Hi Everyone,
The Kalyna team sent us polynomials for GCM mode (beyond the 128-bit one
that NIST uses). They are from DSTU 7624:2014, and listed below.
128-bit block: x^127 + x^7 + x^2 + x + 1
256-bit block: x^256 + x^10 + x^5 + x + 1
512-bit block: x^512 + x^8 + x^5 + x^2 + 1
My first question is, are we mostly safe using them when we need a
polynomial for a larger block size? For example, here's a recent update to
CMAC for testing:
https://github.com/weidai11/cryptopp/commit/7697857481f51c51. It uses the
512-bit block polynomial.
A question on Crypto Stack Exchange has also questioned a parameter used in
CMAC mode of operation. If my math is correct in evaluating the polynomial
at X=2, then the 256-bit block is correctly using 0x423 (not 0x425). Also
see https://crypto.stackexchange.com/q/9815/10496.
My second question is, is our use of 0x423 correct?
Jeff
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
