Ic-secp256k1 uses getrandom

asjn3e · February 21, 2025, 7:00pm

Hello, I wanted to use ic-secp256k1 package in one of my canisters, but since it uses rand_chacha that uses getrandom, I have a problem compiling my canister rust code to wasm.
Any suggestions?

wiyota · February 23, 2025, 2:44am

It might be possible to build a custom backend based on raw_rand or ic_rand

JackLloyd · February 24, 2025, 2:16pm

The suggestion from @wiyota works well if you actually need randomness (namely for generating a new secret key). But remember that all of the canister’s memory, including any secret keys generated in this way, are visible to node operators. This might be ok depending on your threat model.

If you do not need to generate a new secret key you can use the crate ic-dummy-getrandom-for-wasm which is what we use internally in canisters which pull in (often transitively) a dependency on rand. When compiled for the wasm32-unknown-unknown target used for canisters, it registers a custom implementation of getrandom that always fails. So everything compiles as usual, but attempting to generate a new secret key would fail at runtime.

For other crates handling signatures, such as ic-ed25519, we have added a rand feature that can be disabled so that the whole dependency is removed, and then the issue with getrandom does not arise. I’ll take a look at adding a similar feature to ic-secp256k1

JackLloyd · February 24, 2025, 7:04pm

Following up on this, it turns out that currently (due to some issues with dependencies that ic-secp256k uses) we cannot currently add support for a rand feature to ic-secp256k1 such that disabling it would prevent depending on getrandom. There are changes happening in some upstream dependency crates that look like this will be fixed once those go into a release but we cannot control the timeline of that.

In the meantime I’d suggest ic-dummy-getrandom-for-wasm

asjn3e · February 28, 2025, 6:56am

I dont want use getrnadom, i just wanted to use ic-secp256k1, but since it uses rand-chacha, I get an error at the compile time. I just wnted to request to remove rand-chcha from dependencies so iI could comiple my canister wasm code.

JackLloyd · February 28, 2025, 4:59pm

I see. Whenever the upstream crates that we depend on here issue a release that removes their hard coded rand dependency we’ll be able do this. Until then you’ll have to either use ic-dummy-getrandom-for-wasm, or some other crate entirely.

Topic		Replies	Views
Rust Wasm __getrandom_custom Developers	14	2172	December 15, 2022
Using random module from Rust Developers	1	1051	November 22, 2021
RSA Rust lib for key generation and encryption Rust	5	1184	February 16, 2023
error[E0432]: unresolved import `rand` Language Support	28	8282	February 11, 2023
Issue about generate random string Panicked at 'could not initialize thread_rng: getrandom: this target is not supported' Developers Bug	8	1324	February 2, 2023

Ic-secp256k1 uses getrandom

Related topics