diff for duplicates of <20181020053834.GC876@sol.localdomain> diff --git a/a/1.txt b/N1/1.txt index a767602..4fb38ce 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,7 +4,7 @@ On Sat, Oct 20, 2018 at 12:00:31PM +0800, Ard Biesheuvel wrote: > On 16 October 2018 at 01:54, Eric Biggers <ebiggers@kernel.org> wrote: > > From: Eric Biggers <ebiggers@google.com> > > -> > Add a generic implementation of NHPoly1305, an ε-almost-∆-universal hash +> > Add a generic implementation of NHPoly1305, an ?-almost-?-universal hash > > function used in the Adiantum encryption mode. > > > > CONFIG_NHPOLY1305 is not selectable by itself since there won't be any @@ -58,7 +58,7 @@ On Sat, Oct 20, 2018 at 12:00:31PM +0800, Ard Biesheuvel wrote: > > @@ -0,0 +1,288 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* -> > + * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum +> > + * NHPoly1305 - ?-almost-?-universal hash function for Adiantum > > + * > > + * Copyright 2018 Google LLC > > + */ @@ -67,15 +67,15 @@ On Sat, Oct 20, 2018 at 12:00:31PM +0800, Ard Biesheuvel wrote: > > + * "NHPoly1305" is the main component of Adiantum hashing. > > + * Specifically, it is the calculation > > + * -> > + * H_M ← Poly1305_{K_M}(NH_{K_N}(pad_{128}(M))) +> > + * H_M ? Poly1305_{K_M}(NH_{K_N}(pad_{128}(M))) > > + * > > + * from the procedure in section A.5 of the Adiantum paper [1]. It is an -> > + * ε-almost-∆-universal (εA∆U) hash function for equal-length inputs over -> > + * Z/(2^{128}Z), where the "∆" operation is addition. It hashes 1024-byte +> > + * ?-almost-?-universal (?A?U) hash function for equal-length inputs over +> > + * Z/(2^{128}Z), where the "?" operation is addition. It hashes 1024-byte > > + * chunks of the input with the NH hash function [2], reducing the input length > > + * by 32x. The resulting NH digests are evaluated as a polynomial in > > + * GF(2^{130}-5), like in the Poly1305 MAC [3]. Note that the polynomial -> > + * evaluation by itself would suffice to achieve the εA∆U property; NH is used +> > + * evaluation by itself would suffice to achieve the ?A?U property; NH is used > > + * for performance since it's over twice as fast as Poly1305. > > + * > > + * This is *not* a cryptographic hash function; do not use it as such! diff --git a/a/content_digest b/N1/content_digest index b1f06e3..b0c6a73 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,21 +1,10 @@ "ref\020181015175424.97147-1-ebiggers@kernel.org\0" "ref\020181015175424.97147-10-ebiggers@kernel.org\0" "ref\0CAKv+Gu-5WM19g5HguDheAADbigKNxokDCFMekkt4OYdEEa8Avw@mail.gmail.com\0" - "From\0Eric Biggers <ebiggers@kernel.org>\0" - "Subject\0Re: [RFC PATCH v2 09/12] crypto: nhpoly1305 - add NHPoly1305 support\0" + "From\0ebiggers@kernel.org (Eric Biggers)\0" + "Subject\0[RFC PATCH v2 09/12] crypto: nhpoly1305 - add NHPoly1305 support\0" "Date\0Fri, 19 Oct 2018 22:38:35 -0700\0" - "To\0Ard Biesheuvel <ard.biesheuvel@linaro.org>\0" - "Cc\0open list:HARDWARE RANDOM NUMBER GENERATOR CORE <linux-crypto@vger.kernel.org>" - linux-fscrypt@vger.kernel.org - linux-arm-kernel <linux-arm-kernel@lists.infradead.org> - Linux Kernel Mailing List <linux-kernel@vger.kernel.org> - Herbert Xu <herbert@gondor.apana.org.au> - Paul Crowley <paulcrowley@google.com> - Greg Kaiser <gkaiser@google.com> - Michael Halcrow <mhalcrow@google.com> - Jason A . Donenfeld <Jason@zx2c4.com> - Samuel Neves <samuel.c.p.neves@gmail.com> - " Tomer Ashur <tomer.ashur@esat.kuleuven.be>\0" + "To\0linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" "Hi Ard,\n" @@ -24,7 +13,7 @@ "> On 16 October 2018 at 01:54, Eric Biggers <ebiggers@kernel.org> wrote:\n" "> > From: Eric Biggers <ebiggers@google.com>\n" "> >\n" - "> > Add a generic implementation of NHPoly1305, an \316\265-almost-\342\210\206-universal hash\n" + "> > Add a generic implementation of NHPoly1305, an ?-almost-?-universal hash\n" "> > function used in the Adiantum encryption mode.\n" "> >\n" "> > CONFIG_NHPOLY1305 is not selectable by itself since there won't be any\n" @@ -78,7 +67,7 @@ "> > @@ -0,0 +1,288 @@\n" "> > +// SPDX-License-Identifier: GPL-2.0\n" "> > +/*\n" - "> > + * NHPoly1305 - \316\265-almost-\342\210\206-universal hash function for Adiantum\n" + "> > + * NHPoly1305 - ?-almost-?-universal hash function for Adiantum\n" "> > + *\n" "> > + * Copyright 2018 Google LLC\n" "> > + */\n" @@ -87,15 +76,15 @@ "> > + * \"NHPoly1305\" is the main component of Adiantum hashing.\n" "> > + * Specifically, it is the calculation\n" "> > + *\n" - "> > + * H_M \342\206\220 Poly1305_{K_M}(NH_{K_N}(pad_{128}(M)))\n" + "> > + * H_M ? Poly1305_{K_M}(NH_{K_N}(pad_{128}(M)))\n" "> > + *\n" "> > + * from the procedure in section A.5 of the Adiantum paper [1]. It is an\n" - "> > + * \316\265-almost-\342\210\206-universal (\316\265A\342\210\206U) hash function for equal-length inputs over\n" - "> > + * Z/(2^{128}Z), where the \"\342\210\206\" operation is addition. It hashes 1024-byte\n" + "> > + * ?-almost-?-universal (?A?U) hash function for equal-length inputs over\n" + "> > + * Z/(2^{128}Z), where the \"?\" operation is addition. It hashes 1024-byte\n" "> > + * chunks of the input with the NH hash function [2], reducing the input length\n" "> > + * by 32x. The resulting NH digests are evaluated as a polynomial in\n" "> > + * GF(2^{130}-5), like in the Poly1305 MAC [3]. Note that the polynomial\n" - "> > + * evaluation by itself would suffice to achieve the \316\265A\342\210\206U property; NH is used\n" + "> > + * evaluation by itself would suffice to achieve the ?A?U property; NH is used\n" "> > + * for performance since it's over twice as fast as Poly1305.\n" "> > + *\n" "> > + * This is *not* a cryptographic hash function; do not use it as such!\n" @@ -232,4 +221,4 @@ "\n" - Eric -1c0e6b70227896bc87417bb8c1b08b499ff63cc9850a704068602d8b048fbace +56d3a9a0e1f62fead78433d4343b0a148871966f5e032e373ff348249728f9a4
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.