Add byte-delimited API for SHA2 and SHA3 #194
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- uses new bytes API in WOTS+
This only applies to ML-KEM final version. It could technically also be used in ML-KEM's 3.01 draft but I'm choosing not to try to change that because we don't have tests to validate it.
This skips applications where we don't have enough tests to be confident about the changes (basically, old versions of ml-kem and ml-dsa).
mccleeary-galois
approved these changes
Nov 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #193.
This adds some bytewise APIs to simplify calls to the hash functions.
There are more applications of SHA2 and SHA3 that operate over byte-delimited inputs, but they're all in old competition versions of ML-KEM and ML-DSA. I did not change those here because they don't have any KATs to give me confidence that I replaced them correctly, and because I intend to delete them, so I don't want to invest time into understanding them very carefully right now (see #152).
Input requested on whether you want more documentation to justify the existence or correctness of these.