mirror of
https://codeberg.org/ziglang/zig.git
synced 2025-12-06 22:04:21 +00:00
ee01dd4032
Gimli was a game changer. A permutation that is large enough to be used in sponge-like constructions, yet small enough to be compact to implement and fast on a wide range of platforms. And Gimli being part of the Zig standard library was awesome. But since then, Gimli entered the NIST Lightweight Cryptography Competition, competing againt other candidates sharing a similar set of properties. Unfortunately, Gimli didn't pass the 3rd round. There are no practical attacks against Gimli when used correctly, but NIST's decision means that Gimli is unlikely to ever get any traction. So, maybe the time has come to move Gimli from the standard library to another repository. We shouldn't do it without providing an alternative, though. And the best candidate for this is probably Xoodoo. Xoodoo is the core function of Xoodyak, one of the finalists of the NIST LWC competition, and the most direct competitor to Gimli. It is also a 384-bit permutation, so it can easily be used everywhere Gimli was used with no parameter changes. It is the building block of Xoodyak (for actual encryption and hashing) as well as Charm, that some Zig applications are already using. Like Gimli that it was heavily inspired from, it is compact and suitable for constrained environments. This change adds the Xoodoo permutation to std.crypto.core. The set of public functions includes everything required to later implement existing Xoodoo-based constructions. In order to prepare for the Gimli deprecation, the default CSPRNG was changed to a Xoodoo-based that works exactly the same way. |
||
|---|---|---|
| .. | ||
| 25519 | ||
| aes | ||
| pcurves | ||
| aegis.zig | ||
| aes.zig | ||
| aes_gcm.zig | ||
| aes_ocb.zig | ||
| argon2.zig | ||
| bcrypt.zig | ||
| benchmark.zig | ||
| blake2.zig | ||
| blake3.zig | ||
| chacha20.zig | ||
| ecdsa.zig | ||
| errors.zig | ||
| ghash.zig | ||
| gimli.zig | ||
| hash_composition.zig | ||
| hkdf.zig | ||
| hmac.zig | ||
| isap.zig | ||
| md5.zig | ||
| modes.zig | ||
| pbkdf2.zig | ||
| phc_encoding.zig | ||
| poly1305.zig | ||
| salsa20.zig | ||
| scrypt.zig | ||
| sha1.zig | ||
| sha2.zig | ||
| sha3.zig | ||
| siphash.zig | ||
| test.zig | ||
| tlcsprng.zig | ||
| utils.zig | ||
| xoodoo.zig | ||