add no-std support

2023-11-29 19:12:20 -03:00 · 2023-11-29 19:12:20 -03:00 · b255bb4b93
parent d048057a21
commit b255bb4b93
41 changed files with 171 additions and 104 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -24,6 +24,23 @@ jobs:
        with:
          command: build

+  build_no_std:
+    name: build with no_std
+    runs-on: ubuntu-latest
+    # Skip ed448 which does not support it.
+    strategy:
+      matrix:
+        crate: [ristretto255, ed25519, p256, secp256k1, rerandomized]
+    steps:
+    - uses: actions/checkout@v4.1.1
+    - uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: stable
+        targets: thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --no-default-features --target thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --target thumbv6m-none-eabi
+    - run: cargo build -p frost-${{ matrix.crate }} --features serde --target thumbv6m-none-eabi
+
  test_beta:
    name: test on beta
    runs-on: ubuntu-latest
--- a/frost-core/CHANGELOG.md
+++ b/frost-core/CHANGELOG.md
@ -4,6 +4,11 @@ Entries are listed in reverse chronological order.

 ## Unreleased

+* Add no-std support to all crates except frost-ed448. Note that you don't need
+  to use `default-features = false`; there is no `std` feature that is enabled
+  by default. Also note that it always links to an external `alloc` crate (i.e.
+  there is no `alloc` feature either).
+
 ## Released

 ## 1.0.0
--- a/frost-core/Cargo.toml
+++ b/frost-core/Cargo.toml
@ -22,20 +22,20 @@ features = ["serde"]
 rustdoc-args = ["--cfg", "docsrs"]

 [dependencies]
-byteorder = "1.4"
-const-crc32 = "1.2.0"
+byteorder = { version = "1.4", default-features = false }
+const-crc32 = { version = "1.2.0", package = "const-crc32-nostd" }
 document-features = "0.2.7"
 debugless-unwrap = "0.0.4"
 derive-getters = "0.3.0"
-hex = "0.4.3"
-postcard = { version = "1.0.0", features = ["use-std"], optional = true }
-rand_core = "0.6"
-serde = { version = "1.0.160", features = ["derive"], optional = true }
+hex = { version  = "0.4.3", default-features = false, features = ["alloc"] }
+postcard = { version = "1.0.0", features = ["alloc"], optional = true }
+rand_core = { version = "0.6", default-features = false }
+serde = { version = "1.0.160", default-features = false, features = ["derive"], optional = true }
 serdect = { version = "0.2.0", optional = true }
-thiserror = "1.0"
+thiserror = { version = "1.0", package = "thiserror-nostd-notrait", default-features = false }
 visibility = "0.1.0"
 zeroize = { version = "1.5.4", default-features = false, features = ["derive"] }
-itertools = "0.12.0"
+itertools = { version = "0.12.0", default-features = false }

 # Test dependencies used with the test-impl feature
 proptest = { version = "1.0", optional = true }
--- a/frost-core/src/batch.rs
+++ b/frost-core/src/batch.rs
@ -7,8 +7,6 @@
 //! of caller code (which must assemble a batch of signatures across
 //! work-items), and loss of the ability to easily pinpoint failing signatures.

-use std::iter::once;
-
 use rand_core::{CryptoRng, RngCore};

 use crate::{scalar_mul::VartimeMultiscalarMul, Ciphersuite, Element, *};
@ -132,7 +130,7 @@ where
            VKs.push(item.vk.element);
        }

-        let scalars = once(&P_coeff_acc)
+        let scalars = core::iter::once(&P_coeff_acc)
            .chain(VK_coeffs.iter())
            .chain(R_coeffs.iter());

@ -155,6 +153,8 @@ where
    C: Ciphersuite,
 {
    fn default() -> Self {
-        Self { signatures: vec![] }
+        Self {
+            signatures: Vec::new(),
+        }
    }
 }
--- a/frost-core/src/benches.rs
+++ b/frost-core/src/benches.rs
@ -1,10 +1,12 @@
 //! Ciphersuite-generic benchmark functions.
 #![allow(clippy::unwrap_used)]

-use std::collections::BTreeMap;
+use core::iter;
+
+use alloc::{collections::BTreeMap, format, vec::Vec};
+use rand_core::{CryptoRng, RngCore};

 use criterion::{BenchmarkId, Criterion, Throughput};
-use rand_core::{CryptoRng, RngCore};

 use crate as frost;
 use crate::{batch, Ciphersuite, Signature, SigningKey, VerifyingKey};
@ -18,7 +20,7 @@ fn sigs_with_distinct_keys<C: Ciphersuite, R: RngCore + CryptoRng + Clone>(
    rng: &mut R,
 ) -> impl Iterator<Item = Item<C>> {
    let mut rng = rng.clone();
-    std::iter::repeat_with(move || {
+    iter::repeat_with(move || {
        let msg = b"Bench";
        let sk = SigningKey::new(&mut rng);
        let vk = VerifyingKey::from(&sk);
--- a/frost-core/src/identifier.rs
+++ b/frost-core/src/identifier.rs
@ -1,6 +1,6 @@
 //! FROST participant identifiers

-use std::{
+use core::{
    fmt::{self, Debug},
    hash::{Hash, Hasher},
 };
@ -117,7 +117,7 @@ impl<C> Ord for Identifier<C>
 where
    C: Ciphersuite,
 {
-    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
+    fn cmp(&self, other: &Self) -> core::cmp::Ordering {
        let serialized_self = <<C::Group as Group>::Field>::little_endian_serialize(&self.0);
        let serialized_other = <<C::Group as Group>::Field>::little_endian_serialize(&other.0);
        // The default cmp uses lexicographic order; so we need the elements in big endian
@ -133,12 +133,12 @@ impl<C> PartialOrd for Identifier<C>
 where
    C: Ciphersuite,
 {
-    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
+    fn partial_cmp(&self, other: &Self) -> Option<core::cmp::Ordering> {
        Some(self.cmp(other))
    }
 }

-impl<C> std::ops::Mul<Scalar<C>> for Identifier<C>
+impl<C> core::ops::Mul<Scalar<C>> for Identifier<C>
 where
    C: Ciphersuite,
 {
@ -149,7 +149,7 @@ where
    }
 }

-impl<C> std::ops::MulAssign<Identifier<C>> for Scalar<C>
+impl<C> core::ops::MulAssign<Identifier<C>> for Scalar<C>
 where
    C: Ciphersuite,
 {
@ -158,7 +158,7 @@ where
    }
 }

-impl<C> std::ops::Sub for Identifier<C>
+impl<C> core::ops::Sub for Identifier<C>
 where
    C: Ciphersuite,
 {
--- a/frost-core/src/keys.rs
+++ b/frost-core/src/keys.rs
@ -1,12 +1,12 @@
 //! FROST keys, keygen, key shares
 #![allow(clippy::type_complexity)]

-use std::{
-    collections::{BTreeMap, BTreeSet, HashSet},
-    convert::TryFrom,
-    default::Default,
+use core::iter;
+
+use alloc::vec::Vec;
+use alloc::{
+    collections::{BTreeMap, BTreeSet},
    fmt::{self, Debug},
-    iter,
 };

 use derive_getters::Getters;
@ -17,11 +17,12 @@ use rand_core::{CryptoRng, RngCore};
 use zeroize::{DefaultIsZeroes, Zeroize};

 use crate::{
-    serialization::{Deserialize, Serialize},
-    Ciphersuite, Element, Error, Field, Group, Header, Identifier, Scalar, SigningKey,
-    VerifyingKey,
+    Ciphersuite, Element, Error, Field, Group, Header, Identifier, Scalar, SigningKey, VerifyingKey,
 };

+#[cfg(feature = "serialization")]
+use crate::serialization::{Deserialize, Serialize};
+
 #[cfg(feature = "serde")]
 use crate::serialization::{ElementSerialization, ScalarSerialization};

@ -126,7 +127,7 @@ impl<C> Debug for SigningShare<C>
 where
    C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_tuple("SigningShare").field(&"<redacted>").finish()
    }
 }
@ -325,7 +326,7 @@ impl<C> Debug for CoefficientCommitment<C>
 where
    C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_tuple("CoefficientCommitment")
            .field(&hex::encode(self.serialize()))
            .finish()
@ -900,7 +901,7 @@ pub(crate) fn generate_secret_shares<C: Ciphersuite>(
    let (coefficients, commitment) =
        generate_secret_polynomial(secret, max_signers, min_signers, coefficients)?;

-    let identifiers_set: HashSet<_> = identifiers.iter().collect();
+    let identifiers_set: BTreeSet<_> = identifiers.iter().collect();
    if identifiers_set.len() != identifiers.len() {
        return Err(Error::DuplicatedIdentifier);
    }
--- a/frost-core/src/keys/dkg.rs
+++ b/frost-core/src/keys/dkg.rs
@ -30,7 +30,9 @@
 //! [Feldman's VSS]: https://www.cs.umd.edu/~gasarch/TOPICS/secretsharing/feldmanVSS.pdf
 //! [secure broadcast channel]: https://frost.zfnd.org/terminology.html#broadcast-channel

-use std::{collections::BTreeMap, iter};
+use core::iter;
+
+use alloc::collections::BTreeMap;

 use rand_core::{CryptoRng, RngCore};

@ -39,6 +41,9 @@ use crate::{
    SigningKey, VerifyingKey,
 };

+#[cfg(feature = "serialization")]
+use crate::serialization::{Deserialize, Serialize};
+
 use super::{
    evaluate_polynomial, generate_coefficients, generate_secret_polynomial,
    validate_num_of_signers, KeyPackage, PublicKeyPackage, SecretShare, SigningShare,
@ -47,11 +52,10 @@ use super::{

 /// DKG Round 1 structures.
 pub mod round1 {
+    use alloc::vec::Vec;
    use derive_getters::Getters;
    use zeroize::Zeroize;

-    use crate::serialization::{Deserialize, Serialize};
-
    use super::*;

    /// The package that must be broadcast by each participant to all other participants
@ -135,11 +139,11 @@ pub mod round1 {
        }
    }

-    impl<C> std::fmt::Debug for SecretPackage<C>
+    impl<C> core::fmt::Debug for SecretPackage<C>
    where
        C: Ciphersuite,
    {
-        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
            f.debug_struct("SecretPackage")
                .field("identifier", &self.identifier)
                .field("coefficients", &"<redacted>")
@ -167,7 +171,8 @@ pub mod round2 {
    use derive_getters::Getters;
    use zeroize::Zeroize;

-    use crate::serialization::{Deserialize, Serialize};
+    #[cfg(feature = "serialization")]
+    use alloc::vec::Vec;

    use super::*;

@ -239,11 +244,11 @@ pub mod round2 {
        pub(crate) max_signers: u16,
    }

-    impl<C> std::fmt::Debug for SecretPackage<C>
+    impl<C> core::fmt::Debug for SecretPackage<C>
    where
        C: Ciphersuite,
    {
-        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
            f.debug_struct("SecretPackage")
                .field("identifier", &self.identifier)
                .field("commitment", &self.commitment)
--- a/frost-core/src/keys/repairable.rs
+++ b/frost-core/src/keys/repairable.rs
@ -4,7 +4,9 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::{BTreeMap, BTreeSet};
+use alloc::collections::{BTreeMap, BTreeSet};
+
+use alloc::vec::Vec;

 use crate::{
    compute_lagrange_coefficient, Ciphersuite, CryptoRng, Error, Field, Group, Header, Identifier,
--- a/frost-core/src/lib.rs
+++ b/frost-core/src/lib.rs
@ -1,3 +1,4 @@
+#![no_std]
 #![allow(non_snake_case)]
 // It's emitting false positives; see https://github.com/rust-lang/rust-clippy/issues/9413
 #![allow(clippy::derive_partial_eq_without_eq)]
@ -10,11 +11,15 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]

-use std::{
+#[macro_use]
+extern crate alloc;
+
+use core::marker::PhantomData;
+
+use alloc::{
    collections::{BTreeMap, BTreeSet},
-    default::Default,
    fmt::{self, Debug},
-    marker::PhantomData,
+    vec::Vec,
 };

 use derive_getters::Getters;
@ -87,7 +92,7 @@ impl<C> Debug for Challenge<C>
 where
    C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_tuple("Secret")
            .field(&hex::encode(<<C::Group as Group>::Field>::serialize(
                &self.0,
@ -111,7 +116,7 @@ fn challenge<C>(R: &Element<C>, verifying_key: &VerifyingKey<C>, msg: &[u8]) ->
 where
    C: Ciphersuite,
 {
-    let mut preimage = vec![];
+    let mut preimage = Vec::new();

    preimage.extend_from_slice(<C::Group>::serialize(R).as_ref());
    preimage.extend_from_slice(<C::Group>::serialize(&verifying_key.element).as_ref());
@ -153,7 +158,7 @@ struct Header<C: Ciphersuite> {
        serde(deserialize_with = "crate::serialization::ciphersuite_deserialize::<_, C>")
    )]
    ciphersuite: (),
-    #[serde(skip)]
+    #[cfg_attr(feature = "serde", serde(skip))]
    phantom: PhantomData<C>,
 }

@ -404,7 +409,7 @@ where
        verifying_key: &VerifyingKey<C>,
        additional_prefix: &[u8],
    ) -> Vec<(Identifier<C>, Vec<u8>)> {
-        let mut binding_factor_input_prefix = vec![];
+        let mut binding_factor_input_prefix = Vec::new();

        // The length of a serialized verifying key of the same cipersuite does
        // not change between runs of the protocol, so we don't need to hash to
@ -423,7 +428,7 @@ where
        self.signing_commitments()
            .keys()
            .map(|identifier| {
-                let mut binding_factor_input = vec![];
+                let mut binding_factor_input = Vec::new();

                binding_factor_input.extend_from_slice(&binding_factor_input_prefix);
                binding_factor_input.extend_from_slice(identifier.serialize().as_ref());
--- a/frost-core/src/round1.rs
+++ b/frost-core/src/round1.rs
@ -1,10 +1,11 @@
 //! FROST Round 1 functionality and types

-use std::{
+use alloc::{
    collections::BTreeMap,
    fmt::{self, Debug},
 };

+use alloc::vec::Vec;
 use derive_getters::Getters;
 #[cfg(any(test, feature = "test-impl"))]
 use hex::FromHex;
@ -12,11 +13,10 @@ use hex::FromHex;
 use rand_core::{CryptoRng, RngCore};
 use zeroize::Zeroize;

-use crate as frost;
-use crate::{
-    serialization::{Deserialize, Serialize},
-    Ciphersuite, Element, Error, Field, Group, Header, Scalar,
-};
+use crate::{Ciphersuite, Element, Error, Field, Group, Header, Scalar};
+
+#[cfg(feature = "serialization")]
+use crate::serialization::{Deserialize, Serialize};

 #[cfg(feature = "serde")]
 use crate::serialization::{ElementSerialization, ScalarSerialization};
@ -295,7 +295,7 @@ impl<C> Debug for SigningNonces<C>
 where
    C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("SigningNonces")
            .field("hiding", &"<redacted>")
            .field("binding", &"<redacted>")
@ -353,11 +353,12 @@ where
    /// Computes the [signature commitment share] from these round one signing commitments.
    ///
    /// [signature commitment share]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#name-signature-share-verificatio
+    #[cfg(feature = "cheater-detection")]
    #[cfg_attr(feature = "internals", visibility::make(pub))]
    #[cfg_attr(docsrs, doc(cfg(feature = "internals")))]
    pub(super) fn to_group_commitment_share(
        self,
-        binding_factor: &frost::BindingFactor<C>,
+        binding_factor: &crate::BindingFactor<C>,
    ) -> GroupCommitmentShare<C> {
        GroupCommitmentShare::<C>(self.hiding.0 + (self.binding.0 * binding_factor.0))
    }
--- a/frost-core/src/round2.rs
+++ b/frost-core/src/round2.rs
@ -1,6 +1,6 @@
 //! FROST Round 2 functionality and types, for signature share generation

-use std::fmt::{self, Debug};
+use core::fmt::{self, Debug};

 use crate as frost;
 use crate::{
@ -81,6 +81,7 @@ where
    /// This is the final step of [`verify_signature_share`] from the spec.
    ///
    /// [`verify_signature_share`]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#name-signature-share-verificatio
+    #[cfg(feature = "cheater-detection")]
    #[cfg_attr(feature = "internals", visibility::make(pub))]
    #[cfg_attr(docsrs, doc(cfg(feature = "internals")))]
    pub(crate) fn verify(
--- a/frost-core/src/scalar_mul.rs
+++ b/frost-core/src/scalar_mul.rs
@ -4,12 +4,14 @@
 // constraints.
 #![allow(clippy::indexing_slicing)]

-use std::{
+use core::{
    borrow::Borrow,
    fmt::{Debug, Result},
    marker::PhantomData,
 };

+use alloc::vec::Vec;
+
 use crate::{Ciphersuite, Element, Field, Group, Scalar};

 /// Calculates the quotient of `self` and `rhs`, rounding the result towards positive infinity.
@ -243,7 +245,7 @@ impl<C: Ciphersuite, T: Copy> LookupTable5<C, T> {
 }

 impl<C: Ciphersuite, T: Debug> Debug for LookupTable5<C, T> {
-    fn fmt(&self, f: &mut std::fmt::Formatter) -> Result {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> Result {
        write!(f, "LookupTable5({:?})", self.bytes)
    }
 }
--- a/frost-core/src/serialization.rs
+++ b/frost-core/src/serialization.rs
@ -1,6 +1,13 @@
 //! Serialization support.

-use crate::{Ciphersuite, Error, Field, Group};
+#[cfg(feature = "serialization")]
+use alloc::vec::Vec;
+
+#[cfg(feature = "serialization")]
+use crate::Error;
+
+#[cfg(feature = "serde")]
+use crate::{Ciphersuite, Field, Group};

 #[cfg(feature = "serde")]
 #[cfg_attr(feature = "internals", visibility::make(pub))]
@ -89,6 +96,7 @@ where

 // The short 4-byte ID. Derived as the CRC-32 of the UTF-8
 // encoded ID in big endian format.
+#[cfg(feature = "serde")]
 const fn short_id<C>() -> [u8; 4]
 where
    C: Ciphersuite,
@ -120,7 +128,7 @@ where
    C: Ciphersuite,
 {
    if deserializer.is_human_readable() {
-        let s: String = serde::de::Deserialize::deserialize(deserializer)?;
+        let s: alloc::string::String = serde::de::Deserialize::deserialize(deserializer)?;
        if s != C::ID {
            Err(serde::de::Error::custom("wrong ciphersuite"))
        } else {
@ -172,13 +180,13 @@ pub(crate) trait Deserialize<C: Ciphersuite> {
    /// Deserialize the struct from a slice of bytes.
    fn deserialize(bytes: &[u8]) -> Result<Self, Error<C>>
    where
-        Self: std::marker::Sized;
+        Self: core::marker::Sized;
 }

 #[cfg(feature = "serialization")]
 impl<T: serde::Serialize, C: Ciphersuite> Serialize<C> for T {
    fn serialize(&self) -> Result<Vec<u8>, Error<C>> {
-        postcard::to_stdvec(self).map_err(|_| Error::SerializationError)
+        postcard::to_allocvec(self).map_err(|_| Error::SerializationError)
    }
 }

--- a/frost-core/src/signature.rs
+++ b/frost-core/src/signature.rs
@ -1,5 +1,6 @@
 //! Schnorr signatures over prime order groups (or subgroups)

+use alloc::vec::Vec;
 use debugless_unwrap::DebuglessUnwrap;

 use crate::{Ciphersuite, Element, Error, Field, Group, Scalar};
@ -72,7 +73,7 @@ where

    /// Converts this signature to its [`Ciphersuite::SignatureSerialization`] in bytes.
    pub fn serialize(&self) -> C::SignatureSerialization {
-        let mut bytes = vec![];
+        let mut bytes = Vec::<u8>::new();

        bytes.extend(<C::Group>::serialize(&self.R).as_ref());
        bytes.extend(<<C::Group as Group>::Field>::serialize(&self.z).as_ref());
@ -117,8 +118,8 @@ where
    }
 }

-impl<C: Ciphersuite> std::fmt::Debug for Signature<C> {
-    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+impl<C: Ciphersuite> core::fmt::Debug for Signature<C> {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
        f.debug_struct("Signature")
            .field("R", &hex::encode(<C::Group>::serialize(&self.R).as_ref()))
            .field(
--- a/frost-core/src/signing_key.rs
+++ b/frost-core/src/signing_key.rs
@ -70,11 +70,11 @@ where
    }
 }

-impl<C> std::fmt::Debug for SigningKey<C>
+impl<C> core::fmt::Debug for SigningKey<C>
 where
    C: Ciphersuite,
 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_tuple("SigningKey").field(&"<redacted>").finish()
    }
 }
--- a/frost-core/src/tests/ciphersuite_generic.rs
+++ b/frost-core/src/tests/ciphersuite_generic.rs
@ -1,12 +1,14 @@
 //! Ciphersuite-generic test functions.
 #![allow(clippy::type_complexity)]

-use std::{collections::BTreeMap, convert::TryFrom};
+use alloc::collections::BTreeMap;

 use crate as frost;
 use crate::{
    keys::PublicKeyPackage, Error, Field, Group, Identifier, Signature, SigningKey, VerifyingKey,
 };
+use alloc::borrow::ToOwned;
+use alloc::vec::Vec;
 use rand_core::{CryptoRng, RngCore};

 use crate::Ciphersuite;
@ -365,7 +367,7 @@ pub fn check_sign_with_dkg<C: Ciphersuite + PartialEq, R: RngCore + CryptoRng>(
    mut rng: R,
 ) -> (Vec<u8>, Signature<C>, VerifyingKey<C>)
 where
-    C::Group: std::cmp::PartialEq,
+    C::Group: core::cmp::PartialEq,
 {
    ////////////////////////////////////////////////////////////////////////////
    // Key generation, Round 1
--- a/frost-core/src/tests/coefficient_commitment.rs
+++ b/frost-core/src/tests/coefficient_commitment.rs
@ -1,7 +1,5 @@
 //! CoefficientCommitment functions

-use std::convert::TryFrom;
-
 use crate as frost;
 use crate::{keys::CoefficientCommitment, tests::helpers::generate_element, Group};
 use debugless_unwrap::DebuglessUnwrap;
--- a/frost-core/src/tests/repairable.rs
+++ b/frost-core/src/tests/repairable.rs
@ -1,6 +1,6 @@
 //! Test for Repairable Threshold Scheme

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 use debugless_unwrap::DebuglessUnwrap;
 use rand_core::{CryptoRng, RngCore};
--- a/frost-core/src/tests/vectors.rs
+++ b/frost-core/src/tests/vectors.rs
@ -1,5 +1,5 @@
 //! Helper function for testing with test vectors.
-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 use debugless_unwrap::DebuglessUnwrap;
 use hex::{self, FromHex};
--- a/frost-core/src/tests/vectors_dkg.rs
+++ b/frost-core/src/tests/vectors_dkg.rs
@ -1,5 +1,5 @@
 //! Helper function for testing with test vectors.
-use std::collections::BTreeMap;
+use alloc::{collections::BTreeMap, string::ToString};

 use debugless_unwrap::DebuglessUnwrap;
 use hex::{self};
--- a/frost-core/src/tests/vss_commitment.rs
+++ b/frost-core/src/tests/vss_commitment.rs
@ -1,7 +1,5 @@
 //! VerifiableSecretSharingCommitment functions

-use std::convert::TryFrom;
-
 use crate::{
    keys::{CoefficientCommitment, VerifiableSecretSharingCommitment},
    tests::helpers::generate_element,
--- a/frost-core/src/traits.rs
+++ b/frost-core/src/traits.rs
@ -1,10 +1,11 @@
 //! Traits used to abstract Ciphersuites.

-use std::{
+use core::{
    fmt::Debug,
    ops::{Add, Mul, Sub},
 };

+use alloc::vec::Vec;
 use rand_core::{CryptoRng, RngCore};

 use crate::{Error, FieldError, GroupError, Signature, VerifyingKey};
--- a/frost-core/src/verifying_key.rs
+++ b/frost-core/src/verifying_key.rs
@ -1,4 +1,7 @@
-use std::fmt::{self, Debug};
+use core::fmt::{self, Debug};
+
+#[cfg(any(test, feature = "test-impl"))]
+use alloc::vec::Vec;

 #[cfg(any(test, feature = "test-impl"))]
 use hex::FromHex;
--- a/frost-ed25519/Cargo.toml
+++ b/frost-ed25519/Cargo.toml
@ -28,7 +28,7 @@ document-features = "0.2.7"
 frost-core = { path = "../frost-core", version = "1.0.0" }
 frost-rerandomized = { path = "../frost-rerandomized", version = "1.0.0" }
 rand_core = "0.6"
-sha2 = "0.10.2"
+sha2 = { version = "0.10.2", default-features = false }

 [dev-dependencies]
 criterion = "0.5"
--- a/frost-ed25519/src/keys/repairable.rs
+++ b/frost-ed25519/src/keys/repairable.rs
@ -4,7 +4,7 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 // This is imported separately to make `gencode` work.
 // (if it were below, the position of the import would vary between ciphersuites
--- a/frost-ed25519/src/lib.rs
+++ b/frost-ed25519/src/lib.rs
@ -1,3 +1,4 @@
+#![no_std]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -5,7 +6,9 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]

-use std::collections::BTreeMap;
+extern crate alloc;
+
+use alloc::collections::BTreeMap;

 use curve25519_dalek::{
    constants::ED25519_BASEPOINT_POINT,
@ -227,8 +230,6 @@ pub type Identifier = frost::Identifier<E>;

 /// FROST(Ed25519, SHA-512) keys, key generation, key shares.
 pub mod keys {
-    use std::collections::BTreeMap;
-
    use super::*;

    /// The identifier list to use when generating key shares.
--- a/frost-ed448/Cargo.toml
+++ b/frost-ed448/Cargo.toml
@ -27,7 +27,7 @@ ed448-goldilocks = { version = "0.9.0" }
 frost-core = { path = "../frost-core", version = "1.0.0" }
 frost-rerandomized = { path = "../frost-rerandomized", version = "1.0.0" }
 rand_core = "0.6"
-sha3 = "0.10.6"
+sha3 = { version = "0.10.6", default-features = false }

 [dev-dependencies]
 criterion = "0.5"
--- a/frost-ed448/src/keys/repairable.rs
+++ b/frost-ed448/src/keys/repairable.rs
@ -4,7 +4,7 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 // This is imported separately to make `gencode` work.
 // (if it were below, the position of the import would vary between ciphersuites
--- a/frost-ed448/src/lib.rs
+++ b/frost-ed448/src/lib.rs
@ -5,6 +5,8 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]

+extern crate alloc;
+
 use std::collections::BTreeMap;

 use ed448_goldilocks::{
--- a/frost-p256/Cargo.toml
+++ b/frost-p256/Cargo.toml
@ -24,11 +24,11 @@ rustdoc-args = ["--cfg", "docsrs"]

 [dependencies]
 document-features = "0.2.7"
-p256 = { version = "0.13.0", features = ["hash2curve"] }
+p256 = { version = "0.13.0", features = ["hash2curve"], default-features = false }
 frost-core = { path = "../frost-core", version = "1.0.0" }
 frost-rerandomized = { path = "../frost-rerandomized", version = "1.0.0" }
 rand_core = "0.6"
-sha2 = "0.10.2"
+sha2 = { version = "0.10.2", default-features = false }

 [dev-dependencies]
 criterion = "0.5"
--- a/frost-p256/src/keys/repairable.rs
+++ b/frost-p256/src/keys/repairable.rs
@ -4,7 +4,7 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 // This is imported separately to make `gencode` work.
 // (if it were below, the position of the import would vary between ciphersuites
--- a/frost-p256/src/lib.rs
+++ b/frost-p256/src/lib.rs
@ -1,3 +1,4 @@
+#![no_std]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -5,7 +6,10 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]

-use std::collections::BTreeMap;
+extern crate alloc;
+
+use alloc::borrow::ToOwned;
+use alloc::collections::BTreeMap;

 use frost_rerandomized::RandomizedCiphersuite;
 use p256::{
@ -252,8 +256,6 @@ type P = P256Sha256;
 pub type Identifier = frost::Identifier<P>;
 /// FROST(P-256, SHA-256) keys, key generation, key shares.
 pub mod keys {
-    use std::collections::BTreeMap;
-
    use super::*;

    /// The identifier list to use when generating key shares.
--- a/frost-rerandomized/src/lib.rs
+++ b/frost-rerandomized/src/lib.rs
@ -9,12 +9,15 @@
 //! - Each participant should call [`sign`] and send the resulting
 //!   [`frost::round2::SignatureShare`] back to the Coordinator;
 //! - The Coordinator should then call [`aggregate`].
+#![no_std]
 #![allow(non_snake_case)]

+extern crate alloc;
+
 #[cfg(any(test, feature = "test-impl"))]
 pub mod tests;

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 use derive_getters::Getters;
 pub use frost_core;
--- a/frost-rerandomized/src/tests.rs
+++ b/frost-rerandomized/src/tests.rs
@ -1,6 +1,8 @@
 //! Ciphersuite-generic test functions for re-randomized FROST.

-use std::collections::BTreeMap;
+use alloc::borrow::ToOwned;
+use alloc::collections::BTreeMap;
+use alloc::vec::Vec;

 use crate::{frost_core as frost, RandomizedCiphersuite, RandomizedParams, Randomizer};
 use frost_core::{Field, Group, Signature, SigningPackage, VerifyingKey};
--- a/frost-ristretto255/Cargo.toml
+++ b/frost-ristretto255/Cargo.toml
@ -24,7 +24,7 @@ document-features = "0.2.7"
 frost-core = { path = "../frost-core", version = "1.0.0" }
 frost-rerandomized = { path = "../frost-rerandomized", version = "1.0.0" }
 rand_core = "0.6"
-sha2 = "0.10.2"
+sha2 = { version = "0.10.2", default-features = false }

 [dev-dependencies]
 criterion = { version = "0.5", features = ["html_reports"] }
--- a/frost-ristretto255/src/keys/repairable.rs
+++ b/frost-ristretto255/src/keys/repairable.rs
@ -4,7 +4,7 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 // This is imported separately to make `gencode` work.
 // (if it were below, the position of the import would vary between ciphersuites
--- a/frost-ristretto255/src/lib.rs
+++ b/frost-ristretto255/src/lib.rs
@ -1,8 +1,11 @@
+#![no_std]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![doc = include_str!("../README.md")]

-use std::collections::BTreeMap;
+extern crate alloc;
+
+use alloc::collections::BTreeMap;

 use curve25519_dalek::{
    constants::RISTRETTO_BASEPOINT_POINT,
@ -214,7 +217,6 @@ pub type Identifier = frost::Identifier<R>;
 /// FROST(ristretto255, SHA-512) keys, key generation, key shares.
 pub mod keys {
    use super::*;
-    use std::collections::BTreeMap;

    /// The identifier list to use when generating key shares.
    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, R>;
--- a/frost-secp256k1/Cargo.toml
+++ b/frost-secp256k1/Cargo.toml
@ -25,9 +25,9 @@ rustdoc-args = ["--cfg", "docsrs"]
 document-features = "0.2.7"
 frost-core = { path = "../frost-core", version = "1.0.0" }
 frost-rerandomized = { path = "../frost-rerandomized", version = "1.0.0" }
-k256 = { version = "0.13.0", features = ["arithmetic", "expose-field", "hash2curve"] }
+k256 = { version = "0.13.0", features = ["arithmetic", "expose-field", "hash2curve"], default-features = false }
 rand_core = "0.6"
-sha2 = "0.10.2"
+sha2 = { version = "0.10.2", default-features = false }

 [dev-dependencies]
 criterion = "0.5"
--- a/frost-secp256k1/src/keys/repairable.rs
+++ b/frost-secp256k1/src/keys/repairable.rs
@ -4,7 +4,7 @@
 //! The RTS is used to help a signer (participant) repair their lost share. This is achieved
 //! using a subset of the other signers know here as `helpers`.

-use std::collections::BTreeMap;
+use alloc::collections::BTreeMap;

 // This is imported separately to make `gencode` work.
 // (if it were below, the position of the import would vary between ciphersuites
--- a/frost-secp256k1/src/lib.rs
+++ b/frost-secp256k1/src/lib.rs
@ -1,3 +1,4 @@
+#![no_std]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@ -5,7 +6,10 @@
 #![doc = include_str!("../README.md")]
 #![doc = document_features::document_features!()]

-use std::collections::BTreeMap;
+extern crate alloc;
+
+use alloc::borrow::ToOwned;
+use alloc::collections::BTreeMap;

 use frost_rerandomized::RandomizedCiphersuite;
 use k256::{
@ -253,7 +257,6 @@ pub type Identifier = frost::Identifier<S>;
 /// FROST(secp256k1, SHA-256) keys, key generation, key shares.
 pub mod keys {
    use super::*;
-    use std::collections::BTreeMap;

    /// The identifier list to use when generating key shares.
    pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, S>;