Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Sheet1 Page 1 TESTING IMPLEMENTATIONS OF DES ------------------------------ Ronald L. Rivest MIT Laboratory for Computer Science Cambridge, Mass. 02139 2/23/85 ABSTRACT -------- We present a simple way to test the correctness of a DES implementation: Use the recurrence relation: X0 = 9474B8E8C73BCA7D (hexadecimal) X(i+1) = IF (i is even) THEN E(Xi,Xi) ELSE D(Xi,Xi) to compute a sequence of 64-bit values: X0, X1, X2, . .., X16. Here E(X,K) denotes the DES encryption of X using key K, and D(X,K) denotes the DES decryption of X using key K. If you obtain X16 = 1B1A2DDB4C642438 your implementation does not have any of the 36,568 possible single-fault errors described herein. INTRODUCTION ------------ The Data Encryption Standard (DES) has been approved by a variety of organizations (e.g. the U.S. government) for use in cryptographic applications. The DES algorithm was published by the National Bureau of Standards [FIPS46]. The National Bureau of Standards has an ongoing program to validate the correctness of hardware DES implementations. Their testing procedure, described in [Ga80a], consists of 291 fixed test cases followed by twelve million randomly chosen test cases. A hardware implementation of DES that passes this test is awarded a "Validation Certficate". The above testing procedure provides good evidence that the DES hardware was correctly designed and functioning properly at the time of validation. However, the user of a DES implementation would like to maintain the currency of this validation -- this would be "maintenance testing" in contrast to the "validation" service provided by NBS. The purpose of maintenance testing is to ensure that the DES implementation is still correct, i.e. that no operational fault has appeared since the last time the the device was tested. Also note that NBS's validation procedure only inspects single instances of a hardware device his device is correctly functioning (even though the design is OK, the device
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Sheet1 Page 2 may have developed faults). One way to perform maintenance testing is to use two or more separate implementations and compare their results after each operation. If they ever differ, then one of the units has ceased to operate correctly. The difficulty with this approach is the cost of providing the redundant implementation. If a redundant implementation is infeasible, then the implementation may be testing by comparing its input-output behaviour with that of a correct implementation. This paper provides such a procedure. It is desired to have a relatively short test procedure, since the
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 12


This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online