Simplify dependencies

.github/workflows/test.yml

@@ -18,7 +18,9 @@ jobs:
         uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
-      - name: check
+      - name: check (no features)
+        run: cargo +${{ matrix.rust }} check --no-default-features
+      - name: check (all features)
         run: cargo +${{ matrix.rust }} check --all-features --all-targets
       - name: test/debug
         run: cargo +${{ matrix.rust }} test --all-features

Cargo.toml

@@ -7,28 +7,29 @@ license = "BSD-3-Clause"
 description = "A smaller faster implementation of Bulletproofs"
 
 [dependencies]
-blake2 = "0.10"
+blake2 = { version = "0.10", default-features = false }
 byteorder = { version = "1", default-features = false }
 curve25519-dalek = { package = "tari-curve25519-dalek", version = "4.0.3", features = ["serde", "rand_core"] }
-derive_more = "0.99"
-derivative = "2.2"
 digest = { version = "0.10", default-features = false }
-itertools = "0.6"
+itertools = { version = "0.12", default-features = false, features = ["use_alloc"] }
 merlin = { version = "3", default-features = false }
 once_cell = { version = "1", default-features = false, features = ["critical-section"] }
-rand = "0.8"
-# Note: toolchain must be at v1.60+ to support serde v1.0.150+
-serde = "1.0"
+rand = { version = "0.8", optional = true }
+serde = { version = "1.0", default-features = false, features = ["alloc"] }
 sha3 = { version = "0.10", default-features = false }
-thiserror = { version = "1" }
-zeroize = "1"
-rand_core = "0.6"
+thiserror-no-std = { version = "2", default-features = false }
+zeroize = { version = "1", default-features = false, features = ["alloc", "derive"] }
+rand_core = { version = "0.6", default-features = false, features = ["alloc"] }
 
 [dev-dependencies]
 bincode = "1"
 criterion = "0.5"
 quickcheck = "1"
 
+[features]
+default = ["rand"]
+rand = ["dep:rand"]
+
 [[bench]]
 name = "range_proof"
 harness = false

benches/range_proof.rs

@@ -11,7 +11,7 @@ extern crate criterion;
 
 use criterion::{Criterion, SamplingMode};
 use curve25519_dalek::scalar::Scalar;
-use rand::{self, Rng};
+use rand::{thread_rng, Rng};
 use tari_bulletproofs_plus::{
     commitment_opening::CommitmentOpening,
     generators::pedersen_gens::ExtensionDegree,
@@ -63,7 +63,7 @@ fn create_aggregated_rangeproof_helper(bit_length: usize, extension_degree: Exte
             let mut commitments = vec![];
             let mut minimum_values = vec![];
             let mut openings = vec![];
-            let mut rng = rand::thread_rng();
+            let mut rng = thread_rng();
             for _ in 0..aggregation_factor {
                 let value = rng.gen_range(value_min..=value_max);
                 minimum_values.push(Some(value / 3));
@@ -136,7 +136,7 @@ fn verify_aggregated_rangeproof_helper(bit_length: usize, extension_degree: Exte
             let mut commitments = vec![];
             let mut minimum_values = vec![];
             let mut openings = vec![];
-            let mut rng = rand::thread_rng();
+            let mut rng = thread_rng();
             for _ in 0..aggregation_factor {
                 let value = rng.gen_range(value_min..=value_max);
                 minimum_values.push(Some(value / 3));
@@ -209,7 +209,7 @@ fn verify_batched_rangeproofs_helper(bit_length: usize, extension_degree: Extens
             let pc_gens = ristretto::create_pedersen_gens_with_extension_degree(extension_degree);
             let generators = RangeParameters::init(bit_length, 1, pc_gens).unwrap();
 
-            let mut rng = rand::thread_rng();
+            let mut rng = thread_rng();
 
             group.bench_function(&label, move |b| {
                 // Batch data

src/errors.rs

@@ -3,7 +3,7 @@
 
 //! Bulletproofs+ error definitions
 
-use thiserror::Error;
+use thiserror_no_std::Error;
 
 /// Represents an error in proof creation, verification, or parsing.
 #[derive(Debug, Error)]

src/protocols/scalar_protocol.rs

@@ -6,12 +6,12 @@
 use blake2::Blake2bMac512;
 use curve25519_dalek::scalar::Scalar;
 use digest::FixedOutput;
-use rand::{CryptoRng, RngCore};
+use rand_core::CryptoRngCore;
 
 /// Defines a `ScalarProtocol` trait for using a Scalar
 pub trait ScalarProtocol {
     /// Returns a non-zero random Scalar
-    fn random_not_zero<R: RngCore + CryptoRng>(rng: &mut R) -> Scalar;
+    fn random_not_zero<R: CryptoRngCore>(rng: &mut R) -> Scalar;
 
     /// Construct a scalar from an existing Blake2b instance (helper function to implement `Scalar::from_hash<Blake2b>`)
     fn from_hasher_blake2b(hasher: Blake2bMac512) -> Scalar;
@@ -20,7 +20,7 @@ pub trait ScalarProtocol {
 impl ScalarProtocol for Scalar {
     // 'Scalar::random(rng)' in most cases will not return zero due to the intent of the implementation, but this is
     // not guaranteed. This function makes it clear that zero will never be returned
-    fn random_not_zero<R: RngCore + CryptoRng>(rng: &mut R) -> Scalar {
+    fn random_not_zero<R: CryptoRngCore>(rng: &mut R) -> Scalar {
         let mut value = Scalar::ZERO;
         while value == Scalar::ZERO {
             value = Scalar::random(rng);
@@ -39,12 +39,12 @@ impl ScalarProtocol for Scalar {
 #[cfg(test)]
 mod test {
     use curve25519_dalek::Scalar;
-    use rand_core::OsRng;
+    use rand::thread_rng;
 
     use super::*;
 
     #[test]
     fn test_nonzero() {
-        assert_ne!(Scalar::random_not_zero(&mut OsRng), Scalar::ZERO);
+        assert_ne!(Scalar::random_not_zero(&mut thread_rng()), Scalar::ZERO);
     }
 }

src/range_proof.rs

@@ -18,7 +18,9 @@ use curve25519_dalek::{
 };
 use itertools::{izip, Itertools};
 use merlin::Transcript;
+#[cfg(feature = "rand")]
 use rand::thread_rng;
+use rand_core::CryptoRngCore;
 use serde::{de::Visitor, Deserialize, Deserializer, Serialize, Serializer};
 use zeroize::Zeroizing;
 
@@ -209,10 +211,22 @@ where
 
     /// Create a single or aggregated range proof for a single party that knows all the secrets
     /// The prover must ensure that the commitments and witness opening data are consistent
+    #[cfg(feature = "rand")]
     pub fn prove(
         transcript_label: &'static str,
         statement: &RangeStatement<P>,
         witness: &RangeWitness,
+    ) -> Result<Self, ProofError> {
+        Self::prove_with_rng(transcript_label, statement, witness, &mut thread_rng())
+    }
+
+    /// Create a single or aggregated range proof for a single party that knows all the secrets
+    /// The prover must ensure that the commitments and witness opening data are consistent
+    pub fn prove_with_rng<R: CryptoRngCore>(
+        transcript_label: &'static str,
+        statement: &RangeStatement<P>,
+        witness: &RangeWitness,
+        rng: &mut R,
     ) -> Result<Self, ProofError> {
         // Useful lengths
         let bit_length = statement.generators.bit_length();
@@ -301,7 +315,6 @@ where
         }
 
         // Compute A by multi-scalar multiplication
-        let rng = &mut thread_rng();
         let mut alpha = Zeroizing::new(Vec::with_capacity(extension_degree));
         for k in 0..extension_degree {
             alpha.push(if let Some(seed_nonce) = statement.seed_nonce {
@@ -651,11 +664,23 @@ where
     }
 
     /// Wrapper function for batch verification in different modes: mask recovery, verification, or both
+    #[cfg(feature = "rand")]
     pub fn verify_batch(
         transcript_labels: &[&'static str],
         statements: &[RangeStatement<P>],
         proofs: &[RangeProof<P>],
         action: VerifyAction,
+    ) -> Result<Vec<Option<ExtendedMask>>, ProofError> {
+        Self::verify_batch_with_rng(transcript_labels, statements, proofs, action, &mut thread_rng())
+    }
+
+    /// Wrapper function for batch verification in different modes: mask recovery, verification, or both
+    pub fn verify_batch_with_rng<R: CryptoRngCore>(
+        transcript_labels: &[&'static str],
+        statements: &[RangeStatement<P>],
+        proofs: &[RangeProof<P>],
+        action: VerifyAction,
+        rng: &mut R,
     ) -> Result<Vec<Option<ExtendedMask>>, ProofError> {
         // By definition, an empty batch fails
         if statements.is_empty() || proofs.is_empty() || transcript_labels.is_empty() {
@@ -685,7 +710,7 @@ where
 
         // If the batch fails, propagate the error; otherwise, store the masks and keep going
         if let Some((batch_statements, batch_proofs)) = chunks.next() {
-            let mut result = RangeProof::verify(transcript_labels, batch_statements, batch_proofs, action)?;
+            let mut result = RangeProof::verify(transcript_labels, batch_statements, batch_proofs, action, rng)?;
 
             masks.append(&mut result);
         }
@@ -695,11 +720,12 @@ where
 
     // Verify a batch of single and/or aggregated range proofs as a public entity, or recover the masks for single
     // range proofs by a party that can supply the optional seed nonces
-    fn verify(
+    fn verify<R: CryptoRngCore>(
         transcript_labels: &[&'static str],
         statements: &[RangeStatement<P>],
         range_proofs: &[RangeProof<P>],
         extract_masks: VerifyAction,
+        rng: &mut R,
     ) -> Result<Vec<Option<ExtendedMask>>, ProofError> {
         // Verify generators consistency & select largest aggregation factor
         let (max_mn, max_index) = RangeProof::verify_statements_and_generators_consistency(statements, range_proofs)?;
@@ -750,7 +776,6 @@ where
         let mut masks = Vec::with_capacity(range_proofs.len());
 
         // Process each proof and add it to the batch
-        let rng = &mut thread_rng();
         for (proof, statement, transcript_label) in izip!(range_proofs, statements, transcript_labels) {
             let commitments = statement.commitments.clone();
             let minimum_value_promises = statement.minimum_value_promises.clone();
@@ -1681,7 +1706,7 @@ mod tests {
 
         // Proof vector mismatches
         proof.li.pop();
-        assert!(RangeProof::verify(
+        assert!(RangeProof::verify_batch(
             &["test"],
             &[statement.clone()],
             &[proof.clone()],
@@ -1690,7 +1715,7 @@ mod tests {
         .is_err());
 
         proof.ri.pop();
-        assert!(RangeProof::verify(&["test"], &[statement], &[proof], VerifyAction::VerifyOnly).is_err());
+        assert!(RangeProof::verify_batch(&["test"], &[statement], &[proof], VerifyAction::VerifyOnly).is_err());
     }
 
     #[test]

src/ristretto.rs

@@ -110,6 +110,7 @@ fn ristretto_compressed_masking_basepoints() -> &'static [CompressedRistretto; E
 #[cfg(test)]
 mod tests {
     use curve25519_dalek::scalar::Scalar;
+    use rand::thread_rng;
 
     use super::*;
     use crate::protocols::scalar_protocol::ScalarProtocol;
@@ -144,7 +145,7 @@ mod tests {
 
     #[test]
     fn test_commitments() {
-        let mut rng = rand::thread_rng();
+        let mut rng = thread_rng();
         let value = Scalar::random_not_zero(&mut rng);
         let blindings = [
             Scalar::random_not_zero(&mut rng),

src/utils/mod.rs

@@ -3,7 +3,4 @@
 
 //! Bulletproofs+ utilities
 
-/// Bulletproofs+ add 'Debug' functionality to other struct members that do not implement 'Debug'
 pub mod generic;
-/// Bulletproofs+ add 'Debug' functionality to other struct members that do not implement 'Debug'
-pub mod non_debug;

tests/ristretto.rs

@@ -4,7 +4,7 @@
 #![allow(clippy::too_many_lines)]
 
 use curve25519_dalek::scalar::Scalar;
-use rand::Rng;
+use rand::{thread_rng, Rng};
 use tari_bulletproofs_plus::{
     commitment_opening::CommitmentOpening,
     errors::ProofError,
@@ -152,7 +152,7 @@ fn prove_and_verify(
     extension_degree: ExtensionDegree,
     promise_strategy: &ProofOfMinimumValueStrategy,
 ) {
-    let mut rng = rand::thread_rng();
+    let mut rng = thread_rng();
     let transcript_label: &'static str = "BatchedRangeProofTest";
 
     for bit_length in bit_lengths {