*
Bookmark and Share

Cryptographic Algorithm Validation Program

Summary:

The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS-approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP). The CAVP was established by NIST and the Communications Security Establishment Canada (CSEC) in July 1995. All of the tests under the CAVP are handled by third-party laboratories that are accredited as Cryptographic and Security Testing (CST) Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Vendors interested in validation testing of their algorithm implementation may select any of the accredited laboratories.

Description:

The CAVP is a collaborative program based on a partnership between NIST’s Computer Security Division and the Communication Security Establishment Canada (CSEC). The goal of the CAVP is to provide federal agencies—in the United States, Canada, and the United Kingdom—with confidence that a validated cryptographic algorithm has been implemented correctly. This is accomplished by designing and developing validation test suites for every FIPS-approved and NIST recommended cryptographic algorithm. The test suites contain tests that verify the correct implementation of the detailed instructions of an algorithm. Federal agencies, industry, and the public can choose cryptographic algorithm implementations from the associated Algorithm Validation Lists and have confidence in the claimed level of security.

The CAVP has stimulated improved quality of cryptographic algorithm implementations. Statistics from the testing laboratories show that 27 percent of the cryptographic algorithms brought in for voluntary testing had security flaws that were corrected during testing.

The CAVP currently validates implementations of the following cryptographic algorithms: Advanced Encryption Standard (AES), Triple Data Encryption Standard (TDES), Skipjack, Digital Signature Algorithm ( DSA), Elliptic Curve DSA (ECDSA), RSA, Secure Hash Algorithm (SHA), Random Number Generator (RNG), Deterministic Random Bit Generator (DRBG), Key Agreement Schemes (KAS), Block Cipher-based MAC (CMAC), Counter with CBC-Message Authentication Code, (CCM), Keyed Hash Message Authentication Code (HMAC), Galois /Counter Mode (GCM) and GMAC.

Major Accomplishments:

The CAVP currently has validation testing for the following FIPS-approved and NIST recommended cryptographic algorithms
Advanced Encryption Standard (AES)
Triple Data Encryption Standard (TDES)
Skipjack (SJ)
Digital Signature Algorithm ( DSA)
Elliptic Curve DSA (ECDSA)
RSA
Secure Hash Algorithm (SHA)
Random Number Generator (RNG)
Deterministic Random Bit Generator (DRBG)
Key Agreement Schemes and Key Confirmation (KAS)
Block Cipher-based MAC (CMAC)
Counter with CBC-Message Authentication Code, (CCM)
Galois /Counter Mode (GCM) and GMAC
Keyed Hash Message Authentication Code (HMAC)

Issued over 1000 algorithm validations for both AES and SHA implementations as of 2009

End Date:

ongoing

Lead Organizational Unit:

ITL

Customers/Contributors/Collaborators:

Federal: National Voluntary Laboratory Accreditation Program

Industry: American National Standards Institute (ANSI)
ÆGISOLVE, INC. (USA - CA)
Aspect Labs, a division of BKP Security, Inc. (USA - CA)
Atlan Laboratories (USA - VA)
atsec Information Security Corporation (USA - TX)
BT Cryptographic Module Testing Laboratory (United Kingdom)
CEAL: a CygnaCom Solutions Laboratory (USA - VA)
COACT Inc. CAFE Laboratory (USA - MD)
DOMUS IT Security Laboratory (Canada)
Electronic Commerce Security Technology Laboratory, Inc. (Japan)
Epoche & Espri (Spain)
EWA - Canada IT Security Evaluation & Test Facility (Canada)
ICSA Labs, An Independent Division of Verizon Business (USA - PA)
InfoGard Laboratories, Inc. (USA - CA)
Information Technology Security Center (Japan)
Science Applications International Corporation (SAIC) (USA - MD)
TTC IT Security Evaluation Laboratory (Taiwan, R.O.C.)
TÜV Informationstechnik GmbH (Germany)
AEPOS

Global: Communications Security Establishment Canada (CSEC)

Staff:

Sharon Keller, Director CAVP, Computer Scientist
sharon.keller@nist.gov
(301)975-2910

Janet Jing, ITL Specialist
janet.jing@nist.gov
(301)975-4293

Tim Hall, Computer Scientist
tim.hall@nist.gov
(301)975-8077

Related Programs and Projects:

For more information regarding the Cryptographic Algorithm and Validation Program (CAVP), please visit the Computer Security Resource Center (CSRC).

Validation System (VS) documents describing the suite of validation tests required for algorithm validation. They can be accessed via clicking on the Validation System (VS) above. These VS documents are:

  • Advanced Encryption Standard Algorithm Validation System(AESAVS)
     
  • NIST Special Publication 800-20, Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures.
    An additional test, the Multi-block Message Text (MMT), is also required.
     
  • Digital Signature Algorithm Validation System (DSAVS)
     
  • Elliptic Curve DSA Validation System (ECDSAVS)
     
  • RSA Validation System (RSAVS)
     
  • Secure Hash Algorithm Validation System (SHAVS)
     
  • Random Number Generator Validation System (RNGVS)
     
  • Deterministic Random Bit Generator Validation System (DRBGVS)
     
  • Key Agreement Schemes and Key Confirmation(KAS) Validation System (KASVS)
     
  • Block Cipher-based MAC Validation System (CMACVS)
     
  • Counter with CBC-Message Authentication Code (CCM)
    Validation System (CCMVS)
     
  • Galois /Counter Mode (GCM) and GMAC Validation System (GCMVS) 
     
  • Keyed Hash Message Authentication Code Validation System (HMACVS)
Contact

Sharon Keller
(301) 975-2910
sharon.keller@nist.gov

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930