December 12, 2011

Power-on self-test guidance

The CMVP intends to release new FIPS 140-2 Implementation Guidance clarifying the power-on self-test required for cryptographic algorithms whose outputs do not vary for a given set of inputs (e.g. RSA).

A Known Answer Test (KAT) will be required in the future for cryptographic modules that perform RSA sign and verify when the outputs of those operations are deterministic.

The Implementation Guidance will include a transition date.  After that transition date, new FIPS 140-2 validation submissions must implement a Known Answer Test (for a deterministic mode of RSA) as a power-on self-test.  A Pairwise Consistency Test will no longer be acceptable as a power-on self-test (for a deterministic mode of RSA).

The release date of the Implementation Guidance and the transition date are not yet available. 

No comments:

Post a Comment