From da895e90ec0db658ce9ebbfe60591c7e88f9d6a3 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@airbus.com>
Date: Fri, 5 Jul 2019 11:06:43 +0200
Subject: Ajout d'une explication dans le changelog

---
 CHANGELOG.txt | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5a15c61..2e92008 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -38,6 +38,25 @@ ref
     - lane 6: M_R^3 (unchanged)
   (multiplications.h, tweakey.c)
 
+[break]
+- Make byte string concatenation more consistent in AE modes:
+
+    - v1 mixed two interpretations of concatenation:
+        1. M_0 || M_1 was interpreted as { M[0], ... M[15] } || { M[16], ... M[31] },
+        2. pad(10*) and tweak-building functions interpreted X||Y as { Y[0], ... Y[ylen-1] } || { X[0], ... X[xlen-1] }.
+
+      This was potentially confusing, and also led to inefficient hardware implementations. E.g. a message M of length 34 bytes was padded as follows:
+
+                  M_0                     M_1                     pad10*(M_*)
+          { M[0], ... M[15] } || { M[16], ... M[31] } || { 0, ... 0, 0x80, M[32], M[33] }
+
+    - v1.1 sticks to the first interpretation. The same message M is now padded as follows:
+
+                  M_0                     M_1                     pad10*(M_*)
+          { M[0], ... M[15] } || { M[16], ... M[31] } || { M[32], M[33], 0x80, 0, ... 0 }
+
+  (lilliput-ae-utils.h, lilliput-i.c, lilliput-ii.c)
+
 add_felicsref
 -------------
 
-- 
cgit v1.2.3