Add no_std support to transcript, dalek-ff-group, ed448, ciphersuite, multiexp, schnorr, and monero-generators

transcript, dalek-ff-group, ed449, and ciphersuite are all usable with no_std
alone. The rest additionally require alloc.

Part of #279.

.github/workflows/no-std.yml

@@ -0,0 +1,21 @@
+name: Tests
+
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Build Dependencies
+        uses: ./.github/actions/build-dependencies
+        with:
+          github-token: ${{ inputs.github-token }}
+
+      - name: Verify no-std builds
+        run: cd tests/no-std && cargo build --target wasm32-unknown-unknown

Cargo.lock

@@ -1067,6 +1067,7 @@ dependencies = [
  "rand_core 0.6.4",
  "sha2 0.10.6",
  "sha3",
+ "std-shims",
  "subtle",
  "zeroize",
 ]
@@ -5099,7 +5100,6 @@ dependencies = [
  "generic-array",
  "group 0.13.0",
  "hex",
- "lazy_static",
  "rand_core 0.6.4",
  "rustversion",
  "subtle",
@@ -5219,6 +5219,7 @@ dependencies = [
  "group 0.13.0",
  "lazy_static",
  "sha3",
+ "std-shims",
  "subtle",
 ]
 
@@ -5335,6 +5336,7 @@ dependencies = [
  "k256",
  "rand_core 0.6.4",
  "rustversion",
+ "std-shims",
  "zeroize",
 ]
 
@@ -8571,6 +8573,7 @@ dependencies = [
  "multiexp",
  "rand_core 0.6.4",
  "sha2 0.10.6",
+ "std-shims",
  "zeroize",
 ]
 
@@ -8798,6 +8801,19 @@ dependencies = [
 name = "serai-db"
 version = "0.1.0"
 
+[[package]]
+name = "serai-no-std"
+version = "0.1.0"
+dependencies = [
+ "ciphersuite",
+ "dalek-ff-group",
+ "flexible-transcript",
+ "minimal-ed448",
+ "monero-generators",
+ "multiexp",
+ "schnorr-signatures",
+]
+
 [[package]]
 name = "serai-node"
 version = "0.1.0"
@@ -9905,6 +9921,13 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "std-shims"
+version = "0.1.0"
+dependencies = [
+ "hashbrown 0.13.2",
+]
+
 [[package]]
 name = "string_cache"
 version = "0.8.7"

Cargo.toml

@@ -1,5 +1,6 @@
 [workspace]
 members = [
+  "common/std-shims",
   "common/zalloc",
   "common/db",
 
@@ -43,6 +44,8 @@ members = [
 
   "substrate/runtime",
   "substrate/node",
+
+  "tests/no-std",
 ]
 
 # Always compile Monero (and a variety of dependencies) with optimizations due

coins/monero/generators/Cargo.toml

@@ -12,13 +12,20 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
+std-shims = { path = "../../../common/std-shims", version = "0.1", default-features = false }
+
 lazy_static = "1"
 
-subtle = "^2.4"
+subtle = { version = "^2.4", default-features = false }
 
-sha3 = "0.10"
+sha3 = { version = "0.10", default-features = false }
 
-curve25519-dalek = { version = "3", features = ["std"] }
+curve25519-dalek = { version = "3", default-features = false }
 
-group = "0.13"
+group = { version = "0.13", default-features = false }
 dalek-ff-group = { path = "../../../crypto/dalek-ff-group", version = "0.3" }
+
+[features]
+alloc = ["lazy_static/spin_no_std"]
+std = ["std-shims/std"]
+default = ["std"]

coins/monero/generators/README.md

@@ -3,3 +3,5 @@
 Generators used by Monero in both its Pedersen commitments and Bulletproofs(+).
 An implementation of Monero's `ge_fromfe_frombytes_vartime`, simply called
 `hash_to_point` here, is included, as needed to generate generators.
+
+This library is usable under no_std when the `alloc` feature is enabled.

coins/monero/generators/src/lib.rs

@@ -2,16 +2,15 @@
 //! An implementation of Monero's `ge_fromfe_frombytes_vartime`, simply called
 //! `hash_to_point` here, is included, as needed to generate generators.
 
+#![cfg_attr(not(feature = "std"), no_std)]
+
 use lazy_static::lazy_static;
 
 use sha3::{Digest, Keccak256};
 
-use curve25519_dalek::{
+use curve25519_dalek::edwards::{EdwardsPoint as DalekPoint, CompressedEdwardsY};
-  constants::ED25519_BASEPOINT_POINT,
-  edwards::{EdwardsPoint as DalekPoint, CompressedEdwardsY},
-};
 
-use group::Group;
+use group::{Group, GroupEncoding};
 use dalek_ff_group::EdwardsPoint;
 
 mod varint;
@@ -27,7 +26,7 @@ fn hash(data: &[u8]) -> [u8; 32] {
 lazy_static! {
   /// Monero alternate generator `H`, used for amounts in Pedersen commitments.
   pub static ref H: DalekPoint =
-    CompressedEdwardsY(hash(&ED25519_BASEPOINT_POINT.compress().to_bytes()))
+    CompressedEdwardsY(hash(&EdwardsPoint::generator().to_bytes()))
       .decompress()
       .unwrap()
       .mul_by_cofactor();

coins/monero/generators/src/varint.rs

@@ -1,4 +1,4 @@
-use std::io::{self, Write};
+use std_shims::io::{self, Write};
 
 const VARINT_CONTINUATION_MASK: u8 = 0b1000_0000;
 pub(crate) fn write_varint<W: Write>(varint: &u64, w: &mut W) -> io::Result<()> {

common/std-shims/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "std-shims"
+version = "0.1.0"
+description = "A series of std shims to make alloc more feasible"
+license = "MIT"
+repository = "https://github.com/serai-dex/serai/tree/develop/common/std-shims"
+authors = ["Luke Parker <lukeparker5132@gmail.com>"]
+keywords = ["nostd", "no_std", "alloc", "io"]
+edition = "2021"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
+
+[dependencies]
+hashbrown = "0.13"
+
+[features]
+std = []
+default = ["std"]

common/std-shims/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Luke Parker
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

common/std-shims/README.md

@@ -0,0 +1,6 @@
+# std shims
+
+A crate which passes through to std when the default `std` feature is enabled,
+yet provides a series of shims when it isn't.
+
+`HashSet` and `HashMap` are provided via `hashbrown`.

common/std-shims/src/collections.rs

@@ -0,0 +1,7 @@
+#[cfg(feature = "std")]
+pub use std::collections::*;
+
+#[cfg(not(feature = "std"))]
+pub use alloc::collections::*;
+#[cfg(not(feature = "std"))]
+pub use hashbrown::{HashSet, HashMap};

common/std-shims/src/io.rs

@@ -0,0 +1,85 @@
+#[cfg(feature = "std")]
+pub use std::io::*;
+
+#[cfg(not(feature = "std"))]
+mod shims {
+  use core::fmt::{Debug, Formatter};
+  use alloc::{boxed::Box, vec::Vec};
+
+  #[derive(Clone, Copy, PartialEq, Eq, Debug)]
+  pub enum ErrorKind {
+    UnexpectedEof,
+    Other,
+  }
+
+  pub struct Error {
+    kind: ErrorKind,
+    error: Box<dyn Send + Sync>,
+  }
+
+  impl Debug for Error {
+    fn fmt(&self, fmt: &mut Formatter<'_>) -> core::result::Result<(), core::fmt::Error> {
+      fmt.debug_struct("Error").field("kind", &self.kind).finish_non_exhaustive()
+    }
+  }
+
+  impl Error {
+    pub fn new<E: 'static + Send + Sync>(kind: ErrorKind, error: E) -> Error {
+      Error { kind, error: Box::new(error) }
+    }
+
+    pub fn kind(&self) -> ErrorKind {
+      self.kind
+    }
+
+    pub fn into_inner(self) -> Option<Box<dyn Send + Sync>> {
+      Some(self.error)
+    }
+  }
+
+  pub type Result<T> = core::result::Result<T, Error>;
+
+  pub trait Read {
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize>;
+
+    fn read_exact(&mut self, buf: &mut [u8]) -> Result<()> {
+      let read = self.read(buf)?;
+      if read != buf.len() {
+        Err(Error::new(ErrorKind::UnexpectedEof, "reader ran out of bytes"))?;
+      }
+      Ok(())
+    }
+  }
+
+  impl Read for &[u8] {
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
+      let mut read = 0;
+      if self.len() < buf.len() {
+        read = self.len();
+      }
+      buf[.. read].copy_from_slice(&self[.. read]);
+      *self = &self[read ..];
+      Ok(read)
+    }
+  }
+
+  pub trait Write {
+    fn write(&mut self, buf: &[u8]) -> Result<usize>;
+    fn write_all(&mut self, buf: &[u8]) -> Result<()> {
+      if self.write(buf)? != buf.len() {
+        Err(Error::new(ErrorKind::UnexpectedEof, "writer ran out of bytes"))?;
+      }
+      Ok(())
+    }
+  }
+
+  impl Write for Vec<u8> {
+    fn write(&mut self, buf: &[u8]) -> Result<usize> {
+      self.extend(buf);
+      Ok(buf.len())
+    }
+  }
+}
+
+#[cfg(not(feature = "std"))]
+pub use shims::*;

common/std-shims/src/lib.rs

@@ -0,0 +1,24 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+
+#[cfg(not(feature = "std"))]
+#[allow(unused_imports)]
+#[doc(hidden)]
+#[macro_use]
+pub extern crate alloc;
+
+pub mod collections;
+pub mod io;
+
+pub mod str {
+  #[cfg(not(feature = "std"))]
+  pub use alloc::str::*;
+  #[cfg(feature = "std")]
+  pub use std::str::*;
+}
+
+pub mod vec {
+  #[cfg(not(feature = "std"))]
+  pub use alloc::vec::*;
+  #[cfg(feature = "std")]
+  pub use std::vec::*;
+}

crypto/ciphersuite/Cargo.toml

@@ -13,34 +13,39 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-rand_core = "0.6"
+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false, optional = true }
 
-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
+rand_core = { version = "0.6", default-features = false }
-subtle = "^2.4"
 
-digest = "0.10"
+zeroize = { version = "^1.5", default-features = false }
+subtle = { version = "^2.4", default-features = false }
+
+digest = { version = "0.10", default-features = false }
 transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3" }
-sha2 = { version = "0.10", optional = true }
+sha2 = { version = "0.10", default-features = false, optional = true }
-sha3 = { version = "0.10", optional = true }
+sha3 = { version = "0.10", default-features = false, optional = true }
 
-ff = { version = "0.13", features = ["bits"] }
+ff = { version = "0.13", default-features = false, features = ["bits"] }
-group = "0.13"
+group = { version = "0.13", default-features = false }
 
 dalek-ff-group = { path = "../dalek-ff-group", version = "0.3", optional = true }
 
-elliptic-curve = { version = "0.13", features = ["hash2curve"], optional = true }
+elliptic-curve = { version = "0.13", default-features = false, features = ["hash2curve"], optional = true }
-p256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits", "hash2curve"], optional = true }
+p256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
-k256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits", "hash2curve"], optional = true }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits", "hash2curve"], optional = true }
 
 minimal-ed448 = { path = "../ed448", version = "0.3", optional = true }
 
 [dev-dependencies]
 hex = "0.4"
 
+rand_core = { version = "0.6", features = ["std"] }
+
 ff-group-tests = { version = "0.13", path = "../ff-group-tests" }
 
 [features]
-std = []
+alloc = ["std-shims"]
+std = ["std-shims/std"]
 
 dalek = ["sha2", "dalek-ff-group"]
 ed25519 = ["dalek"]

crypto/ciphersuite/README.md

@@ -8,6 +8,9 @@ culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
 
+This library is usable under no_std. The `alloc` and `std` features enable
+reading from the `io::Read` trait, shimmed by `std-shims` under `alloc`.
+
 ### Secp256k1/P-256
 
 Secp256k1 and P-256 are offered via [k256](https://crates.io/crates/k256) and

crypto/ciphersuite/src/ed448.rs

@@ -75,8 +75,7 @@ impl Ciphersuite for Ed448 {
 fn test_ed448() {
   use ff::PrimeField;
 
-  // TODO: Enable once ed448 passes these tests
+  ff_group_tests::group::test_prime_group_bits::<_, Point>(&mut rand_core::OsRng);
-  //ff_group_tests::group::test_prime_group_bits::<Point>();
 
   // Ideally, a test vector from RFC-8032 (not FROST) would be here
   // Unfortunately, the IETF draft doesn't provide any vectors for the derived challenges

crypto/ciphersuite/src/lib.md

@@ -7,3 +7,6 @@ This library, except for the not recommended Ed448 ciphersuite, was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std. The `alloc` and `std` features enable
+reading from the `io::Read` trait, shimmed by `std-shims` under `alloc`.

crypto/ciphersuite/src/lib.rs

@@ -1,10 +1,10 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![cfg_attr(not(feature = "std"), no_std)]
 #![doc = include_str!("lib.md")]
+#![cfg_attr(not(feature = "std"), no_std)]
 
 use core::fmt::Debug;
-#[cfg(feature = "std")]
+#[cfg(any(feature = "alloc", feature = "std"))]
-use std::io::{self, Read};
+use std_shims::io::{self, Read};
 
 use rand_core::{RngCore, CryptoRng};
 
@@ -20,7 +20,7 @@ use group::{
   Group, GroupOps,
   prime::PrimeGroup,
 };
-#[cfg(feature = "std")]
+#[cfg(any(feature = "alloc", feature = "std"))]
 use group::GroupEncoding;
 
 #[cfg(feature = "dalek")]
@@ -85,7 +85,7 @@ pub trait Ciphersuite:
   }
 
   /// Read a canonical scalar from something implementing std::io::Read.
-  #[cfg(feature = "std")]
+  #[cfg(any(feature = "alloc", feature = "std"))]
   #[allow(non_snake_case)]
   fn read_F<R: Read>(reader: &mut R) -> io::Result<Self::F> {
     let mut encoding = <Self::F as PrimeField>::Repr::default();
@@ -99,7 +99,7 @@ pub trait Ciphersuite:
   }
 
   /// Read a canonical point from something implementing std::io::Read.
-  #[cfg(feature = "std")]
+  #[cfg(any(feature = "alloc", feature = "std"))]
   #[allow(non_snake_case)]
   fn read_G<R: Read>(reader: &mut R) -> io::Result<Self::G> {
     let mut encoding = <Self::G as GroupEncoding>::Repr::default();

crypto/dalek-ff-group/Cargo.toml

@@ -15,20 +15,22 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"
 
-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
+zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
-subtle = "^2.4"
+subtle = { version = "^2.4", default-features = false }
 
-rand_core = "0.6"
+rand_core = { version = "0.6", default-features = false }
 
-digest = "0.10"
+digest = { version = "0.10", default-features = false }
 
-ff = "0.13"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
-group = "0.13"
+group = { version = "0.13", default-features = false }
 
-crypto-bigint = "0.5"
+crypto-bigint = { version = "0.5", default-features = false }
 
-sha2 = "0.9"
+sha2 = { version = "0.9", default-features = false }
-curve25519-dalek = "^3.2"
+# The default features are ["std", "u64_backend"]
+curve25519-dalek = { version = "^3.2", default-features = false, features = ["alloc", "u64_backend"] }
 
 [dev-dependencies]
+rand_core = { version = "0.6", features = ["std"] }
 ff-group-tests = { path = "../ff-group-tests" }

crypto/dalek-ff-group/README.md

@@ -8,3 +8,5 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std.

crypto/ed448/Cargo.toml

@@ -15,20 +15,20 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"
 
-lazy_static = "1"
+rand_core = { version = "0.6", default-features = false }
 
-rand_core = "0.6"
+zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
+subtle = { version = "^2.4", default-features = false }
 
-zeroize = { version = "^1.5", features = ["zeroize_derive"] }
+ff = { version = "0.13", default-features = false, features = ["bits"] }
-subtle = "^2.4"
+group = { version = "0.13", default-features = false }
 
-ff = "0.13"
+generic-array = { version = "0.14", default-features = false }
-group = "0.13"
+crypto-bigint = { version = "0.5", default-features = false, features = ["zeroize"] }
-
-generic-array = "0.14"
-crypto-bigint = { version = "0.5", features = ["zeroize"] }
 
 [dev-dependencies]
 hex = "0.4"
 
+rand_core = { version = "0.6", features = ["std"] }
+
 ff-group-tests = { path = "../ff-group-tests" }

crypto/ed448/src/lib.rs

@@ -1,6 +1,6 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
-#![no_std]
 #![doc = include_str!("../README.md")]
+#![no_std]
 
 #[macro_use]
 mod backend;

crypto/ed448/src/point.rs

@@ -3,8 +3,6 @@ use core::{
   iter::Sum,
 };
 
-use lazy_static::lazy_static;
-
 use rand_core::RngCore;
 
 use zeroize::Zeroize;
@@ -34,6 +32,13 @@ const G_Y: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!(
   "05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14",
 ))));
 
+const G_X: FieldElement = FieldElement(Residue::new(&U512::from_be_hex(concat!(
+  "00000000000000",
+  "00",
+  "4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324",
+  "a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e",
+))));
+
 fn recover_x(y: FieldElement) -> CtOption<FieldElement> {
   let ysq = y.square();
   #[allow(non_snake_case)]
@@ -56,9 +61,7 @@ pub struct Point {
   z: FieldElement,
 }
 
-lazy_static! {
+const G: Point = Point { x: G_X, y: G_Y, z: FieldElement::ONE };
-  static ref G: Point = Point { x: recover_x(G_Y).unwrap(), y: G_Y, z: FieldElement::ONE };
-}
 
 impl ConstantTimeEq for Point {
   fn ct_eq(&self, other: &Self) -> Choice {
@@ -184,7 +187,7 @@ impl Group for Point {
     Point { x: FieldElement::ZERO, y: FieldElement::ONE, z: FieldElement::ONE }
   }
   fn generator() -> Self {
-    *G
+    G
   }
   fn is_identity(&self) -> Choice {
     self.ct_eq(&Self::identity())
@@ -321,6 +324,13 @@ fn test_group() {
   ff_group_tests::group::test_prime_group_bits::<_, Point>(&mut rand_core::OsRng);
 }
 
+#[test]
+fn generator() {
+  assert!(G.x == G_X);
+  assert!(G.y == G_Y);
+  assert!(recover_x(G.y).unwrap() == G.x);
+}
+
 #[test]
 fn torsion() {
   use generic_array::GenericArray;

crypto/multiexp/Cargo.toml

@@ -15,18 +15,24 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"
 
+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false }
+
 zeroize = { version = "^1.5", features = ["zeroize_derive"] }
 
-ff = "0.13"
+ff = { version = "0.13", default-features = false, features = ["bits"] }
-group = "0.13"
+group = { version = "0.13", default-features = false }
 
-rand_core = { version = "0.6", optional = true }
+rand_core = { version = "0.6", default-features = false, optional = true }
 
 [dev-dependencies]
-rand_core = "0.6"
+rand_core = { version = "0.6", features = ["std"] }
 
-k256 = { version = "^0.13.1", default-features = false, features = ["std", "arithmetic", "bits"] }
+k256 = { version = "^0.13.1", default-features = false, features = ["arithmetic", "bits"] }
 dalek-ff-group = { path = "../dalek-ff-group" }
 
 [features]
+std = ["std-shims/std"]
+
 batch = ["rand_core"]
+
+default = ["std"]

crypto/multiexp/README.md

@@ -3,10 +3,14 @@
 A multiexp implementation for ff/group implementing Straus and Pippenger. A
 batch verification API is also available via the "batch" feature, which enables
 secure multiexponentation batch verification given a series of values which
-should sum to 0, identifying which doesn't via binary search if they don't.
+should sum to the identity, identifying which doesn't via binary search if they
+don't.
 
 This library was
 [audited by Cypher Stack in March 2023](https://github.com/serai-dex/serai/raw/e1bb2c191b7123fd260d008e31656d090d559d21/audits/Cypher%20Stack%20crypto%20March%202023/Audit.pdf),
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std, via alloc, when the default features are
+disabled.

crypto/multiexp/src/batch.rs

@@ -1,3 +1,5 @@
+use std_shims::vec::Vec;
+
 use rand_core::{RngCore, CryptoRng};
 
 use zeroize::{Zeroize, Zeroizing};

crypto/multiexp/src/lib.rs

@@ -1,7 +1,12 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
+#![cfg_attr(not(feature = "std"), no_std)]
 
 use core::ops::DerefMut;
+#[cfg(not(feature = "std"))]
+#[macro_use]
+extern crate alloc;
+use std_shims::vec::Vec;
 
 use zeroize::Zeroize;
 

crypto/multiexp/src/straus.rs

@@ -1,3 +1,5 @@
+use std_shims::vec::Vec;
+
 use zeroize::Zeroize;
 
 use ff::PrimeFieldBits;

crypto/schnorr/Cargo.toml

@@ -13,17 +13,27 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-rand_core = "0.6"
+std-shims = { path = "../../common/std-shims", version = "0.1", default-features = false }
+
+rand_core = { version = "0.6", default-features = false }
 
 zeroize = { version = "^1.5", features = ["zeroize_derive"] }
 
-transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3" }
+transcript = { package = "flexible-transcript", path = "../transcript", version = "0.3", default-features = false }
 
-ciphersuite = { path = "../ciphersuite", version = "0.3" }
+ciphersuite = { path = "../ciphersuite", version = "0.3", default-features = false, features = ["alloc"] }
-multiexp = { path = "../multiexp", version = "0.3", features = ["batch"] }
+multiexp = { path = "../multiexp", version = "0.3", default-features = false, features = ["batch"] }
 
 [dev-dependencies]
 hex = "0.4"
+
+rand_core = { version = "0.6", features = ["std"] }
+
 sha2 = "0.10"
+
 dalek-ff-group = { path =  "../dalek-ff-group", version = "0.3" }
 ciphersuite = { path = "../ciphersuite", version = "0.3", features = ["ed25519"] }
+
+[features]
+std = ["std-shims/std", "ciphersuite/std"]
+default = ["std"]

crypto/schnorr/README.md

@@ -14,3 +14,6 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std, via alloc, when the default features are
+disabled.

crypto/schnorr/src/aggregate.rs

@@ -1,4 +1,7 @@
-use std::io::{self, Read, Write};
+use std_shims::{
+  vec::Vec,
+  io::{self, Read, Write},
+};
 
 use zeroize::Zeroize;
 

crypto/schnorr/src/lib.rs

@@ -1,8 +1,15 @@
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
+#![cfg_attr(not(feature = "std"), no_std)]
 
 use core::ops::Deref;
-use std::io::{self, Read, Write};
+#[cfg(not(feature = "std"))]
+#[macro_use]
+extern crate alloc;
+use std_shims::{
+  vec::Vec,
+  io::{self, Read, Write},
+};
 
 use rand_core::{RngCore, CryptoRng};
 

crypto/transcript/Cargo.toml

@@ -15,17 +15,17 @@ rustdoc-args = ["--cfg", "docsrs"]
 [dependencies]
 rustversion = "1"
 
-subtle = "^2.4"
+subtle = { version = "^2.4", default-features = false }
-zeroize = "^1.5"
+zeroize = { version = "^1.5", default-features = false }
 
-digest = "0.10"
+digest = { version = "0.10", default-features = false, features = ["core-api"] }
 
-blake2 = { version = "0.10", optional = true }
+blake2 = { version = "0.10", default-features = false, optional = true }
-merlin = { version = "3", optional = true }
+merlin = { version = "3", default-features = false, optional = true }
 
 [dev-dependencies]
-sha2 = "0.10"
+sha2 = { version = "0.10", default-features = false }
-blake2 = "0.10"
+blake2 = { version = "0.10", default-features = false }
 
 [features]
 recommended = ["blake2"]

crypto/transcript/README.md

@@ -31,3 +31,5 @@ This library was
 culminating in commit
 [669d2dbffc1dafb82a09d9419ea182667115df06](https://github.com/serai-dex/serai/tree/669d2dbffc1dafb82a09d9419ea182667115df06).
 Any subsequent changes have not undergone auditing.
+
+This library is usable under no_std.

tests/no-std/Cargo.toml

@@ -0,0 +1,33 @@
+[package]
+name = "serai-no-std"
+version = "0.1.0"
+description = "A crate to test no-std builds of Serai crates work"
+license = "MIT"
+repository = "https://github.com/kayabaNerve/serai/tree/develop/common/std-shims"
+authors = ["Luke Parker <lukeparker5132@gmail.com>"]
+keywords = ["nostd", "no_std", "alloc", "io"]
+edition = "2021"
+publish = false
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
+
+[dependencies]
+flexible-transcript = { path = "../../crypto/transcript", features = ["recommended", "merlin"] }
+
+dalek-ff-group = { path = "../../crypto/dalek-ff-group" }
+minimal-ed448 = { path = "../../crypto/ed448" }
+
+ciphersuite = { path = "../../crypto/ciphersuite", default-features = false, features = ["alloc", "secp256k1", "p256", "ed25519", "ristretto", "ed448"] }
+
+multiexp = { path = "../../crypto/multiexp", default-features = false, features = ["batch"] }
+
+# dleq = { path = "../../crypto/dleq" }
+schnorr-signatures = { path = "../../crypto/schnorr", default-features = false }
+
+# dkg = { path = "../../crypto/dkg" }
+# modular-frost = { path = "../../crypto/frost" }
+# frost-schnorrkel = { path = "../../crypto/schnorrkel" }
+
+monero-generators = { path = "../../coins/monero/generators", default-features = false, features = ["alloc"] }

tests/no-std/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Luke Parker
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

tests/no-std/README.md

@@ -0,0 +1,3 @@
+# no-std tests
+
+A crate usable to test building various Serai crates in a no-std environment.

tests/no-std/src/lib.rs

@@ -0,0 +1,26 @@
+#![no_std]
+
+pub use flexible_transcript::*;
+
+pub mod dalek {
+  pub use dalek_ff_group::*;
+}
+pub mod ed448 {
+  pub use minimal_ed448::*;
+}
+
+pub use ciphersuite::*;
+
+pub use multiexp::*;
+
+// pub use dleq::*;
+pub use schnorr_signatures::*;
+
+/*
+pub use dkg::*;
+pub use modular_frost::*;
+pub use frost_schnorrkel::*;
+*/
+
+pub use monero_generators::*;
+// pub use monero_serai::*;