KangarooTwelve #708
KangarooTwelve #708
Conversation
There was a problem hiding this comment.
I guess you're missing something there.
hash_state is a union, i.e. it would be valid to do the following:
struct sha3_state st;
sha3_shake_init((hash_state*)&st, 128);https://godbolt.org/z/Wq3oaETcE
Please revert this change, I'd prefer to keep the codebase of all the algorithms similar.
|
Yes, that works, but. I need to keep the two SHAKE states inside a KT state between invocations of the init/process/done functions. And because of the union thing, the KT state would be unnecessary big. Keeping state for other hashes that we don't care about inside KT logic. Do you prefer me reverting this or changing every other algorithm to use its own state instead? // Edit: Oh, I misunderstood. Now I get it. I will do the change you propose. |
sjaeckel
left a comment
sjaeckel
left a comment
There was a problem hiding this comment.
Thanks a lot!
Very good PR :)
Thanks for updating the docs ❤️
What do you think of my suggestions?
MarekKnapek
force-pushed
the
KangarooTwelve
branch
from
7de08be to
63bf8b1
Compare
sjaeckel
left a comment
sjaeckel
left a comment
There was a problem hiding this comment.
I overlooked that at the first review.
Thanks for reverting the first commit, the changes look a lot better now.
| \subsection{KangarooTwelve} | ||
| Another variation of SHA3 SHAKE is KangarooTwelve, which has been specified in \href{https://datatracker.ietf.org/doc/rfc9861/}{\texttt{RFC 9861}}. | ||
|
|
||
| The API works equivalent to the one of SHA3 SHAKE, where the APIs only have a different name. Additionally, KangarooTwelve supports customization. You can append any or none customization bytes after all input bytes and before squeezing any output digest bytes. |
There was a problem hiding this comment.
Can one also append customization bytes in multiple calls?
I'm just asking.
And is the result of kt_customization("foobar"); the same as of kt_customization("foo"); kt_customization("bar");?
There was a problem hiding this comment.
OK, so the RFC specifies that we MAY propose an incremental interface, for either M or C, so we should also document that somewhere what we support.
I just had a look at the RFC for the first time ... the D isn't fixed to 0x1F, maybe it'd make sense to add support for variable D in a future PR. But now we focus on KT.
There was a problem hiding this comment.
Yes, the customization could be appended multiple times. And yes, about the foobar==foo+bar. You can append unlimited amount of customization bytes, up to unsigned long count, if you want to append more, we should change the variable type holding the number of customization bytes added. To 128 bit number or even larger one. The project https://github.com/kerukuro/digestpp is quite limited in this regard, it holds the entire customization string in memory at once. My implementation holds only the SHAKE state. They also hold a 8 kB buffer, I hold a SHAKE state instead.
MarekKnapek
force-pushed
the
KangarooTwelve
branch
4 times, most recently
from
a89025e to
82f13dd
Compare
sjaeckel
left a comment
sjaeckel
left a comment
There was a problem hiding this comment.
Sorry for those nitpicks and thanks for your patience.
KangarooTwelve 128bits and KangarooTwelve 256 bits. https://keccak.team/files/TurboSHAKE.pdf https://www.rfc-editor.org/rfc/rfc9861.txt https://datatracker.ietf.org/doc/html/rfc9861
No need to apologize, it is your project, that means your rules and standards. I'm not familiar with your rules, by telling me what I did wrong I'm learning them. |
MarekKnapek
force-pushed
the
KangarooTwelve
branch
from
82f13dd to
6832f3c
Compare
|
That was quick! Thanks for the PR and the reactive way of handling the reviews :) |
2 participants
Checklist