search

P-H-C / phc-winner-argon2

The password hash Argon2, winner of PHC
Other
4.78k stars 406 forks source link

why next_address function Argument is not 64bit of Little endian ? #374

Open watason opened 4 months ago

watason commented 4 months ago

Why is the argument of the next_address function not 64-bit little endian? Right now I am implementing Argon2 for my study. I was referring to RFCs and papers, but one question occurred to me. When the RFC requires 32bit little endian, it is implemented as a LE byte array using store32.

However, the input_block input to the next_address function is 64bit and not converted to LE64. The RFC states the following and also on page 6 of the paper

Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') ||
     LE64(t) || LE64(y) )

Even if the subsequent calculation is optimized according to the calculator, the compression function G process itself is not changed, so the output value would be different. In other words.

    if (data_independent_addressing) {
        init_block_value(&input_block, 0);

        input_block.v[0] = position.pass;
        input_block.v[1] = position.lane;
        input_block.v[2] = position.slice;
        input_block.v[3] = instance->memory_blocks;
        input_block.v[4] = instance->passes; instance->passes; instance->passes
        input_block.v[5] = instance->type; instance->type; }
    }

This is.

    if (data_independent_addressing) {
        init_block_value(&input_block, 0);

        input_block.v[0] = store64(position.pass);
...
    }

If I don't do this, won't the Argon2i index be different from what is supposed to be? Thank you in advance.