| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | mgf1: Refactored MGF1 as an XOF | Andreas Steffen | 2016-09-21 | 1 | -5/+5 |
| | | |||||
| * | integrity-test: Added bliss_param_sets to read-only segment | Andreas Steffen | 2016-07-29 | 1 | -3/+5 |
| | | |||||
| * | Use MGF1 with SHA-512 as BLISS random oracle | Andreas Steffen | 2015-07-27 | 1 | -42/+41 |
| | | |||||
| * | Generalize c_indices generation using SHA-512 random oracle. | Markku-Juhani Olavi Saarinen | 2015-07-27 | 1 | -18/+24 |
| | | | | | | | This generalization allows the ring dimension n to be different from the current n = 512 and allows kappa to be > 56. Also the hash octets are consumed in a more consistent manner. | ||||
| * | Fixed several bugs in the BLISS signature generation/verification step. | Markku-Juhani Olavi Saarinen | 2015-07-27 | 1 | -4/+8 |
| | | | | | | | | | | | | | | | | | The c_indices derived from the SHA-512 random oracle consist of nine bits (0..511). The leftmost 8 bits of each index are taken on an octet-by-octet basis from the 56 leftmost octets of the SHA-512 hash. The 9th bit needed for the LSB is taken from the extra_bits 64 bit unsigned integer which consists of the 8 rightmost octets of the SHA-512 hash (in network order). If more than 56 indices must be derived then additional rounds of the random oracle are executed until all kappa c_indices have been determined. The bug fix shifts the extra_bits value by one bit in each loop iteration so that the LSB of each index is random. Also iterate through the hash array using the loop variable j not the c_indices variable i. | ||||
| * | Finished BLISS signature generation | Andreas Steffen | 2014-11-29 | 1 | -0/+167 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |