## 8 Quality assurance requirements

3GPP41.061General Packet Radio Service (GPRS)GPRS ciphering algorithm requirementsRelease 4TS

This clause advises ETSI SAGE on measures needed to provide users of the algorithm with confidence that it is fit for purpose, and users of the algorithm specification and test data assurance that appropriate quality control has been exercised in their production.

The measures shall be recorded by ETSI SAGE in a design and evaluation report which shall be published by ETSI as a Technical Report.

## 8.1 Quality assurance for the algorithm

Prior to its release to the ETSI custodian, the algorithm needs to be approved as meeting the technical requirements specified in clause 6 by all members of ETSI SAGE.

## 8.2 Quality assurance for the specification and test data

Prior to delivery of the algorithm specification, two independent simulations of the algorithm needs to be made using the specification, and confirmed against test data designed to allow verification of significant points in the execution of the algorithm.

Design conformance and algorithm input/output test data needs to be generated using a simulation of the algorithm produced from the specification and confirmed as above. The simulation used to produce this test data needs to be identified in the test data deliverables and retained by ETSI SAGE.

## 8.3 Design and evaluation report

The design and evaluation report is intended to provide evidence to potential users of the algorithm, specification and test data that appropriate and adequate quality control has been applied to their production. The report shall explain the following:

– the algorithm and test data design criteria;

– the algorithm evaluation criteria;

– the methodology used to design and evaluate the algorithm;

– the extent of the mathematical analysis and statistical testing applied to the algorithm;

– the principal conclusions of the algorithm evaluation;

– the quality control applied to the production of the algorithm specification and test data.

The report shall confirm that all members of ETSI SAGE have approved the algorithm, specification and test data.

The report shall not contain any information about the algorithm, such as design techniques used, mathematical analysis or statistical testing of components of the algorithm, which might reveal part or all of the structure or detail of the algorithm.