[Cryptography] Simon, Speck and ISO

Dennis E. Hamilton dennis.hamilton at acm.org
Wed Oct 22 12:16:27 EDT 2014

<orcnote> below,

-----Original Message-----
From: cryptography [mailto:cryptography-bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of Hanno Böck
Sent: Wednesday, October 22, 2014 02:29
To: dj at deadhat.com
Cc: cryptography at metzdowd.com
Subject: Re: [Cryptography] Simon, Speck and ISO

Am Tue, 21 Oct 2014 22:16:13 -0000
schrieb dj at deadhat.com:

> Today the NSA proposed that Simon and Speck be added the the ISO
> JTC1/SC27 approved ciphers spec.

That sounds interesting, can you give some more background on this?

>From <http://isotc.iso.org/livelink/livelink?func=ll&objId=8916258&objAction=browse&viewType=1>,

ISO/IEC JTC1/SC27 "IT Security Techniques" (meeting this week in Mexico City),
	WG1: Information Security Management Systems
     WG2: Cryptography and security mechanisms
     WG3: Security evaluation, testing and specification
     WG4: Security controls and services
     WG5: Identity management and privacy techniques

It is commonplace for "National Bodies" (e.g., DIN, BSA, ANSI, ...) to have "mirror" technical committees that correspond with JTC1 subcommittees and working groups.  DIN also holds the Secretariat for SC27, but any DIN mirror committee is different, even with overlapping participants.  Here are the member countries whose National Bodies participate in SC27 <http://en.wikipedia.org/wiki/ISO/IEC_JTC_1/SC_27#Member_countries>.
In the US, ANSI designates INCITS as the Technical Activity Group that administers US participation in SC27. The "mirror" responsibility and voice of US participation is INCITS/CS1 for Cyber Security.

I'm probably not the only one who has never heard of JTC1/SC27 before.
Wikipedia tells me this is located at the DIN in germany.

What's the role of these approved ciphers? Is anyone bound to
support / use them?
These are voluntary standards.  Requirements concerning their use, specification in procurements, etc., may show up in member countries (sort of how FIPS transposes voluntary standards for governmental use) along with recommendations for other use within a national (or regional, in the case of the EU) jurisdiction. In the US, the practice for INCITS is to automatically adopt the relevant ISO/IEC JTC1 standards as ANSI standards.  I imagine something similar happens in the case of DIN.</orcnote>

Hanno Böck

mail/jabber: hanno at hboeck.de

More information about the cryptography mailing list