Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor: Keccak Permutation #3675

Closed
wants to merge 7 commits into from
Closed

Refactor: Keccak Permutation #3675

wants to merge 7 commits into from

Conversation

reneme
Copy link
Collaborator

@reneme reneme commented Aug 18, 2023
edited
Loading

Pull Request Dependencies

This builds on top of #3673. @falko-strenzke feel free to incorporate my two patches into your PR and squash it all together. We could then just close this one and merge your's.

Description

This applies further cleanup to Keccak_Permutation and widens its versatility somewhat. Most notably:

  • Replace single-shot ::expand() with more versatile ::squeeze()
    Just like ::absorb() before, ::squeeze() can be called multiple times with arbitrary-length buffers. That's really useful for implementing XOFs (see eXtendable Output Functions as first-class citizen #3671).

  • use BufferStuffer/BufferSlicer in ::squeeze() and ::absorb()
    That's more of a style thing to avoid some raw pointers and lots of offset shifting. IMHO, that makes the code as "readable" as it gets. 🤡

  • remove low-level access to Keccak state and static mutation methods
    I believe that's actually the whole point of this new class: No more fiddling with Keccak-states and offset positions in the implementations of "SHA3", "SHAKE" and the "Keccak" hash. @falko-strenzke please make sure that this interface is enough to implement KMAC as well.

  • ::permute() is now private
    Its an implementation detail of the sponge construction and should be handled that way, I think. Or are there use cases where a downstream user would want to have control over when exactly permute() should be called?

My two cents

Was this refactoring worth it? I think so! The implementations of "SHA3", "SHAKE" and the upcoming "SHAKE" XOF are now super slim an concise. Note though, that the implementations for SHA_3 and Keccak_1600 (the hash) are basically identical. I hope that's roughly what @randombit had in mind when we started arguing about the architecture back in February (#3279)

@reneme reneme force-pushed the refactor/keccak_permutation branch from 2a2495b to 9d16394 Compare August 18, 2023 14:27
@reneme reneme mentioned this pull request Aug 18, 2023
Merged
@randombit
Copy link
Owner

👍

@reneme reneme force-pushed the refactor/keccak_permutation branch from 9d16394 to 88c4a1c Compare August 19, 2023 09:35
@coveralls
Copy link

coveralls commented Aug 19, 2023
edited
Loading

Coverage Status

coverage: 91.718% (+0.006%) from 91.712% when pulling 8b4d4a3 on Rohde-Schwarz:refactor/keccak_permutation into dfe1714 on randombit:master.

@reneme
Clean up the Keccak_Permutation
8b4d4a3 
* replace single-shot ::expand() with more versatile ::squeeze()
* use BufferStuffer/BufferSlicer in ::squeeze() and ::absorb()
* remove low-level access to Keccak state
* remove static Keccak state mutation methods
* ::permute() is now private
@reneme reneme force-pushed the refactor/keccak_permutation branch from 88c4a1c to 8b4d4a3 Compare August 19, 2023 10:51
This was referenced Aug 19, 2023
Merged
Closed
@reneme
Copy link
Collaborator Author

reneme commented Aug 21, 2023

Closing, after @falko-strenzke squashed my changes into #3673.

@reneme reneme closed this Aug 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@reneme @randombit @coveralls @falko-strenzke