zcash / zips

Zcash Improvement Proposals
https://zips.z.cash
MIT License
274 stars 156 forks source link

[protocol spec] Document security consequences (none for Zcash) of a distinguisher on FF1 #666

Closed daira closed 10 months ago

daira commented 1 year ago

https://github.com/str4d/fpe/pull/22#issuecomment-1385930663

daira commented 1 year ago

Note that the protocol spec references the NIST spec https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf which is for 10 rounds (and so is our implementation).

daira commented 10 months ago

This is done in 2023.4.0.