From 97339b0a9ebe7b969d9469c9795e0b1fc71a541e Mon Sep 17 00:00:00 2001
From: Conrado Gouvea <conradoplg@gmail.com>
Date: Tue, 19 Nov 2024 10:29:38 -0300
Subject: [PATCH 1/2] secp256k1-tr: fix no-std support

---
 frost-ed25519/dkg.md          |  2 +-
 frost-ed448/dkg.md            |  2 +-
 frost-secp256k1-tr/Cargo.toml | 13 ++++++-------
 frost-secp256k1-tr/dkg.md     |  2 +-
 frost-secp256k1-tr/src/lib.rs | 12 +++++++-----
 frost-secp256k1/dkg.md        |  2 +-
 6 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/frost-ed25519/dkg.md b/frost-ed25519/dkg.md
index 797422c7..19e24339 100644
--- a/frost-ed25519/dkg.md
+++ b/frost-ed25519/dkg.md
@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds
diff --git a/frost-ed448/dkg.md b/frost-ed448/dkg.md
index 2d60b14d..6471d764 100644
--- a/frost-ed448/dkg.md
+++ b/frost-ed448/dkg.md
@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds
diff --git a/frost-secp256k1-tr/Cargo.toml b/frost-secp256k1-tr/Cargo.toml
index 99d93687..d769c495 100644
--- a/frost-secp256k1-tr/Cargo.toml
+++ b/frost-secp256k1-tr/Cargo.toml
@@ -4,7 +4,7 @@ edition = "2021"
 # When releasing to crates.io:
 # - Update CHANGELOG.md
 # - Create git tag.
-version = "2.0.0-rc.0"
+version = "2.0.0"
 authors = [
     "Deirdre Connolly <durumcrustulum@gmail.com>",
     "Chelsea Komlo <me@chelseakomlo.com>",
@@ -23,17 +23,16 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
 document-features = "0.2.7"
-frost-core = { path = "../frost-core", version = "2.0.0-rc.0", default-features = false }
-frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0-rc.0", default-features = false }
+frost-core = { path = "../frost-core", version = "2.0.0", default-features = false }
+frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0", default-features = false }
 k256 = { version = "0.13.0", features = ["arithmetic", "expose-field", "hash2curve"], default-features = false }
-serde = { version = "1.0.160", features = ["derive"], optional = true }
 rand_core = "0.6"
 sha2 = { version = "0.10.2", default-features = false }
 
 [dev-dependencies]
 criterion = "0.5"
-frost-core = { path = "../frost-core", version = "2.0.0-rc.0", features = ["test-impl"] }
-frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0-rc.0", features = ["test-impl"] }
+frost-core = { path = "../frost-core", version = "2.0.0", features = ["test-impl"] }
+frost-rerandomized = { path = "../frost-rerandomized", version = "2.0.0", features = ["test-impl"] }
 insta = { version = "1.31.0", features = ["yaml"] }
 hex = { version  = "0.4.3", default-features = false, features = ["alloc"] }
 lazy_static = "1.4"
@@ -52,7 +51,7 @@ std = ["frost-core/std"]
 ## Enable `serde` support for types that need to be communicated. You
 ## can use `serde` to serialize structs with any encoder that supports
 ## `serde` (e.g. JSON with `serde_json`).
-serde = ["frost-core/serde", "dep:serde"]
+serde = ["frost-core/serde"]
 ## Enable a default serialization format. Enables `serde`.
 serialization = ["serde", "frost-core/serialization", "frost-rerandomized/serialization"]
 ## Enable cheater detection
diff --git a/frost-secp256k1-tr/dkg.md b/frost-secp256k1-tr/dkg.md
index 217cbc99..9643d37b 100644
--- a/frost-secp256k1-tr/dkg.md
+++ b/frost-secp256k1-tr/dkg.md
@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds
diff --git a/frost-secp256k1-tr/src/lib.rs b/frost-secp256k1-tr/src/lib.rs
index 56aa52ca..05ac196f 100644
--- a/frost-secp256k1-tr/src/lib.rs
+++ b/frost-secp256k1-tr/src/lib.rs
@@ -1,3 +1,4 @@
+#![cfg_attr(not(feature = "std"), no_std)]
 #![allow(non_snake_case)]
 #![deny(missing_docs)]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
@@ -7,10 +8,12 @@
 
 extern crate alloc;
 
-use alloc::borrow::Cow;
-use alloc::borrow::ToOwned;
-use alloc::collections::BTreeMap;
-use alloc::vec::Vec;
+use alloc::vec;
+use alloc::{
+    borrow::{Cow, ToOwned},
+    collections::BTreeMap,
+    vec::Vec,
+};
 
 use frost_rerandomized::RandomizedCiphersuite;
 use k256::{
@@ -510,7 +513,6 @@ pub type Identifier = frost::Identifier<S>;
 /// FROST(secp256k1, SHA-256) keys, key generation, key shares.
 pub mod keys {
     use super::*;
-    use std::collections::BTreeMap;
 
     /// The identifier list to use when generating key shares.
     pub type IdentifierList<'a> = frost::keys::IdentifierList<'a, S>;
diff --git a/frost-secp256k1/dkg.md b/frost-secp256k1/dkg.md
index ac0980ba..5d62857c 100644
--- a/frost-secp256k1/dkg.md
+++ b/frost-secp256k1/dkg.md
@@ -3,7 +3,7 @@
 The DKG module supports generating FROST key shares in a distributed manner,
 without a trusted dealer.
 
-Before starting, each participant needs an unique identifier, which can be built from
+Before starting, each participant needs a unique identifier, which can be built from
 a `u16`. The process in which these identifiers are allocated is up to the application.
 
 The distributed key generation process has 3 parts, with 2 communication rounds

From b558f41dd22d84698a806c49364f5532000c0d6e Mon Sep 17 00:00:00 2001
From: Conrado Gouvea <conradoplg@gmail.com>
Date: Wed, 20 Nov 2024 10:56:12 -0300
Subject: [PATCH 2/2] apply recent secp256k1 changes

---
 frost-secp256k1-tr/src/lib.rs | 26 ++++++++------------------
 1 file changed, 8 insertions(+), 18 deletions(-)

diff --git a/frost-secp256k1-tr/src/lib.rs b/frost-secp256k1-tr/src/lib.rs
index 05ac196f..07cc0786 100644
--- a/frost-secp256k1-tr/src/lib.rs
+++ b/frost-secp256k1-tr/src/lib.rs
@@ -9,11 +9,7 @@
 extern crate alloc;
 
 use alloc::vec;
-use alloc::{
-    borrow::{Cow, ToOwned},
-    collections::BTreeMap,
-    vec::Vec,
-};
+use alloc::{borrow::Cow, collections::BTreeMap, vec::Vec};
 
 use frost_rerandomized::RandomizedCiphersuite;
 use k256::{
@@ -170,9 +166,9 @@ fn hash_to_array(inputs: &[&[u8]]) -> [u8; 32] {
     output
 }
 
-fn hash_to_scalar(domain: &[u8], msg: &[u8]) -> Scalar {
+fn hash_to_scalar(domain: &[&[u8]], msg: &[u8]) -> Scalar {
     let mut u = [Secp256K1ScalarField::zero()];
-    hash_to_field::<ExpandMsgXmd<Sha256>, Scalar>(&[msg], &[domain], &mut u)
+    hash_to_field::<ExpandMsgXmd<Sha256>, Scalar>(&[msg], domain, &mut u)
         .expect("should never return error according to error cases described in ExpandMsgXmd");
     u[0]
 }
@@ -248,7 +244,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
     ///
     /// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#section-6.5-2.2.2.1
     fn H1(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
-        hash_to_scalar((CONTEXT_STRING.to_owned() + "rho").as_bytes(), m)
+        hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"rho"], m)
     }
 
     /// H2 for FROST(secp256k1, SHA-256)
@@ -264,7 +260,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
     ///
     /// [spec]: https://www.ietf.org/archive/id/draft-irtf-cfrg-frost-14.html#section-6.5-2.2.2.3
     fn H3(m: &[u8]) -> <<Self::Group as Group>::Field as Field>::Scalar {
-        hash_to_scalar((CONTEXT_STRING.to_owned() + "nonce").as_bytes(), m)
+        hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"nonce"], m)
     }
 
     /// H4 for FROST(secp256k1, SHA-256)
@@ -283,18 +279,12 @@ impl Ciphersuite for Secp256K1Sha256TR {
 
     /// HDKG for FROST(secp256k1, SHA-256)
     fn HDKG(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
-        Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "dkg").as_bytes(),
-            m,
-        ))
+        Some(hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"dkg"], m))
     }
 
     /// HID for FROST(secp256k1, SHA-256)
     fn HID(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
-        Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "id").as_bytes(),
-            m,
-        ))
+        Some(hash_to_scalar(&[CONTEXT_STRING.as_bytes(), b"id"], m))
     }
 
     // Sign, negating the key if required by BIP-340.
@@ -499,7 +489,7 @@ impl Ciphersuite for Secp256K1Sha256TR {
 impl RandomizedCiphersuite for Secp256K1Sha256TR {
     fn hash_randomizer(m: &[u8]) -> Option<<<Self::Group as Group>::Field as Field>::Scalar> {
         Some(hash_to_scalar(
-            (CONTEXT_STRING.to_owned() + "randomizer").as_bytes(),
+            &[CONTEXT_STRING.as_bytes(), b"randomizer"],
             m,
         ))
     }