>(&[msg], domain, &mut u)
         .expect("should never return error according to error cases described in ExpandMsgXmd");
     u[0]
 }
@@ -248,7 +247,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
     ///
     /// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#section-6.5-2.2.2.1
     fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
-        hash_to_scalar((CONTEXT_STRING.to_owned() + "rho").as_bytes(), m)
+        hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"rho"], m)
     }
 
     /// H2 for FROST(secp256k1, SHA-256)
@@ -264,7 +263,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
     ///
     /// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#section-6.5-2.2.2.3
     fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
-        hash_to_scalar((CONTEXT_STRING.to_owned() + "nonce").as_bytes(), m)
+        hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"nonce"], m)
     }
 
     /// H4 for FROST(secp256k1, SHA-256)
@@ -283,18 +282,12 @@ impl Ciphersuite for Secp256K1Sha256TR {
 
     /// HDKG for FROST(secp256k1, SHA-256)
     fn HDKG(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
-        Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "dkg").as_bytes(),
-            m,
-        ))
+        Some(hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"dkg"], m))
     }
 
     /// HID for FROST(secp256k1, SHA-256)
     fn HID(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
-        Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "id").as_bytes(),
-            m,
-        ))
+        Some(hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"id"], m))
     }
 
     // Sign, negating the key if required by BIP-340.
@@ -499,7 +492,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
 impl RandomizedCiphersuite for Secp256K1Sha256TR {
     fn hash_randomizer(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
         Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "randomizer").as_bytes(),
+            &[CONTEXT_STRING.as_bytes(), b"randomizer"],
             m,
         ))
     }
@@ -513,7 +506,6 @@ pub type Identifier = frost::Identifier<S>;
 /// FROST(secp256k1, SHA-256) keys, key generation, key shares.
 pub mod keys {
     use super::*;
-    use std::collections::BTreeMap;
 
     /// The identifier list to use when generating key shares.
     pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, S>;

frost-secp256k1/dkg.md

@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds