Bump bincode and secrecy for no_std builds

synedrion/Cargo.toml

@@ -19,7 +19,7 @@ digest = { version = "0.10", default-features = false, features = ["alloc"]}
 hex = { version = "0.4", default-features = false, features = ["alloc"] }
 base64 = { version = "0.21", default-features = false, features = ["alloc"] }
 hashing-serializer = { version = "0.1", default-features = false }
-secrecy = { version = "0.8", default-features = false, features = ["alloc", "serde"] }
+secrecy = { version = "0.9.0-pre.0", default-features = false, features = ["serde"] }
 zeroize = { version = "1.8", default-features = false, features = ["alloc", "zeroize_derive"] }
 bip32 = { version = "0.5.2", default-features = false, features = ["alloc", "secp256k1"] }
 
@@ -29,7 +29,7 @@ crypto-bigint = { version = "0.5.3", default-features = false, features = ["serd
 crypto-primes = { version = "0.5", default-features = false }
 
 serde = { version = "1", default-features = false, features = ["derive"] }
-bincode = "1"
+bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde", "alloc"] }
 displaydoc = { version = "0.2", default-features = false}
 
 [dev-dependencies]

synedrion/src/cggmp21/entities.rs

@@ -1,11 +1,12 @@
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::vec::Vec;
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use k256::ecdsa::VerifyingKey;
 use rand_core::CryptoRngCore;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretBox};
 use serde::{Deserialize, Serialize};
 
 use crate::cggmp21::SchemeParams;
@@ -24,7 +25,7 @@ use crate::paillier::RandomizerMod;
 pub struct KeyShare<P, I: Ord> {
     pub(crate) owner: I,
     /// Secret key share of this node.
-    pub(crate) secret_share: Secret<Scalar>, // `x_i`
+    pub(crate) secret_share: SecretBox<Scalar>, // `x_i`
     pub(crate) public_shares: BTreeMap<I, Point>, // `X_j`
     // TODO (#27): this won't be needed when Scalar/Point are a part of `P`
     pub(crate) phantom: PhantomData<P>,
@@ -43,7 +44,7 @@ pub struct AuxInfo<P: SchemeParams, I: Ord> {
 #[serde(bound(deserialize = "SecretKeyPaillier<P::Paillier>: for <'x> Deserialize<'x>"))]
 pub(crate) struct SecretAuxInfo<P: SchemeParams> {
     pub(crate) paillier_sk: SecretKeyPaillier<P::Paillier>,
-    pub(crate) el_gamal_sk: Secret<Scalar>, // `y_i`
+    pub(crate) el_gamal_sk: SecretBox<Scalar>, // `y_i`
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -67,7 +68,7 @@ pub(crate) struct AuxInfoPrecomputed<P: SchemeParams, I> {
 pub(crate) struct SecretAuxInfoPrecomputed<P: SchemeParams> {
     pub(crate) paillier_sk: SecretKeyPaillierPrecomputed<P::Paillier>,
     #[allow(dead_code)] // TODO (#36): this will be needed for the 6-round presigning protocol.
-    pub(crate) el_gamal_sk: Secret<Scalar>, // `y_i`
+    pub(crate) el_gamal_sk: SecretBox<Scalar>, // `y_i`
 }
 
 #[derive(Clone)]
@@ -83,7 +84,7 @@ pub(crate) struct PublicAuxInfoPrecomputed<P: SchemeParams> {
 pub struct KeyShareChange<P: SchemeParams, I: Ord> {
     pub(crate) owner: I,
     /// The value to be added to the secret share.
-    pub(crate) secret_share_change: Secret<Scalar>, // `x_i^* - x_i == \sum_{j} x_j^i`
+    pub(crate) secret_share_change: SecretBox<Scalar>, // `x_i^* - x_i == \sum_{j} x_j^i`
     /// The values to be added to the public shares of remote nodes.
     pub(crate) public_share_changes: BTreeMap<I, Point>, // `X_k^* - X_k == \sum_j X_j^k`, for all nodes
     // TODO (#27): this won't be needed when Scalar/Point are a part of `P`
@@ -95,9 +96,9 @@ pub struct KeyShareChange<P: SchemeParams, I: Ord> {
 pub struct PresigningData<P: SchemeParams, I> {
     pub(crate) nonce: Scalar, // x-coordinate of $R$
     /// An additive share of the ephemeral scalar.
-    pub(crate) ephemeral_scalar_share: Secret<Scalar>, // $k_i$
+    pub(crate) ephemeral_scalar_share: SecretBox<Scalar>, // $k_i$
     /// An additive share of `k * x` where `x` is the secret key.
-    pub(crate) product_share: Secret<Scalar>,
+    pub(crate) product_share: SecretBox<Scalar>,
 
     // Values generated during presigning,
     // kept in case we need to generate a proof of correctness.
@@ -129,9 +130,9 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> KeyShare<P, I> {
         // TODO (#68): check that party_idx is the same for both, and the number of parties is the same
         assert_eq!(self.owner, change.owner);
 
-        let secret_share = Secret::new(
+        let secret_share = SecretBox::new(Box::new(
             self.secret_share.expose_secret() + change.secret_share_change.expose_secret(),
-        );
+        ));
         let public_shares = self
             .public_shares
             .iter()
@@ -172,7 +173,7 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> KeyShare<P, I> {
                     id.clone(),
                     KeyShare {
                         owner: id.clone(),
-                        secret_share: Secret::new(secret_share),
+                        secret_share: SecretBox::new(Box::new(secret_share)),
                         public_shares: public_shares.clone(),
                         phantom: PhantomData,
                     },
@@ -215,7 +216,7 @@ impl<P: SchemeParams, I: Ord + Clone> AuxInfo<P, I> {
         let secret_aux = (0..ids.len())
             .map(|_| SecretAuxInfo {
                 paillier_sk: SecretKeyPaillier::<P::Paillier>::random(rng),
-                el_gamal_sk: Secret::new(Scalar::random(rng)),
+                el_gamal_sk: SecretBox::new(Box::new(Scalar::random(rng))),
             })
             .collect::<Vec<_>>();
 
@@ -405,8 +406,10 @@ impl<P: SchemeParams, I: Ord + Clone + PartialEq> PresigningData<P, I> {
                 id_i.clone(),
                 PresigningData {
                     nonce,
-                    ephemeral_scalar_share: Secret::new(k_i),
-                    product_share: Secret::new(P::scalar_from_signed(&product_share_nonreduced)),
+                    ephemeral_scalar_share: SecretBox::new(Box::new(k_i)),
+                    product_share: SecretBox::new(Box::new(P::scalar_from_signed(
+                        &product_share_nonreduced,
+                    ))),
                     product_share_nonreduced,
                     cap_k: all_cap_k[&id_i].clone(),
                     values,

synedrion/src/cggmp21/protocols/aux_gen.rs

@@ -1,13 +1,14 @@
 //! AuxGen protocol, a part of the paper's Auxiliary Info. & Key Refresh in Three Rounds (Fig. 6)
 //! that only generates the auxiliary data.
 
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::string::String;
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use rand_core::CryptoRngCore;
-use secrecy::Secret;
+use secrecy::SecretBox;
 use serde::{Deserialize, Serialize};
 
 use super::super::{
@@ -526,7 +527,7 @@ impl<P: SchemeParams, I: Debug + Clone + Ord + Serialize> FinalizableToResult<I>
 
         let secret_aux = SecretAuxInfo {
             paillier_sk: self.context.paillier_sk.to_minimal(),
-            el_gamal_sk: Secret::new(self.context.y),
+            el_gamal_sk: SecretBox::new(Box::new(self.context.y)),
         };
 
         let aux_info = AuxInfo {

synedrion/src/cggmp21/protocols/key_init.rs

@@ -2,12 +2,13 @@
 //! Note that this protocol only generates the key itself which is not enough to perform signing;
 //! auxiliary parameters need to be generated as well (during the KeyRefresh protocol).
 
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use rand_core::CryptoRngCore;
-use secrecy::Secret;
+use secrecy::SecretBox;
 use serde::{Deserialize, Serialize};
 
 use super::super::{
@@ -367,7 +368,7 @@ impl<P: SchemeParams, I: Serialize + Clone + Ord + Debug> FinalizableToResult<I>
         public_shares.insert(my_id.clone(), self.context.public_data.cap_x);
         Ok(KeyShare {
             owner: my_id,
-            secret_share: Secret::new(self.context.x),
+            secret_share: SecretBox::new(Box::new(self.context.x)),
             public_shares,
             phantom: PhantomData,
         })

synedrion/src/cggmp21/protocols/key_refresh.rs

@@ -2,14 +2,15 @@
 //! This protocol generates an update to the secret key shares and new auxiliary parameters
 //! for ZK proofs (e.g. Paillier keys).
 
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::string::String;
 use alloc::vec::Vec;
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use rand_core::CryptoRngCore;
-use secrecy::Secret;
+use secrecy::SecretBox;
 use serde::{Deserialize, Serialize};
 
 use super::super::{
@@ -662,12 +663,12 @@ impl<P: SchemeParams, I: Debug + Clone + Ord + Serialize> FinalizableToResult<I>
 
         let secret_aux = SecretAuxInfo {
             paillier_sk: self.context.paillier_sk.to_minimal(),
-            el_gamal_sk: Secret::new(self.context.y),
+            el_gamal_sk: SecretBox::new(Box::new(self.context.y)),
         };
 
         let key_share_change = KeyShareChange {
             owner: my_id.clone(),
-            secret_share_change: Secret::new(x_star),
+            secret_share_change: SecretBox::new(Box::new(x_star)),
             public_share_changes: cap_x_star,
             phantom: PhantomData,
         };

synedrion/src/cggmp21/protocols/presigning.rs

@@ -1,13 +1,14 @@
 //! Presigning protocol, in the paper ECDSA Pre-Signing (Fig. 7).
 
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::string::String;
 use alloc::vec::Vec;
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use rand_core::CryptoRngCore;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretBox};
 use serde::{Deserialize, Serialize};
 
 use super::super::{
@@ -733,8 +734,8 @@ impl<P: SchemeParams, I: Debug + Clone + Ord + Serialize> FinalizableToResult<I>
 
             return Ok(PresigningData {
                 nonce,
-                ephemeral_scalar_share: Secret::new(self.context.k),
-                product_share: Secret::new(P::scalar_from_signed(&self.chi)),
+                ephemeral_scalar_share: SecretBox::new(Box::new(self.context.k)),
+                product_share: SecretBox::new(Box::new(P::scalar_from_signed(&self.chi))),
                 product_share_nonreduced: self.chi,
                 cap_k: self.all_cap_k[&my_id].clone(),
                 values,

synedrion/src/curve/arithmetic.rs

@@ -24,7 +24,7 @@ use k256::{
     Secp256k1,
 };
 use rand_core::CryptoRngCore;
-use secrecy::{CloneableSecret, DebugSecret, SerializableSecret};
+use secrecy::{CloneableSecret, SerializableSecret};
 use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use zeroize::DefaultIsZeroes;
 
@@ -164,8 +164,6 @@ impl<'de> Deserialize<'de> for Scalar {
 
 impl DefaultIsZeroes for Scalar {}
 
-impl DebugSecret for Scalar {}
-
 impl CloneableSecret for Scalar {}
 
 impl SerializableSecret for Scalar {}

synedrion/src/paillier/keys.rs

@@ -1,7 +1,6 @@
-use core::fmt::{self, Debug};
+use core::fmt::Debug;
 
 use rand_core::CryptoRngCore;
-use secrecy::DebugSecret;
 use serde::{Deserialize, Serialize};
 use zeroize::ZeroizeOnDrop;
 
@@ -12,20 +11,12 @@ use crate::uint::{
     RandomPrimeWithRng, Retrieve, Signed, UintLike, UintModLike,
 };
 
-#[derive(Clone, Serialize, Deserialize, ZeroizeOnDrop)]
+#[derive(Clone, Debug, Serialize, Deserialize, ZeroizeOnDrop)]
 pub(crate) struct SecretKeyPaillier<P: PaillierParams> {
     p: P::HalfUint,
     q: P::HalfUint,
 }
 
-impl<P: PaillierParams> DebugSecret for SecretKeyPaillier<P> {}
-
-impl<P: PaillierParams> Debug for SecretKeyPaillier<P> {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
-        Self::debug_secret(f)
-    }
-}
-
 impl<P: PaillierParams> SecretKeyPaillier<P> {
     pub fn random(rng: &mut impl CryptoRngCore) -> Self {
         let p = P::HalfUint::generate_safe_prime_with_rng(rng, Some(P::PRIME_BITS));

synedrion/src/sessions/type_erased.rs

@@ -18,15 +18,16 @@ use crate::rounds::{
 };
 
 pub(crate) fn serialize_message(message: &impl Serialize) -> Result<Box<[u8]>, LocalError> {
-    bincode::serialize(message)
+    bincode::serde::encode_to_vec(message, bincode::config::legacy())
         .map(|serialized| serialized.into_boxed_slice())
         .map_err(|err| LocalError(format!("Failed to serialize: {err:?}")))
 }
 
 pub(crate) fn deserialize_message<M: for<'de> Deserialize<'de>>(
     message_bytes: &[u8],
 ) -> Result<M, String> {
-    bincode::deserialize(message_bytes).map_err(|err| err.to_string())
+    bincode::serde::decode_borrowed_from_slice(message_bytes, bincode::config::legacy())
+        .map_err(|err| err.to_string())
 }
 
 pub(crate) enum FinalizeOutcome<I, Res: ProtocolResult> {

synedrion/src/www02/entities.rs

@@ -1,3 +1,4 @@
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::vec::Vec;
 use core::fmt::Debug;
@@ -6,7 +7,7 @@ use core::marker::PhantomData;
 use bip32::{DerivationPath, PrivateKey, PrivateKeyBytes, PublicKey};
 use k256::ecdsa::{SigningKey, VerifyingKey};
 use rand_core::CryptoRngCore;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretBox};
 use serde::{Deserialize, Serialize};
 
 use crate::cggmp21::{KeyShare, SchemeParams};
@@ -22,7 +23,7 @@ use crate::tools::sss::{
 pub struct ThresholdKeyShare<P: SchemeParams, I: Ord> {
     pub(crate) owner: I,
     pub(crate) threshold: u32,
-    pub(crate) secret_share: Secret<Scalar>,
+    pub(crate) secret_share: SecretBox<Scalar>,
     pub(crate) share_ids: BTreeMap<I, ShareId>,
     pub(crate) public_shares: BTreeMap<I, Point>,
     // TODO (#27): this won't be needed when Scalar/Point are a part of `P`
@@ -74,7 +75,7 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> ThresholdKeyShare<P, I
                     Self {
                         owner: id.clone(),
                         threshold: threshold as u32,
-                        secret_share: Secret::new(secret_shares[&share_ids[id]]),
+                        secret_share: SecretBox::new(Box::new(secret_shares[&share_ids[id]])),
                         share_ids: share_ids.clone(),
                         public_shares: public_shares.clone(),
                         phantom: PhantomData,
@@ -113,9 +114,9 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> ThresholdKeyShare<P, I
             .map(|id| (id.clone(), self.share_ids[id]))
             .collect::<BTreeMap<_, _>>();
 
-        let secret_share = Secret::new(
+        let secret_share = SecretBox::new(Box::new(
             self.secret_share.expose_secret() * &interpolation_coeff(share_ids.values(), &share_id),
-        );
+        ));
         let public_shares = ids
             .iter()
             .map(|id| {
@@ -144,12 +145,12 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> ThresholdKeyShare<P, I
             .zip((1..=ids.len()).map(ShareId::new))
             .collect::<BTreeMap<_, _>>();
 
-        let secret_share = Secret::new(
+        let secret_share = SecretBox::new(Box::new(
             key_share.secret_share.expose_secret()
                 * &interpolation_coeff(share_ids.values(), &share_ids[key_share.owner()])
                     .invert()
                     .unwrap(),
-        );
+        ));
         let public_shares = ids
             .iter()
             .map(|id| {
@@ -182,10 +183,9 @@ impl<P: SchemeParams, I: Clone + Ord + PartialEq + Debug> ThresholdKeyShare<P, I
             .expose_secret()
             .to_signing_key()
             .ok_or(bip32::Error::Crypto)?;
-        let secret_share = Secret::new(Scalar::from_signing_key(&apply_tweaks_private(
-            secret_share,
-            &tweaks,
-        )?));
+        let secret_share = SecretBox::new(Box::new(Scalar::from_signing_key(
+            &apply_tweaks_private(secret_share, &tweaks)?,
+        )));
 
         let public_shares = self
             .public_shares

synedrion/src/www02/key_resharing.rs

@@ -5,14 +5,15 @@
 //! <https://doi.org/10.1109/SISW.2002.1183515>
 //! (Specifically, REDIST protocol).
 
+use alloc::boxed::Box;
 use alloc::collections::{BTreeMap, BTreeSet};
 use alloc::vec::Vec;
 use core::fmt::Debug;
 use core::marker::PhantomData;
 
 use k256::ecdsa::VerifyingKey;
 use rand_core::CryptoRngCore;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::{ExposeSecret, SecretBox};
 use serde::{Deserialize, Serialize};
 
 use super::ThresholdKeyShare;
@@ -349,7 +350,7 @@ impl<P: SchemeParams, I: Ord + Clone + Debug> FinalizableToResult<I> for Round1<
             .iter()
             .map(|id| (payloads[id].old_share_id, payloads[id].subshare))
             .collect::<BTreeMap<_, _>>();
-        let secret_share = Secret::new(shamir_join_scalars(subshares.iter()));
+        let secret_share = SecretBox::new(Box::new(shamir_join_scalars(subshares.iter())));
 
         // Generate the public shares of all the new holders.
         let public_shares = self