2

I'm building a minimal-dependancy crypto library, working on a keccak implementation based on this specification document.

I'm confused about following

this

aspect of the t computation described in the paper among the group of calculations on page 8.

Is there a simple, pythonic way to calculate t, or do I need to learn about matrix-logarithms?

Thanks!

Ari Kanevsky
  • 63
  • 1
  • 5
  • Also, if this question is better asked in math overflow, I can do that! – Ari Kanevsky Jan 09 '18 at 03:18
  • 1
    Ari, given that according to the spec "_`t` satisfying `0 ≤ t < 24`_", you probably can just pre-compute and cache all possibilities and then just match them in a map/dictionary. – SergGr Jan 09 '18 at 03:30
  • 1
    Best to look at a reference implementation; generally you should be able to calculate everything relatively simply. Unfortunately my own implementation is not proceeding anywhere at all. This **is** the right place to ask and if it stays unanswered then I could assign it a bounty (in a day or 1,5). And if that fails there is always https://crypto.stackexchange.com (but officially it belongs here as it is implementation specific, asking how this translates into more common bitwise operations could be on topic there though). – Maarten Bodewes Jan 09 '18 at 18:25
  • Thanks for letting me know it is in the right place. Also, thank you SergGr that is what I will do. – Ari Kanevsky Jan 09 '18 at 18:46
  • I believe SergGr answered it via comment in a sufficient enough way. I can create a table of 24 t values, and iterate each through the above equation until [x, y] is satisfied. I am also learning to calculate values within a given Galois Field via: https://www.youtube.com/watch?v=x1v2tX4_dkQ . Do you guys know any other crypto related methodology I should be studying to build this library? – Ari Kanevsky Jan 10 '18 at 05:12
  • @AriKanevsky, beware that if you go this route, you actually need 25 values because there is also following clause "`or t = −1 if x = y = 0`". And as for iterating, I believe that Python has a [dict](https://docs.python.org/2/tutorial/datastructures.html#dictionaries) and tuple can be a key. So using it will probably be more efficient. On the other hand, beware that efficiency might sometimes be a bad thing for good cryptography because it might open the door to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack). I haven't study the algorithm to know if this is such a place. – SergGr Jan 11 '18 at 14:05
  • Yes the first part is taken into account, separate clauses in the code for t = -1 vs 0 <= t < 24. And I am not sure how a dict would be faster in this case than an array of t-values, in either sense don't you need to iterate until t satisfies the equation? (Also really interesting point on security :P, I guess we can look at this conversation as a breach as well :) ) Maybe I will delete later :) – Ari Kanevsky Jan 11 '18 at 17:04
  • If you guys are interested in keeping an eye on the repo progress, providing more insightful feedback, or helping grow the library I have started a repo where I am pushing Keccak code here: https://github.com/arikanev/crpyto. I am also open to moving the repo from my personal account if that means more collaborators. Any other place I should look for interested open src developers? – Ari Kanevsky Jan 13 '18 at 22:20

0 Answers0