You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ROL32in256() macro includes the necessary % operation for getting the correct constants, but I agree it would be better to just directly use the correct ones.
sphincs/x86/crypto_sign/sphincs256keccak/avx2/KeccakP-800-times8-SIMD256.c
Line 177 in ee5af8e
There exists some errors in this file. The rho offset for Keccak-P800 should module 32 which means all the constants should smaller than 32. But I found that in https://github.com/kste/sphincs/blob/ee5af8e9cffecb33f3eecd0908b86c673ced3f63/x86/crypto_sign/sphincs256keccak/avx2/KeccakP-800-times8-SIMD256.c, some of the constants are larger than 31. Also, I look at the Keccak-P1600 implementation and find out that its constants are being used in Keccak-P800.
The above implementation error leads to the fail verification of SPHINCS when instantiate with Keccak-P800 (I tested it myself).
The text was updated successfully, but these errors were encountered: