Certifiably Secure - Xiphera Announces a First Batch of CAVP Validated IP Cores

Xiphera has just finished their first round of CAVP validations for cryptographic IP cores.

August 3, 2023 -- Xiphera has finished a CAVP validation process of the National Institute of Standards and Technology (NIST) for eight IP cores. The CAVP validations reinforce the trustworthiness and credibility of Xiphera’s cryptographic security products and solutions and open new possibilities on the global market for the company.

What is CAVP?

The Cryptographic Algorithm Validation Program, or CAVP, is a program hosted by NIST for the purpose of validating cryptographic algorithms. CAVP is a part of the NIST test system AVCP, or Automated Cryptographic Validation Program. In this procedure, the vendor (Xiphera) requests test generated by ACVP, both the vendor and the ACVP server compute their results on the generated inputs and the vendor then sends their results back to the server. If the results match, the cryptographic algorithm is validated, and the validated algorithm is added to the official webpage of NIST.

Why is this done?

This procedure is done to promote security and more importantly correctness of cryptographic algorithms and their implementations. In general, the outputs of cryptographic functions are desinged to look random. This does, however, give rise to an issue: how do we know that our random output is the correct random output?

To show that one's implementation is correct it is compared to implementations that are thoroughly tested and known to be correct. If the implementation under test produces the same outputs as the trusted implementation for sufficiently many inputs, we trust it to be correctly implemented.

Which Xiphera’s IP cores were validated?

Xiphera’s first CAVP validation batch consists of eight IP cores:

• the versatile AES IP core (XIP1123B), find the validation batch here;
• both balanced and high-speed AES256-GCM IP cores (XIP1113H and XIP1113B), find the validation batches here and here;
• the SHA-3/SHAKE IP core (XIP3030H), find the validation batch here;
• the high-speed AES-CTR IP core (XIP1103H), find the validation batch here;
• the HMAC IP core (XIP3323B), find the validation batch here;
• and two elliptic curve IP cores (XIP41x3C), find the validation batches here and here.

These specific IP cores were selected based on their versatility and application purposes: for example, AES-GCM algorithm is a key component in multiple protocols including MACsec and TLS, and the SHA-3 hash functions are a crucial part of Xiphera’s xQlave® family of quantum-secure cryptography. Additionally, the AES products and elliptic curve cryptography are fundamental parts of today’s cryptographic landscape, and the validation of the IP cores in these product families is essential.

"This is just the beginning; ultimately we aim to validate all of our NIST certifiable IP cores. It is safe to say that the second batch is already on the horizon", says Petri Jehkonen, Xiphera’s Director of Strategic Programs.