add no-std support

Author: conradoplg

.github/workflows/main.yml

@@ -24,6 +24,23 @@ jobs:
         with:
           command: build
 
+  build_no_std:
+    name: build with no_std
+    runs-on: ubuntu-latest
+    # Skip ed448 which does not support it.
+    strategy:
+      matrix:
+        crate: [ristretto255, ed25519, p256, secp256k1, rerandomized]
+    steps:
+    - uses: actions/[email protected]
+    - uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: stable
+        targets: thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --no-default-features --target thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --target thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --features serde --target thumbv6m-none-eabi
+
   test_beta:
     name: test on beta
     runs-on: ubuntu-latest

frost-core/CHANGELOG.md

@@ -4,6 +4,11 @@ Entries are listed in reverse chronological order.
 
 ## Unreleased
 
+* Add no-std support to all crates except frost-ed448. Note that you don't need
+  to use `default-features = false`; there is no `std` feature that is enabled
+  by default. Also note that it always links to an external `alloc` crate (i.e.
+  there is no `alloc` feature either).
+
 ## Released
 
 ## 1.0.0

frost-core/Cargo.toml

@@ -22,20 +22,20 @@ features = ["serde"]
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-byteorder = "1.4"
-const-crc32 = "1.2.0"
+byteorder = { version = "1.4", default-features = false }
+const-crc32 = { version = "1.2.0", package = "const-crc32-nostd" }
 document-features = "0.2.7"
 debugless-unwrap = "0.0.4"
 derive-getters = "0.3.0"
-hex = "0.4.3"
-postcard = { version = "1.0.0", features = ["use-std"], optional = true }
-rand_core = "0.6"
-serde = { version = "1.0.160", features = ["derive"], optional = true }
+hex = { version  = "0.4.3", default-features = false, features = ["alloc"] }
+postcard = { version = "1.0.0", features = ["alloc"], optional = true }
+rand_core = { version = "0.6", default-features = false }
+serde = { version = "1.0.160", default-features = false, features = ["derive"], optional = true }
 serdect = { version = "0.2.0", optional = true }
-thiserror = "1.0"
+thiserror = { version = "1.0", package = "thiserror-nostd-notrait", default-features = false }
 visibility = "0.1.0"
 zeroize = { version = "1.5.4", default-features = false, features = ["derive"] }
-itertools = "0.12.0"
+itertools = { version = "0.12.0", default-features = false }
 
 # Test dependencies used with the test-impl feature
 proptest = { version = "1.0", optional = true }

frost-core/src/batch.rs

@@ -7,8 +7,6 @@
 //! of caller code (which must assemble a batch of signatures across
 //! work-items), and loss of the ability to easily pinpoint failing signatures.
 
-use std::iter::once;
-
 use rand_core::{CryptoRng, RngCore};
 
 use crate::{scalar_mul::VartimeMultiscalarMul, Ciphersuite, Element, *};
@@ -132,7 +130,7 @@ where
             VKs.push(item.vk.element);
         }
 
-        let scalars = once(&P_coeff_acc)
+        let scalars = core::iter::once(&P_coeff_acc)
             .chain(VK_coeffs.iter())
             .chain(R_coeffs.iter());
 
@@ -155,6 +153,8 @@ where
     C: Ciphersuite,
 {
     fn default() -> Self {
-        Self { signatures: vec![] }
+        Self {
+            signatures: Vec::new(),
+        }
     }
 }

frost-core/src/benches.rs

@@ -1,11 +1,13 @@
 //! Ciphersuite-generic benchmark functions.
 #![allow(clippy::unwrap_used)]
 
-use std::collections::BTreeMap;
+use core::iter;
 
-use criterion::{BenchmarkId, Criterion, Throughput};
+use alloc::{collections::BTreeMap, format, vec::Vec};
 use rand_core::{CryptoRng, RngCore};
 
+use criterion::{BenchmarkId, Criterion, Throughput};
+
 use crate as frost;
 use crate::{batch, Ciphersuite, Signature, SigningKey, VerifyingKey};
 
@@ -18,7 +20,7 @@ fn sigs_with_distinct_keys<C: Ciphersuite, R: RngCore + CryptoRng + Clone>(
     rng: &mut R,
 ) -> impl Iterator<Item = Item<C>> {
     let mut rng = rng.clone();
-    std::iter::repeat_with(move || {
+    iter::repeat_with(move || {
         let msg = b"Bench";
         let sk = SigningKey::new(&mut rng);
         let vk = VerifyingKey::from(&sk);

frost-core/src/identifier.rs

@@ -1,6 +1,6 @@
 //! FROST participant identifiers
 
-use std::{
+use core::{
     fmt::{self, Debug},
     hash::{Hash, Hasher},
 };
@@ -117,7 +117,7 @@ impl<C> Ord for Identifier<C>
 where
     C: Ciphersuite,
 {
-    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
+    fn cmp(&self, other: &Self) -> core::cmp::Ordering {
         let serialized_self = <<C::Group as Group>::Field>::little_endian_serialize(&self.0);
         let serialized_other = <<C::Group as Group>::Field>::little_endian_serialize(&other.0);
         // The default cmp uses lexicographic order; so we need the elements in big endian
@@ -133,12 +133,12 @@ impl<C> PartialOrd for Identifier<C>
 where
     C: Ciphersuite,
 {
-    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
+    fn partial_cmp(&self, other: &Self) -> Option<core::cmp::Ordering> {
         Some(self.cmp(other))
     }
 }
 
-impl<C> std::ops::Mul<Scalar<C>> for Identifier<C>
+impl<C> core::ops::Mul<Scalar<C>> for Identifier<C>
 where
     C: Ciphersuite,
 {
@@ -149,7 +149,7 @@ where
     }
 }
 
-impl<C> std::ops::MulAssign<Identifier<C>> for Scalar<C>
+impl<C> core::ops::MulAssign<Identifier<C>> for Scalar<C>
 where
     C: Ciphersuite,
 {
@@ -158,7 +158,7 @@ where
     }
 }
 
-impl<C> std::ops::Sub for Identifier<C>
+impl<C> core::ops::Sub for Identifier<C>
 where
     C: Ciphersuite,
 {

frost-core/src/keys.rs

@@ -1,12 +1,12 @@
 //! FROST keys, keygen, key shares
 #![allow(clippy::type_complexity)]
 
-use std::{
-    collections::{BTreeMap, BTreeSet, HashSet},
-    convert::TryFrom,
-    default::Default,
+use core::iter;
+
+use alloc::vec::Vec;
+use alloc::{
+    collections::{BTreeMap, BTreeSet},
     fmt::{self, Debug},
-    iter,
 };
 
 use derive_getters::Getters;
@@ -17,11 +17,12 @@ use rand_core::{CryptoRng, RngCore};
 use zeroize::{DefaultIsZeroes, Zeroize};
 
 use crate::{
-    serialization::{Deserialize, Serialize},
-    Ciphersuite, Element, Error, Field, Group, Header, Identifier, Scalar, SigningKey,
-    VerifyingKey,
+    Ciphersuite, Element, Error, Field, Group, Header, Identifier, Scalar, SigningKey, VerifyingKey,
 };
 
+#[cfg(feature = "serialization")]
+use crate::serialization::{Deserialize, Serialize};
+
 #[cfg(feature = "serde")]
 use crate::serialization::{ElementSerialization, ScalarSerialization};
 
@@ -126,7 +127,7 @@ impl<C> Debug for SigningShare<C>
 where
     C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> core::fmt::Result {
         f.debug_tuple("SigningShare").field(&"<redacted>").finish()
     }
 }
@@ -325,7 +326,7 @@ impl<C> Debug for CoefficientCommitment<C>
 where
     C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> core::fmt::Result {
         f.debug_tuple("CoefficientCommitment")
             .field(&hex::encode(self.serialize()))
             .finish()
@@ -900,7 +901,7 @@ pub(crate) fn generate_secret_shares<C: Ciphersuite>(
     let (coefficients, commitment) =
         generate_secret_polynomial(secret, max_signers, min_signers, coefficients)?;
 
-    let identifiers_set: HashSet<_> = identifiers.iter().collect();
+    let identifiers_set: BTreeSet<_> = identifiers.iter().collect();
     if identifiers_set.len() != identifiers.len() {
         return Err(Error::DuplicatedIdentifier);
     }

frost-core/src/keys/dkg.rs

@@ -30,7 +30,9 @@
 //! [Feldman's VSS]: https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf
 //! [secure broadcast channel]: https://frost.zfnd.org/terminology.html#broadcast-channel
 
-use std::{collections::BTreeMap, iter};
+use core::iter;
+
+use alloc::collections::BTreeMap;
 
 use rand_core::{CryptoRng, RngCore};
 
@@ -39,6 +41,9 @@ use crate::{
     SigningKey, VerifyingKey,
 };
 
+#[cfg(feature = "serialization")]
+use crate::serialization::{Deserialize, Serialize};
+
 use super::{
     evaluate_polynomial, generate_coefficients, generate_secret_polynomial,
     validate_num_of_signers, KeyPackage, PublicKeyPackage, SecretShare, SigningShare,
@@ -47,11 +52,10 @@ use super::{
 
 /// DKG Round 1 structures.
 pub mod round1 {
+    use alloc::vec::Vec;
     use derive_getters::Getters;
     use zeroize::Zeroize;
 
-    use crate::serialization::{Deserialize, Serialize};
-
     use super::*;
 
     /// The package that must be broadcast by each participant to all other participants
@@ -135,11 +139,11 @@ pub mod round1 {
         }
     }
 
-    impl<C> std::fmt::Debug for SecretPackage<C>
+    impl<C> core::fmt::Debug for SecretPackage<C>
     where
         C: Ciphersuite,
     {
-        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
             f.debug_struct("SecretPackage")
                 .field("identifier", &self.identifier)
                 .field("coefficients", &"<redacted>")
@@ -167,7 +171,8 @@ pub mod round2 {
     use derive_getters::Getters;
     use zeroize::Zeroize;
 
-    use crate::serialization::{Deserialize, Serialize};
+    #[cfg(feature = "serialization")]
+    use alloc::vec::Vec;
 
     use super::*;
 
@@ -239,11 +244,11 @@ pub mod round2 {
         pub(crate) max_signers: u16,
     }
 
-    impl<C> std::fmt::Debug for SecretPackage<C>
+    impl<C> core::fmt::Debug for SecretPackage<C>
     where
         C: Ciphersuite,
     {
-        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
             f.debug_struct("SecretPackage")
                 .field("identifier", &self.identifier)
                 .field("commitment", &self.commitment)

frost-core/src/keys/repairable.rs

@@ -4,7 +4,9 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.
 
-use std::collections::{BTreeMap, BTreeSet};
+use alloc::collections::{BTreeMap, BTreeSet};
+
+use alloc::vec::Vec;
 
 use crate::{
     compute_lagrange_coefficient, Ciphersuite, CryptoRng, Error, Field, Group, Header, Identifier,

frost-core/src/lib.rs

@@ -1,3 +1,4 @@
+#![no_std]
 #![allow(non_snake_case)]
 // It's emitting false positives; see https://github.com/rust-lang/rust-clippy/issues/9413
 #![allow(clippy::derive_partial_eq_without_eq)]
@@ -10,11 +11,15 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]
 
-use std::{
+#[macro_use]
+extern crate alloc;
+
+use core::marker::PhantomData;
+
+use alloc::{
     collections::{BTreeMap, BTreeSet},
-    default::Default,
     fmt::{self, Debug},
-    marker::PhantomData,
+    vec::Vec,
 };
 
 use derive_getters::Getters;
@@ -87,7 +92,7 @@ impl<C> Debug for Challenge<C>
 where
     C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
         f.debug_tuple("Secret")
             .field(&hex::encode(<<C::Group as Group>::Field>::serialize(
                 &self.0,
@@ -111,7 +116,7 @@ fn challenge<C>(R: &Element<C>, verifying_key: &VerifyingKey<C>, msg: &[u8]) ->
 where
     C: Ciphersuite,
 {
-    let mut preimage = vec![];
+    let mut preimage = Vec::new();
 
     preimage.extend_from_slice(<C::Group>::serialize(R).as_ref());
     preimage.extend_from_slice(<C::Group>::serialize(&verifying_key.element).as_ref());
@@ -153,7 +158,7 @@ struct Header<C: Ciphersuite> {
         serde(deserialize_with = "crate::serialization::ciphersuite_deserialize::<_, C>")
     )]
     ciphersuite: (),
-    #[serde(skip)]
+    #[cfg_attr(feature = "serde", serde(skip))]
     phantom: PhantomData<C>,
 }
 
@@ -404,7 +409,7 @@ where
         verifying_key: &VerifyingKey<C>,
         additional_prefix: &[u8],
     ) -> Vec<(Identifier<C>, Vec<u8>)> {
-        let mut binding_factor_input_prefix = vec![];
+        let mut binding_factor_input_prefix = Vec::new();
 
         // The length of a serialized verifying key of the same cipersuite does
         // not change between runs of the protocol, so we don't need to hash to
@@ -423,7 +428,7 @@ where
         self.signing_commitments()
             .keys()
             .map(|identifier| {
-                let mut binding_factor_input = vec![];
+                let mut binding_factor_input = Vec::new();
 
                 binding_factor_input.extend_from_slice(&binding_factor_input_prefix);
                 binding_factor_input.extend_from_slice(identifier.serialize().as_ref());