As I covered in my previous blog post, FIPS 140 uses NIST SP 800-90B to define the requirements for approved entropy sources. But adoption of entropy requirements in FIPS 140 has been an ongoing process with many intermediary steps. Read on to learn more about this history and the current entropy validation process!
The first entropy assessments in FIPS began well before the publication of SP 800-90B in 2018. Aware of the crucial role of entropy in secure cryptography and the planned publication of SP 800-90B, in August 2015 the Cryptographic Module Validation Program (CMVP) added IG 7.14 and IG 7.15 to the FIPS 140-2 Implementation Guidance (IG). Together, these two IGs defined when an entropy assessment was needed for a FIPS module and how the assessment should be performed. Entropy assessments were mainly required for hardware entropy sources inside the boundaries of FIPS modules, and an exception was included until 2017 for cases where the entropy source was provided by a third party. The assessment requirements were much simpler than those in SP 800-90B, but were still a significant step forward.
Entropy sources assessed to IG 7.15 were designed as “NDRNGs,” which is short for Non-Deterministic Random Number Generators. This term contrasts them with DRBGs, which are Deterministic Random Number Generators. NDRNGs on FIPS 140 certificates were only validated against the requirements of IG 7.15, and not the requirements of SP 800-90B. NDRNGs were listed on FIPS certificates as “non-approved, but allowed” algorithms, but not as “approved” algorithms.
Once SP 800-90B was published in January 2018, it took about a year and a half until testing to this standard could begin for FIPS 140. In May 2019, the CMVP released IG 7.18 to define the entropy source evaluation and testing process. And in June 2019, SP 800-90B was officially adopted as a FIPS 140 standard when the CMVP added it to FIPS 140-2 Annex C.
Entropy sources validated against the requirements of SP 800-90B at this time were termed “ENT”. These were listed on FIPS certificates as “approved” algorithms. Later versions of this validation specify ENT(P) for physical entropy sources and ENT(NP) for non-physical entropy sources (i.e. software entropy sources). Additionally, IG 7.19 was added in 2020 to provide ongoing guidance updates on how to interpret various requirements in SP 800-90B.
The transition from NDRNGs to ENTs also took some time. Until November 2020, the CMVP continued to accept NDRNGs in new FIPS 140 submissions. This was a “soft” transition that did not move any FIPS modules to the Historical list, so you can still find some Active FIPS 140-2 modules with NDRNGs.
Although FIPS 140 had already adopted SP 800-90B as a standard, the CMVP continued to make improvements to the entropy validation process. Two main changes laid the foundation for the CMVP’s entropy validation improvements. First, the CMVP successfully added automation to the FIPS algorithm testing process with their ACVP testing protocol. Second, between September 2020 and April 2022 the CMVP transitioned from only accepting new validations under the FIPS 140-2 standards to only accepting new validations under the FIPS 140-3 standards.
Leveraging these changes, in April 2022 the CMVP introduced the Entropy Source Validation (ESV) program for new FIPS 140-3 validations. The ESV program issues standalone ESV certificates for SP 800-90B conformant entropy sources. The entropy sources in these certificates can then be leveraged in multiple FIPS modules, or used on their own as reliable entropy sources. The ESV certificates are posted as webpages and list details such as the entropy rate and the tested environments for the validation. ESV certificates also include a Public Use Document (PUD) for the entropy source, which provides details on how to use the entropy source correctly.
It’s important to note that ESV validations are very specific to the tested operating environment; even adding a different processor within the same family may require ESV testing on the new operating environment to meet validation requirements. Depending on the environment, a new detailed rationale and model for the expected entropy rates may also be needed for new operating environments.
ESV is only available for FIPS 140-3, and not FIPS 140-2. To support these submissions, the CMVP also included updated versions of relevant 140-2 IGs in the 140-3 IG. 140-3 IG guidance for entropy validations can be found under IGs D.J, D.K, D.O, and 9.3.A.
New FIPS module submissions were required to use the ESV program for entropy validation by 2023. The entropy sources in these new submissions are termed “ESV” certified entropy sources instead of “ENT” entropy sources.
To learn more about NIST’s ESV program, see the NIST project page on entropy validations.
To read the latest version of the FIPS 140-3 Implementation Guidance (IG), see this CMVP page.
And to learn more about upcoming changes in entropy requirements for FIPS 140 validations, stay tuned for our next blog post in this series!