Okay... well I see what I was missing. It appears that all the KATs in either ecb_vk.txt or ecb_vt.txt from the serpent site need to be byte reversed (key, plaintext, and ciphertext) for them to pass Crypto++ validation.
So this from ecb_vt.txt: KEY=00000000000000000000000000000000 PT =80000000000000000000000000000000 CT =10b5ffb720b8cb9002a1142b0ba2e94a Becomes this for it to pass Crypto++: KEY=00000000000000000000000000000000 PT =00000000000000000000000000000080 CT =4ae9a20b2b14a10290cbb820b7ffb510 The last version of GNU Crypto (1.1 which was released only a few days ago) made this obvious when they switched from the implementation of serpent they were using to an implementation similar to Crypto++'s. They added code to byte reverse KATs from the files list above before testing them. Still... I can't get Crypto++ (or GNU Crypto) to pass the monte carlo tests from ecb_e_m.txt from the serpent site. For example the first monte carlo test in ecb_e_m.txt is: KEY=00000000000000000000000000000000 PT =00000000000000000000000000000000 CT =90e7a5ba9497fa1bfc00f7d1a3a86a1e Byte reversed that should become: KEY=00000000000000000000000000000000 PT =00000000000000000000000000000000 CT =1e6aa8a3d1f700fc1bfa9794baa5e790 But Crypto++ will not pass either one of these. Instead it yields KEY=00000000000000000000000000000000 PT =00000000000000000000000000000000 CT =3620B17AE6A993D09618B8768266BAE9 So now what am I missing? Thanks Sean -----Original Message----- From: Sean Woods [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: Crypt++ implementation of Serpent correct? I see that with the release of Crypto++ 3.2 there was an endian bug corrected in the implementation of Serpent. Has anyone since then tested the implementation against the KATs from the serpent web page (http://www.cl.cam.ac.uk/~rja14/serpent.html)? I noticed that while Crypto++ 5 will pass its -v test against the serpentv.dat file, it doesn't pass the KATs from the serpent web page (at least not for me). Further an implementation of serpent (GNU Crypto) that does pass all the KATs from the serpent web page doesn't pass the serpentv.dat file (at least not for me). Is there something that I am missing? Or is there an endian bug in crypto++ 5's implementation? The only differences between Crypto++'s implementation and GNU Crypto's is the ordering of the key, input blocks, and output blocks. Anyways... Here are some KATs from the serpent homepage. Can anyone else get Crypto++ to pass these? Is there something else I am missing? KEY=00000000000000000000000000000000 PT =80000000000000000000000000000000 CT =10b5ffb720b8cb9002a1142b0ba2e94a KEY=80000000000000000000000000000000 PT =00000000000000000000000000000000 CT =49afbfad9d5a34052cd8ffa5986bd2dd KEY=008000000000000000000000000000000000000000000000 PT =00000000000000000000000000000000 CT =5587b5bcb9ee5a28ba2bacc418005240 Thanks Sean
