[curve25519] update dependencies to cryptography repo

Cargo.toml

@@ -14,29 +14,31 @@ warnings = "deny"
 
 [workspace.lints.rust.unexpected_cfgs]
 level = "warn"
-check-cfg = ['cfg(target_os, values("solana"))']
+check-cfg = [
+    'cfg(target_os, values("solana"))',
+]
 
 [workspace.metadata.spellcheck]
 config = "scripts/spellcheck.toml"
 
 [workspace.dependencies]
-aes-gcm-siv = "0.11.1"
+aes-gcm-siv = { version = "0.11.1", default-features = false, features = ["aes", "alloc"] }
 base64 = "0.22.1"
 bincode = "1.3.3"
 bytemuck = "1.25.0"
 bytemuck_derive = "1.10.2"
-curve25519-dalek = { version = "4.1.3", features = ["digest", "rand_core"] }
-getrandom = "0.2"
+curve25519 = { package = "solana-ed25519", git = "https://github.com/anza-xyz/cryptography", rev = "0f7379cc057b1d7dfea5622a9cab015650387aa4", features = ["digest", "rand_core"] }
+getrandom = { version = "0.4.2", features = ["wasm_js"] }
 itertools = "0.14.0"
 js-sys = "0.3.77"
 merlin = { version = "3", default-features = false }
 num-derive = "0.4"
 num-traits = "0.2"
-rand = "0.8.5"
+rand = "0.10.0-rc.5"
 serde = "1.0.228"
 serde_derive = "1.0.219"
 serde_json = "1.0.149"
-sha3 = "0.10.8"
+sha3 = "0.11.0-rc.3"
 solana-address = { version = "2.6.0", default-features = false }
 solana-derivation-path = "3.0.0"
 solana-instruction = "3.4.0"
@@ -53,9 +55,9 @@ solana-zk-sdk-pod = { path = "zk-sdk-pod", version = "0.1.0" }
 solana-zk-sdk-wasm-js = { path = "zk-sdk-wasm-js", version = "0.1.0" }
 subtle = "2.6.1"
 thiserror = "2.0.18"
-tiny-bip39 = "2.0.0"
-wasm-bindgen = "0.2"
-wasm-bindgen-test = "0.3"
+tiny-bip39 = { version = "2.0.0", default-features = false, features = ["default-langs"] }
+wasm-bindgen = "0.2.114"
+wasm-bindgen-test = "0.3.67"
 zeroize = { version = "1.8", default-features = false }
 
 [profile.release]
@@ -70,13 +72,13 @@ opt-level = 1
 [profile.dev.build-override]
 opt-level = 1
 
-# curve25519-dalek uses the simd backend by default in v4 if possible,
+# solana-ed25519 uses the simd backend by default when available,
 # which has very slow performance on some platforms with opt-level 0,
 # which is the default for dev and test builds.
 # This slowdown causes certain interactions in the solana-test-validator,
 # such as verifying ZK proofs in transactions, to take much more than 400ms,
 # creating problems in the testing environment.
 # To enable better performance in solana-test-validator during tests and dev builds,
 # we override the opt-level to 3 for the crate.
-[profile.dev.package.curve25519-dalek]
+[profile.dev.package.solana-ed25519]
 opt-level = 3

zk-sdk-wasm-js/Cargo.toml

@@ -29,7 +29,7 @@ bytemuck = { workspace = true }
 js-sys = { workspace = true }
 wasm-bindgen = { workspace = true }
 wasm-bindgen-test = { workspace = true }
-getrandom = { workspace = true, features = ["js"] }
+getrandom = { workspace = true }
 
 [lints]
 workspace = true

zk-sdk/Cargo.toml

@@ -17,7 +17,7 @@ aes-gcm-siv = { workspace = true }
 base64 = { workspace = true }
 bincode = { workspace = true }
 bytemuck = { workspace = true }
-curve25519-dalek = { workspace = true, features = ["serde"] }
+curve25519 = { workspace = true, features = ["serde"] }
 itertools = { workspace = true }
 merlin = { workspace = true }
 rand = { workspace = true }

zk-sdk/src/encryption/auth_encryption.rs

@@ -10,7 +10,6 @@ use {
         Aes128GcmSiv,
     },
     base64::{prelude::BASE64_STANDARD, Engine},
-    rand::{rngs::OsRng, Rng},
     sha3::{Digest, Sha3_512},
     solana_derivation_path::DerivationPath,
     solana_seed_derivable::SeedDerivable,
@@ -41,14 +40,14 @@ impl AuthenticatedEncryption {
     ///
     /// This function is randomized. It internally samples a 128-bit key using `OsRng`.
     fn keygen() -> AeKey {
-        AeKey(OsRng.gen::<[u8; AE_KEY_LEN]>())
+        AeKey(rand::random::<[u8; AE_KEY_LEN]>())
     }
 
     /// On input of an authenticated encryption key and an amount, the function returns a
     /// corresponding authenticated encryption ciphertext.
     fn encrypt(key: &AeKey, balance: u64) -> AeCiphertext {
         let plaintext = Zeroizing::new(balance.to_le_bytes());
-        let nonce: Nonce = OsRng.gen::<[u8; NONCE_LEN]>();
+        let nonce: Nonce = rand::random::<[u8; NONCE_LEN]>();
 
         // The balance and the nonce have fixed length and therefore, encryption should not fail.
         let ciphertext = Aes128GcmSiv::new(&key.0.into())

zk-sdk/src/encryption/discrete_log.rs

@@ -15,7 +15,7 @@
 //!
 
 use {
-    curve25519_dalek::{
+    curve25519::{
         constants::RISTRETTO_BASEPOINT_POINT as G,
         ristretto::RistrettoPoint,
         scalar::Scalar,

zk-sdk/src/encryption/elgamal.rs

@@ -24,12 +24,11 @@ use {
     },
     base64::{prelude::BASE64_STANDARD, Engine},
     core::ops::{Add, Mul, Sub},
-    curve25519_dalek::{
+    curve25519::{
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
         traits::Identity,
     },
-    rand::rngs::OsRng,
     serde::{Deserialize, Serialize},
     sha3::{Digest, Sha3_512},
     solana_derivation_path::DerivationPath,
@@ -60,7 +59,7 @@ impl ElGamal {
     /// This function is randomized. It internally samples a scalar element using `OsRng`.
     fn keygen() -> ElGamalKeypair {
         // secret scalar should be non-zero except with negligible probability
-        let s = Zeroizing::new(Scalar::random(&mut OsRng));
+        let s = Zeroizing::new(Scalar::random(&mut rand::rng()));
         Self::keygen_with_scalar(&s)
     }
 
@@ -474,7 +473,7 @@ impl ElGamalSecretKey {
     ///
     /// This function is randomized. It internally samples a scalar element using `OsRng`.
     pub fn new_rand() -> Self {
-        ElGamalSecretKey(Scalar::random(&mut OsRng))
+        ElGamalSecretKey(Scalar::random(&mut rand::rng()))
     }
 
     /// Derive an ElGamal secret key from an entropy seed.
@@ -960,7 +959,7 @@ mod tests {
     use {
         super::*,
         crate::encryption::pedersen::Pedersen,
-        bip39::{Language, Mnemonic, MnemonicType, Seed},
+        bip39::{Language, Mnemonic, Seed},
         solana_address::Address,
         solana_keypair::Keypair,
         solana_signer::null_signer::NullSigner,
@@ -1239,7 +1238,8 @@ mod tests {
 
     #[test]
     fn test_keypair_from_seed_phrase_and_passphrase() {
-        let mnemonic = Mnemonic::new(MnemonicType::Words12, Language::English);
+        let entropy = rand::random::<[u8; 16]>();
+        let mnemonic = Mnemonic::from_entropy(&entropy, Language::English).unwrap();
         let passphrase = "42";
         let seed = Seed::new(&mnemonic, passphrase);
         let expected_keypair = ElGamalKeypair::from_seed(seed.as_bytes()).unwrap();

zk-sdk/src/encryption/grouped_elgamal.rs

@@ -21,7 +21,7 @@ use {
         },
         errors::ElGamalError,
     },
-    curve25519_dalek::scalar::Scalar,
+    curve25519::scalar::Scalar,
     solana_zk_sdk_pod::{
         encryption::grouped_elgamal::{
             PodGroupedElGamalCiphertext2Handles, PodGroupedElGamalCiphertext3Handles,

zk-sdk/src/encryption/pedersen.rs

@@ -3,13 +3,12 @@
 use {
     crate::errors::ElGamalError,
     core::ops::{Add, Mul, Sub},
-    curve25519_dalek::{
+    curve25519::{
         constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT},
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
         traits::MultiscalarMul,
     },
-    rand::rngs::OsRng,
     serde::{Deserialize, Serialize},
     sha3::Sha3_512,
     solana_zk_sdk_pod::encryption::{
@@ -84,7 +83,7 @@ pub struct PedersenOpening(Scalar);
 
 impl PedersenOpening {
     pub fn new_rand() -> Self {
-        PedersenOpening(Scalar::random(&mut OsRng))
+        PedersenOpening(Scalar::random(&mut rand::rng()))
     }
 }
 
@@ -346,7 +345,7 @@ mod tests {
         let amount_0: u64 = 77;
         let amount_1: u64 = 57;
 
-        let rng = &mut OsRng;
+        let rng = &mut rand::rng();
         let opening_0 = PedersenOpening(Scalar::random(rng));
         let opening_1 = PedersenOpening(Scalar::random(rng));
 
@@ -362,7 +361,7 @@ mod tests {
         let amount_0: u64 = 77;
         let amount_1: u64 = 57;
 
-        let rng = &mut OsRng;
+        let rng = &mut rand::rng();
         let opening_0 = PedersenOpening(Scalar::random(rng));
         let opening_1 = PedersenOpening(Scalar::random(rng));
 
@@ -402,7 +401,7 @@ mod tests {
 
     #[test]
     fn test_pedersen_opening_bytes() {
-        let opening = PedersenOpening(Scalar::random(&mut OsRng));
+        let opening = PedersenOpening(Scalar::random(&mut rand::rng()));
 
         let encoded = opening.to_bytes();
         let decoded = PedersenOpening::from_bytes(&encoded).unwrap();

zk-sdk/src/range_proof/generators.rs

@@ -10,7 +10,7 @@
 
 use {
     crate::range_proof::errors::RangeProofGeneratorError,
-    curve25519_dalek::{
+    curve25519::{
         digest::{ExtendableOutput, Update, XofReader},
         ristretto::RistrettoPoint,
     },

zk-sdk/src/range_proof/inner_product.rs

@@ -17,7 +17,7 @@ use {
         transcript::TranscriptProtocol,
     },
     core::iter,
-    curve25519_dalek::{
+    curve25519::{
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
         traits::MultiscalarMul,
@@ -26,7 +26,7 @@ use {
     zeroize::Zeroize,
 };
 #[cfg(test)]
-use {curve25519_dalek::traits::VartimeMultiscalarMul, std::borrow::Borrow};
+use {curve25519::traits::VartimeMultiscalarMul, std::borrow::Borrow};
 
 /// An inner-product proof.
 ///
@@ -275,7 +275,7 @@ impl InnerProductProof {
         // 2. Compute `u_i^-1` for all `i`.
         let mut challenges_inv = challenges.clone();
         // This computes `(u_k * ... * u_1)^-1` and stores `u_i^-1` in `challenges_inv`.
-        let allinv = Scalar::batch_invert(&mut challenges_inv);
+        let allinv = Scalar::invert_batch_alloc(&mut challenges_inv);
 
         // 3. Compute `u_i^2` and `u_i^-2` for all `i`.
         for i in 0..lg_n {
@@ -467,9 +467,7 @@ impl InnerProductProof {
 
 #[cfg(test)]
 mod tests {
-    use {
-        super::*, crate::range_proof::generators::RangeProofGens, rand::rngs::OsRng, sha3::Sha3_512,
-    };
+    use {super::*, crate::range_proof::generators::RangeProofGens, sha3::Sha3_512};
 
     #[test]
     #[allow(non_snake_case)]
@@ -482,13 +480,13 @@ mod tests {
 
         let Q = RistrettoPoint::hash_from_bytes::<Sha3_512>(b"test point");
 
-        let a: Vec<_> = (0..n).map(|_| Scalar::random(&mut OsRng)).collect();
-        let b: Vec<_> = (0..n).map(|_| Scalar::random(&mut OsRng)).collect();
+        let a: Vec<_> = (0..n).map(|_| Scalar::random(&mut rand::rng())).collect();
+        let b: Vec<_> = (0..n).map(|_| Scalar::random(&mut rand::rng())).collect();
         let c = util::inner_product(&a, &b).unwrap();
 
         let G_factors: Vec<Scalar> = iter::repeat_n(Scalar::ONE, n).collect();
 
-        let y_inv = Scalar::random(&mut OsRng);
+        let y_inv = Scalar::random(&mut rand::rng());
         let H_factors: Vec<Scalar> = util::exp_iter(y_inv).take(n).collect();
 
         // P would be determined upstream, but we need a correct P to check the proof.

zk-sdk/src/range_proof/range.rs

@@ -10,13 +10,12 @@ use {
         transcript::TranscriptProtocol,
     },
     core::iter,
-    curve25519_dalek::{
+    curve25519::{
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
         traits::{IsIdentity, MultiscalarMul, VartimeMultiscalarMul},
     },
     merlin::Transcript,
-    rand::rngs::OsRng,
     solana_zk_sdk_pod::{
         range_proof::{
             PodRangeProofU128, PodRangeProofU256, PodRangeProofU64, INNER_PRODUCT_PROOF_U128_LEN,
@@ -103,7 +102,7 @@ impl RangeProof {
 
         // 2. Create commitments A and S.
         // A is a commitment to the bit-vectors a_L and a_R
-        let mut a_blinding = Scalar::random(&mut OsRng);
+        let mut a_blinding = Scalar::random(&mut rand::rng());
         let mut A = a_blinding * &(*H);
 
         let mut gens_iter = bp_gens.G(nm).zip(bp_gens.H(nm));
@@ -123,12 +122,12 @@ impl RangeProof {
         let A = A.compress();
 
         // generate blinding factors and generate their Pedersen vector commitment
-        let mut s_L: Vec<Scalar> = (0..nm).map(|_| Scalar::random(&mut OsRng)).collect();
-        let mut s_R: Vec<Scalar> = (0..nm).map(|_| Scalar::random(&mut OsRng)).collect();
+        let mut s_L: Vec<Scalar> = (0..nm).map(|_| Scalar::random(&mut rand::rng())).collect();
+        let mut s_R: Vec<Scalar> = (0..nm).map(|_| Scalar::random(&mut rand::rng())).collect();
 
         // generate blinding factor for Pedersen commitment; `s_blinding` should not to be confused
         // with blinding factors for the actual inner product vector
-        let mut s_blinding = Scalar::random(&mut OsRng);
+        let mut s_blinding = Scalar::random(&mut rand::rng());
 
         let S = RistrettoPoint::multiscalar_mul(
             iter::once(&s_blinding).chain(s_L.iter()).chain(s_R.iter()),

zk-sdk/src/range_proof/util.rs

@@ -2,7 +2,7 @@
 //! This module provides common mathematical operations over scalars and vectors needed to
 //! construct and verify Bulletproofs.
 
-use {curve25519_dalek::scalar::Scalar, zeroize::Zeroize};
+use {curve25519::scalar::Scalar, zeroize::Zeroize};
 
 /// Represents a degree-1 vector polynomial, such as `a + b*x`.
 ///

zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_2.rs

@@ -29,7 +29,7 @@ use {
         },
         transcript::TranscriptProtocol,
     },
-    curve25519_dalek::{scalar::Scalar, traits::IsIdentity},
+    curve25519::{scalar::Scalar, traits::IsIdentity},
     merlin::Transcript,
     solana_zk_sdk_pod::sigma_proofs::PodBatchedGroupedCiphertext2HandlesValidityProof,
     zeroize::Zeroize,

zk-sdk/src/sigma_proofs/batched_grouped_ciphertext_validity/handles_3.rs

@@ -33,7 +33,7 @@ use {
         },
         transcript::TranscriptProtocol,
     },
-    curve25519_dalek::{scalar::Scalar, traits::IsIdentity},
+    curve25519::{scalar::Scalar, traits::IsIdentity},
     merlin::Transcript,
     solana_zk_sdk_pod::{sigma_proofs::PodBatchedGroupedCiphertext3HandlesValidityProof, UNIT_LEN},
     zeroize::Zeroize,

zk-sdk/src/sigma_proofs/ciphertext_ciphertext_equality.rs

@@ -16,13 +16,12 @@ use {
         },
         transcript::TranscriptProtocol,
     },
-    curve25519_dalek::{
+    curve25519::{
         ristretto::{CompressedRistretto, RistrettoPoint},
         scalar::Scalar,
         traits::{IsIdentity, MultiscalarMul, VartimeMultiscalarMul},
     },
     merlin::Transcript,
-    rand::rngs::OsRng,
     solana_zk_sdk_pod::{sigma_proofs::PodCiphertextCiphertextEqualityProof, UNIT_LEN},
     zeroize::Zeroize,
 };
@@ -88,9 +87,9 @@ impl CiphertextCiphertextEqualityProof {
         let r = second_opening.get_scalar();
 
         // generate random masking factors that also serves as nonces
-        let mut y_s = Scalar::random(&mut OsRng);
-        let mut y_x = Scalar::random(&mut OsRng);
-        let mut y_r = Scalar::random(&mut OsRng);
+        let mut y_s = Scalar::random(&mut rand::rng());
+        let mut y_x = Scalar::random(&mut rand::rng());
+        let mut y_r = Scalar::random(&mut rand::rng());
 
         let Y_0 = (&y_s * P_first).compress();
         let Y_1 = RistrettoPoint::multiscalar_mul(vec![&y_x, &y_s], vec![&G, D_first]).compress();