[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <A7904274-B7FF-4C42-AE4F-3C5CE0E3DAB0@manico.net>
Date: Wed, 24 Sep 2014 16:03:08 -0400
From: Jim Manico <jim@...ico.net>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Sincere apology to the RIG team
Everyone makes mistakes, owning up to those mistakes in public is rare. Keep on keepin' on, Bill!
Aloha,
--
Jim Manico
@Manicode
(808) 652-3805
> On Sep 24, 2014, at 8:54 AM, Bill Cox <waywardgeek@...hershed.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The worst mistake I made during my reviews was accusing the RIG team
> of trying to take credit for other people's ideas. I still feel very
> bad about it. I was wrong, and I was the one being dickish. I
> strayed from attacking code into attacking authors, and that was stupid.
>
> The RIG team independently came up with two great ideas. First was
> using the reduced Blake2b round, including the exact code from the
> original author, just like the Lyra2 team. This is a *very* high
> performance hashing function which makes RIG the clear speed leader in
> the cache-timing resistant category. Second was XORing over data
> rather than overwriting it, strengthening their TMTO defense without
> causing much slowdown. This helps correct a potential weakness
> covered by the Argon authors in their cryptanalysis of Catena.
>
> They also came up with the idea of writing only part of the hash to
> memory, making it difficult to determine the Blake2b state. This is
> similar to how Lyra2 writes only part of their sponge's state to
> memory. RIGs idea also can be used to reduce memory usage, which in
> some cases could be helpful.
>
> The RIG team was creative and original. Their code does need some
> fixes, but I look forward to their update. I found nothing in my code
> review that cannot be fixed with tweaks. I certainly hope the judges
> did not take my tirade about RIG looking similar to other entries into
> account when picking round 2 candidates.
>
> Before picking them for round 2, I would prefer to see a code update,
> but assuming it fixes the one critical bug, they seem like a strong
> entry to me, from a code point of view.
>
> Bill
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJUIr73AAoJEAcQZQdOpZUZbwUQAIFn6ERJda8v4ydyTVv9CG7M
> eCFw1XnKTfoZ7BsX389QVk39IN+Lz8vULeP6C2S21rBcS0xdUOlyDxePo2np2cZz
> ir+LSSg4dQ8ZMjmEWugYICC143IMGpoLQjlb5C3NrV4iddqAu/HS1C3oMVebbkFR
> SBSKxKVJK2S6NzxBbs8gche1EhmkyMGwaZrDKXv0zWT5FJypJ70WkVwEOxr9baHm
> KY0G8qm3nWqRB5LIFjvEFifN0Z2oKrEmqRTfYvvCJycR3tYO6LLOkbjXI+yck0dL
> fx91I3I4ijIZn6GTYMXLlCz8PmBFltH+nbrVhVCtquYZlIKKTWLBCjxcuAA6vthg
> /3DgYcRHP6fJdYJvQH2yn2pt0GBAEzbQSHzjbY14uazTPLzfC0VDQS1bL5wUG5bo
> /D90SiqHVJAm3ROGDYURHnlK36nZPllPAry9MPltzU3FoT2HXA/eJy1ewpRNnJGm
> iKt6B7sx2VnQptsKAtZFXM6fNtGdMwnAjAGsC1jrWz2A5UpgYRMcMVTOTQC+pZRz
> Cv2m8arwZREZoo7raHlI12zEoIfx3hfIn6bc65r5XqXz+ms/Xakz1K/pNoksCoHo
> 64xOq24B5FCvKz2Nksrh0XbRrpxQ3jj1eVjzRsYzNauvOvqrbJK7sd/x7+saihD7
> l61XZZW/5ufBr4JD6o4j
> =ogmF
> -----END PGP SIGNATURE-----
Powered by blists - more mailing lists