Approved Security Functions

Approved Security Functions

The Approved Security Functions in JCMVP are specified below such as encryption functions, hash functions, and signature functions.

• The specifications about the approved security functions (in Japanese)(ASF-01)[PDF](PDF:469 KB)

Public Key

Signature

• 1,DSA
  • FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013.
  • Note: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively.
• 2.ECDSA
  • ANS X9.62-2005, Public Key Cryptography for the Financial Services Industry :
    The Elliptic Curve Digital Signature Algorithm (ECDSA)
  • Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger.
• 3.ECDSA
  • FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013
  • Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger.
• 4.ECDSA
  • SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)
  • Note: The length of the order of the elliptic curve shall be 224 bits or larger and the length of the output of the hash function shall be 224 bits or larger.
• 5.RSASSA-PKCS1-v1_5
  • PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
  • Note: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger.
• 6.RSASSA-PSS
  • PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
  • Note: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger.

Confidentiality

• 7.RSA-OAEP
  • PKCS#1 v2.2: RSA Cryptography Standard, October 27, 2012.
  • Note: The length of the modulus shall be 2048 bits or larger and the length of the output of the hash function shall be 224 bits or larger.

Note: Reference Urls of PKCS#1 v2.2 have been changed to RFC8017.

Symmetric Key

128-bit block cipher

• 2.AES
  • FIPS PUB 197, Advanced Encryption Standard (AES), November 26, 2001
• 3.Camellia
  • Algorithm specifications of 128-bits block cipher Camelia (2nd version: September 26, 2001)

n-bit block cipher modes of operations

• 4.Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR)
  • SP 800-38A, Recommendation for Block Cipher Modes of Operation, December 2001.

128-bit block cipher modes of operations

• 5.XTS
  • SP 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, January 2010.

Stream cipher

• 6.KCipher-2
  • Stream Cipher KCipher-2 (March 31, 2017 Version 1.2)

Hash

1. Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, SHA-512/224 and SHA-512/256)
   • FIPS PUB 180-4, Secure Hash Standard, August, 2015.
2. SHA-3 Hash Algorithms (SHA3-256, SHA3-384, SHA3-512)
   • FIPS PUB 202, SHA-3 Standard, August, 2015.
3. SHA-3 Extendable-Output Functions (SHAKE128, SHAKE256)
   • FIPS PUB 202, SHA-3 Standard, August, 2015.

Message Authentication

1. HMAC (HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224, and HMAC-SHA-512/256)
   • The Keyed-Hash Message Authentication Code, FIPS PUB 198-1, July 2008.
   • Note: Key length for HMAC generation shall be 112 bits or larger.
2. CMAC
   • Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B, May 2005 (Updated 10/6/2016).
   • Note: CMAC using Triple-DES is not allowed.
3. CCM
   • Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, May 2004.
4. GCM/GMAC
   • Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, November 2007.
5. GCM-AES-XPN
   • IEEE Standards Association, Standard for Local and metropolitan area networks, Media Access Control (MAC) Security, Amendment 2: Extended Packet Numbering, 802.1AEbw-2013, February 12, 2013.

Random Number Generators

Deterministic random number generators

1. Hash_DRBG, HMAC_DRBG and CTR_DRBG
   • National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A Revision 1, June 2015.
   • Note: CTR_DRBG using Triple-DES is disallowed after December 31, 2019.

Non-deterministic Random number generators

There are no approved non-deterministic random number generators in JCMVP.

Key Establishment Schemes

Key agreement

1. DH
   • National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A Revision 3, April 2018.
   • Note 1: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively.
     Note 2: Only FIPS 186-type domain parameters is approved.
2. MQV
   • National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A Revision 3, April 2018.
   • Note 1: The length of the parameter p and q shall be 2048 bits or larger and 224 bits or larger, respectively.
     Note 2: Only FIPS 186-type domain parameters is approved.
3. ECDH
   • National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A Revision 3, April 2018.
   • Note: The length of the order of the elliptic curve shall be 224 bits or larger.
4. ECDH
   • SEC 1: Elliptic Curve Cryptography (May 21, 2009 Version 2.0)
   • Note: The length of the order of the elliptic curve shall be 224 bits or larger.
5. ECMQV
   • National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A Revision 3, April 2018.
   • Note: The length of the order of the elliptic curve shall be 224 bits or larger.
6. Key Establishment Schemes in NIST SP800-56B
   • National Institute of Standards and Technology, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, Special Publication 800-56B Revision 2, March 2019.
   • Note: Key Confirmation using KMAC is excluded.
7. KDF
   • National Institute of Standards and Technology, Recommendation for Key Derivation through Extraction-then-Expansion, Special Publication 800-56C Revision 1, April 2018.
8. KDF
   • National Institute of Standards and Technology, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), Special Publication 800-108, October 2009.
   • Note: KDF using Triple-DES is disallowed after December 31, 2019.
9. KDF
   • National Institute of Standards and Technology, Recommendation for Password-Based Key Derivation, Special Publication 800-132, December 2010.
10. KDF
    • National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135 Revision 1, December 2011.
    • Note: KDF based on TPM and KDF for TLS1.0 and TLS1.1 are excluded.