Round Constatn Inconsistency between Haraka v2 documentation and Implementation in ref.py

[mecsie0415]

Hi! I'm a student currently working on turning Haraka_v2 to HDL languages. When I'm tracing the code ref.py, I've noticed that RC is consistent with the Round Constants defined in the Haraka v2 – Efficient Short-Input Hashing for Post-Quantum Applications . However, it seems that the round constant used in each round of AES round function goes wrong. def convRC(rc): rcstr = hex(rc)[2:-1].zfill(32) return [int(rcstr[i:i + 2], 16) for i in range(0, 32, 2)] The code above would drop 4 least significant bits while converting each RC to 16 words state, resulting in adding 4 0 bits on the MSB side. Thank you for the time reading my questions, I think rcstr = hex(rc)[2:].zfill(32) should fix the inconsistency.

[ajbkr]

@mecsie0415 Exceptionally well-spotted! I can confirm that by modifying ref.py in the manner you have described, I now get identical output when running both the reference C implementation and, especially now, the reference Python implementation. I am especially grateful to you, as I am just learning about cryptographic functions and had intended to do so by re-implementing Haraka v2 in a different programming language.