sfluhrer
commented
1 year ago Oops, David Cooper is right; this does flip the bit order for each leaf. What we want is:
indices[i] ^= ((m[offset >> 3] >> (~offset & 0x7)) & 0x1) << (SPX_FORS_HEIGHT-1-j);
Open bwesterb opened 1 year ago
sfluhrer
commented
1 year ago Oops, David Cooper is right; this does flip the bit order for each leaf. What we want is:
indices[i] ^= ((m[offset >> 3] >> (~offset & 0x7)) & 0x1) << (SPX_FORS_HEIGHT-1-j);
bwesterb
commented
1 year ago Indeed, whoops. Generating new test vectors now ...
bwesterb
commented
1 year ago Done.
mberry
commented
1 year ago Is there a timeline for this getting merged? It's a breaking change so perhaps should come with some forewarning?
bwesterb
commented
1 year ago Is there a timeline for this getting merged? It's a breaking change so perhaps should come with some forewarning?
SPHINCS+ (or SLH-DSA as it will be called by NIST) is not finalised, and could very well see even more changes. If you want to adopt early, you should fix on a specific commit (and keep track for bug fixes.) I'm sorry, this is annoying for early adopters, but that's the risk of adopting early.
mberry
commented
1 year ago It's all good, was simply wondering about how the rollout would happen.
Codewise the change is trivial, it is more the versioning and nomenclature around this change.
bwesterb
commented
11 months ago Rebased on master.
bwesterb
commented
6 months ago Rebased to include fix of #59. /cc @kste
As proposed by NIST's David Cooper:
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/88tuvtb7nN4/m/DA1QCoJWBAAJ