Using Keccak-P1600 Rho constant in Keccak-P800 #2
Comments
|
Thank you for reporting this! The ROL32in256() macro includes the necessary % operation for getting the correct constants, but I agree it would be better to just directly use the correct ones. The round constants should match https://github.com/gvanas/KeccakCodePackage/blob/master/SnP/KeccakP-800/Optimized32/KeccakP-800-opt32.c , so the issue might be somewhere else. |
|
Alright, do you have any plan to fix or test this? |
|
I will have a look at it as soon as I find time! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sphincs/x86/crypto_sign/sphincs256keccak/avx2/KeccakP-800-times8-SIMD256.c
Line 177 in ee5af8e
There exists some errors in this file. The rho offset for Keccak-P800 should module 32 which means all the constants should smaller than 32. But I found that in https://github.com/kste/sphincs/blob/ee5af8e9cffecb33f3eecd0908b86c673ced3f63/x86/crypto_sign/sphincs256keccak/avx2/KeccakP-800-times8-SIMD256.c, some of the constants are larger than 31. Also, I look at the Keccak-P1600 implementation and find out that its constants are being used in Keccak-P800.
The above implementation error leads to the fail verification of SPHINCS when instantiate with Keccak-P800 (I tested it myself).
The text was updated successfully, but these errors were encountered: