Simon, Speck and test vector change

[Jeffrey Walton]

Hi Everyone,

We need to change Simon and Speck to align with the algorithmic description provided by the Simon and Speck team. Formerly, we followed the team's test vectors, but they turned out to be wrong. Ugh...

We are tracking the issue at https://github.com/weidai11/cryptopp/issues/585.

Simon and Speck have been part of the library for about 30 days. I think we can make the change without providing a 2nd set of classes with former behavior. "Former behavior" means the existing incorrect behavior. That is assuming no one is using them at this moment.

My question is, is it OK to make the change without providing the second set of classes?

Jeff

[Mobile Mouse]

I believe the answer is yes. The initial implementation was not correct, this update fixes the problem. 

I say - if nobody gives a good reason why the incorrect behavior should be offered (even upon request), no need to bother.

--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeffrey Walton]

On Tuesday, February 13, 2018 at 8:57:46 PM UTC-5, Mouse wrote:

I believe the answer is yes. The initial implementation was not correct, this update fixes the problem. 

I say - if nobody gives a good reason why the incorrect behavior should be offered (even upon request), no need to bother.

Ack, thanks.

As an intermediate step I think we should pull Simon and Speck until we get things sorted out. At this point in time our implementation has the potential to do harm.

Jeff

[Jeffrey Walton]

Simon and Speck were removed from the library at https://github.com/weidai11/cryptopp/commit/15b14cc61890 . The removal should ensure we don't do any harm, like breaking interop across the web.

The commit includes simon-speck.zip, which includes the original files that were removed.

It looks like we'll need a few days to sort out what we need to fix on our end. I don't have the time at the moment and it could be weeks before I can get back to it.

Sorry about this mess. I thought we were safe following the author's test vectors.

Jeff

[Jeffrey Walton]

On Wednesday, February 14, 2018 at 4:23:30 AM UTC-5, Jeffrey Walton wrote:

On Wednesday, February 14, 2018 at 3:35:26 AM UTC-5, Jeffrey Walton wrote:

On Tuesday, February 13, 2018 at 8:57:46 PM UTC-5, Mouse wrote:

I believe the answer is yes. The initial implementation was not correct, this update fixes the problem. 

I say - if nobody gives a good reason why the incorrect behavior should be offered (even upon request), no need to bother.

Ack, thanks.

As an intermediate step I think we should pull Simon and Speck until we get things sorted out. At this point in time our implementation has the potential to do harm.

Simon and Speck were removed from the library at https://github.com/weidai11/cryptopp/commit/15b14cc61890 . The removal should ensure we don't do any harm, like breaking interop across the web.

The updated Simon and Speck were re-added last night. The updated ciphers conform to the paper's specification and the kernel's implementation.

The updated Simon and Speck will fail to arrive at the test vector answers published in the Simon and Speck paper. We hope the Simon and Speck team will publish updated test vectors one day so we can establish provenance for our test vectors.

Also see:

  * New test vectors: https://github.com/weidai11/cryptopp/commit/3efef479d15f
  * C++ and SSE impl: https://github.com/weidai11/cryptopp/commit/e416b243d37d
  * NEON, Aarch32, Aarch64: https://github.com/weidai11/cryptopp/commit/e5a362c026ec

Jeff