ACVP icon indicating copy to clipboard operation
ACVP copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

cSHAKE MCT clarifications

Open smuellerDD opened this issue 2 years ago • 4 comments

This notification relates to issue #1246.

May I suggest to add to the specification that Rightmost_Output_bits is a 16 bit little endian value when used as string?

Customization = BitsToString(InnerMsg || Rightmost_Output_bits);

May I suggest to add a value to the test vector to communicate the OutLenIncrement value? Without this information, the test vector is not self-sufficient and must always relate to the request.

The functions of Left and Right do not seem to be documented. Is the parameter to it in bits or bytes (I suspect bits)?

The function ZeroBits(128) is not defined.

Side note: I tried to upload a cSHAKE result and the validation is not complete now after some 4 hours (vsID 941449).

smuellerDD avatar Apr 04 '22 14:04 smuellerDD

Hi @smuellerDD,

I don't understand what you mean by "May I suggest to add to the specification that Rightmost_Output_bits is a 16 bit little endian value when used as string?" Per #1246, I'm thinking it makes sense to point out that Rightmost_Output_bits is interpreted as a little endian number in OutputLen = MinOutLen + (floor((Rightmost_Output_bits % Range) / OutLenIncrement) * OutLenIncrement);, but that doesn't sound like what you're saying.

Sure, it makes sense to add OutLenIncrement to the prompt file and I can add definitions of Left(), Right() and ZeroBits() to the spec. It looks like our example cSHAKE prompt is out of date in the spec as well.

-Ben

livebe01 avatar Jun 22 '22 20:06 livebe01

Am Mittwoch, 22. Juni 2022, 22:40:07 CEST schrieb livebe01:

Hi livebe01,

Hi @smuellerDD,

I don't understand what you mean by "May I suggest to add to the specification that Rightmost_Output_bits is a 16 bit little endian value when used as string?" Per #1246, I'm thinking it makes sense to point out that Rightmost_Output_bits is interpreted as a little endian number in OutputLen = MinOutLen + (floor((Rightmost_Output_bits % Range) / OutLenIncrement) * OutLenIncrement);, but that doesn't sound like what you're saying.

That is what I tried to say - there is no word about Rightmost_Output_bits and the remainder of the ACVP always uses big endian.

Sure, it makes sense to add OutLenIncrement to the prompt file and I can add definitions of Left(), Right() and ZeroBits() to the spec. It looks like our example cSHAKE prompt is out of date in the spec as well.

Thanks

-Ben

Ciao Stephan

smuellerDD avatar Jun 23 '22 05:06 smuellerDD

Awesome, thanks @smuellerDD

livebe01 avatar Jun 23 '22 13:06 livebe01

The fix for this is now on Demo, v1.1.0.25.

livebe01 avatar Aug 12 '22 20:08 livebe01

The fix for this is now on Prod in release v1.1.0.25.

livebe01 avatar Sep 26 '22 13:09 livebe01