Closed phmarek closed 6 years ago
For reference, here's the calculation of the round constants for the SHA3 case:
(loop with LFSR = #x01
for i from 0 below 24
for word = 0
do (dotimes (j 7)
(when (oddp LFSR)
(let ((bit-pos (1- (ash 1 j))))
(setf word
(logxor word
(ash 1 bit-pos)))))
(setf LFSR
(if (zerop (logand LFSR #x80))
(ash LFSR 1)
(logxor (ash LFSR 1)
#x71))))
do (format t "~16,'0x~%" word))
For the Ethereum KECCAK256 version the LFSR needs to start with 6.
Please advise how the changed constants should be integrated with the optimized code - and whether all the keccak
-names should be fixed to be sha3
...
Thanks a lot!
I added the original Keccak digests (i.e. SHA3 with different padding) in commit 6764e984082221920acadaca1b3186b41b2c12b5.
Hashing with :keccak/256
gives the same result as Ethereum's Keccak-256 (tested with the value in https://ethereum.stackexchange.com/questions/550/which-cryptographic-hash-function-does-ethereum-use).
The difference seems to be the LFSR used to build the round constants: https://ethereum.stackexchange.com/questions/30369/difference-between-keccak256-and-sha3
One example hash input and output value pair can be taken from https://github.com/ethereum/solidity/blob/develop/test/liblll/EndToEndTest.cpp#L566
Thanks a lot!