The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Method of Statistical Randomness Test for Key Derivation Functions

키유도함수의 통계적 난수성 평가 방법

  • Published : 2010.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Randomness is a basic security evaluation item for the most cryptographic algorithms. NIST has proposed a statistical test suit for random number generators for cryptographic applications in the process of AES project. However the test suit of NIST is customized to block ciphers which have the same input and output lengths. It needs to revise NIST's test suit for key derivation functions which have multiple output blocks. In this paper we propose a revised method of NIST's statistical randomness test adequate to the most key derivation functions and some experimental results for key derivation functions of 3GSM and NIST.

암호시스템에 사용되는 알고리즘의 기본적인 안전성 평가 항목은 난수성이다. 미국의 표준기술원 NIST는 차세대 암호알고리즘 AES를 선정하는 과정에서 블록암호의 난수성을 통계적으로 평가할 수 있는 패키지를 제안하였다. 이 패키지는 입출력 길이가 동일한 함수인 블록암호에 적합하도록 구성되어 있으므로 대부분 확장된 출력 길이를 갖는 키유도함수의 난수성 평가에 그대로 적용하는 것은 무리가 있다. 본 논문에서는 입력 길이보다 확장된 다중 블록을 출력하는 대표적인 암호 구성 요소인 키유도함수에 적합한 통계적 난수성 평가 방법으로 NIST의 방식을 개선한 것을 제안한다. 그리고 제안된 방법에 의하여 3GSM과 NIST에서 표준으로 권고하고 있는 키유도함수에 대한 통계적 난수성 평가결과를 제시한다.

Keywords

References

  1. J. Nechvatal, E. Barker, L. Bassham, and W. Burr, "Report on the Development of the Advanced Encryption Standard (AES)," Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, 2000.
  2. A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, J. Dray, and S. Vo, "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications," NIST SP800-22, 2008.
  3. J. Soto, "Randomness Testing of the AES Candidate Algorithms," NIST, 1999.
  4. 3GPP TR 35.909 v8.0.0 : "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set; An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 5: Summary and results of design and evaluation," 2008.
  5. IEEE 802.11i, "IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements," 2004.
  6. IEEE 802.15.1TM, "IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 15.1: Wireless medium access control (MAC) and physical layer (PHY) specifications for wireless persHY) sarea networks (WPANs)," 2002.
  7. L. Chen, "Recommendation for Key Derivation Using Pseudorandom Functions," NIST SP800-108, 2008.
  8. H. Gilbert, "The Security of "One-Block-to-Many" Modes of Operation," FSE 2003 LNCS 2887, pp.376-395, 2003.