Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Projects

Showing 23 matching records.
Automated Cryptographic Validation Testing ACVT
The Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP) were established on July 17, 1995 by NIST to validate cryptographic modules conforming to the Federal Information Processing Standards (FIPS) 140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2 was released on May 25, 2001 and supersedes FIPS 140-1.The current implementation of the CMVP is shown in Figure 1 below. The CAVP is...
Block Cipher Techniques
Approved AlgorithmsCurrently, there are two (2) Approved* block cipher algorithms that can be used for both applying cryptographic protection (e.g., encryption) and removing or verifying the protection that was previously applied (e.g., decryption): AES and Triple DES. Two (2) other block cipher algorithms were previously approved: DES and Skipjack; however, their approval has been withdrawn. See the discussions below for further information; also see SP 800-131A Rev. 1, Transitions...
Circuit Complexity
Boolean functions for a wide class of applications (such as encryption, digital signatures, hashing, and error correction codes) can be implemented as electronic circuits. In practice, it is important to be able to minimize the size and depth of these circuits. The Circuit Complexity Project aims at finding combinational circuits—over the basis AND, XOR, NOT—for boolean functions.The problem, even for functions on very few inputs, is computationally intractable. This means that optimal...
Computer Security Objects Register CSOR
Information objects that convey information used to maintain the security of resources in computerized environments are known as Computer Security Objects (CSOs). The Computer Security Objects Register (CSOR) specifies names that uniquely identify CSOs. These unique names are used to reference these objects in abstract specifications and during the negotiation of security services for a transaction or application. The CSOR is also a repository of parameters associated with the registered...
Crypto Reading Club
The Computer Security Division hosts Crypto Reading Club talks to foster research and collaboration in cryptography.When:Wednesday (bi-weekly), 10:00am-12:00pm (Eastern Time), unless noted otherwise.Where:NIST Building 222, Room B341 Gaithersburg, MD 20899NIST Visitor InformationEmail List:Meeting reminders will be sent to subscribers of the Crypto Reading Club List.To be added to the list and/or give a talk, please contact Morris J. Dworkin or Meltem Sonmez Turan. Upcoming TalksNo...
Cryptographic Algorithm Validation Program CAVP
The Cryptographic Algorithm Validation Program (CAVP) provides validation testing of FIPS-approved and NIST-recommended cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation.Vendors may use any of the NVLAP-accredited Cryptographic and Security Testing (CST) Laboratories to test algorithm implementations.An algorithm implementation successfully tested by a lab and validated by NIST is added to an...
Cryptographic Module Validation Program CMVP
What Is The Purpose Of The CMVP?On July 17, 1995, NIST established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS)140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. The CMVP is a joint effort between NIST and the Canadian Centre for...
Cryptographic Research
NIST continues to develop cryptographic expertise in several research areas:Circuit ComplexityElliptic Curve CryptographyLightweight CryptographyPairing-Based CryptographyPost-Quantum Cryptography (PQC)Privacy-Enhancing CryptographyWe also host a Crypto Reading Club that meets biweekly to foster research and collaboration in cryptography.
Cryptographic Standards and Guidelines Development Process
In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the...
Digital Signatures
As an electronic analogue of a written signature, a digital signature provides assurance that:the claimed signatory signed the information, andthe information was not modified after signature generation.Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function specified in FIPS...
Elliptic Curve Cryptography ECC
Elliptic curve cryptography is critical to the adoption of strong cryptography as we migrate to higher security strengths. NIST has standardized elliptic curve cryptography for digital signature algorithms in FIPS 186 and for key establishment schemes in SP 800-56A. In FIPS 186-4, NIST recommends fifteen elliptic curves of varying security levels for use in these elliptic curve cryptographic standards. However, more than fifteen years have passed since these curves were first developed...
Entropy as a Service EaaS
Cryptography is critical for securing data at rest or in transit over the IoT. But cryptography fails when a device uses easy-to-guess (weak) keys generated from low-entropy random data. Standard deterministic computers have trouble producing good randomness, especially resource-constrained IoT-class devices that have little opportunity to collect local entropy before they begin network communications. The best sources of true randomness are based on unpredictable physical phenomena...
FIPS 140-3 Development
Current DevelopmentOn August 12, 2015, NIST published a Request for Information (RFI) in the Federal Register, requesting public comments on using the ISO/IEC 19790:2012 standard, Security Requirements for Cryptographic Modules, as the U.S. federal standard for cryptographic modules.The RFI provided additional background information, including seven questions (excerpted below) that NIST was especially interested in having addressed. The RFI also disucssed...
Hash Functions
Approved AlgorithmsApproved hash algorithms for generating a condensed representation of a message (message digest) are specified in two Federal Information Processing Standards: FIPS 180-4, Secure Hash Standard and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS 180-4 specifies seven hash algorithms:SHA-1 (Secure Hash Algorithm-1), and theSHA-2 family of hash algorithms: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.FIPS 202...
Key Management
Publications that discuss the generation, establishment, storage, use and destruction of the keys used NIST’s cryptographic algorithmsProject Areas:Key Management GuidelinesKey EstablishmentCryptographic Key Management SystemsGenerally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key...
Lightweight Cryptography
NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.NIST has published a call for algorithms to be considered for lightweight cryptographic standards. Proposals must be received by NIST on or before February 25, 2019. The following links contain the submission requirements and the source code needed to...
Message Authentication Codes MAC
The message authentication code (MAC) is generated from an associated message as a method for assuring the integrity of the message and the authenticity of the source of the message.  A secret key to the generation algorithm must be established between the originator of the message and its intended receiver(s).Approved AlgorithmsCurrently, there are three (3) approved* general purpose MAC algorithms:  HMAC, KMAC and CMAC.Keyed-Hash Message Authentication Code (HMAC)FIPS...
Pairing-Based Cryptography
Recently, what are known as “pairings” on elliptic curves have been a very active area of research in cryptography. A pairing is a function that maps a pair of points on an elliptic curve into a finite field. Their unique properties have enabled many new cryptographic protocols that had not previously been feasible.In particular, identity-based encryption (IBE) is a pairing-based scheme that has received considerable attention. IBE uses some form of a person (or entity’s) identification to...
Post-Quantum Cryptography PQC
NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.  Full details can be found in the Post-Quantum Cryptography Standardization page.  The submission deadline of November 30, 2017 has passed. Please see the Round 1 Submissions for the listing of complete and proper submissions.BackgroundIn recent years, there has been a substantial amount of research on quantum computers – machines that...
Privacy-Enhancing Cryptography
The privacy-enhancing cryptography project seeks to promote the use of communication protocols that do not reveal unneeded private information of the communicating parties.There are many technical challenges in doing this, as it is typically hard to separate private data from general data (e.g. to convert a third-party-signed date-of-birth certificate into a certificate indicating that a person is of voting age). Zero-knowledge (ZK) proof techniques and their variants can be used to...
Random Bit Generation RBG
The following publications specify the design and implementation of random bit generators (RBGs), in two classes: Deterministic Random Bit Generators (pseudo RBGs); and Non-Deterministic Random bit Generators (True RBGs).SP 800-90A,Recommendation for Random Number Generation Using Deterministic Random Bit GeneratorsJune 25, 2015:  This Recommendation specifies mechanisms for the...
Roots of Trust RoT
Modern computing devices consist of various hardware, firmware, and software components at multiple layers of abstraction. Many security and protection mechanisms are currently rooted in software that, along with all underlying components, must be trustworthy. A vulnerability in any of those components could compromise the trustworthiness of the security mechanisms that rely upon those components. Stronger security assurances may be possible by grounding security mechanisms in roots of trust....
Threshold Cryptography TC
The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on their implementations. It is thus important to mitigate breakdowns that result from differences between ideal and real implementations of cryptographic algorithms.This project focuses on threshold...