Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [P1619-2] EME-2 additional test vector



I have verified this new "case11" test vector with my EME2 implementation.

Hal Finney
PGP Corporation

On Tue, Mar 2, 2010 at 7:44 AM, Colin Sinclair <colin@xxxxxxxxxxxxxx> wrote:
> I've just created a longer EME2 test case (4129 bytes) using Brian Gladman's
> current EME code (4 Nov 2008) and GENTEST program.
>
> It passes on my implementation, but ideally someone else should verify this
> before it goes into the standard!
>
> Attached is file in same "C-code" format used in Annex C.2 of the
> specification.
>
> Note: I've called this test case 11, but actually I feel test cases 9 & 10
> could be dropped in lieu of this new one. Although 9 & 10 are long (2064 &
> 2065 bytes), they provide only a little extra coverage over test case 8 (520
> bytes), whereas this new case provides valuable coverage of the mask
> updating at blocks 128 and 256. I'll leave this up to the editor/group to
> decide, but personally I'd rather have fewer more valuable vectors!
>
> Cheers,
> Colin.
>
> -----Original Message-----
> From: Matt Ball [mailto:matthew.v.ball@xxxxxxxxx]
> Sent: 04 February 2010 19:26
> To: Colin Sinclair
> Cc: P1619-2@xxxxxxxxxxxxxxxxx; Laszlo Hars
> Subject: Re: [P1619-2] EME-2 definition/choice of M1 in middle layer mask
> update
>
> Colin, I have submitted these two comments for the recirculation sponsor
> ballot under your name.
>
> Laszlo, feel to free to also submit a sponsor-ballot comment if you feel
> there needs to be a correction/clarification concerning the issue you
> raised.
>
> Still looking for a volunteer to create a new EME2 test case.
>
> Thanks,
> -Matt
>
> On Thu, Feb 4, 2010 at 11:48 AM, Colin Sinclair <colin@xxxxxxxxxxxxxx>
> wrote:
>>
>> Summary:
>>
>> 1. Use of M1 (*always*) in middle mixing layer 129th block needs to be
>> clarified on Figure 2. The psuedo-code is however correct.
>>
>> 2. Need one additional test vector of length at least 4129 bytes to ensure
>> correct Mi computation for i >= 2.
>>
>> I guess I could verify a new vector... now that I have corrected my
>> understanding!
>>
>> Cheers,
>> Colin.
>>
>> -----Original Message-----
>> From: Matt Ball [mailto:matthew.v.ball@xxxxxxxxx]
>> Sent: 04 February 2010 17:39
>> To: P1619-2@xxxxxxxxxxxxxxxxx
>> Subject: Re: [P1619-2] EME-2 definition/choice of M1 in middle layer mask
>> update
>>
>> We need to make sure that these comments are included in the outstanding
>> sponsor ballot before it closes.  I can submit these comments as 'Rogue
>> Comments', unless someone else in the sponsor ballot pool would like to
>> submit them instead.  Can someone summarize the issues into a brief list?
>>
>> The other issue is that if we decide to create additional test vectors, we
>> need a volunteer to produce such test vectors, and another volunteer to
>> independently verify.  Are there any takers for producing the test vectors?
>>
>> Thanks!
>> -Matt
>>
>> On Thu, Feb 4, 2010 at 9:52 AM, Shai Halevi <shaih@xxxxxxxxxxxx> wrote:
>>>
>>> > Finally, I'll just reiterate that, from a standards viewpoint, the test
>>> > vector coverage is not good enough, because the longest 2065 bytes
>>> > vector
>>> > does not test Mi computation or usage for i >= 2, which is different to
>>> > the i=1 computation. It is /necessary/ to have a 258.x block vector to
>>> > get full coverage of the branches of the algorithm.
>>>
>>> I agree. -- Shai
>>
>>
>>
>> --
>> Thanks!
>>
>> Matt Ball, Chair, IEEE P1619 Security in Storage Working Group
>> Staff Engineer, Sun Microsystems, Inc.
>> 500 Eldorado Blvd, Bldg #5 BRM05-212, Broomfield, CO 80021
>> Work: 303-272-7580, Cell: 303-717-2717
>
>
>
> --
> Thanks!
>
> Matt Ball, Chair, IEEE P1619 Security in Storage Working Group
> Staff Engineer, Sun Microsystems, Inc.
> 500 Eldorado Blvd, Bldg #5 BRM05-212, Broomfield, CO 80021
> Work: 303-272-7580, Cell: 303-717-2717
>