mirror of https://github.com/zcash/zips.git
ZIP 316: fix a typo in the description of the attack against a 3-round Feistel.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
f42dfd4260
commit
6b1db880c8
|
@ -370,7 +370,7 @@ c^{n+m}}{q}\)</span>
|
|||
<p>Suppose that an adversary has a target input/output pair
|
||||
<span class="math">\((a \,||\, b, c \,||\, d)\)</span>
|
||||
, and that the input to
|
||||
<span class="math">\(G_0\)</span>
|
||||
<span class="math">\(H_0\)</span>
|
||||
is
|
||||
<span class="math">\(x\)</span>
|
||||
. By fixing
|
||||
|
|
|
@ -517,7 +517,7 @@ A 3-round unkeyed Feistel, as shown, is not sufficient:
|
|||
Diagram of 3-round unkeyed Feistel construction
|
||||
|
||||
Suppose that an adversary has a target input/output pair
|
||||
:math:`(a \,||\, b, c \,||\, d)`, and that the input to :math:`G_0` is
|
||||
:math:`(a \,||\, b, c \,||\, d)`, and that the input to :math:`H_0` is
|
||||
:math:`x`. By fixing :math:`x`, we can obtain another pair
|
||||
:math:`((a \oplus t) \,||\, b', (c \oplus t) \,||\, d')` such that
|
||||
:math:`a \oplus t` is close to :math:`a` and :math:`c \oplus t` is close
|
||||
|
|
Loading…
Reference in New Issue