Re: Daniel Bernstein's SURF function

On 2025-02-19 18:07, Chax Plore wrote:

 I would like to confirm (non-existing) test vector for djb's SURF function. When three input arrays are all initialized with zeros,
the "out" array after executing SURF is (in my implementation):
 out[0] = B6A4E119
out[1] = 5AD6E86F
out[2] = 9BE93551
out[3] = EF8E3A91
out[4] = 1CAD4E20
out[5] = F44687A6
out[6] = 05A2C8FC
out[7] = 95016F86
 SURF paper on Bernstein's website: https://cr.yp.to/papers/surf.pdf
 SURF source ocede on Bruce Schneier's website:
https://www.schneier.com/wp-content/uploads/2015/03/SURF-2.zip
 

For the comfort of potential interested posters, I hereby paste the complete code provided by Daniel Bernstein:
#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - b)))
#define MUSH(i,b) t[i] = x = t[i] + (((x ^ dex[i]) + sum) ^ ROTATE(x,b));
void surf(out,in,dex)
uint32 out[8];
uint32 in[12];
uint32 dex[32];
{
   uint32 t[12];
   int r;
   int i;
   int loop;
   uint32 x;
   uint32 sum = 0;
   for (i = 0;i < 8;++i) out[i] = dex[24 + i];
   for (loop = 0;loop < 2;++loop) {
     for (i = 0;i < 12;++i) t[i] = in[i] ^ dex[12 + i];
     x = t[11];
     for (r = 0;r < 16;++r) {
       sum += 0x9e3779b9;
       MUSH(0,5)
       MUSH(1,7)
       MUSH(2,9)
       MUSH(3,13)
       MUSH(4,5)
       MUSH(5,7)
       MUSH(6,9)
       MUSH(7,13)
       MUSH(8,5)
       MUSH(9,7)
       MUSH(10,9)
       MUSH(11,13)
     }
     for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
   }
}
--
-----BEGIN PGP PUBLIC KEY FINGERPRINT-----
5745 807C 2B82 14D8 AB06 422C 8876 5DFC 2A51 778C
------END PGP PUBLIC KEY FINGERPRINT------