Ken,
On Sep 21, 2005, at 10:43 AM, Ken Buchanan wrote:
I have reviewed the test vectors for LRW-AES, and have concluded they
were generated correctly. The only caveat is that we might consider
specifying the bit order of the polynomial inputs. Specifically,
block
1 is represented as 0...00000001, which is taken to be the identity
polynomial 1 (not x^127). Reversing the bits would mean 1 would be
represented by the vector 80000000...0, which is much less intuitive.
that's exactly the situation with the GF(2^128) representation used
in GCM. We should probably document that fact in the spec, since it
is counterintuitive.
David
The test vectors are correct either way, it's just how we want to
represent them on paper.
I have generated a full sector test vector (attached), using block
numbers ('I' values in the standard) ranging from 1 to 32, and a
256-bit
AES key.
Ken Buchanan
Kasten Chase
<LRW-AES Sector Test Vector.txt>
