Re: [Cfrg] OCB test vectors reusing nonces

Ted Krovetz <ted@krovetz.net> Thu, 30 January 2014 18:45 UTC

Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD001A0456 for <cfrg@ietfa.amsl.com>; Thu, 30 Jan 2014 10:45:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Level:
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WdJKVpIemk_V for <cfrg@ietfa.amsl.com>; Thu, 30 Jan 2014 10:45:49 -0800 (PST)
Received: from mail-pb0-f52.google.com (mail-pb0-f52.google.com [209.85.160.52]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDA01A0452 for <cfrg@irtf.org>; Thu, 30 Jan 2014 10:45:49 -0800 (PST)
Received: by mail-pb0-f52.google.com with SMTP id jt11so3459947pbb.39 for <cfrg@irtf.org>; Thu, 30 Jan 2014 10:45:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to; bh=bWh9yN7cjSVbAA36UHWnjRRLaWtAgKJyEFQG/H1zRFk=; b=OGj88OiZ8TDmrSF+Juc7wDbaDV3dL4LO8MC0bFX1CgWdZ7tpN23sMNqZQ7sVzYEX7q C6B1ZJh+crzP1faZ7DOUd4wlNNcrCSs9N7/U/blt22Wh876eLvfmzVVkgpwWx+GaLj8p bUbD1fCElrtnEeF8YdEDDpOFHX4t/salLPXkbfNgJjawTt4s5GgymW4CZqcbxNMIpVpq dLTW7wIJCOPVRK4Png4WyZr0lVVMUIjLjzWB4atrlWT1RDNsHIM7zQn/eed6cfkK+t3Z SfmigYn7PURAGq+EhqEj2IbJN0t6SST1ReD5ZS7WimzLy9dthsC+535VvvRovxKrTMCU wdmQ==
X-Gm-Message-State: ALoCoQlORonUFneGYOKXPDB5ouWbJYewRS3t3YA3M0Gcss8NB9xEjIEVtlBxLoQeGP1OK3V0Ibk9
X-Received: by 10.68.183.228 with SMTP id ep4mr15782324pbc.67.1391107546364; Thu, 30 Jan 2014 10:45:46 -0800 (PST)
Received: from [192.168.1.100] (adsl-69-230-111-156.dsl.scrm01.pacbell.net. [69.230.111.156]) by mx.google.com with ESMTPSA id si6sm47658590pab.19.2014.01.30.10.45.44 for <cfrg@irtf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 30 Jan 2014 10:45:45 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Ted Krovetz <ted@krovetz.net>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E1153876A898@WSMSG3153V.srv.dir.telstra.com>
Date: Thu, 30 Jan 2014 10:45:43 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <A901495B-C3D1-4CE9-AE0B-56680B5BDEF5@krovetz.net>
References: <255B9BB34FB7D647A506DC292726F6E1153850CDA3@WSMSG3153V.srv.dir.telstra.com> <6232F83F-A6F5-41C7-8EAD-B60EF8B11165@krovetz.net> <255B9BB34FB7D647A506DC292726F6E11538595640@WSMSG3153V.srv.dir.telstra.com> <5E4A161D-6631-4026-A432-F7C0DC200079@krovetz.net> <255B9BB34FB7D647A506DC292726F6E115386DFD48@WSMSG3153V.srv.dir.telstra.com> <CAMoSCWbdhwgrOLoCZ4PZu4xOz0D_hAS9UXiO+a=JPwiLEzn+uA@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E1153876A898@WSMSG3153V.srv.dir.telstra.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
X-Mailer: Apple Mail (2.1827)
Subject: Re: [Cfrg] OCB test vectors reusing nonces
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2014 18:45:51 -0000

James,

I've updated the OCB draft to include all your changes in the test vector section and have verified the results. Thank you very much for the suggestions and hard work implementing them.

The one suggestion I did not include was N = N + 1 in the final vector algorithm. I felt that that might suggest an implementation as a simple counter, which can easily cause mistakes (either because of endian issues or the fact that the counter exceeds a byte), so I just kept it specified using num2str.

Thanks Matt Caswell, too, for verifying the vectors. With three independent implementations all agreeing, I have pretty good confidence in their correctness.

-Ted