feat: no_std support. (#79)

Author: mmaker

.github/workflows/rust.yml

@@ -26,6 +26,30 @@ jobs:
     - name: Run tests
       run: cargo test --verbose
 
+  no-std-check:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install Rust toolchain
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        profile: minimal
+        override: true
+    - name: Check no_std compilation
+      run: |
+        echo "Checking no_std compilation..."
+        cargo check --no-default-features --verbose
+    - name: Check std compilation
+      run: |
+        echo "Checking std compilation..."
+        cargo check --verbose
+    - name: Check all features
+      run: |
+        echo "Checking with all features..."
+        cargo check --all-features --verbose
+
 
   full-setup:
 
@@ -46,5 +70,7 @@ jobs:
 
     - name: Build (nightly)
       run: cargo +${{ matrix.toolchain }} build --all-features --verbose
+    - name: Build no_std (nightly)
+      run: cargo +${{ matrix.toolchain }} build --no-default-features --verbose
     - name: Run tests (nightly)
       run: cargo +${{ matrix.toolchain }} test --all-features --verbose

Cargo.toml

@@ -19,18 +19,25 @@ exclude = [
     ".gitignore"
 ]
 
+[features]
+default = ["std"]
+std = ["thiserror", "rand", "num-bigint/std", "num-traits/std", "sha3/std", "rand_core/std"]
+
 [dependencies]
 ff = { version = "0.13", features = ["derive"] }
 group = "0.13.0"
-num-bigint = "0.4.6"
-num-traits = "0.2.19"
-rand = "0.8.5"
-sha3 = "0.10.8"
-subtle = "2.6.1"
-thiserror = "1"
-keccak = "0.1.5"
-zerocopy = "0.8"
-zeroize = "1.8.1"
+num-bigint = { version = "0.4.6", default-features = false }
+num-traits = { version = "0.2.19", default-features = false, features = ["libm"] }
+rand = { version = "0.8.5", optional = true }
+rand_core = { version = "0.6", default-features = false }
+sha3 = { version = "0.10.8", default-features = false }
+subtle = { version = "2.6.1", default-features = false }
+thiserror = { version = "1", optional = true }
+keccak = { version = "0.1.5", default-features = false }
+zerocopy = { version = "0.8", default-features = false }
+zeroize = { version = "1.8.1", default-features = false, features = ["alloc"] }
+hashbrown = { version = "0.15", default-features = false }
+ahash = { version = "0.8", default-features = false }
 
 [dev-dependencies]
 bls12_381 = "0.8.0"

src/codec.rs

@@ -2,6 +2,7 @@
 
 use crate::duplex_sponge::DuplexSpongeInterface;
 pub use crate::duplex_sponge::{keccak::KeccakDuplexSponge, shake::ShakeDuplexSponge};
+use alloc::vec;
 use ff::PrimeField;
 use group::prime::PrimeGroup;
 use num_bigint::BigUint;

src/composition.rs

@@ -18,8 +18,13 @@
 //! )
 //! ```
 
+use alloc::vec::Vec;
 use ff::{Field, PrimeField};
 use group::prime::PrimeGroup;
+#[cfg(feature = "std")]
+use rand::{CryptoRng, Rng};
+#[cfg(not(feature = "std"))]
+use rand_core::{CryptoRng, RngCore as Rng};
 use sha3::{Digest, Sha3_256};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 
@@ -162,7 +167,7 @@ impl<G: PrimeGroup + ConstantTimeEq> ComposedRelation<G> {
     fn prover_commit_simple(
         protocol: &CanonicalLinearRelation<G>,
         witness: &<CanonicalLinearRelation<G> as SigmaProtocol>::Witness,
-        rng: &mut (impl rand::Rng + rand::CryptoRng),
+        rng: &mut (impl Rng + CryptoRng),
     ) -> Result<(ComposedCommitment<G>, ComposedProverState<G>), Error> {
         protocol.prover_commit(witness, rng).map(|(c, s)| {
             (
@@ -185,7 +190,7 @@ impl<G: PrimeGroup + ConstantTimeEq> ComposedRelation<G> {
     fn prover_commit_and(
         protocols: &[ComposedRelation<G>],
         witnesses: &[ComposedWitness<G>],
-        rng: &mut (impl rand::Rng + rand::CryptoRng),
+        rng: &mut (impl Rng + CryptoRng),
     ) -> Result<(ComposedCommitment<G>, ComposedProverState<G>), Error> {
         if protocols.len() != witnesses.len() {
             return Err(Error::InvalidInstanceWitnessPair);
@@ -227,7 +232,7 @@ impl<G: PrimeGroup + ConstantTimeEq> ComposedRelation<G> {
     fn prover_commit_or(
         instances: &[ComposedRelation<G>],
         witnesses: &[ComposedWitness<G>],
-        rng: &mut (impl rand::Rng + rand::CryptoRng),
+        rng: &mut (impl Rng + CryptoRng),
     ) -> Result<(ComposedCommitment<G>, ComposedProverState<G>), Error> {
         if instances.len() != witnesses.len() {
             return Err(Error::InvalidInstanceWitnessPair);
@@ -360,7 +365,7 @@ impl<G: PrimeGroup + ConstantTimeEq> SigmaProtocol for ComposedRelation<G> {
     fn prover_commit(
         &self,
         witness: &Self::Witness,
-        rng: &mut (impl rand::Rng + rand::CryptoRng),
+        rng: &mut (impl Rng + CryptoRng),
     ) -> Result<(Self::Commitment, Self::ProverState), Error> {
         match (self, witness) {
             (ComposedRelation::Simple(p), ComposedWitness::Simple(w)) => {
@@ -634,7 +639,7 @@ impl<G: PrimeGroup + ConstantTimeEq> SigmaProtocolSimulator for ComposedRelation
         }
     }
 
-    fn simulate_response<R: rand::Rng + rand::CryptoRng>(&self, rng: &mut R) -> Self::Response {
+    fn simulate_response<R: Rng + CryptoRng>(&self, rng: &mut R) -> Self::Response {
         match self {
             ComposedRelation::Simple(p) => ComposedResponse::Simple(p.simulate_response(rng)),
             ComposedRelation::And(ps) => {
@@ -654,7 +659,7 @@ impl<G: PrimeGroup + ConstantTimeEq> SigmaProtocolSimulator for ComposedRelation
         }
     }
 
-    fn simulate_transcript<R: rand::Rng + rand::CryptoRng>(
+    fn simulate_transcript<R: Rng + CryptoRng>(
         &self,
         rng: &mut R,
     ) -> Result<(Self::Commitment, Self::Challenge, Self::Response), Error> {

src/duplex_sponge/keccak.rs

@@ -4,6 +4,7 @@
 //! It is designed to match test vectors from the original Sage implementation.
 
 use crate::duplex_sponge::DuplexSpongeInterface;
+use alloc::vec::Vec;
 use zerocopy::IntoBytes;
 
 const RATE: usize = 136;

src/duplex_sponge/mod.rs

@@ -4,6 +4,8 @@
 //! a generic interface for cryptographic sponge functions that support
 //! duplex operations: alternating absorb and squeeze phases.
 
+use alloc::vec::Vec;
+
 pub mod keccak;
 pub mod shake;
 

src/duplex_sponge/shake.rs

@@ -3,6 +3,8 @@
 //! This module implements a duplex sponge construction using SHAKE128.
 
 use crate::duplex_sponge::DuplexSpongeInterface;
+use alloc::vec;
+use alloc::vec::Vec;
 use sha3::digest::{ExtendableOutput, Update};
 use sha3::Shake128;
 

src/errors.rs

@@ -8,9 +8,14 @@
 //! - Mismatched parameter lengths (e.g., during batch verification),
 //! - Access to unassigned group variables in constraint systems.
 
+use alloc::string::String;
+#[cfg(not(feature = "std"))]
+use core::fmt;
+
 /// Represents an invalid instance error.
-#[derive(Debug, thiserror::Error)]
-#[error("Invalid instance: {message}")]
+#[derive(Debug)]
+#[cfg_attr(feature = "std", derive(thiserror::Error))]
+#[cfg_attr(feature = "std", error("Invalid instance: {message}"))]
 pub struct InvalidInstance {
     /// The error message describing what's invalid about the instance.
     pub message: String,
@@ -35,22 +40,47 @@ impl From<InvalidInstance> for Error {
 ///
 /// This may occur during proof generation, response computation, or verification.
 #[non_exhaustive]
-#[derive(Debug, thiserror::Error)]
+#[derive(Debug)]
+#[cfg_attr(feature = "std", derive(thiserror::Error))]
 pub enum Error {
     /// The proof is invalid: verification failed.
-    #[error("Verification failed.")]
+    #[cfg_attr(feature = "std", error("Verification failed."))]
     VerificationFailure,
     /// Indicates an invalid statement/witness pair
-    #[error("Invalid instance/witness pair.")]
+    #[cfg_attr(feature = "std", error("Invalid instance/witness pair."))]
     InvalidInstanceWitnessPair,
     /// Uninitialized group element variable.
-    #[error("Uninitialized group element variable: {var_debug}")]
+    #[cfg_attr(
+        feature = "std",
+        error("Uninitialized group element variable: {var_debug}")
+    )]
     UnassignedGroupVar {
         /// Debug representation of the unassigned variable.
         var_debug: String,
     },
 }
 
+// Manual Display implementation for no_std compatibility
+#[cfg(not(feature = "std"))]
+impl fmt::Display for InvalidInstance {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "Invalid instance: {}", self.message)
+    }
+}
+
+#[cfg(not(feature = "std"))]
+impl fmt::Display for Error {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Error::VerificationFailure => write!(f, "Verification failed."),
+            Error::InvalidInstanceWitnessPair => write!(f, "Invalid instance/witness pair."),
+            Error::UnassignedGroupVar { var_debug } => {
+                write!(f, "Uninitialized group element variable: {}", var_debug)
+            }
+        }
+    }
+}
+
 pub type Result<T> = core::result::Result<T, Error>;
 
 /// Construct an `Ok` value of type `Result<T, sigma_rs::errors::Error>`.

src/fiat_shamir.rs

@@ -15,8 +15,12 @@
 use crate::errors::Error;
 use crate::traits::SigmaProtocol;
 use crate::{codec::Codec, traits::SigmaProtocolSimulator};
+use alloc::vec::Vec;
 
+#[cfg(feature = "std")]
 use rand::{CryptoRng, RngCore};
+#[cfg(not(feature = "std"))]
+use rand_core::{CryptoRng, RngCore};
 
 type Transcript<P> = (
     <P as SigmaProtocol>::Commitment,

src/group/msm.rs

@@ -1,3 +1,5 @@
+use alloc::vec;
+use alloc::vec::Vec;
 use ff::PrimeField;
 use group::prime::PrimeGroup;
 
@@ -82,7 +84,7 @@ fn msm_internal<G: PrimeGroup>(bases: &[G], scalars: &[G::Scalar]) -> G {
         window_buckets.push((window, vec![G::identity(); buckets_num]));
     }
 
-    for (scalar, base) in scalars.into_iter().zip(bases) {
+    for (scalar, base) in scalars.iter().zip(bases) {
         for (w, bucket) in window_buckets.iter_mut() {
             let scalar_repr = scalar.to_repr();
             let scalar_bytes = scalar_repr.as_ref();