HOMEIT SecurityIT Security Evaluation and CertificationJCMVP (Japan Cryptographic Module Validation Program) Home IPA/ISEC：JCMVP：Approved Security Functions

Last Updated: 24 July 2014

Page created: 2 June 2008

The specifications about the approved security functions (ASF-01; in Japanese)such as encryption functions, hash functions, and signature functions are shown as follows.

- DSA

FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009.

Note: The length of the parameter*p*and*q*shall be 2048 bits or larger and 224 bits or larger, respectively, for signature generation. - ECDSA

ANS X9.62-2005, Public Key Cryptography for the Financial Services Industry :

The Elliptic Curve Digital Signature Algorithm (ECDSA)

Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation. - ECDSA

FIPS PUB 186-3, Digital Signature Standard (DSS), June 2009

Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation. - ECDSA

SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)

Note1: The length of the order of the elliptic curve shall be 160 bits or larger.

Note2: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation. - RSASSA-PKCS1-v1_5

PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.

Note1: The length of the modulus shall be 1024 bits or larger.

Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation. - RSASSA-PSS

PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.

Note1: The length of the modulus shall be 1024 bits or larger.

Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for signature generation.

- RSA-OAEP

PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.

Note1: The length of the modulus shall be 1024 bits or larger.

Note2: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger for encryption.

- 3-key Triple DES

SP 800-67 Revision 1, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revised January 2012.

Note: Only 3-key Triple-DES is approved.

- AES

FIPS PUB 197, Advanced Encryption Standard (AES), November 26, 2001 - Camellia

Algorithm specifications of 128-bits block cipher Camelia (2nd version: September 26, 2001)

- Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher
Feedback (CFB), Output Feedback (OFB), and Counter (CTR)

SP 800-38A, Recommendation for Block Cipher Modes of Operation, December 2001.

- XTS

SP 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, January 2010.

- KCipher-2

Stream Cipher KCipher-2 (February 1, 2010)

- Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, SHA-512/224 and SHA-512/256)

FIPS PUB 180-4, Secure Hash Standard, March, 2012.

- HMAC (HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, and HMAC-SHA-512/256)

The Keyed-Hash Message Authentication Code, FIPS PUB 198-1, July 2008.

Note: Key length for HMAC generation shall be 112 bits or larger. - CMAC

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005. - CCM

Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004. - GCM/GMAC

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, November 2007.

- PRNG based on SHA-1 in ANSI X9.42-2001 Annex C.1

American Bankers Association, Public Key Cryptography for the Financial Services Industry, ANSI X9.42-2001 - Annex C.1

Note: This will be removed from the list of approved security functions after the end of 2015. - PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) Appendix 3.1

National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 27, 2000 - Appendix 3.1.

Note: This will be removed from the list of approved security functions after the end of 2015. - PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) revised Appendix 3.1

National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, January 27, 2000 - Appendix 3.1.

Note: This will be removed from the list of approved security functions after the end of 2015. - ANSI X9.31 Appendix A.2.4 Using 3-Key Triple DES

National Institute of Standards and Technology, NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, January 31, 2005.

Note: This will be removed from the list of approved security functions after the end of 2015. - ANSI X9.31 Appendix A.2.4 Using AES

National Institute of Standards and Technology, NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, January 31, 2005.

Note: This will be removed from the list of approved security functions after the end of 2015. - Hash_DRBG, HMAC_DRBG and CTR_DRBG

National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised), Special Publication 800-90A, January 2012.

There are no approved non-deterministic random number generators in JCMVP.

- DH

National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.

Note: The length of the parameter*p*and*q*shall be 2048 bits or larger and 224 bits or larger, respectively. - MQV

National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.

Note: The length of the parameter*p*and*q*shall be 2048 bits or larger and 224 bits or larger, respectively. - ECDH

National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.

Note: The length of the order of the elliptic curve shall be 224 bits or larger. - ECDH

SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)

Note: The length of the order of the elliptic curve shall be 224 bits or larger. - ECMQV

National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), Special Publication 800-56A, March 2007.

Note: The length of the order of the elliptic curve shall be 224 bits or larger. - Key Establishment Schemes in NIST SP800-56B

National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, Special Publication 800-56B, August 2009.

Note: The length of the modulus shall be 2048 bits or larger. - KDF

National Institute of Standards and Technology, Recommendation for Key Derivation through Extraction-then-Expansion, Special Publication 800-56C, November 2011. - KDF

National Institute of Standards and Technology, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), Special Publication 800-108, October 2009. - KDF

National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, Special Publication 800-132, December 2010. - KDF

National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135 Revision 1, December 2011.

Note: TPM KDF is excluded.

For further information, contact to:

IT Security Center, Information-technology Promotion Agency, Japan

E-mail:

TEL +81-3-5978-7545 (10:00-12:00, 13:30-17:00 JST, Monday-Friday)

FAX +81-3-5978-7548

24 July 2014 | The list of Approved Security Functions is updated. |
---|---|

7 Oct. 2013 | Reference URLs are updated. |

24 June 2013 | The list of Approved Security Functions is updated. |

14 Feb. 2013 | The list of Approved Security Functions is updated. |

20 Apr. 2012 | XTS and GCM has been added to the list of Approved Security Functions. |

26 Oct. 2009 | The list of Approved Security Functions is updated. |

26 Feb. 2009 | The list of Approved Security Functions is updated. |

2 June 2008 | Page created. |