Wreck havoc with more github workflows.

These workflows have been blatantly stolen from
@tlepoint's https://github.com/tlepoint/fhe.rs.

.github/workflows/lint-fmt.yml

@@ -0,0 +1,47 @@
+name: Linter and Formatter
+
+on:
+    pull_request:
+      branches:
+        - main
+      paths-ignore:
+        - 'README.md'
+
+
+jobs:
+  fmt:
+    name: Rustfmt
+    env:
+      CARGO_INCREMENTAL: 0
+      CARGO_TERM_COLOR: always
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+          override: true
+          components: rustfmt
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
+  clippy:
+    name: Clippy
+    env:
+      CARGO_INCREMENTAL: 0
+      CARGO_TERM_COLOR: always
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+          components: clippy
+      - uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          args: --all-targets -- -D warnings

.github/workflows/security.yml

@@ -0,0 +1,15 @@
+name: Security audit
+on:
+  schedule:
+    - cron: '0 0 * * 1'
+  pull_request:
+    branches:
+      - main
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/typos.yml

@@ -0,0 +1,13 @@
+
+name: Spell checker
+on: [push, pull_request]
+
+jobs:
+    typos:
+      name: Spell Check with typos
+      runs-on: ubuntu-latest
+      steps:
+      - name: Checkout Actions Repository
+        uses: actions/checkout@v4
+      - name: Check spelling
+        uses: crate-ci/typos@master

examples/schnorr.rs

@@ -89,7 +89,7 @@ where
     Arthur<H>: GroupWriter<G> + FieldChallenges<G::ScalarField>,
 {
     // `Arthur` types implement a cryptographically-secure random number generator that is tied to the protocol transcript
-    // and that can be accessed via the `rng()` funciton.
+    // and that can be accessed via the `rng()` function.
     let k = G::ScalarField::rand(arthur.rng());
     let K = P * k;
 
@@ -128,9 +128,12 @@ where
     for<'a> Merlin<'a, H>:
         GroupReader<G> + FieldReader<G::ScalarField> + FieldChallenges<G::ScalarField>,
 {
-    // Read the protocol from the transcript:
-    // XXX. possible inconsistent implementations:
-    // if the point is not validated here (but the public key is) then the proof may fail with InvalidProof, instead of SerializationError
+    // Read the protocol from the transcript.
+    // [[Side note:
+    // The method `next_points` internally performs point validation.
+    // Another implementation that does not use nimue might choose not to validate the point here, but only validate the public-key.
+    // This leads to different errors to be returned: here the proof fails with SerializationError, whereas the other implementation would fail with InvalidProof.
+    // ]]
     let [K] = merlin.next_points().unwrap();
     let [c] = merlin.challenge_scalars().unwrap();
     let [r] = merlin.next_scalars().unwrap();
@@ -146,8 +149,8 @@ where
         Err(ProofError::InvalidProof)
     }
 
-    // from here, another proof can be verified using the same merlin instance
-    // and proofs can be composed.
+    // From here, another proof can be verified using the same merlin instance
+    // and proofs can be composed. The transcript holds the whole proof,
 }
 
 #[allow(non_snake_case)]

examples/schnorr_algebraic_hash.rs

@@ -61,7 +61,7 @@ where
     Arthur<H, U>: GroupWriter<G> + FieldWriter<G::BaseField> + ByteChallenges,
 {
     // `Arthur` types implement a cryptographically-secure random number generator that is tied to the protocol transcript
-    // and that can be accessed via the `rng()` funciton.
+    // and that can be accessed via the `rng()` function.
     let k = G::ScalarField::rand(arthur.rng());
     let K = P * k;
 
@@ -107,7 +107,7 @@ where
     let [K] = merlin.next_points()?;
     let c_bytes = merlin.challenge_bytes::<16>()?;
     let c = G::ScalarField::from_le_bytes_mod_order(&c_bytes);
-    // Map the response to the field of the hash function to be absorbed easilty.
+    // Map the response to the field of the hash function to be absorbed easily.
     let [r_q] = merlin.next_scalars()?;
     let r = swap_field::<G::BaseField, G::ScalarField>(r_q)?;
 

src/arthur.rs

@@ -71,14 +71,13 @@ where
     }
 }
 
-impl<U, H, B> From<B> for Arthur<H, U, DefaultRng>
+impl<U, H> From<&IOPattern<H, U>> for Arthur<H, U, DefaultRng>
 where
     U: Unit,
     H: DuplexHash<U>,
-    B: core::borrow::Borrow<IOPattern<H, U>>,
 {
-    fn from(pattern: B) -> Self {
-        Arthur::new(pattern.borrow(), DefaultRng::default())
+    fn from(io_pattern: &IOPattern<H, U>) -> Self {
+        Arthur::new(io_pattern, DefaultRng::default())
     }
 }
 

src/errors.rs

@@ -1,6 +1,6 @@
 /// The [`nimue`] package has two types of errors:
 /// [`IOPatternError`], which is the error exposed in the low-level interface for bytes and native elements,
-/// which arises whenever the IO Pattern specified and the IO pattern exectuted mismatch.
+/// which arises whenever the IO Pattern specified and the IO pattern executed mismatch.
 /// [`ProofError`], which is the error exposed to high-level interfaces dealing with structured types and
 /// for end-user applications.
 /// Three types of errors can happen when dealing with [`ProofError`]:

src/iopattern.rs

@@ -11,7 +11,7 @@ use super::errors::IOPatternError;
 use super::hash::{DuplexHash, Unit};
 
 /// This is the separator between operations in the IO Pattern
-/// and as such is the only forbidden characted in labels.
+/// and as such is the only forbidden character in labels.
 const SEP_BYTE: &str = "\0";
 
 /// The IO Pattern of an interactive protocol.

src/lib.rs

@@ -123,7 +123,7 @@ This crate doesn't support big-endian targets.
 mod arthur;
 /// Built-in proof results.
 mod errors;
-/// Hash functions traits and implmentations.
+/// Hash functions traits and implementations.
 pub mod hash;
 /// IO Pattern
 mod iopattern;

src/merlin.rs

@@ -9,7 +9,6 @@ use crate::DefaultHash;
 /// Internally, it is a wrapper around a SAFE sponge.
 /// Given as input an [`IOPattern`] and a protocol transcript, it allows to
 /// de-serialize elements from the transcript and make them available to the zero-knowledge verifier.
-#[derive(Clone)]
 pub struct Merlin<'a, H = DefaultHash, U = u8>
 where
     H: DuplexHash<U>,

src/plugins/ark/mod.rs

@@ -80,7 +80,7 @@
 //! As easy as that.
 //! More _modern_ hash functions may want to operate over some some field different than $\mathbb{F}_8$,
 //! for instance over the base field of the sponge.
-//! Also in this case it's suficient to slightly change the proving function to specify the field over which the
+//! Also in this case it's sufficient to slightly change the proving function to specify the field over which the
 //! hash function operates, to something like:
 //!
 //! ```rust

src/plugins/mod.rs

@@ -9,7 +9,7 @@ pub mod ark;
 
 #[cfg(feature = "group")]
 /// (In-progress) [group](https://github.com/zkcrypto/group) bindings.
-/// This plugin is experimental and has not yet been throughly tested.
+/// This plugin is experimental and has not yet been thoroughly tested.
 pub mod group;
 
 /// Bits needed in order to obtain a (pseudo-random) uniform distribution in F.

src/plugins/traits.rs

@@ -80,7 +80,7 @@ macro_rules! group_traits {
             /// re-use the serialized element.
             type Repr;
 
-            /// Incorporate group elments into the proof without adding them to the final protocol transcript.
+            /// Incorporate group elements into the proof without adding them to the final protocol transcript.
             fn public_points(&mut self, input: &[G]) -> $crate::ProofResult<Self::Repr>;
         }
     };

src/traits.rs

@@ -16,7 +16,7 @@ pub trait UnitTranscript<U: Unit> {
 /// Absorbing bytes from the sponge, without reading or writing them into the protocol transcript.
 ///
 /// This trait is trivial for byte-oriented sponges, but non-trivial for algebraic hashes.
-/// This trait implementation is **not** expected to be straming-friendly.
+/// This trait implementation is **not** expected to be streaming-friendly.
 ///
 /// For instance, in the case of algebraic sponges operating over a field $\mathbb{F}_p$, we do not expect
 /// the implementation to cache field elements filling $\ceil{\log_2(p)}$ bytes.