Open href opened 6 years ago
Oh my, yes the table-based CTZ implementation used for PMAC is completely bogus for this purpose, at least unless it were to be iterated modulo the the table size when it overflows like this.
That said, I have been meaning to go through all of the implementations of CTZ in languages that don't provide an intrinsic for it (which is Python, Ruby, and JavaScript, as Go and Rust provide one) and replace them with with a method based on De Bruijn sequences, which IMO is the "proper" solution.
If you don't mind, I'll hijack this ticket as a tracking issue for that...
If you don't mind, I'll hijack this ticket as a tracking issue for that...
Sure, go ahead. I just wanted to make sure to report this, especially since it's rather simple to reproduce.
Using AES-PMAC-SIV with Python 3.6 as follows produces as an error:
With AES-SIV this error does not occur.