[❄] Remove hard dep on sha2 (#232)

LLFourn · web-flow · commit 75c301c00fd4 · 2025-08-28T13:01:15.000+10:00
sha2 dependency has snuck in. We never depend directly on hash function
implementations if we can avoid it.
diff --git a/schnorr_fun/Cargo.toml b/schnorr_fun/Cargo.toml
@@ -18,7 +18,6 @@ secp256kfun = { workspace = true }
 bech32 = { version = "0.11", optional = true, default-features = false, features = ["alloc"] }
 bincode = { workspace =  true, optional = true }
 vrf_fun = { workspace = true, optional = true }
-sha2 = { version = "0.10", optional = true, default-features = false }
 
 [dev-dependencies]
 secp256kfun = { workspace = true, features = ["proptest", "bincode", "alloc"] }
@@ -51,7 +50,7 @@ libsecp_compat_0_29 = ["secp256kfun/libsecp_compat_0_29"]
 libsecp_compat_0_30 = ["secp256kfun/libsecp_compat_0_30"]
 proptest = ["secp256kfun/proptest"]
 share_backup = ["dep:bech32"]
-vrf_cert_keygen = ["dep:vrf_fun", "dep:sha2"]
+vrf_cert_keygen = ["dep:vrf_fun"]
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/schnorr_fun/src/frost/chilldkg/certpedpop.rs b/schnorr_fun/src/frost/chilldkg/certpedpop.rs
@@ -71,11 +71,14 @@ impl<H: Hash32, NG: NonceGen> CertificationScheme for Schnorr<H, NG> {
 #[cfg(feature = "vrf_cert_keygen")]
 pub mod vrf_cert {
     use super::*;
+    use secp256kfun::digest::core_api::BlockSizeUser;
     use vrf_fun::VrfProof;
 
     /// VRF certification scheme using SSWU VRF
-    #[derive(Clone, Debug, PartialEq)]
-    pub struct VrfCertifier;
+    #[derive(Clone, Copy, Debug, PartialEq, Default)]
+    pub struct VrfCertifier<H> {
+        hash: core::marker::PhantomData<H>,
+    }
 
     /// The output from VRF verification containing the gamma point
     #[derive(Clone, Debug, PartialEq)]
@@ -85,7 +88,7 @@ pub mod vrf_cert {
     }
 
     /// Implement CertificationScheme for VrfCertifier
-    impl CertificationScheme for VrfCertifier {
+    impl<H: Hash32 + BlockSizeUser> CertificationScheme for VrfCertifier<H> {
         type Signature = VrfProof;
         type Output = VrfOutput;
 
@@ -96,7 +99,7 @@ pub mod vrf_cert {
         ) -> Self::Signature {
             // Use the certification bytes as the VRF input
             let cert_bytes = agg_input.cert_bytes();
-            vrf_fun::rfc9381::sswu::prove::<sha2::Sha256>(keypair, &cert_bytes)
+            vrf_fun::rfc9381::sswu::prove::<H>(keypair, &cert_bytes)
         }
 
         fn verify_cert(
@@ -107,11 +110,11 @@ pub mod vrf_cert {
         ) -> Option<Self::Output> {
             // Use the certification bytes as the VRF input
             let cert_bytes = agg_input.cert_bytes();
-            vrf_fun::rfc9381::sswu::verify::<sha2::Sha256>(cert_key, &cert_bytes, signature).map(
-                |output| VrfOutput {
+            vrf_fun::rfc9381::sswu::verify::<H>(cert_key, &cert_bytes, signature).map(|output| {
+                VrfOutput {
                     gamma: output.gamma,
-                },
-            )
+                }
+            })
         }
     }
 }
@@ -277,7 +280,9 @@ impl<S: CertificationScheme> CertifiedKeygen<S> {
 }
 
 #[cfg(feature = "vrf_cert_keygen")]
-impl CertifiedKeygen<vrf_cert::VrfCertifier> {
+impl<H: Hash32 + secp256kfun::digest::crypto_common::BlockSizeUser>
+    CertifiedKeygen<vrf_cert::VrfCertifier<H>>
+{
     /// Compute a randomness beacon from the VRF outputs
     ///
     /// This function hashes all the VRF gamma points together to produce
@@ -303,16 +308,14 @@ impl CertifiedKeygen<vrf_cert::VrfCertifier> {
     /// different views of the keygen outcome without detection, achieving similar
     /// security to comparing a full 32-byte hash but with better usability.
     pub fn compute_randomness_beacon(&self) -> [u8; 32] {
-        use sha2::{Digest, Sha256};
-
-        let mut hasher = Sha256::new();
+        let mut hasher = H::default();
 
         // BTreeMap already maintains sorted order by key
         for output in self.outputs.values() {
-            hasher.update(output.gamma.to_bytes());
+            hasher.update(output.gamma.to_bytes().as_ref());
         }
 
-        hasher.finalize().into()
+        hasher.finalize_fixed().into()
     }
 }
 
@@ -590,7 +593,7 @@ mod test {
         use proptest::test_runner::{RngAlgorithm, TestRng};
 
         let schnorr = crate::new_with_deterministic_nonces::<sha2::Sha256>();
-        let vrf_certifier = vrf_cert::VrfCertifier;
+        let vrf_certifier = vrf_cert::VrfCertifier::<sha2::Sha256>::default();
         let mut rng = TestRng::deterministic_rng(RngAlgorithm::ChaCha);
 
         let threshold = 2;
diff --git a/secp256kfun/src/vendor/hash_to_curve.rs b/secp256kfun/src/vendor/hash_to_curve.rs
@@ -147,10 +147,7 @@ const YDEN: [FieldElement; 4] = [
 
 /// Hash to curve implementation for secp256k1 following the IETF draft
 /// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/
-pub fn hash_to_curve<H: Hash32 + digest::Update + BlockSizeUser>(
-    msg: &[u8],
-    dst: &[u8],
-) -> ProjectivePoint {
+pub fn hash_to_curve<H: Hash32 + BlockSizeUser>(msg: &[u8], dst: &[u8]) -> ProjectivePoint {
     let u = hash_to_field::<H>(msg, dst);
     let q0 = map_to_curve(u[0]);
     let q1 = map_to_curve(u[1]);
@@ -159,7 +156,7 @@ pub fn hash_to_curve<H: Hash32 + digest::Update + BlockSizeUser>(
 
 /// Expand message using XMD (expand_message_xmd)
 /// Implements the algorithm from Section 5.4.1 of draft-irtf-cfrg-hash-to-curve
-fn expand_message_xmd<H: Hash32 + digest::Update + BlockSizeUser>(
+fn expand_message_xmd<H: Hash32 + BlockSizeUser>(
     msg: &[u8],
     dst: &[u8],
     len_in_bytes: usize,
diff --git a/vrf_fun/src/rfc9381.rs b/vrf_fun/src/rfc9381.rs
@@ -199,6 +199,7 @@ pub mod sswu {
     use crate::{Rfc9381SswuVrf, VerifiedRandomOutput, VrfProof};
     use secp256kfun::{
         KeyPair,
+        digest::crypto_common::BlockSizeUser,
         hash::{Hash32, HashAdd},
         prelude::*,
     };
@@ -246,7 +247,7 @@ pub mod sswu {
     /// [RFC 9380]: https://datatracker.ietf.org/doc/html/rfc9380
     pub fn prove<H>(keypair: &KeyPair, alpha: &[u8]) -> VrfProof<U16>
     where
-        H: Hash32 + secp256kfun::digest::crypto_common::BlockSizeUser,
+        H: Hash32 + BlockSizeUser,
     {
         let vrf = Rfc9381SswuVrf::<H>::default();
         let dst = Dst.as_ref();
@@ -269,7 +270,7 @@ pub mod sswu {
         proof: &VrfProof<U16>,
     ) -> Option<VerifiedRandomOutput>
     where
-        H: Hash32 + secp256kfun::digest::crypto_common::BlockSizeUser,
+        H: Hash32 + BlockSizeUser,
     {
         let vrf = Rfc9381SswuVrf::<H>::default();
         let h = Point::hash_to_curve_sswu::<H>(alpha, Dst.as_ref()).normalize();
