Font Size Change

HOMEIT SecurityIT Security Evaluation and CertificationJCMVP (Japan Cryptographic Module Validation Program) Home IPA/ISEC:JCMVP:Approved Security Functions

PRINT PAGE

IT Security

IPA/ISEC:JCMVP:Approved Security Functions

Last Updated: 24 July 2014
Page created: 2 June 2008

Approved Security Functions

The specifications about the approved security functions (ASF-01; in Japanese)[PDF][Update]such as encryption functions, hash functions, and signature functions are shown as follows.

Public Key

Signature

  1. DSA[Update]
    FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009.
    Note: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively, for signature generation.
  2. ECDSA[Update]
    ANS X9.62-2005, Public Key Cryptography for the Financial Services Industry :
    The Elliptic Curve Digital Signature Algorithm (ECDSA)
    Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.
  3. ECDSA[Update]
    FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009
    Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.
  4. ECDSA[Update]
    SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)
    Note1: The length of the order of the elliptic curve shall be 160 bits or larger.
    Note2: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.
  5. RSASSA-PKCS1-v1_5[Update]
    PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
    Note1: The length of the modulus shall be 1024 bits or larger.
    Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.
  6. RSASSA-PSS[Update]
    PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
    Note1: The length of the modulus shall be 1024 bits or larger.
    Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.

Confidentiality

  1. RSA-OAEP[Update]
    PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
    Note1: The length of the modulus shall be 1024 bits or larger.
    Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for encryption.

Symmetric Key

64-bit block cipher

  1. 3-key Triple DES
    SP 800-67 Revision 1, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revised January 2012.
    Note: Only 3-key Triple-DES is approved.

128-bit block cipher

  1. AES
    FIPS PUB 197, Advanced Encryption Standard (AES), November 26, 2001
  2. Camellia
    Algorithm specifications of 128-bits block cipher Camelia (2nd version: September 26, 2001)

n-bit block cipher modes of operations

  1. Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR)
    SP 800-38A, Recommendation for Block Cipher Modes of Operation, December 2001.

128-bit block cipher modes of operations

  1. XTS
    SP 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, January 2010.

Stream cipher

  1. KCipher-2[New]
    Stream Cipher KCipher-2 (February 1, 2010)

Hash

  1. Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, SHA-512/224 and SHA-512/256)
    FIPS PUB 180-4, Secure Hash Standard, March, 2012.

Message Authentication

  1. HMAC (HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, and HMAC-SHA-512/256)[Update]
    The Keyed-Hash Message Authentication Code, FIPS PUB 198-1, July 2008.
    Note: Key length for HMAC generation shall be 112 bits or larger.
  2. CMAC
    Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005.
  3. CCM
    Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004.
  4. GCM/GMAC
    Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, November 2007.

Random Number Generators

Deterministic random number generators

  1. PRNG based on SHA-1 in ANSI X9.42-2001 Annex C.1
    American Bankers Association, Public Key Cryptography for the Financial Services Industry, ANSI X9.42-2001 - Annex C.1
    Note: This will be removed from the list of approved security functions after the end of 2015.
  2. PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) Appendix 3.1
    National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 27, 2000 - Appendix 3.1.
    Note: This will be removed from the list of approved security functions after the end of 2015.
  3. PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) revised Appendix 3.1
    National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 27, 2000 - Appendix 3.1.
    Note: This will be removed from the list of approved security functions after the end of 2015.
  4. ANSI X9.31 Appendix A.2.4 Using 3-Key Triple DES
    National Institute of Standards and Technology, NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, January 31, 2005.
    Note: This will be removed from the list of approved security functions after the end of 2015.
  5. ANSI X9.31 Appendix A.2.4 Using AES
    National Institute of Standards and Technology, NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, January 31, 2005.
    Note: This will be removed from the list of approved security functions after the end of 2015.
  6. Hash_DRBG, HMAC_DRBG and CTR_DRBG
    National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised), Special Publication 800-90A, January 2012.

Non-deterministic Random number generators

There are no approved non-deterministic random number generators in JCMVP.

Key Establishment Schemes

Key agreement

  1. DH[Update]
    National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.
    Note: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively.
  2. MQV[Update]
    National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.
    Note: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively.
  3. ECDH[Update]
    National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.
    Note: The length of the order of the elliptic curve shall be 224 bits or larger.
  4. ECDH[Update]
    SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)
    Note: The length of the order of the elliptic curve shall be 224 bits or larger.
  5. ECMQV[Update]
    National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.
    Note: The length of the order of the elliptic curve shall be 224 bits or larger.
  6. Key Establishment Schemes in NIST SP800-56B[Update]
    National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, Special Publication 800-56B, August 2009.
    Note: The length of the modulus shall be 2048 bits or larger.
  7. KDF
    National Institute of Standards and Technology, Recommendation for Key Derivation through Extraction-then-Expansion, Special Publication 800-56C, November 2011.
  8. KDF
    National Institute of Standards and Technology, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), Special Publication 800-108, October 2009.
  9. KDF
    National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, Special Publication 800-132, December 2010.
  10. KDF
    National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135 Revision 1, December 2011.
    Note: TPM KDF is excluded.

Contact

For further information, contact to:
IT Security Center, Information-technology Promotion Agency, Japan
E-mail:E-mail address for JCMVP
TEL +81-3-5978-7545 (10:00-12:00, 13:30-17:00 JST, Monday-Friday)
FAX +81-3-5978-7548

Revision Record

24 July 2014 The list of Approved Security Functions is updated.
7 Oct. 2013 Reference URLs are updated.
24 June 2013 The list of Approved Security Functions is updated.
14 Feb. 2013 The list of Approved Security Functions is updated.
20 Apr. 2012 XTS and GCM has been added to the list of Approved Security Functions.
26 Oct. 2009 The list of Approved Security Functions is updated.
26 Feb. 2009 The list of Approved Security Functions is updated.
2 June 2008 Page created.