quininer / dilithium

Dilithium: Digital Signatures from Module Lattices
MIT License
5 stars 3 forks source link

Random Oracle #1

Open wangxueli1993 opened 5 years ago

wangxueli1993 commented 5 years ago

I want to know how to realize the random oracle. Which hash function have you chosen?

quininer commented 5 years ago

I used shake128 and shake256, which is mentioned in section 6.1 of dilithium paper.

It is worth noting that kyber originally used cSHAKE and shake{128,256}, but later changed to sha3-{256,512}.