Table 5.1 NIST Evaluation Criteria for AES(September 12,1997)(page 1 of 2) SECURITY .Actual security:compared to other submitted algorithms(at the same key and block size). .Randomness:The extent to which the algorithm output is indistinguishable from a random permutation on the input block. .Soundness:of the mathematical basis for the algorithm's security. .Other security factors:raised by the public during the evaluation process,including any attacks which demonstrate that the actual security of the algorithm is less than the strength claimed by the submitter. COST .Licensing requirements:NIST intends that when the AES is issued,the algorithm(s) specified in the AES shall be available on a worldwide,non-exclusive,royalty-free basis. .Computational efficiency:The evaluation of computational efficiency will be applicable to both hardware and software implementations.Round 1 analysis by NIST will focus primarily on software implementations and specifically on one key-block size combination (128-128);more attention will be paid to hardware implementations and other supported key-block size combinations during Round 2 analysis.Computational efficiency essentially refers to the speed of the algorithm.Public comments on each algorithm's efficiency (particularly for various platforms and applications)will also be taken into consideration by NIST. .Memory requirements:The memory required to implement a candidate algorithm--for both hardware and software implementations of the algorithm--will also be considered during the evaluation process.Round 1 analysis by NIST will focus primarily on software implementations;more attention will be paid to hardware implementations during Round 2. 2022/10/1 Memory requirements will include such factors as gate counts for hardware implementations,and code size and RAM requirements for software implementations. 5/292022/10/9 现代密码学理论与实践05 5/29