sha3.Shake128 with abstract.NoKey NOT random #70

nikkolasg · 2016-06-08T09:27:50Z

Found a unusual behavior when debugging edwards/ed25519 suites:
If you create a rand := cipher.Stream from those suites (using sha3.Shake128), and then retrieve a slice of bytes from it using random.Bytes(32,rand), the slice of bytes are always zero the first 6 times. Having discussed with @Daeinar , it may be related to the size of the state of sha3.Shake128 but as I'm really not familiar with those sponge cipher (yet!), I can't say.
It's definitely not a correct behavior as every output should look completely random whatever the input is.
This faulty behavior is kinda hidden in nist.Int.Pick(rand) where this function calls random.Int which iterates as long as the number returned fulfills n != 0.

The text was updated successfully, but these errors were encountered:

jeffallen · 2017-11-30T12:15:47Z

This is no longer an issue since XOF replaced Cipher.

nikkolasg added a commit that referenced this issue Jun 8, 2016

commented out test + issue shake128 #70

464b5e8

nikkolasg mentioned this issue Jun 10, 2016

Final version: Ed25519 with EdDSA compatibility #72

Closed

nikkolasg added the bug label Jun 15, 2016

liamsi mentioned this issue Jul 5, 2016

TestAES in sha3 package fails (sometimes) #85

Closed

jeffallen assigned jeffallen and unassigned jeffallen Nov 6, 2017

jeffallen closed this as completed Nov 30, 2017

ineiti added a commit that referenced this issue Mar 19, 2018

renamed conode to server (#70)

42f58b5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sha3.Shake128 with abstract.NoKey NOT random #70

sha3.Shake128 with abstract.NoKey NOT random #70

nikkolasg commented Jun 8, 2016

jeffallen commented Nov 30, 2017

sha3.Shake128 with abstract.NoKey NOT random #70

sha3.Shake128 with abstract.NoKey NOT random #70

Comments

nikkolasg commented Jun 8, 2016

jeffallen commented Nov 30, 2017