I found this interesting paper (http://eprint.iacr.org/2008/529.pdf), while trying to implement one of the SHA-3 candidates. In contrast to the presented implementation, my implementation will have the padding ability.

While I tried to figure out the workings of the described hardware interface, I came to the conclusion, that it's not possible to implement a working padding function.

Consider the following example:

- The world length is set to 32 bits
- The input to the hashing algorithm is of arbitrary length

There are two possibilites:

- The input is a multiple of 32 bits long
- The input is _not_ a multiple of 32 bits long

The padding function can work with input lengths, which are a multiple of 32 bits. If this is not the case, however, the padding function has no way of detecting the exact message length with the data provided by the proposed interface. Therefore the implementation is unable to pad the message.

Have I missed anything?



Edited 1 time(s). Last edit at 21-Jan-2009 18:28 by jungk.