From b27d39cbacdfc0642362727d7de699d5d7d091dc Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 12 May 2026 08:42:39 -0600 Subject: [PATCH] elliptic-curve: remove `bits` feature I was not able to find any users of it searching GitHub. This feature is backed by `bitvec` which both has a high number of transitive dependencies which have been minorly problematic (#2414), but also my understanding based on Zulip discussions on #t-opsem is that `bitvec` is not sound under either stacked or tree borrows, which makes it a bit worrisome for use in cryptographic applications. We can always add the feature back if it turns out there are users, but if not it seems like it's not worth the maintenance burden. --- .github/workflows/elliptic-curve.yml | 3 +- Cargo.lock | 107 +-------------------------- elliptic-curve/Cargo.toml | 2 - elliptic-curve/src/dev/mock_curve.rs | 23 ------ elliptic-curve/src/scalar.rs | 4 - 5 files changed, 5 insertions(+), 134 deletions(-) diff --git a/.github/workflows/elliptic-curve.yml b/.github/workflows/elliptic-curve.yml index 61381f529..0c208f8fd 100644 --- a/.github/workflows/elliptic-curve.yml +++ b/.github/workflows/elliptic-curve.yml @@ -46,7 +46,6 @@ jobs: - run: cargo build --target ${{ matrix.target }} --release --no-default-features - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features alloc - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features arithmetic - - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features bits - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features critical-section - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features dev - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features digest @@ -104,6 +103,6 @@ jobs: - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: - toolchain: nightly-2026-02-11 # pinned due to rust-lang/miri#4855 + toolchain: nightly-2026-05-01 # pinned due to ensure determinism - run: rustup component add miri && cargo miri setup - run: cargo miri test --all-features diff --git a/Cargo.lock b/Cargo.lock index b6c2c2aef..cadd3e899 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,17 +2,6 @@ # It is not intended for manual editing. version = 4 -[[package]] -name = "addchain" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e33f6a175ec6a9e0aca777567f9ff7c3deefc255660df887e7fa3585e9801d8" -dependencies = [ - "num-bigint", - "num-integer", - "num-traits", -] - [[package]] name = "aead" version = "0.6.0-rc.10" @@ -60,18 +49,6 @@ version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" -[[package]] -name = "bitvec" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c" -dependencies = [ - "funty", - "radium", - "tap", - "wyz", -] - [[package]] name = "blobby" version = "0.4.0" @@ -247,7 +224,6 @@ dependencies = [ "sec1", "serdect", "subtle", - "tap", "zeroize", ] @@ -263,12 +239,6 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" -[[package]] -name = "funty" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" - [[package]] name = "getrandom" version = "0.4.2" @@ -409,26 +379,6 @@ version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" -[[package]] -name = "num-bigint" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -501,7 +451,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" dependencies = [ "proc-macro2", - "syn 2.0.117", + "syn", ] [[package]] @@ -528,12 +478,6 @@ version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" -[[package]] -name = "radium" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" - [[package]] name = "rand_core" version = "0.10.1" @@ -546,27 +490,10 @@ version = "0.14.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd2a8adb347447693cd2ba0d218c4b66c62da9b0a5672b17b981e4291ec65ff6" dependencies = [ - "bitvec", "rand_core", - "rustcrypto-ff_derive", "subtle", ] -[[package]] -name = "rustcrypto-ff_derive" -version = "0.14.0-rc.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cda22ea03582974ab5687fc131eba2dc78e258e7eef4d7e01bcd0522ed79f66" -dependencies = [ - "addchain", - "num-bigint", - "num-integer", - "num-traits", - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "rustcrypto-group" version = "0.14.0-rc.1" @@ -624,7 +551,7 @@ checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", - "syn 2.0.117", + "syn", ] [[package]] @@ -685,17 +612,6 @@ version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" -[[package]] -name = "syn" -version = "1.0.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - [[package]] name = "syn" version = "2.0.117" @@ -707,12 +623,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "tap" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" - [[package]] name = "typenum" version = "1.20.0" @@ -827,7 +737,7 @@ dependencies = [ "heck", "indexmap", "prettyplease", - "syn 2.0.117", + "syn", "wasm-metadata", "wit-bindgen-core", "wit-component", @@ -843,7 +753,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "syn 2.0.117", + "syn", "wit-bindgen-core", "wit-bindgen-rust", ] @@ -885,15 +795,6 @@ dependencies = [ "wasmparser", ] -[[package]] -name = "wyz" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" -dependencies = [ - "tap", -] - [[package]] name = "zeroize" version = "1.8.2" diff --git a/elliptic-curve/Cargo.toml b/elliptic-curve/Cargo.toml index b6eb62d31..8b5f7f3e6 100644 --- a/elliptic-curve/Cargo.toml +++ b/elliptic-curve/Cargo.toml @@ -36,7 +36,6 @@ pem-rfc7468 = { version = "1", optional = true, features = ["alloc"] } pkcs8 = { version = "0.11", optional = true, default-features = false } sec1 = { version = "0.8", optional = true, features = ["ctutils", "subtle", "zeroize"] } serdect = { version = "0.4", optional = true, default-features = false, features = ["alloc"] } -tap = { version = "1.0.1", optional = true, default-features = false } # make `bitvec`'s `wyz` work with `minimal-versions` [dev-dependencies] hex-literal = "1" @@ -62,7 +61,6 @@ std = [ arithmetic = ["group"] basepoint-table = ["arithmetic"] critical-section = ["basepoint-table", "once_cell/critical-section"] -bits = ["dep:tap", "arithmetic", "ff/bits"] dev = ["arithmetic", "dep:hex-literal", "pem", "pkcs8"] ecdh = ["arithmetic", "digest", "dep:hkdf"] getrandom = ["arithmetic", "bigint/getrandom", "common/getrandom"] diff --git a/elliptic-curve/src/dev/mock_curve.rs b/elliptic-curve/src/dev/mock_curve.rs index 33c83c044..5919bcbca 100644 --- a/elliptic-curve/src/dev/mock_curve.rs +++ b/elliptic-curve/src/dev/mock_curve.rs @@ -31,8 +31,6 @@ use pkcs8::AssociatedOid; #[cfg(feature = "alloc")] use alloc::vec::Vec; -#[cfg(feature = "bits")] -use ff::PrimeFieldBits; /// Pseudo-coordinate for fixed-based scalar mult output pub const PSEUDO_COORDINATE_FIXED_BASE_MUL: [u8; 32] = @@ -56,10 +54,6 @@ pub type SecretKey = crate::SecretKey; /// Scalar value type. pub type ScalarValue = crate::ScalarValue; -/// Scalar bits. -#[cfg(feature = "bits")] -pub type ScalarBits = crate::scalar::ScalarBits; - /// Mock elliptic curve type useful for writing tests which require a concrete /// curve type. /// @@ -161,23 +155,6 @@ impl PrimeField for Scalar { } } -#[cfg(feature = "bits")] -impl PrimeFieldBits for Scalar { - #[cfg(target_pointer_width = "32")] - type ReprBits = [u32; 8]; - - #[cfg(target_pointer_width = "64")] - type ReprBits = [u64; 4]; - - fn to_le_bits(&self) -> ScalarBits { - self.0.as_uint().to_words().into() - } - - fn char_le_bits() -> ScalarBits { - MockCurve::ORDER.to_words().into() - } -} - impl Generate for Scalar { fn try_generate_from_rng( rng: &mut R, diff --git a/elliptic-curve/src/scalar.rs b/elliptic-curve/src/scalar.rs index b98fba8e5..b4b44fa3f 100644 --- a/elliptic-curve/src/scalar.rs +++ b/elliptic-curve/src/scalar.rs @@ -21,10 +21,6 @@ use crate::CurveArithmetic; #[cfg(feature = "arithmetic")] pub type Scalar = ::Scalar; -/// Bit representation of a scalar field element of a given curve. -#[cfg(feature = "bits")] -pub type ScalarBits = ff::FieldBits< as ff::PrimeFieldBits>::ReprBits>; - /// Instantiate a scalar from an unsigned integer without checking for overflow. pub trait FromUintUnchecked { /// Unsigned integer type (i.e. `Curve::Uint`)