I touched upon this earlier in this comment but want to create a separate issue to explain context and discuss this problem.

I have successfully ported the gg18 example to webassembly using wasm-bindgen / wasm-bindgen-rayon and with a hack for Crypto.getRandomValues() we are generating keys and signing messages.

However, we have a use case for the WASM module that involves running it in a service worker as part of a browser extension but we are not permitted to use SharedArrayBuffer due to the Spectre mitigations so using multiple threads in webassembly is problematic for us.

Looking at where rayon is used:

rayon v1.5.1
├── centipede v0.3.0
│   └── multi-party-ecdsa v0.8.0 (/home/muji/git/consensys/multi-party-ecdsa)
├── criterion v0.3.5
│   [dev-dependencies]
│   └── multi-party-ecdsa v0.8.0 (/home/muji/git/consensys/multi-party-ecdsa)
├── kzen-paillier v0.4.2
│   ├── multi-party-ecdsa v0.8.0 (/home/muji/git/consensys/multi-party-ecdsa)
│   └── zk-paillier v0.4.2
│       └── multi-party-ecdsa v0.8.0 (/home/muji/git/consensys/multi-party-ecdsa)
└── zk-paillier v0.4.2 (*)

We would need to update centipede, kzen-paillier and zk-paillier to support a single threaded feature that would disable the use of rayon.

Given you know the code in those libraries much better than I do, how feasible/desirable would it be to add a single threaded feature?

Thanks as always for your help 🙏

@survived, if I do the work to support this would you land the PRs?

At the moment this is a blocker for us as our use case is for MFA in a browser extension.