standalone: Add M14 testvector generation

[aewag]

I could not find any M14 testvectors as I was writing a Rust implementation (RustCrypto/hashes#475). Therefore, I added the M14 implementation to the TestVectors.py script to print them as well.

I copied the input generation from the printK12TestVectors routine.

[gvanas]

Hello Alexandre.

I don't think adding M14 is a good idea. If you need to implement 256-bit security, I would rather define a variant of K12 that calls TurboSHAKE256 instead of TurboSHAKE128.

What do you think?

PS: Thanks for all the K12-related work that you are doing in RustCrypto!

[aewag]

Hello Alexandre.

I don't think adding M14 is a good idea. If you need to implement 256-bit security, I would rather define a variant of K12 that calls TurboSHAKE256 instead of TurboSHAKE128.

What do you think?

Hey Gilles,

yes, that makes sense as it also simplifies implementations. I simply sticked to the k12 paper from 2016 for the m14 implementation.

One question regarding k12-256 is there any "official" document/paper stating this variant?
Or do you see a need to to release any in the future?

PS: Thanks for all the K12-related work that you are doing in RustCrypto!

You're welcome, it's a combination of fun and work :D. Thanks for your answers and comments.

[gvanas]

One question regarding k12-256 is there any "official" document/paper stating this variant?
Or do you see a need to to release any in the future?

There is no such definition yet, but we will give it a try in the near future. The hardest part will be to give it a good name. 😄