Script updating gh-pages from 9e6bdf2. [ci skip]

aegis-x/draft-irtf-cfrg-aegis-aead.html

@@ -11,12 +11,12 @@
        This document describes the AEGIS-128L, AEGIS-256, AEGIS-128X, and AEGIS-256X AES-based authenticated encryption algorithms designed for high-performance applications.
 This document is a product of the Crypto Forum Research Group (CFRG). It is not an IETF product and is not a standard. 
     " name="description">
-<meta content="xml2rfc 3.18.1" name="generator">
+<meta content="xml2rfc 3.18.2" name="generator">
 <meta content="Internet-Draft" name="keyword">
 <meta content="draft-irtf-cfrg-aegis-aead-latest" name="ietf.draft">
 <!-- Generator version information:
-  xml2rfc 3.18.1
-    Python 3.11.5
+  xml2rfc 3.18.2
+    Python 3.11.6
     ConfigArgParse 1.5.3
     google-i18n-address 3.1.0
     intervaltree 3.1.0
@@ -1051,7 +1051,7 @@
 </tr></thead>
 <tfoot><tr>
 <td class="left">Denis &amp; Lucas</td>
-<td class="center">Expires 19 April 2024</td>
+<td class="center">Expires 21 April 2024</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -1064,12 +1064,12 @@
 <dd class="internet-draft">draft-irtf-cfrg-aegis-aead-latest</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2023-10-17" class="published">17 October 2023</time>
+<time datetime="2023-10-19" class="published">19 October 2023</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Informational</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-04-19">19 April 2024</time></dd>
+<dd class="expires"><time datetime="2024-04-21">21 April 2024</time></dd>
 <dt class="label-authors">Authors:</dt>
 <dd class="authors">
 <div class="author">
@@ -1116,7 +1116,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 19 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on 21 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">
@@ -2488,7 +2488,7 @@ <h2 id="name-parallel-modes">
 <a href="#section-5" class="section-number selfRef">5. </a><a href="#name-parallel-modes" class="section-name selfRef">Parallel modes</a>
       </h2>
 <p id="section-5-1">Some CPUs, such as Intel and Intel-compatible CPUs with the VAES extensions, include instructions to efficiently apply the AES round function to a vector of AES blocks.<a href="#section-5-1" class="pilcrow">¶</a></p>
-<p id="section-5-2">The AEGIS-128X and AEGIS-256X modes are designed to take advantage of these instructions. They share the same properties as the ciphers they are based on, but can be significantly faster on these platforms, even for short messages.<a href="#section-5-2" class="pilcrow">¶</a></p>
+<p id="section-5-2">The AEGIS-128X and AEGIS-256X modes are designed to take advantage of these instructions. They share the same properties as the ciphers they are based on but can be significantly faster on these platforms, even for short messages.<a href="#section-5-2" class="pilcrow">¶</a></p>
 <p id="section-5-3">AEGIS-128X and AEGIS-256X are parallel evaluations of multiple AEGIS-128L and AEGIS-256 instances respectively, with distinct initial states. On CPUs with wide vector registers, different states can be stored in different 128-bit lanes of the same vector register, allowing parallel updates using vector instructions.<a href="#section-5-3" class="pilcrow">¶</a></p>
 <p id="section-5-4">The modes are parameterized by the parallelism degree. With 256-bit registers, 2 parallel operations can be applied to 128-bit AES blocks. With 512-bit registers, the number of instances can be raised to 4.<a href="#section-5-4" class="pilcrow">¶</a></p>
 <p id="section-5-5">The state of a parallel mode is represented as a vector of AEGIS-128L or AEGIS-256 states.<a href="#section-5-5" class="pilcrow">¶</a></p>
@@ -2529,7 +2529,7 @@ <h3 id="name-authenticated-encryption-3">
 Encrypt(msg, ad, key, nonce)
 </pre><a href="#section-5.2-1" class="pilcrow">¶</a>
 </div>
-<p id="section-5.2-2">The <code>Encrypt</code> function of AEGIS-128X and AEGIS-256X is similar to the AEGIS-128L and AEGIS-256 <code>Encrypt</code> function respectively, but processes <code>R</code> bit input blocks per update.<a href="#section-5.2-2" class="pilcrow">¶</a></p>
+<p id="section-5.2-2">The <code>Encrypt</code> function of <code>AEGIS-128X</code> and <code>AEGIS-256X</code> is similar to the <code>Encrypt</code> function of <code>AEGIS-128L</code> and <code>AEGIS-256</code> respectively, but processes <code>R</code> bit input blocks per update.<a href="#section-5.2-2" class="pilcrow">¶</a></p>
 <p id="section-5.2-3">Steps:<a href="#section-5.2-3" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-5.2-4">
 <pre>
@@ -2563,7 +2563,7 @@ <h3 id="name-authenticated-decryption-3">
 Decrypt(ct, tag, ad, key, nonce)
 </pre><a href="#section-5.3-1" class="pilcrow">¶</a>
 </div>
-<p id="section-5.3-2">The <code>Decrypt</code> function of AEGIS-128X and AEGIS-256X is similar to the AEGIS-128L and AEGIS-256 <code>Decrypt</code> function respectively, but processes <code>R</code> bit input blocks per update.<a href="#section-5.3-2" class="pilcrow">¶</a></p>
+<p id="section-5.3-2">The <code>Decrypt</code> function of <code>AEGIS-128X</code> and <code>AEGIS-256X</code> is similar to the <code>Decrypt</code> function of <code>AEGIS-128L</code> and <code>AEGIS-256</code> respectively, but processes <code>R</code> bit input blocks per update.<a href="#section-5.3-2" class="pilcrow">¶</a></p>
 <p id="section-5.3-3">Steps:<a href="#section-5.3-3" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-5.3-4">
 <pre>
@@ -2652,7 +2652,7 @@ <h4 id="name-the-update-function-3">
 Update(M0, M1)
 </pre><a href="#section-5.4.2-1" class="pilcrow">¶</a>
 </div>
-<p id="section-5.4.2-2">The AEGIS-128X <code>Update</code> function is similar to the AEGIS-128L <code>Update</code> function, but absorbs <code>R</code> (<code>2 * 128 * D</code>) bits at once. <code>M0</code> and <code>M1</code> are <code>128 * D</code> bits instead of 128 bits. They are split into 128-bit blocks, each of them updating a different AEGIS-128L state.<a href="#section-5.4.2-2" class="pilcrow">¶</a></p>
+<p id="section-5.4.2-2">The AEGIS-128X <code>Update</code> function is similar to the AEGIS-128L <code>Update</code> function, but absorbs <code>R</code> (<code>2 * 128 * D</code>) bits at once. <code>M0</code> and <code>M1</code> are <code>128 * D</code> bits instead of 128 bits but are split into 128-bit blocks, each of them updating a different AEGIS-128L state.<a href="#section-5.4.2-2" class="pilcrow">¶</a></p>
 <p id="section-5.4.2-3">Steps:<a href="#section-5.4.2-3" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-5.4.2-4">
 <pre>
@@ -2870,12 +2870,11 @@ <h4 id="name-the-init-function-4">
     V[4,i] = k0 ^ C0
     V[5,i] = k1 ^ C1
 
-n0_v, n1_v = {}, {}
 k0_v, k1_v = {}, {}
 k0n0_v, k1n1_v = {}, {}
 for i in 0..D:
-    n0_v = n0_v || n0
-    n1_v = n1_v || n1
+    k0_v = k0_v || k0
+    k1_v = k1_v || k1
     k0n0_v = k0n0_v || (k0 ^ n0)
     k1n1_v = k1n1_v || (k1 ^ n1)
 
@@ -3093,7 +3092,7 @@ <h3 id="name-operational-considerations">
 <a href="#section-5.7" class="section-number selfRef">5.7. </a><a href="#name-operational-considerations" class="section-name selfRef">Operational Considerations</a>
         </h3>
 <p id="section-5.7-1">The AEGIS parallel modes are specialized and can only improve performance on specific CPUs.<a href="#section-5.7-1" class="pilcrow">¶</a></p>
-<p id="section-5.7-2">The parallelism degrees implementations are encouraged to support are <code>2</code> (for CPUs with 256-bit registers) and <code>4</code> (for CPUs with 512-bit registers). The resulting algorithms are called <code>AEGIS-128X2</code>, <code>AEGIS-128X4</code>, <code>AEGIS-256X2</code>, and <code>AEGIS-256X4</code>.<a href="#section-5.7-2" class="pilcrow">¶</a></p>
+<p id="section-5.7-2">The degrees of parallelism implementations are encouraged to support are <code>2</code> (for CPUs with 256-bit registers) and <code>4</code> (for CPUs with 512-bit registers). The resulting algorithms are called <code>AEGIS-128X2</code>, <code>AEGIS-128X4</code>, <code>AEGIS-256X2</code>, and <code>AEGIS-256X4</code>.<a href="#section-5.7-2" class="pilcrow">¶</a></p>
 <p id="section-5.7-3">The following table summarizes how many bits are processed in parallel (rate), the memory requirements (state size), and the mininum vector register sizes a CPU should support for optimal performance.<a href="#section-5.7-3" class="pilcrow">¶</a></p>
 <table class="center" id="table-1">
           <caption><a href="#table-1" class="selfRef">Table 1</a></caption>

aegis-x/draft-irtf-cfrg-aegis-aead.txt

@@ -5,8 +5,8 @@
 Crypto Forum                                                    F. Denis
 Internet-Draft                                               Fastly Inc.
 Intended status: Informational                                  S. Lucas
-Expires: 19 April 2024                            Individual Contributor
-                                                         17 October 2023
+Expires: 21 April 2024                            Individual Contributor
+                                                         19 October 2023
 
 
         The AEGIS Family of Authenticated Encryption Algorithms
@@ -42,7 +42,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 19 April 2024.
+   This Internet-Draft will expire on 21 April 2024.
 
 Copyright Notice
 
@@ -1001,8 +1001,8 @@ Table of Contents
 
    The AEGIS-128X and AEGIS-256X modes are designed to take advantage of
    these instructions.  They share the same properties as the ciphers
-   they are based on, but can be significantly faster on these
-   platforms, even for short messages.
+   they are based on but can be significantly faster on these platforms,
+   even for short messages.
 
    AEGIS-128X and AEGIS-256X are parallel evaluations of multiple AEGIS-
    128L and AEGIS-256 instances respectively, with distinct initial
@@ -1041,8 +1041,8 @@ Table of Contents
    Encrypt(msg, ad, key, nonce)
 
    The Encrypt function of AEGIS-128X and AEGIS-256X is similar to the
-   AEGIS-128L and AEGIS-256 Encrypt function respectively, but processes
-   R bit input blocks per update.
+   Encrypt function of AEGIS-128L and AEGIS-256 respectively, but
+   processes R bit input blocks per update.
 
    Steps:
 
@@ -1068,8 +1068,8 @@ Table of Contents
    Decrypt(ct, tag, ad, key, nonce)
 
    The Decrypt function of AEGIS-128X and AEGIS-256X is similar to the
-   AEGIS-128L and AEGIS-256 Decrypt function respectively, but processes
-   R bit input blocks per update.
+   Decrypt function of AEGIS-128L and AEGIS-256 respectively, but
+   processes R bit input blocks per update.
 
    Steps:
 
@@ -1141,8 +1141,8 @@ Table of Contents
 
    The AEGIS-128X Update function is similar to the AEGIS-128L Update
    function, but absorbs R (2 * 128 * D) bits at once.  M0 and M1 are
-   128 * D bits instead of 128 bits.  They are split into 128-bit
-   blocks, each of them updating a different AEGIS-128L state.
+   128 * D bits instead of 128 bits but are split into 128-bit blocks,
+   each of them updating a different AEGIS-128L state.
 
    Steps:
 
@@ -1309,12 +1309,11 @@ return tag
        V[4,i] = k0 ^ C0
        V[5,i] = k1 ^ C1
 
-   n0_v, n1_v = {}, {}
    k0_v, k1_v = {}, {}
    k0n0_v, k1n1_v = {}, {}
    for i in 0..D:
-       n0_v = n0_v || n0
-       n1_v = n1_v || n1
+       k0_v = k0_v || k0
+       k1_v = k1_v || k1
        k0n0_v = k0n0_v || (k0 ^ n0)
        k1n1_v = k1n1_v || (k1 ^ n1)
 
@@ -1485,8 +1484,8 @@ return tag
    The AEGIS parallel modes are specialized and can only improve
    performance on specific CPUs.
 
-   The parallelism degrees implementations are encouraged to support are
-   2 (for CPUs with 256-bit registers) and 4 (for CPUs with 512-bit
+   The degrees of parallelism implementations are encouraged to support
+   are 2 (for CPUs with 256-bit registers) and 4 (for CPUs with 512-bit
    registers).  The resulting algorithms are called AEGIS-128X2, AEGIS-
    128X4, AEGIS-256X2, and AEGIS-256X4.
 

index.html

@@ -24,12 +24,12 @@ <h1>Editor's drafts for main branch of <a href="https://github.com/cfrg/draft-ir
         <td></td>
       </tr>
     </table>
-    <h2>Preview for branch <a href="ir23">ir23</a></h2>
-    <table id="branch-ir23">
+    <h2>Preview for branch <a href="aegis-x">aegis-x</a></h2>
+    <table id="branch-aegis-x">
       <tr>
-        <td><a href="ir23/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
-        <td><a href="ir23/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
-        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/ir23/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
+        <td><a href="aegis-x/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
+        <td><a href="aegis-x/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
+        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/aegis-x/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
       </tr>
     </table>
     <h2>Preview for branch <a href="commitment">commitment</a></h2>
@@ -40,14 +40,6 @@ <h2>Preview for branch <a href="commitment">commitment</a></h2>
         <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/commitment/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
       </tr>
     </table>
-    <h2>Preview for branch <a href="stream">stream</a></h2>
-    <table id="branch-stream">
-      <tr>
-        <td><a href="stream/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
-        <td><a href="stream/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
-        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/stream/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
-      </tr>
-    </table>
     <h2>Preview for branch <a href="quic-hp-tag">quic-hp-tag</a></h2>
     <table id="branch-quic-hp-tag">
       <tr>
@@ -56,14 +48,6 @@ <h2>Preview for branch <a href="quic-hp-tag">quic-hp-tag</a></h2>
         <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/quic-hp-tag/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
       </tr>
     </table>
-    <h2>Preview for branch <a href="aegis-x">aegis-x</a></h2>
-    <table id="branch-aegis-x">
-      <tr>
-        <td><a href="aegis-x/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
-        <td><a href="aegis-x/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
-        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/aegis-x/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
-      </tr>
-    </table>
     <h2>Preview for branch <a href="draft-irtf-cfrg-aegis-aead-05">draft-irtf-cfrg-aegis-aead-05</a></h2>
     <table id="branch-draft-irtf-cfrg-aegis-aead-05">
       <tr>
@@ -72,6 +56,22 @@ <h2>Preview for branch <a href="draft-irtf-cfrg-aegis-aead-05">draft-irtf-cfrg-a
         <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead-05/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
       </tr>
     </table>
+    <h2>Preview for branch <a href="ir23">ir23</a></h2>
+    <table id="branch-ir23">
+      <tr>
+        <td><a href="ir23/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
+        <td><a href="ir23/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
+        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/ir23/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
+      </tr>
+    </table>
+    <h2>Preview for branch <a href="stream">stream</a></h2>
+    <table id="branch-stream">
+      <tr>
+        <td><a href="stream/draft-irtf-cfrg-aegis-aead.html" class="html draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (HTML)">The AEGIS Family of Authenticated Encryption Algorithms</a></td>
+        <td><a href="stream/draft-irtf-cfrg-aegis-aead.txt" class="txt draft-irtf-cfrg-aegis-aead" title="The AEGIS Family of Authenticated Encryption Algorithms (Text)">plain text</a></td>
+        <td><a href="https://www.ietf.org/rfcdiff?url1=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.txt&amp;url2=https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/stream/draft-irtf-cfrg-aegis-aead.txt" class="diff draft-irtf-cfrg-aegis-aead">diff with main</a></td>
+      </tr>
+    </table>
     <script>
 window.onload = function() {
   var referrer_branch = 'main';