In the US, requirements for government security are regulated by FIPS (Federal Information Processing Standard) publications, which are developed by NIST (National Institute of Standards for Technology) for use government-wide. NIST develops FIPS when there are compelling federal government requirements for security and interoperability and there are no acceptable industry standards or solutions. Other countries such as the United Kingdom and Canada are also starting to refer more to FIPS standards. Outside of government, other industries, such as financial and postal, also refer to FIPS.
One of the key standards is FIPS 140-2, which describes US federal government requirements that software and hardware products must meet for sensitive but unclassified use. FIPS 140-2 evaluation is currently a requirement for sale of products implementing cryptography to the federal government.
Along with RSA and DSA, ECDSA is one of three FIPS-approved methods for asymmetric key functions within FIPS 140-2. Currently, however, unlike RSA and DSA, which have validation systems, ECDSA implementations can only be listed as vendor affirmed. Vendor affirmation represents a commitment on the part of the vendor to have implemented the algorithm correctly.
With the growing interest in ECDSA and other ECC-based algorithms for government and financial use, however, a validation system for ECDSA would ensure consistent and secure implementations.
For algorithms that do have a validation system, the process works as follows:
When dealing with FIPS 140-2 validation, all algorithms must be submitted and shown that they work properly within the module, either with an algorithm certificate or with vendor affirmation if a validation system is unavailable.
An incorrectly implemented algorithm can lead to security weaknesses and interoperability problems between products of different vendors (e.g. a browser and a CA (Certification Authority)).
A validation system provides the following benefits:
1. By putting the algorithm through a series of tests in specifically defined areas, the validation system can detect significant implementation errors.
2. A common validation system helps ensure a consistent implementation of a particular algorithm on a specific platform.
Combined, the above two benefits provide an adequate level of security and interoperability.
Although ECDSA is only vendor affirmed, it is in fact approved for use in FIPS 140-2 when implemented as per FIPS 186-2 (Digital Signature Standard).
To trust a “vendor affirmed” implementation of ECDSA (or any other algorithm that does not have a validation system), you have to ensure that the vendor has the expertise to implement the algorithm correctly. ECC-based algorithms can be difficult to implement – and today, that expertise is in the hands of a select few companies. A validation system from NIST could provide the third party validation needed to encourage wider use of ECDSA in other implementations.
In 2003, the National Security Agency (NSA) selected ECC, and in particular MQV (Menezes-Qu-Vanstone), as a crucial technology for protecting mission critical national security information. This further validates the important role that ECC will be playing in the future for the government.
MQV is also moving towards FIPS adoption through Special Publication 800-56. While a Special Publication is not binding the same way that a FIPS publication is, it is a key step on the road to being incorporated into a FIPS. MQV was also one of the pieces of intellectual property recently licensed from Certicom by the NSA.
Along with ECDSA, the key establishment algorithms MQV and ECDH (Elliptic Curve Diffie-Hellman) are approved for use in FIPS 140-2 modules in FIPS-approved mode for key establishment.
FIPS 140-2 is required for sale of products implementing cryptography to the federal government. Because of the high level of security ensured by FIPS, the financial and healthcare industries are also starting to mandate FIPS 140-2 to secure their transactions.
The benefit of having validation systems for ECC algorithms is that accredited third parties would test implementations. This would speed up the related but separate FIPS Validation process (which is on its own lengthy and costly) and ensure interoperability across systems. Both of these benefits would make it easier for ECDSA and MQV to be embraced in other areas.
ECDSA has been widely accepted for use in financial and postal industries – it is specified in ANSI X9F (X9.62) and USPS Postal standards. With the recent signing of Check 21 (Check Cashing Act for the 21st Century), ECDSA will become more important, as it is the only algorithm that can handle the requirement for check image verification systems that must process a high volume (10,000 +) of images per minute.
As interest in ECC-based algorithms grows, it will become more important to have validation systems for them. Given the widespread use of ECDSA today, it only makes sense to start there.
| NIST is currently developing a validation system for ECDSA. They are using a validation system submitted by Certicom as a reference |
Read more about implementing a FIPS 140-2 cryptographic module
ECC is included in numerous standards around the world. This issue of Code and Cipher focuses on three key standards bodies that incorporate ECC: ANSI, IETF and NIST.