Use PyCryptodome's implementation of TurboSHAKE128

Support for TurboSHAKE was recently (as of version 3.20.0) added to PyCryptodomex. Use it instead of our own implementation and remove our implementation. Accordingly, remove the draft-irtf-cfrg-kangarootwelve submodule, as we no longer need it for interop testing with our code. Note that PyCryptodomex can be upgraded with: $ sage -pip install --upgrade pycryptodomex
cfrg · Jan 11, 2024 · 2c7a681 · 2c7a681
1 parent 97fcdd4
commit 2c7a681
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 205 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -25,7 +25,8 @@ jobs:
     - name: Install Sage
       run: |
         sudo apt-get update
-        sudo apt-get install -y sagemath python3-pycryptodome python3-cffi
+        sudo apt-get install -y sagemath python3-cffi
+        sage -pip install pycryptodomex
 
     - name: Run tests
       working-directory: poc

diff --git a/.gitmodules b/.gitmodules
diff --git a/poc/Makefile b/poc/Makefile
@@ -2,7 +2,6 @@ test:
 	sage -python common.py
 	sage -python field.py
 	sage -python xof.py
-	sage -python turboshake.py
 	sage -python flp.py
 	sage -python flp_generic.py
 	sage -python idpf.py

diff --git a/poc/README.md b/poc/README.md
@@ -15,6 +15,8 @@ In order to run the code you will need to install
 sage --pip install pycryptodomex
 ```
 
+Version 3.20.0 or later is required.
+
 ## Generating test vectors
 
 To generate test vectors, set the value of `TEST_VECTOR` in `common.py` to

diff --git a/poc/draft-irtf-cfrg-kangarootwelve b/poc/draft-irtf-cfrg-kangarootwelve
diff --git a/poc/turboshake.py b/poc/turboshake.py
diff --git a/poc/xof.py b/poc/xof.py
@@ -3,11 +3,11 @@
 from __future__ import annotations
 
 from Cryptodome.Cipher import AES
+from Cryptodome.Hash import TurboSHAKE128
 
 from common import (TEST_VECTOR, VERSION, Bytes, Unsigned, concat, format_dst,
                     from_le_bytes, gen_rand, next_power_of_2,
                     print_wrapped_line, to_le_bytes, xor)
-from turboshake import NewTurboSHAKE128, TurboSHAKE128
 
 
 class Xof:
@@ -76,12 +76,11 @@ def __init__(self, seed, dst, binder):
         self.m = to_le_bytes(len(dst), 1) + dst + seed + binder
         '''
         self.length_consumed = 0
-        state = NewTurboSHAKE128(1)
-        state.update(to_le_bytes(len(dst), 1))
-        state.update(dst)
-        state.update(seed)
-        state.update(binder)
-        self.state = state.squeeze()
+        self.h = TurboSHAKE128.new(domain=1)
+        self.h.update(to_le_bytes(len(dst), 1))
+        self.h.update(dst)
+        self.h.update(seed)
+        self.h.update(binder)
 
     def next(self, length):
         '''
@@ -97,7 +96,7 @@ def next(self, length):
         stream = TurboSHAKE128(self.m, 1, self.l)
         return stream[-length:]
         '''
-        return self.state.next(length)
+        return self.h.read(length)
 
 
 class XofFixedKeyAes128(Xof):
@@ -122,8 +121,11 @@ def __init__(self, seed, dst, binder):
         #
         # Implementation note: This step can be cached across XOF
         # evaluations with many different seeds.
-        fixed_key = TurboSHAKE128(
-            to_le_bytes(len(dst), 1) + dst + binder, 2, 16)
+        h = TurboSHAKE128.new(domain=2)
+        h.update(to_le_bytes(len(dst), 1))
+        h.update(dst)
+        h.update(binder)
+        fixed_key = h.read(16)
         self.cipher = AES.new(fixed_key, AES.MODE_ECB)
         # Save seed to be used in `next`.
         self.seed = seed