Talk:Cryptography/RadioGatún

The purpose of this page will be to describe how to implement the algorithm RadioGatún. I could put this content on the Wikipedia, but the purpose of the Wikipedia page is to summarize the algorithm and its believed security, as per reliable sources. Over the years, deletionists have made it clear that describing a cryptographic algorithm in sufficient detail to implement it is something for Wikibooks.

My plan is to describe RadioGatun in sufficient detail to allow someone to implement it. “This is a belt. This is a mill. This is how to perform the BeltMill operation (yes, the belt is distinct from the mill in the RG spec, but my experience making multiple real world implementations is that combining the two simplifies things from both a conceptual and coding standpoint). This is how to optimize the mill for speed. This is how to map an input in to a RadioGatun 32/64 state. This is how to pull cryptographically secure pseudo-random numbers from the RG state.”

Is there any reason why this content would not be welcome in Wikibooks? Samboy (discuss • contribs) 00:14, 30 June 2018 (UTC)

A tiny RG32 implementation
I will use this code as a basis for the first version of the page. I will translate this to English; a process I have already somewhat done over at https://github.com/samboy/rg32hash/blob/master/C/nanorg32.md

uint32_t c,e[19],f[40],g=19,h=13 ,r,s,t,n[19],i,k;void m{int c, j=0;b(12)f[c+c%3*h]^=e[c+1];b(g) {j=(c+j)&31;i=c*7%g;k=e[i++];k^= e[i%g]|~e[(i+1)%g];n[c]=k>>j|k<< (32-j);}for(i=39;i--;f[i+1]=f[i] )e[i%g]=n[i%g]^n[(i+1)%g]^n[(i+4 )%g];*e^=1;b(3)e[c+h]^=f[c*h]=f[ c*h+h];}int main(int p,char**v){ char *q=v[--p];b(40)f[c]=e[c%19] =0;for(m){b(3){for(s=r=0;r<4 ;){t=*q++;s|=(t?t&255:1)<<8*r++; if(!t){d;b(17)m;t=2;b(8){if(t& 2)m;r=c;s=e[t^=3];b(4){printf( "%02x",s&255);s>>=8;}c=r;}return puts("");}}d;}}}
 * 1) include 
 * 2) include 
 * 3) define b(z) for(c=0;c<z;c++)
 * 4) define d f[c*13]^=s;e[16+c]^=s;

Note that the code examples so far are in C; I think replacing them with either Python or, better yet, pseudocode is ideal. I also want to explain things in English instead of in code (you exclusive or this bytes in the mill with these bytes in the belt during the belt-to-mill feedforward, etc.) as much as that can be done.

Samboy (discuss • contribs) 00:34, 30 June 2018 (UTC)

What to do next
Now that I have a 3400-word basic description of the algorithm (which, yes, can be compressed in to 607 bytes of very tight C code), here are my next plans when I get time to make it so:


 * The input mapping is hard to follow. I can make it easier to follow by first showing how we can perform the input mapping for 32-bit RadioGatún when the input is precisely 32 bits long (this is actually useful as a quality random number generator when cryptographic security is not needed, since RG passes all the Dieharder and SmallCrush randomness tests), the showing how to map an input when the input is three 32-bit words (because, once the input is three or more 32-bit words, we have to run Beltmill during the input mapping), then an arbitrary number of 32-bit words.  Once I explain that, finally I can get in to the small-endian stuff and the 1-byte padding. DONE
 * We should have an example where we take a short string, like the number '1' or '1234', and show the result of all of the steps of it being processed by RadioGatún[32]. DONE
 * Since RadioGatún morphed in to the first Cryptographic Sponge function (Keccak/SHA-3), we should have some discussion of Keccak and the differences between RG and SHA3 (the belt was removed, and the mill got bigger and more complicated).

Samboy (discuss • contribs) 07:29, 1 July 2018 (UTC)

Belt and Mill not clear
Starting with the section "The belt and mill", the two terms are used (as of 2020 mar 4) in strange and inscrutable ways. If it were Sally and Jane, it would be like "Jane is the older sister. Sally gave her younger sister Jane some candy. Jane loves her younger sister. Also her older sister." From the discussion page here it even seems like the belt and mill are merged? I would fix it but honestly I can't figure out how it's supposed to be. YoureNotAlone (discuss • contribs) 22:44, 4 March 2020 (UTC)