NIST validates 100th Advanced Encryption Standard implementation.
Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard, describes the AES algorithm as a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. The AES is capable of using cryptographic keys of 128 bit, 192 bit, and 256 bit to encrypt and decrypt data in blocks of 128 bits. Since November 2001, AES has been the FIPS-approved symmetric encryption algorithm of choice.
The AES validation test suite consists of the Known Answer Tests (KATs), the Multi-block Message Test (MMT), and the Monte Carlo Test (MCT). The KATs are designed to provide conformance testing for the individual components of the AES algorithm. The MMT is designed to test the ability of the implementation to process multiblock messages, which require the chaining of information from one block to the next. The MCT is designed to exercise the entire implementation of the AES, as opposed to testing only the individual components. The AES validation test suite tests the Modes of Operation ECB, CBC, OFB, CFB (1 bit, 8 bit, and 128 bit), and CTR. For each mode implemented, selections are available for key sizes (128 bit, 192 bit, 256 bit) supported as well as the ciphering direction (i.e., encryption and decryption).
Successful completion of the AES validation tests is required to claim conformance to the AES as specified in FIPS 197. When applied to implementations under test (IUTs), the validation tests determine the correctness of the algorithm implementation. In addition to ascertaining conformance, the tests detect implementation flaws including pointer problems, insufficient allocation of space, improper error handling, and incorrect behavior of the AES algorithm implementation.
The AES validation test suite is part of NIST's CMVP, which encompasses validation testing for cryptographic modules and algorithms. Other cryptographic algorithms currently validated by the CMVP are the Data Encryption Standard (DES), the Triple Data Encryption Standard (TDES), the Digital Signature Algorithm (DSA), the Secure Hash Algorithm (SHA-1), and the Random Number Generator algorithm (RNG). In the near future, the Reversible Digital Signature Algorithm (rDSA), the Elliptic Curve Digital Signature Algorithm (ECDSA), SHA-256, SHA-384, and SHA-512, and HMAC validation suites also will be available.
The CMVP uses laboratories accredited by NIST's National Voluntary Laboratory Accreditation Program to test cryptographic products that conform to FIPS. A vendor contracts with an accredited laboratory to perform the tests. When testing is completed, the laboratory submits the results to NIST for validation. If the vendor's implementation of the specific algorithm successfully passes the tests, NIST issues a validation certificate to the vendor. The Web site is csrc.nist.gov/cryptval.
CONTACT: Sharon Keller, (301) 975-2910; firstname.lastname@example.org.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||General Developments|
|Publication:||Journal of Research of the National Institute of Standards and Technology|
|Date:||Nov 1, 2003|
|Previous Article:||NIST provides key measurements for superconducting magnets for the International Thermonuclear Experimental Reactor.|
|Next Article:||Recommended Practice Guide on Data Evaluation Theory and Practice for Materials Properties developed.|