Serpent

[Niels Möller]

nisse at lysator.liu.se (Niels Möller) writes:

> I'm puzzled, because I'm fairly sure I got the test vectors from
> serpent's submission package (I could try to double check that),

I have checked that now. I downloaded and unpacked the submission
package http://www.cl.cam.ac.uk/~rja14/Papers/serpent.tar.gz

Test vectors are in the floppy4 directory. In floppy4/ecb_vk.txt, the
first test vector is

  KEYSIZE=128
  
  PT=00000000000000000000000000000000
  
  I=1
  KEY=80000000000000000000000000000000
  CT=49afbfad9d5a34052cd8ffa5986bd2dd

and in floppy4/ecb_vt.txt the first text vector is

  KEYSIZE=128
  
  KEY=00000000000000000000000000000000
  
  I=1
  PT=80000000000000000000000000000000
  CT=10b5ffb720b8cb9002a1142b0ba2e94a

These are the first two testvectors in nettle's serpent-test.c.

On the other hand, the file

http://www.cs.technion.ac.il/~biham/Reports/Serpent/Serpent-128-128.verified.test-vectors

contains the testvector

Set 2, vector#  0:
                           key=00000000000000000000000000000000
                         plain=80000000000000000000000000000000
                        cipher=A3B35DE7C358DDD82644678C64B8BCBB
                     decrypted=80000000000000000000000000000000
            Iterated 100 times=1DDF9883B4663045753758E0B9B2C09B
           Iterated 1000 times=BE5AE44A1CF1BB86DD7A3B61CEEA01EC

Same inputs as in ecb_vt.txt, but different output.

What results do you get with libgcrypt for the above two test vectors?

I think I have to mail the authors...

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.