Open m-temp opened 6 months ago
I filed a draft PR https://github.com/lowRISC/opentitan/pull/22537 I favor to add another one-hot encoded field for the variant.
Question: Is it a problem, if this field is ignored when we later implement hashing/XOF?
https://github.com/lowRISC/opentitan/pull/22981 implements both variants. Due to the structure of the reference implementation / vendor code, only either ascon128 or ascon128a can be tested at the same time.
I am ok with the one-hot encoded field in #22537 and I think the testing limitation will be ok.
Please get someone from software to comment on the field being ignored in XOF mode(s)
Currently there are two Ascon variants:
Unfortunately, NIST hasn't decided how the final standard should look like. According to https://csrc.nist.gov/Presentations/2023/update-on-standardization-of-ascon-family the latest news is:
This means, we most likely need Ascon-128.
There are two options atm: a) Implementing both Ascon-128 and Ascon-128a and add a config option in the control register. b) Implementing only Ascon-128 at the moment and add later (if needed) Ascon-128a.
_See https://github.com/lowRISC/opentitan/pull/22218#discussion_r1555909433_