commit 95f6a5935a675efe6d30bc2388e7a0bc6b742c6d (tree)
parent 12b74b2c0587e1f3f0ce8fdae47ab76e790b0d8e
Author: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date: Thu, 9 Mar 2023 20:20:57 +0100
TurboSHAKE: change default delimiter to 0x1F (#14857)
The TurboSHAKE paper just got published:
https://eprint.iacr.org/2023/342.pdf
and unlike the previous K12 paper, suggests 0x1F instead of 0x01
as the default value for "D".
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/std/crypto/sha3.zig b/lib/std/crypto/sha3.zig
@@ -20,7 +20,7 @@ pub const Shake256 = Shake(256);
/// TurboSHAKE128 is a XOF (a secure hash function with a variable output length), with a 128 bit security level.
/// It is based on the same permutation as SHA3 and SHAKE128, but which much higher performance.
-/// The delimiter is 0x01 by default, but can be changed for context-separation.
+/// The delimiter is 0x1f by default, but can be changed for context-separation.
pub fn TurboShake128(comptime delim: ?u8) type {
return TurboShake(128, delim);
}
@@ -96,7 +96,7 @@ pub fn Shake(comptime security_level: u11) type {
/// The TurboSHAKE extendable output hash function.
/// https://datatracker.ietf.org/doc/draft-irtf-cfrg-kangarootwelve/
pub fn TurboShake(comptime security_level: u11, comptime delim: ?u8) type {
- return ShakeLike(security_level, delim orelse 0x01, 12);
+ return ShakeLike(security_level, delim orelse 0x1f, 12);
}
fn ShakeLike(comptime security_level: u11, comptime delim: u8, comptime rounds: u5) type {