Mismatch the test vector of stream cipher

Question

Mismatch the test vector of stream cipher

Neo-ZK opened this issue 3 years ago · comments

Hi Duke:
I'm doing the implementation of stream cipher sid, unfortunately, I can't get the same result of the test vector.

the test vector I'm trying is shown below :

key 4d9d0fd25a25e7f321ef464e13f9fa3d
cid 1020607efbe82049ddbf3a7c3d9d32604d sid 3c su 32604d

and every step of my implementation is shown below:

step1: server_id_intermediate = encrypted_server_id ^ AES-ECB(key, padded-encrypted-nonce)
encrypted_server_id: 20
padded-encrypted-nonce: 607efbe82049ddbf3a7c3d9d00000000
AES-ECB(key, padded-encrypted-nonce): 25dbfabb48e6b97ad6d90bd0429c8f51
server_id_intermediate: 05

step2: nonce = encrypted_nonce ^ AES-ECB(key, padded-server_id_intermediate)
encrypted_nonce: 607efbe82049ddbf3a7c3d9d
padded-server_id_intermediate: 05000000000000000000000000000000
AES-ECB(key, padded-server_id_intermediate): 5be0397463a73760a01733b18a046c2e
nonce: 3b9ec29c43eeeadf9a6b0e2c

step3: server_id = server_id_intermediate ^ AES-ECB(key, padded-nonce)
server_id_intermediate: 05
padded-nonce: 3b9ec29c43eeeadf9a6b0e2c00000000
AES-ECB(key, padded-nonce): e916401560d59bbdc4bd5d6e0d2e0098
server_id: ec

ZengKe · Answer 1 · Wed Oct 27 2021 15:51:18 GMT+0800 (China Standard Time)

To avoid encryption library problem, I have tried c implementation with OpenSSL and python implementation with inner crypto library, all get the same result

ZengKe · Answer 2 · Wed Oct 27 2021 16:02:34 GMT+0800 (China Standard Time)

Actually, I strongly suggest that we should not use zero-padding, but use #PKCS7(see RFC2315) instead, for reasons below:

Zero-padding has never been a standard way in crypto, only some test case will use this way.
For some common crypto libraries(such as OpenSSL), #PKCS7 is the default padding mode of AES encryption, implementers have to explicitly disable the internal padding mechanism, and do zero-padding by themselves, which may bring puzzles to implementers

Martin Duke · Answer 3 · Fri Oct 29 2021 06:06:15 GMT+0800 (China Standard Time)

Hi William,

Please note that the latest version of the draft has removed the test vectors. I haven't yet coded the latest version of the algorithm, as I'm waiting for the crypto review to complete. Sorry to waste your time!

Martin Duke · Answer 4 · Fri Oct 29 2021 06:08:41 GMT+0800 (China Standard Time)

Regarding PKCS#7, can you file a PR? I'm open to moving away from zero-padding, especially if it makes it easier to implement.

ZengKe · Answer 5 · Fri Oct 29 2021 10:23:58 GMT+0800 (China Standard Time)

Ah, I got it, pr is coming, moreover, I'd like to also give another pr about the test vector of stream cipher

Martin Duke · Answer 6 · Fri Oct 29 2021 10:29:42 GMT+0800 (China Standard Time)

Don't bother with test vectors; the Stream Cipher design is not locked right now

ZengKe · Answer 7 · Fri Oct 29 2021 10:30:59 GMT+0800 (China Standard Time)

Don't bother with test vectors; the Stream Cipher design is not locked right now

OK

ZengKe · Answer 8 · Fri Oct 29 2021 17:59:07 GMT+0800 (China Standard Time)

I have just make a pr, which almost renew the introduction of stream cipher, please have a look ;-)

Martin Duke · Answer 9 · Wed Nov 17 2021 05:53:31 GMT+0800 (China Standard Time)

Thanks. The stream cipher design is undergoing crypto review, so I'm not taking any action on it until that is complete.