SHA-3 Validation List

Last Update: 6/7/2017

These implementations are validated as conforming to the SHA-3's family of functions specified in the Federal Information Processing Standard (FIPS) 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, using tests described in The Secure Hash Algorithm-3 Validation System (SHA3VS). These tests validate implementations of four cryptographic hash functions and two closely related Extendable-Output Functions (XOFs).

The four SHA-3 hash functions are named SHA3-224, SHA3-256, SHA3-384, and SHA3-512. The two SHA-3 XOFs are named SHAKE128 and SHAKE256. The testing is handled by NVLAP accredited Cryptographic and Security Testing (CST) Laboratories.

In addition to a general description of each product, this validation list also contains:

Legend for Description Field

SHA-3 Hash functions tested SHA3-224, SHA3-256, SHA3-384, SHA3-512
Input message orientation BIT, BYTE-only

In cases where the implementation was tested and is validated only for the correct generation of a message digest on byte-oriented data, this is indicated by "(BYTE-only)" in the description field. However, if "(BIT)" is indicated, then the implementation is validated as conforming to the standard for bit-oriented messages (i.e., where the message length does not have to be a multiple of 8 bits)..

SHA-3 Extendable-Output(SHAKE) Extendable-Output functions tested SHAKE128, SHAKE256
Message (Msg) orientation Input Message BIT, BYTE-only

In cases where the implementation was tested and is validated only for the correct generation of a message digest on byte-oriented data, this is indicated by "(BYTE-only)" in the description field. However, if "(BIT)" is indicated, then the implementation is validated as conforming to the standard for bit-oriented messages (i.e., where the message length does not have to be a multiple of 8 bits).

Output message (applies to SHA-3 Extendable-Output functions only) BIT, BYTE-only

In cases where the implementation was tested and is validated only for the correct generation of output messages on byte-oriented data, this is indicated by "(BYTE-only)" in the description field. However, if "(BIT)" is indicated, then the implementation is validated as conforming to the standard for bit-oriented output (i.e., where the output message length does not have to be a multiple of 8 bits). (i.e., where the output message length does not have to be a multiple of 8 bits).

Output message lengths tested Minimum output message length tested MinLen
Maximum output message length tested MaxLen

If additional constraints have been placed on a validation, then they are listed in the description field.

The list is in reverse numerical order, by validation number, so that the most recent validations are closer to the top of the list.

SHA-3 Validated Implementations

Validation
No.
Vendor Implementation Operational Environment Val.
Date
Description/Notes
20 Xilinx, Inc.
2100 Logic Drive
San Jose, CA 95124
USA

-James Wesselkamper
TEL: 505-798-6863

SHA3/384

Part # Zynq Ultrascale+ MPSoC
VCS 3/31/2017 SHA3-384 (BYTE-only)

"SHA3/384 Hard Core"

19 Xilinx, Inc.
2100 Logic Drive
San Jose, CA 95124
USA

-James Wesselkamper
TEL: 505-789-6863

SHA3/384

Part # Ultrascale, Ultrascale+
VCS 3/31/2017 SHA3-384 (BYTE-only)

"SHA3/384 Hard Core"

05/02/17: Updated implementation information;

18 Attivo Networks Inc.
47697 Westinghouse Drive, Suite 201
Fremont, CA 94539
USA

-Satya Das
TEL: 510 623-1000

Attivo Cryptographic Provider

Version 1.0 (Firmware)
Intel® Xeon® CPU E5-2620 v2 @ 2.10GHz; Intel® Xeon® CPU E5-2630 v3 @ 2.4GHz 3/6/2017 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"Attivo Networks is an award winning provider of inside-the-network threat detection, attack analysis and forensics."

17 Intel Corporation
2200 Mission College Blvd.
Santa Clara, California 95054
USA

-Costin Alex. Pavel
TEL: +353 61 777 683

-Alan Carew
TEL: +353 61 477 487

QuickAssist Technology Software Library for Cryptography on the Intel® Communications Chipset 62x Series

Version 1.0.0
Intel® Xeon® Processor w/ Red Hat 7.1 2/28/2017 SHA3-256 (BYTE-only)

"The accelerator features are invoked using the Intel QuickAssist Technology Cryptographic API which provides application scalability and portability across platforms."

16 Intel Corporation
2200 Mission College Blvd.
Santa Clara, California 95054
USA

-Costin Alex. Pavel
TEL: +353 61 777 683

-Alan Carew
TEL: +353 61 477 487

QuickAssist Technology Software Library for Cryptography on the Intel® c3xxx Series

Version 1.0.0
Intel® Class SOC w/ Fedora 22 (kernel 4.0.4-301) 2/28/2017 SHA3-256 (BYTE-only)

"The accelerator features are invoked using the Intel QuickAssist Technology Cryptographic API which provides application scalability and portability across platforms."

15 Information Security Corp
1011 Lake St. Suite 425
Oak Park, IL 60118
USA

-Jonathan Schulze-Hewett
TEL: 708-445-1704
FAX: 708-445-9705

-Michael Markowitz
TEL: 708-445-1704
FAX: 708-445-9705

ISC Cryptographic Development Kit (CDK)

Version 8.0
Intel Core i7 with AES-NI w/ Windows Server 2012 R2 (64-bit) 2/10/2017 SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

"The ISC Cryptographic Development Kit (CDK) is a software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. It includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."

14 NXP Semiconductors
Stresemannallee 101
Hamburg, Hamburg 22529
Germany

-Dr. Almar Kaid
TEL: + 49 (40) 5613 5123
FAX: + 49 (40) 5613 62773

P73N2M0 Crypto Library

Version 1.0.8
Part # p73n2m0b0.200
NXP p73n2m0 w/ n/a 2/10/2017 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

"The NXP Crypto Library on the p73n2m0 HW-platform is a Cryptographic Library to be included in an operating system. It implements various algorithms protected against Side Channel and Fault Attacks at EAL 6+."

13 NXP Semiconductors
Stresemannallee 101
Hamburg, Hamburg 22529
Germany

-Dr. Almar Kaid
TEL: + 49 (40) 5613 5123
FAX: + 49 (40) 5613 62773

P73N2M0 Crypto Library

Version 1.0.8
NXP p73n2m0 w/ n/a 2/10/2017 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

"The NXP Crypto Library on the p73n2m0 HW-platform is a Cryptographic Library to be included in an operating system. It implements various algorithms protected against Side Channel and Fault Attacks at EAL 6+."

12 Distech Controls, Inc.
4205 Place de Java
Brossard, QC J4Y 0C4
Canada

-Dominic Gagnon
TEL: 450-444-9898 Ext.231
FAX: 450-444-0770

-François Gervais
TEL: 450-444-9898 Ext.263
FAX: 450-444-0770

Distech Java Cryptographic Library

Version 1.0 (Firmware)
AM335x Cortex-A8 (ARMv7) /w NEON 12/23/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The Distech Java Cryptographic Library is a general purpose cryptographic library used by Distech Controls products including the Eclypse series of controllers."

11 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94303
USA

-Eric Betts
TEL: 408-891-0590

-Michael McKay
TEL: 408-891-0590

VMware Java JCE (Java Cryptographic Extension) Module

Version BC FIPS 1.0.0
Intel Xeon E5 w/ NSX Controller 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Edge 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Manager 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0 12/16/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The VMware Java JCE (Java Cryptographic Extension) Module (VMware JCE Module) is a software cryptographic module containing a set of cryptographic functions."

10 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94303
USA

-Eric Betts
TEL: 408-891-0590

-Michael McKay
TEL: 408-891-0590

VMware Java JCE (Java Cryptographic Extension) Module

Version BC FIPS 1.0.0
Intel Xeon E5 w/ NSX Controller 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Edge 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Manager 6.3.0 OS with Java JRE 1.7 running on Vmware vSphere Hypervisor (ESXi) 6.0 12/2/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The VMware Java JCE (Java Cryptographic Extension) Module (VMware JCE Module) is a software cryptographic module containing a set of cryptographic functions."

9 Attivo Networks Inc.
47697 Westinghouse Drive, Suite 201
Fremont, CA 94539
USA

-Satya Das
TEL: 510 623-1000

Attivo Cryptographic Provider

Version 1.0
Intel(R) Xeon(R) CPU ES-2620 v2 @2.10GHz w/ Open JDK 1.8 on CentOS 6.5 Intel 64-bit on ESXi 5.5.0 10/28/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"Attivo Networks is an award winning provider of inside-the-network threat detection, attack analysis and forensics."

8 Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
USA

-Alan Presser
TEL: (978) 264-6600

Allegro Cryptographic Engine

Version 6.2
Intel Core i7 w/ Windows 10 Professional; Intel Core i7 with AES-NI w/ Windows 10 Professional; Intel Core i7 w/ Linux Mint 18; Intel Core i7 with AES-NI w/ Linux Mint 18 10/14/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The Allegro Cryptographic Engine (ACE) is a cryptographic library module for embedded computing systems. ACE provides software implementations of algorithms for calculations of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange."

7 Check Point Software Technologies, Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-Malcom Levy
TEL: +97237534561

Check Point Crypto Core

Version 4.0
Intel Core i5 with AES-NI w/ Windows 10 Anniversary Update (User Mode, x64); Intel Core i5 with AES-NI w/ Windows 10 Anniversary Update (Kernel Mode, x64); Intel Core i5 without AES-NI w/ Windows 10 Anniversary Update (User Mode, x64); Intel Core i5 without AES-NI w/ Windows 10 Anniversary Update (Kernel Mode, x64); Intel Core i7 with AES-NI w/ macOS Sierra 10.12 (User Mode, x64); Intel Core i7 without AES-NI w/ macOS Sierra 10.12 (User Mode, x64); Intel Core i7 with AES-NI w/ macOS Sierra 10.12 (Kernel Mode, x64); Intel Core i7 without AES-NI w/ macOS Sierra 10.12 (Kernel Mode, x64) 10/6/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)
Implementation does not support zero-length (null) messages.

"Check Point Crypto Core 4.X is a 140-2 Level 1 cryptographic module for Windows and Mac platforms. The module provides cryptographic services accessible in kernel mode and user mode on the respective platforms through implementation of platform-specific binaries."

6 Oberthur Technologies
402 rue d'Estienne d'Orves
Colombes, N/A 92700
France

-GOYET Christophe
TEL: +1 703 322 8951

-BOUKYOUD Saïd
TEL: +33 1 78 14 72 58
FAX: +33 1 78 14 70 20

SHA on Cosmo V8.1

Version 06939.18 with 08001.3 (Firmware)
Part # HW = ‘30’ with FW = ‘5F01’ and HW = ‘40’ with FW = ‘6001’
ID-One PIV on Cosmo V8.1 10/6/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

"ID-One Cosmo V8.1 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.4 and Global Platform 2.2.1 which supports SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, as well as SHA-3."

11/17/16: Updated implementation information;

5 Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

-David Hook
TEL: +61438170390

-Jon Eaves
TEL: +61417502969

Bouncy Castle FIPS .NET API

Version 1.0.1
Intel Core i7 (6th Gen) w/ Windows 10 Enterprise (64 bit); Intel Core i5 (5th Gen) w/ Windows 8.1 Professional 32 bit; Intel Core i5 (5th Gen) w/ Windows 7 SP1 32 bit; Intel Atom w/ Windows 10 Professional 64 bit; 8/4/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well."

08/16/16: Adding OE

4 Information Security Corp
1011 Lake St. Suite 425
Oak Park, IL 60118
USA

-Jonathan Schulze-Hewett
TEL: 708-445-1704
FAX: 708-445-9705

-Michael Markowitz
TEL: 708-445-1704
FAX: 708-445-9705

ISC Cryptographic Development Kit (CDK)

Version 8.0
Intel Core i7 with AES-NI w/ CentOS 6.7 (64-bit); Intel Core i7 with AES-NI w/ Windows 10 (64-bit); AMD A8-3850 without AES-NI w/ Windows 10 (64-bit) 6/21/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The ISC Cryptographic Development Kit (CDK) is a software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. It includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."

3 Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

-David Hook
TEL: +61438170390

-Jon Eaves
TEL: +61417502969

Bouncy Castle FIPS Java API

Version 1.0.0
Intel Xeon E5 v3 w/ Java SE Runtime Env 7 on Solaris 11 on vSphere 6; Intel Xeon E5 v3 w/ Java SE Runtime Env 8 on Centos 6.4 on vSphere 6 4/1/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Output(BYTE-only) MinLen: 0 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Output(BYTE-only) MinLen: 0 ; MaxLen:2^16 ] )

"The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well."

2 Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

-David Hook
TEL: +61438170390

-Jon Eaves
TEL: +61417502969

Bouncy Castle FIPS .NET API

Version 1.0.0
Intel Core i7 (6th Gen) w/ Windows 10 Enterprise 64 bit; Intel Atom w/ Windows 10 Professional 64 bit; Intel Core i5 (5th Gen) w/ Windows 8.1 Professional 32 bit; Intel Core i5 (5th Gen) w/ Windows 7 SP1 32 bit 3/25/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

SHAKE128(Msg Orientation: [Input(BYTE-only)] [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )
SHAKE256(Msg Orientation: [Input(BYTE-only)] [Output(BYTE-only) MinLen: 16 ; MaxLen:2^16 ] )

"The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well."

1 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CRYPEN IPsec

Version 1.0 (Firmware)
Synopsys VCS v2014.12mx-SP3-2 3/25/2016 SHA3-224 (BYTE-only)
SHA3-256 (BYTE-only)
SHA3-384 (BYTE-only)
SHA3-512 (BYTE-only)

"CRYPEN IPsec is embedded within proprietary ASICs that are utilized within Cisco hardware platforms."


Need Assistance?

Computer Security Division
National Institute of Standards and Technology