NIST validates 100th Advanced Encryption Standard implementation.In October 2003, NIST's Cryptographic Module Validation Program The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. (CMVP) reached a significant milestone by issuing the 100th Advanced Encryption Standard (cryptography, algorithm) Advanced Encryption Standard - (AES) The NIST's replacement for the Data Encryption Standard (DES). The Rijndael /rayn-dahl/ symmetric block cipher, designed by Joan Daemen and Vincent Rijmen, was chosen by a NIST contest to be AES. (AES) Algorithm Validation Certificate for hardware implementation of AES named 7814-W. This is an intelligent packet-processing chip that implements AES, Triple DES, integrated public key crypto-graphy, and compression. 7814-W implements the Electronic Codebook codebook - data dictionary and the Cipher Block Chaining modes of operation for both encryption and decryption, and supports key sizes 128 bit, 192 bit, and 256 bit. Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. (FIPS) 197, Advanced Encryption Standard, describes the AES algorithm as a symmetric block cipher that can encrypt (encipher Same as encrypt. ) and decrypt (decipher) information. The AES is capable of using cryptographic keys of 128 bit, 192 bit, and 256 bit to encrypt and decrypt data in blocks of 128 bits. Since November 2001, AES has been the FIPS-approved symmetric encryption algorithm of choice. The AES validation test suite consists of the Known Answer Tests (KATs), the Multi-block Message Test (MMT), and the Monte Carlo Test (MCT). The KATs are designed to provide conformance testing for the individual components of the AES algorithm. The MMT is designed to test the ability of the implementation to process multiblock messages, which require the chaining of information from one block to the next. The MCT is designed to exercise the entire implementation of the AES, as opposed to testing only the individual components. The AES validation test suite tests the Modes of Operation ECB, CBC, OFB, CFB (1 bit, 8 bit, and 128 bit), and CTR. For each mode implemented, selections are available for key sizes (128 bit, 192 bit, 256 bit) supported as well as the ciphering direction (i.e., encryption and decryption). Successful completion of the AES validation tests is required to claim conformance to the AES as specified in FIPS 197. When applied to implementations under test (IUTs), the validation tests determine the correctness of the algorithm implementation. In addition to ascertaining conformance, the tests detect implementation flaws including pointer problems, insufficient allocation of space, improper error handling, and incorrect behavior of the AES algorithm implementation. The AES validation test suite is part of NIST's CMVP, which encompasses validation testing for cryptographic modules and algorithms. Other cryptographic algorithms currently validated by the CMVP are the Data Encryption Standard See DES. Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). (DES), the Triple Data Encryption Standard (TDES), the Digital Signature Algorithm The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS) (DSA), the Secure Hash Algorithm (algorithm, cryptography) Secure Hash Algorithm - (SHA) A one-way hash function developped by NIST and defined in standard FIPS 180. SHA-1 is a revision published in 1994; it is also described in ANSI standard X9.30 (part 2). (SHA-1), and the Random Number Generator A program routine that produces a random number. Random numbers are created easily in a computer, since there are many random events that take place such as the duration between keystrokes. algorithm (RNG). In the near future, the Reversible Digital Signature Algorithm (rDSA), the Elliptic Curve Digital Signature Algorithm (ECDSA), SHA-256, SHA-384, and SHA-512, and HMAC validation suites also will be available. The CMVP uses laboratories accredited by NIST's National Voluntary Laboratory Accreditation Program National Voluntary Laboratory Accreditation Program (NVLAP) is a National Institute of Standards and Technology (NIST) program which provides an unbiased third-party test and evaluation program to accredit laboratories in their respective fields to the ISO 17025 standard. to test cryptographic products that conform to FIPS. A vendor contracts with an accredited laboratory to perform the tests. When testing is completed, the laboratory submits the results to NIST for validation. If the vendor's implementation of the specific algorithm successfully passes the tests, NIST issues a validation certificate to the vendor. The Web site is csrc.nist.gov/cryptval. CONTACT: Sharon Keller, (301) 975-2910; sharon.keller@nist.gov. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion