Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Crypto (Various)> 1999-q4

Crypto Archives: Re: Testvectors

Re: Testvectors

Mok-Kong Shen (mok-kong.shent-online.de)
Sat, 04 Sep 1999 12:35:09 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Mok-Kong Shen: "Re: Testvectors"
Previous message: Mok-Kong Shen: "Re: Testvectors"
In reply to: Mok-Kong Shen: "Re: Testvectors"
Next in thread: Sunder: "Re: Testvectors"
Next in thread: Marcus Watts: "Re: Testvectors"

David Wagner wrote:
>
> Cryptographer writes spec: "TripleDES(K,p) = DES(K1,DES(K2,DES(K3,p)))".
>
> Programmer implements without thinking by encrypting first with K1, then
> with K2, then with K3. (After all, we read left-to-right, and K1 is the
> first one on the left, so K1 should be the first one to encrypt with...right?)
>
> It's an easy mistake to make. Fortunately, it's easy to detect: testvectors.

You are certainly right. One needs always to 'take a look' whenever
one puts things together (here 3 DES units). But I suppose from the
context of my first response to Mr. Koch it should be quite clear
that my message could have been put like this:

      Rather than having much concern of whether there is an
      'official' test vector for the 3DES, better spend energy to
      test each component DES thoroughly, including employing its
      test vectors. This way, one could quite easily get sufficient
      assurance of the correctness of the 3DES unit as a whole.

I am NOT at all advocating that one should blindly connect the 3
component DESs together. Since I assume that this connection work is,
compared to the program code that is inside each DES, rather trivial,
I did't take the trouble to mention that as needing any special care,
the work being in my humble opinion in the category of elementary
tasks that any practical programmer should master.

As a side note: Very fortunately it happens that for the special
case of ISO 8732, which I suppose is what Mr. Koch implements,
K1=K3 if I don't err, so that the type of error you kindly pointed
out can't occur.

M. K. Shen
-----------------------------------
P.S. I suppose that with the above detailed explanation of the meaning
of my original response to Mr. Koch I have also answered some of
the more recent follow-ups which I don't undertake to reply
individually. If there are any essential points remaining to be
discussed, I should appreciate it very much to be able to know.

Next message: Mok-Kong Shen: "Re: Testvectors"
Previous message: Mok-Kong Shen: "Re: Testvectors"
In reply to: Mok-Kong Shen: "Re: Testvectors"
Next in thread: Sunder: "Re: Testvectors"
Next in thread: Marcus Watts: "Re: Testvectors"

This archive was generated by hypermail 2.0b3 on Sat Sep 04 1999 - 07:45:31 CDT