A reference implementation is some code which provides an example way of coding a particular algorithm. Designers of crypto algorithms often make reference implementations available, along with their test vectors, though reference implementations are seemingly more widely used than test vectors are (for example, the creators of the MP3 format made C code available for a reference implementation).
Reference implementations tend to be coded in a manner that is easy to read and understand, and are rarely optimized too well (if at all). The intent is not to use the code directly, but rather to use the code to supplement the textual descriptions of the algorithm, and for testing the optimized code. In particular, optimizing the code increases the chances of bugs, which is a bad thing to have in a reference implementation. At times, reference implemenations will have bugs, which causes all kinds of horrible problems, particularly if the problem is not caught until a year or two later.
Because they are intended to be easy to read, they are almost always written in C. There are a few reasons for this:
- Everyone knows C (OK, maybe not everyone, but most of the people who will care about reading a reference implementation will).
- C is the best language around for describing things like crypto, because it supports bitwise operations on fixed size registers directly and cleanly (ever seen DES written in Perl?)
- It's everywhere, and 99% of all crypto is written in C anyway, so might as well do the reference implementation in C as well.
Rarely, one will see reference implementations in C++, Java, or Ada.