feat: bump MSRV to Rust 1.85 & update RustCrypto crates

.github/workflows/main.yml

@@ -19,22 +19,17 @@ jobs:
       - run: cargo build
 
   build_msrv:
-    name: build with MSRV (1.81)
+    name: build with MSRV (1.85)
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4.2.2
       # Re-resolve Cargo.lock with minimal versions.
-      # This only works with nightly. We pin to a specific version because
-      # newer versions use lock file version 4, but the MSRV cargo does not
-      # support that.
-      - uses: dtolnay/rust-toolchain@master
-        with:
-          toolchain: nightly-2024-09-20
+      - uses: dtolnay/rust-toolchain@nightly
       - run: cargo update -Z minimal-versions
       # Now check that `cargo build` works with respect to the oldest possible
       # deps and the stated MSRV
-      - uses: dtolnay/rust-toolchain@1.81
+      - uses: dtolnay/rust-toolchain@1.85
       - run: cargo build --all-features
 
   # TODO: this is filling up the disk space in CI. See if there is a way to
@@ -60,10 +55,9 @@ jobs:
   build_no_std:
     name: build with no_std
     runs-on: ubuntu-latest
-    # Skip ed448 which does not support it.
     strategy:
       matrix:
-        crate: [ristretto255, ed25519, p256, secp256k1, secp256k1-tr, rerandomized]
+        crate: [ed448, ristretto255, ed25519, p256, secp256k1, secp256k1-tr, rerandomized]
     steps:
     - uses: actions/checkout@v4.2.2
     - uses: dtolnay/rust-toolchain@master

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-resolver = "2"
+resolver = "3"
 members = [
     "frost-core",
     "frost-ed25519",
@@ -13,8 +13,8 @@ members = [
 ]
 
 [workspace.package]
-edition = "2021"
-rust-version = "1.81"
+edition = "2024"
+rust-version = "1.85"
 version = "2.2.0"
 authors = [
     "Deirdre Connolly <durumcrustulum@gmail.com>",
@@ -33,9 +33,9 @@ hex = { version  = "0.4.3", default-features = false, features = ["alloc"] }
 insta = { version = "1.31.0", features = ["yaml"] }
 lazy_static = "1.4"
 proptest = "1.0"
-rand = "0.8"
-rand_chacha = "0.3"
-rand_core = "0.6"
+rand = "0.9"
+rand_chacha = "0.9"
+rand_core = "0.9"
 serde_json = "1.0"
 
 frost-core = { path = "frost-core", version = "2.2.0", default-features = false }

frost-core/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 Entries are listed in reverse chronological order.
 
+## Unreleased
+
+* All crates from RustCrypto have been bumped to the latest versions,
+  version `rand` has been updated to `0.9`
+* MSRV has been bumped to Rust 1.85, making all crates no-std.
+  The `std` and `nightly` features were removed from all crates
+
 ## 2.2.0
 
 ### Security Fixes

frost-core/Cargo.toml

@@ -23,13 +23,12 @@ debugless-unwrap = "0.0.4"
 derive-getters = "0.5.0"
 hex.workspace = true
 postcard = { version = "1.0.0", features = ["alloc"], optional = true }
-rand_core = { version = "0.6", default-features = false }
+rand_core = { version = "0.9", default-features = false }
 serde = { version = "1.0.160", default-features = false, features = ["derive"], optional = true }
 serdect = { version = "0.2.0", optional = true }
 thiserror = { version = "2.0.3", default-features = false }
 visibility = "0.1.0"
 zeroize = { version = "1.5.4", default-features = false, features = ["derive"] }
-itertools = { version = "0.14.0", default-features = false }
 
 # Test dependencies used with the test-impl feature
 proptest = { version = "1.0", optional = true }

frost-core/src/lib.rs

@@ -272,13 +272,12 @@ where
     fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error> {
         let v: Vec<u8> = FromHex::from_hex(hex).map_err(|_| "invalid hex")?;
 
-        let ret = match v.as_slice().try_into() {
+        match v.as_slice().try_into() {
             Ok(bytes) => <<C::Group as Group>::Field>::deserialize(&bytes)
                 .map(|scalar| Self(scalar))
                 .map_err(|_| "malformed scalar encoding"),
             Err(_) => Err("malformed scalar encoding"),
-        };
-        ret
+        }
     }
 }
 

frost-core/src/signing_key.rs

@@ -1,7 +1,8 @@
 //! Schnorr signature signing keys
 
-use alloc::vec::Vec;
+use core::ops::DerefMut;
 
+use alloc::vec::Vec;
 use rand_core::{CryptoRng, RngCore};
 
 use crate::{
@@ -40,14 +41,14 @@ where
     }
 
     /// Create a signature `msg` using this `SigningKey`.
-    pub fn sign<R: RngCore + CryptoRng>(&self, rng: R, message: &[u8]) -> Signature<C> {
+    pub fn sign<R: RngCore + CryptoRng + DerefMut>(&self, rng: R, message: &[u8]) -> Signature<C> {
         <C>::single_sign(self, rng, message)
     }
 
     /// Create a signature `msg` using this `SigningKey` using the default
     /// signing.
     #[cfg_attr(feature = "internals", visibility::make(pub))]
-    pub(crate) fn default_sign<R: RngCore + CryptoRng>(
+    pub(crate) fn default_sign<R: RngCore + CryptoRng + DerefMut>(
         &self,
         mut rng: R,
         message: &[u8],

frost-core/src/traits.rs

@@ -2,7 +2,7 @@
 
 use core::{
     fmt::Debug,
-    ops::{Add, Mul, Sub},
+    ops::{Add, DerefMut, Mul, Sub},
 };
 
 use alloc::{borrow::Cow, collections::BTreeMap, vec::Vec};
@@ -233,7 +233,7 @@ pub trait Ciphersuite: Copy + PartialEq + Debug + 'static {
     /// if required which is useful if FROST signing has been changed by the
     /// other Ciphersuite trait methods and regular signing should be changed
     /// accordingly to match.
-    fn single_sign<R: RngCore + CryptoRng>(
+    fn single_sign<R: RngCore + CryptoRng + DerefMut>(
         signing_key: &SigningKey<Self>,
         rng: R,
         message: &[u8],

frost-ed25519/Cargo.toml

@@ -16,18 +16,18 @@ features = ["serde"]
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-curve25519-dalek = { version = "=4.1.3", features = ["rand_core"] }
+curve25519-dalek = { version = "5.0.0-pre.1", features = ["rand_core"] }
 document-features.workspace = true
 frost-core.workspace = true
 frost-rerandomized.workspace = true
 rand_core.workspace = true
-sha2 = { version = "0.10.2", default-features = false }
+sha2 = { version = "0.11.0-rc.2", default-features = false }
 
 [dev-dependencies]
 criterion.workspace = true
 frost-core = { workspace = true, features = ["test-impl"] }
 frost-rerandomized = { workspace = true, features = ["test-impl"] }
-ed25519-dalek = "2.1.0"
+ed25519-dalek = "3.0.0-pre.1"
 insta.workspace = true
 hex.workspace = true
 lazy_static.workspace = true

frost-ed25519/README.md

@@ -11,9 +11,10 @@ scenario in a single thread and it abstracts away any communication between peer
 ```rust
 # // ANCHOR: tkg_gen
 use frost_ed25519 as frost;
+use rand_core::TryRngCore;
 use std::collections::BTreeMap;
 
-let mut rng = rand::rngs::OsRng;
+let mut rng = rand::rngs::OsRng.unwrap_err();
 let max_signers = 5;
 let min_signers = 3;
 let (shares, pubkey_package) = frost::keys::generate_with_dealer(

frost-ed25519/benches/bench.rs

@@ -1,15 +1,16 @@
 use criterion::{criterion_group, criterion_main, Criterion};
 
 use frost_ed25519::*;
+use rand_core::TryRngCore;
 
 fn bench_ed25519_batch_verify(c: &mut Criterion) {
-    let mut rng = rand::rngs::OsRng;
+    let mut rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::benches::bench_batch_verify::<Ed25519Sha512, _>(c, "ed25519", &mut rng);
 }
 
 fn bench_ed25519_sign(c: &mut Criterion) {
-    let mut rng = rand::rngs::OsRng;
+    let mut rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::benches::bench_sign::<Ed25519Sha512, _>(c, "ed25519", &mut rng);
 }

frost-ed25519/dkg.md

@@ -26,12 +26,11 @@ they can proceed to sign messages with FROST.
 
 ```rust
 # // ANCHOR: dkg_import
-use std::collections::BTreeMap;
-
 use frost_ed25519 as frost;
+use rand_core::TryRngCore;
+use std::collections::BTreeMap;
 
-let mut rng = rand::rngs::OsRng;
-
+let mut rng = rand::rngs::OsRng.unwrap_err();
 let max_signers = 5;
 let min_signers = 3;
 # // ANCHOR_END: dkg_import

frost-ed25519/src/keys/repairable.rs

@@ -56,13 +56,11 @@ pub fn repair_share_step_3(
 
 #[cfg(test)]
 mod tests {
-
+    use crate::Ed25519Sha512;
     use lazy_static::lazy_static;
-
+    use rand_core::TryRngCore;
     use serde_json::Value;
 
-    use crate::Ed25519Sha512;
-
     lazy_static! {
         pub static ref REPAIR_SHARE: Value =
             serde_json::from_str(include_str!("../../tests/helpers/repair-share.json").trim())
@@ -71,7 +69,7 @@ mod tests {
 
     #[test]
     fn check_repair_share_step_1() {
-        let rng = rand::rngs::OsRng;
+        let rng = rand::rngs::OsRng.unwrap_err();
 
         frost_core::tests::repairable::check_repair_share_step_1::<Ed25519Sha512, _>(rng);
     }
@@ -83,7 +81,7 @@ mod tests {
 
     #[test]
     fn check_repair_share_step_3() {
-        let rng = rand::rngs::OsRng;
+        let rng = rand::rngs::OsRng.unwrap_err();
         frost_core::tests::repairable::check_repair_share_step_3::<Ed25519Sha512, _>(
             rng,
             &REPAIR_SHARE,
@@ -92,7 +90,7 @@ mod tests {
 
     #[test]
     fn check_repair_share_step_1_fails_with_invalid_min_signers() {
-        let rng = rand::rngs::OsRng;
+        let rng = rand::rngs::OsRng.unwrap_err();
         frost_core::tests::repairable::check_repair_share_step_1_fails_with_invalid_min_signers::<
             Ed25519Sha512,
             _,

frost-ed25519/src/tests/batch.rs

@@ -1,22 +1,23 @@
 use crate::*;
+use rand_core::TryRngCore;
 
 #[test]
 fn check_batch_verify() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::tests::batch::batch_verify::<Ed25519Sha512, _>(rng);
 }
 
 #[test]
 fn check_bad_batch_verify() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::tests::batch::bad_batch_verify::<Ed25519Sha512, _>(rng);
 }
 
 #[test]
 fn empty_batch_verify() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::tests::batch::empty_batch_verify::<Ed25519Sha512, _>(rng);
 }

frost-ed25519/src/tests/coefficient_commitment.rs

@@ -1,4 +1,5 @@
 use lazy_static::lazy_static;
+use rand_core::TryRngCore;
 use serde_json::Value;
 
 use crate::*;
@@ -12,7 +13,7 @@ lazy_static! {
 
 #[test]
 fn check_serialization_of_coefficient_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::coefficient_commitment::check_serialization_of_coefficient_commitment::<
         Ed25519Sha512,
         _,
@@ -21,7 +22,7 @@ fn check_serialization_of_coefficient_commitment() {
 
 #[test]
 fn check_create_coefficient_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::coefficient_commitment::check_create_coefficient_commitment::<
         Ed25519Sha512,
         _,
@@ -36,7 +37,7 @@ fn check_create_coefficient_commitment_error() {
 
 #[test]
 fn check_get_value_of_coefficient_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
 
     frost_core::tests::coefficient_commitment::check_get_value_of_coefficient_commitment::<
         Ed25519Sha512,

frost-ed25519/src/tests/vss_commitment.rs

@@ -1,4 +1,5 @@
 use lazy_static::lazy_static;
+use rand_core::TryRngCore;
 use serde_json::Value;
 
 use crate::*;
@@ -12,43 +13,43 @@ lazy_static! {
 
 #[test]
 fn check_serialize_vss_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_serialize_vss_commitment::<Ed25519Sha512, _>(rng);
 }
 
 #[test]
 fn check_serialize_whole_vss_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_serialize_whole_vss_commitment::<Ed25519Sha512, _>(
         rng,
     );
 }
 
 #[test]
 fn check_deserialize_vss_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_deserialize_vss_commitment::<Ed25519Sha512, _>(rng);
 }
 
 #[test]
 fn check_deserialize_whole_vss_commitment() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_deserialize_whole_vss_commitment::<Ed25519Sha512, _>(
         rng,
     );
 }
 
 #[test]
 fn check_deserialize_vss_commitment_error() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_deserialize_vss_commitment_error::<Ed25519Sha512, _>(
         rng, &ELEMENTS,
     );
 }
 
 #[test]
 fn check_deserialize_whole_vss_commitment_error() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_deserialize_whole_vss_commitment_error::<
         Ed25519Sha512,
         _,
@@ -57,6 +58,6 @@ fn check_deserialize_whole_vss_commitment_error() {
 
 #[test]
 fn check_compute_public_key_package() {
-    let rng = rand::rngs::OsRng;
+    let rng = rand::rngs::OsRng.unwrap_err();
     frost_core::tests::vss_commitment::check_compute_public_key_package::<Ed25519Sha512, _>(rng);
 }