Implement no_std support

Cargo.toml

@@ -12,17 +12,18 @@ keywords = ["cryptography", "crypto", "ristretto", "zero-knowledge", "bulletproo
 description = "A pure-Rust implementation of Bulletproofs using Ristretto"
 
 [dependencies]
-curve25519-dalek = { version = "^1.2.3", features = ["serde"] }
-subtle = "2"
-sha3 = "0.8"
-digest = "0.8"
-rand = "0.6"
-byteorder = "1"
-serde = "1"
-serde_derive = "1"
-failure = "0.1"
-merlin = "1.1"
-clear_on_drop = "0.2"
+curve25519-dalek = { version = "^1.2.3", default-features = false, features = ["u64_backend", "nightly", "serde", "alloc"] }
+subtle = { version = "2", default-features = false }
+sha3 = { version = "0.8", default-features = false }
+digest = { version = "0.8", default-features = false }
+rand_core = { version = "0.4", default-features = false, features = ["alloc"] }
+rand = { version = "0.6", default-features = false, optional = true }
+byteorder = { version = "1", default-features = false }
+serde = { version = "1", default-features = false, features = ["alloc"] }
+serde_derive = { version = "1", default-features = false }
+failure = { version = "0.1", default-features = false, features = ["derive"] }
+merlin = { version = "1.2", default-features = false }
+clear_on_drop = { version = "0.2", default-features = false, features = ["nightly"] }
 
 [dev-dependencies]
 hex = "0.3"
@@ -31,8 +32,10 @@ bincode = "1"
 rand_chacha = "0.1"
 
 [features]
+default = ["std", "avx2_backend"]
 avx2_backend = ["curve25519-dalek/avx2_backend"]
 yoloproofs = []
+std = ["rand", "rand/std"]
 
 [[test]]
 name = "range_proof"

src/errors.rs

@@ -1,5 +1,8 @@
 //! Errors related to proving and verifying proofs.
 
+extern crate alloc;
+use alloc::vec::Vec;
+
 /// Represents an error in proof creation, verification, or parsing.
 #[derive(Fail, Clone, Debug, Eq, PartialEq)]
 pub enum ProofError {

src/generators.rs

@@ -4,12 +4,14 @@
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 
+extern crate alloc;
+
+use alloc::vec::Vec;
 use curve25519_dalek::constants::RISTRETTO_BASEPOINT_COMPRESSED;
 use curve25519_dalek::constants::RISTRETTO_BASEPOINT_POINT;
 use curve25519_dalek::ristretto::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::MultiscalarMul;
-
 use digest::{ExtendableOutput, Input, XofReader};
 use sha3::{Sha3XofReader, Sha3_512, Shake256};
 

src/inner_product_proof.rs

@@ -1,9 +1,12 @@
 #![allow(non_snake_case)]
 #![doc(include = "../docs/inner-product-protocol.md")]
 
-use std::borrow::Borrow;
-use std::iter;
+extern crate alloc;
 
+use alloc::borrow::Borrow;
+use alloc::vec::Vec;
+
+use core::iter;
 use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::traits::VartimeMultiscalarMul;

src/lib.rs

@@ -1,3 +1,4 @@
+#![cfg_attr(not(feature = "std"), no_std)]
 #![feature(nll)]
 #![feature(external_doc)]
 #![feature(try_trait)]
@@ -6,9 +7,17 @@
 #![doc(html_logo_url = "https://doc.dalek.rs/assets/dalek-logo-clear.png")]
 
 extern crate byteorder;
+
+extern crate alloc;
+
+#[cfg(feature = "std")]
 extern crate core;
-extern crate digest;
+
+#[cfg(feature = "std")]
 extern crate rand;
+
+extern crate digest;
+extern crate rand_core;
 extern crate sha3;
 
 extern crate clear_on_drop;
@@ -56,4 +65,5 @@ pub mod range_proof_mpc {
 }
 
 #[cfg(feature = "yoloproofs")]
+#[cfg(feature = "std")]
 pub mod r1cs;

src/range_proof/dealer.rs

@@ -5,6 +5,11 @@
 //! [the API for the aggregated multiparty computation protocol](../aggregation/index.html#api-for-the-aggregated-multiparty-computation-protocol).
 
 use core::iter;
+
+extern crate alloc;
+
+use alloc::vec::Vec;
+
 use curve25519_dalek::ristretto::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
 use merlin::Transcript;
@@ -15,6 +20,8 @@ use inner_product_proof;
 use range_proof::RangeProof;
 use transcript::TranscriptProtocol;
 
+use rand_core::{CryptoRng, RngCore};
+
 use util;
 
 use super::messages::*;
@@ -295,15 +302,19 @@ impl<'a, 'b> DealerAwaitingProofShares<'a, 'b> {
     /// performing local aggregation,
     /// [`receive_trusted_shares`](DealerAwaitingProofShares::receive_trusted_shares)
     /// saves time by skipping verification of the aggregated proof.
-    pub fn receive_shares(mut self, proof_shares: &[ProofShare]) -> Result<RangeProof, MPCError> {
+    pub fn receive_shares<T: RngCore + CryptoRng>(
+        mut self,
+        proof_shares: &[ProofShare],
+        rng: &mut T,
+    ) -> Result<RangeProof, MPCError> {
         let proof = self.assemble_shares(proof_shares)?;
 
         let Vs: Vec<_> = self.bit_commitments.iter().map(|vc| vc.V_j).collect();
 
         // See comment in `Dealer::new` for why we use `initial_transcript`
         let transcript = &mut self.initial_transcript;
         if proof
-            .verify_multiple(self.bp_gens, self.pc_gens, transcript, &Vs, self.n)
+            .verify_multiple_with_rng(self.bp_gens, self.pc_gens, transcript, &Vs, self.n, rng)
             .is_ok()
         {
             Ok(proof)

src/range_proof/messages.rs

@@ -4,9 +4,12 @@
 //! For more explanation of how the `dealer`, `party`, and `messages` modules orchestrate the protocol execution, see
 //! [the API for the aggregated multiparty computation protocol](../aggregation/index.html#api-for-the-aggregated-multiparty-computation-protocol).
 
+extern crate alloc;
+
+use alloc::vec::Vec;
+use core::iter;
 use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
-
 use generators::{BulletproofGens, PedersenGens};
 
 /// A commitment to the bits of a party's value.
@@ -87,8 +90,6 @@ impl ProofShare {
         poly_commitment: &PolyCommitment,
         poly_challenge: &PolyChallenge,
     ) -> Result<(), ()> {
-        use std::iter;
-
         use curve25519_dalek::traits::{IsIdentity, VartimeMultiscalarMul};
 
         use inner_product_proof::inner_product;