Pyjamask key schedule issue #1
Description
I've been implementing my own version of Pyjamask from the specification as part of an effort to evaluate the round 2 NIST algorithms for [1].
I noticed something that may be a bug in the reference implementation. As part of the key schedule, the specification says that the second, third, and fourth rows should be rotated left by 8, 15, and 18 bits respectively. However, the relevant macro in the reference code actually does a right rotation by n bits:
#define left_rotate(row,n)
row = (row >> n) | (row << (32-n));
Is this a bug in the code or the specification? The test vectors in section 6 of the specification are consistent with right-rotations rather than left-rotations.
From a security perspective, it probably doesn't matter.