hashes icon indicating copy to clipboard operation
hashes copied to clipboard

Published 20 hours ago verified publisher icon RustCrypto

Refactor k12

Open aewag opened this issue 3 years ago • 7 comments

The k12 crate had its own keccak-p permutation implementation. With https://github.com/RustCrypto/sponges/pull/7 a generic keccak-p implementation would be available, which could be used within the k12 crate.

Depends on

  • [ ] https://github.com/RustCrypto/sponges/pull/7
  • [ ] and a new release of the keccak crate ;)

aewag avatar Jan 23 '22 20:01 aewag

For K12, it would be interesting to also have SIMD implementations of parallel Keccak-p permutations.

Sorry, I cannot help directly because I am not fluent in Rust, but I can at least point out such implementations in XKCP/K12 for inspiration.

gvanas avatar Jan 25 '22 10:01 gvanas

For K12, it would be interesting to also have SIMD implementations of parallel Keccak-p permutations.

Sorry, I cannot help directly because I am not fluent in Rust, but I can at least point out such implementations in XKCP/K12 for inspiration.

Yes, that definitely would get some nice improvements. Currently I have made a draft PR for SIMD backed Keccak-f permutations in https://github.com/RustCrypto/sponges/pull/8. As soon as this is available, the k12 implementation could be updated to incorporate it.

EDIT: https://github.com/RustCrypto/sponges/pull/8 would need an generic SIMD backed keccak-p permutation for use within k12. I'll extend the draft PR.

aewag avatar Jan 25 '22 11:01 aewag

I was not aware of that PR. Nice!

gvanas avatar Jan 25 '22 14:01 gvanas

@aewag this is great work. Anything I can do to help move it along?

tarcieri avatar Mar 27 '22 18:03 tarcieri

@aewag this is great work. Anything I can do to help move it along?

If you have time to review https://github.com/RustCrypto/sponges/pull/7, that would be great. Other than that, this propably needs a rebase and should more or less work.

(I planned to further update the implementation to be alloc-free and maybe also in the future with SIMD support, but I will not able to work on this in the near future.)

EDIT: I just rebased this on top of the current master.

aewag avatar Mar 28 '22 15:03 aewag

@aewag went ahead and merged https://github.com/RustCrypto/sponges/pull/7. We can probably cut another release of the keccak crate.

I wanted to point out this is probably the biggest problem with the k12 crate in its current form:

https://github.com/RustCrypto/hashes/blob/1cdbd5363f8e20cc378e19bce4d6470143f08ff7/k12/src/lib.rs#L37-L39

It buffers all of the input in a Vec<u8> and doesn't actually hash it until XofReader::read:

https://github.com/RustCrypto/hashes/blob/1cdbd5363f8e20cc378e19bce4d6470143f08ff7/k12/src/lib.rs#L128-L177

That makes the implementation unusable for large inputs, and it doesn't properly implement the XofReader contract in that it will panic if XofReader::read is called repeatedly.

tarcieri avatar May 11 '22 18:05 tarcieri

@aewag went ahead and merged RustCrypto/sponges#7. We can probably cut another release of the keccak crate.

I wanted to point out this is probably the biggest problem with the k12 crate in its current form. That makes the implementation unusable for large inputs, and it doesn't properly implement the XofReader contract in that it will panic if XofReader::read is called repeatedly.

Yep, agreed. I started to work on these (two) issue(s), but I don't have yet a working implementation.

aewag avatar May 12 '22 07:05 aewag

@tarcieri I finished the refactoring. The PR is ready for review.

aewag avatar May 08 '23 08:05 aewag

Thank you! :+1:

aewag avatar May 09 '23 13:05 aewag

I can cut a release if you'd like

tarcieri avatar May 09 '23 13:05 tarcieri

Yeah, that would be nice. Thanks!

aewag avatar May 09 '23 15:05 aewag