10000 Nonce position and test vectors PRNG · Issue #1 · tpoeppelmann/newhope · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Nonce position and test vectors PRNG #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dchest opened this issue May 29, 2016 · 0 comments
Open

Nonce position and test vectors PRNG #1

dchest opened this issue May 29, 2016 · 0 comments

Comments

@dchest
Copy link
dchest commented May 29, 2016
edited
Loading

Hello!

I'm porting New Hope to JavaScript and want to make sure my code behaves exactly the same and generates the same test vectors as reference implementation. I found the following nits:

  1. In helprec nonce byte is put at the end 00000000B (https://github.com/tpoeppelmann/newhope/blob/master/ref/error_correction.c#L81), while in poly_getnoise it's in the beginning B00000000 (https://github.com/tpoeppelmann/newhope/blob/master/ref/poly.c#L105). Since nonce bytes are different anyway, I see no reason for this (well, other than to make sure it's really-really different).
  2. PRNG in testvectors.c is very strange: it seems like there's confusion between uint32 (out) and unsigned char (x) https://github.com/tpoeppelmann/newhope/blob/master/ref/test/testvectors.c#L51 It kinda works, since randombytes always gets 32 bytes, but will write past the buffer if length is not divisible by 4. I propose replacing the whole construction with ChaCha-based PRNG:
static unsigned char key[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ;
static unsigned char nonce[8];
static unsigned char out[64];
static int outleft = 0;

void randombytes(unsigned char *x,unsigned long long xlen)
{
  while (xlen > 0) {
    if (outleft == 0) {
      if (!++nonce[0]) if (!++nonce[1]) if (!++nonce[2]) ++nonce[3];
      crypto_stream_chacha20(out, 64, nonce, key);
      outleft = 64;
    }
    *x = out[--outleft];
    ++x;
    --xlen;
  }
}

Also, I could build reference implementation on OS X only if I removed -msse2avx -march=corei7-avx from CFLAGS. It seems like they are not needed for ref, so perhaps should be removed?

Thank you!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dchest
0