Shifting POSTs Into High Gear (G21c)
Recently, the self-test related IGs 9.1, 9.11 and 9.12 have been updated to reduce the number of tests performed during power on to help improve module performance. At the same time, IG 9.4 was updated to provide additional clarity and/or leniency for the known answer test (KAT) requirement. This presentation aims to provide suggestions and clues to make the best use of these IGs to speed up the power on self tests (POSTs) while meeting the requirement.
POSTs are mandatory and should be performed when the cryptographic module is powered up. The POSTs mark the starting state of the module and no crypto operations are allowed until the self-tests completed successfully, i.e. the module is unusable until the POSTs finish. Hence the self-tests take an integral part in determining the performance of the module. With new technologies being developed every day, product size is decreasing and operational speed is increasing. In such scenarios, the choice of self-tests is crucial and could help in boosting the speed of the module during initialization, and in turn the product.
This presentation proposes suggestions to speed up the POSTs by depicting scenarios based on module type/scope (e.g. hardware/software module, modules with memory/space constraint etc.). Additionally, since the choice of POSTs is also important when validating modules, the presentation includes some pitfalls that might be ignored due to misinterpretation or lack of understanding of the above IG requirements.
With the right knowledge and analysis of the environment in which the module operates, you can make the most of the IG updates to the advantage of the module.