CryptoSys API Library Manual

Notes on SHA-3

Note that the old SHA-3 implementation introduced in November 2012 [v4.6] and withdrawn in 2015 [v5.0] is not compatible with the latest release [v5.3]. The old implementation was based on the KECCAK specification that won the SHA-3 competition in 2012. However, the final specification of SHA-3 [FIPS202] published by NIST in 2015 was different from the 2012 one. While the changes were beneficial overall, it is unfortunate for people who jumped the gun (like us and anyone who used it). Be assured that current SHA-3 implementation as of [v5.3] is fully compliant with the final 2015 NIST specification.

Converting bitstrings from NIST format to CryptoSys API format

The bit-oriented tests for SHA-3 (SHAVS-SHA3 CAVS 19.0) use a different convention for representing bitstrings than we do in this toolkit. If the bitstring is an exact multiple of 8 (i.e. whole bytes) then no changes need be made. Otherwise the last byte in the sequence need to be changed. For example: 

bitlen = 21
Msg  = 9d4306  <= NIST representation in .rsp test file
Msg' = 9d4330  <= To use in HASH_HexFromBits
The algorithm is as follows:
  1. Let "bitlen" be the length of the message in bits and let "Msg" be the NIST representation in hexadecimal.
  2. Let n be the value of the last (rightmost) byte in "Msg".
  3. Compute the shift, s = 8 - (bitlen % 8)
  4. Compute n' = n << s (shift n to the left by s bits)
  5. Replace the last byte in "Msg" with n'
Examples: 
bitlen = 21
Msg  = 9d4306
n = 0x06
s = 8 - (21 % 8) = 8 - 5 = 3
n' = 0x06 << 3 = 0x30
Msg' = 9d4330

bitlen = 22
Msg  = 259028
n = 0x28
s = 8 - (22 % 8) = 8 - 6 = 2
n' = 0x28 << 2 = 0xA0
Msg' = 2590A0

[Contents] [Index]

[PREV: One-way message digest (hash) functions...]   [Contents]   [Index]   
   [NEXT: Message authentication code (MAC) functions...]
Copyright © 2001-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-01-07T07:42:00Z.