Cryptographic Evaluation in Europe Is Now a Reality: The Spanish Case (C13a)
In recent years, Europe has made significant strides in the cryptographic field, emerging as a global powerhouse. The widespread adoption of cryptographic primitives to safeguard sensitive information across hardware, software, and firmware products is evident. Recognizing the growing cryptographic demands, CCN (Certification Body for National Cryptology) collaborated with jtsec to develop a methodology encompassing conformance testing, identification of common implementation pitfalls, and implementation requirements for cryptographic primitives. The primary goal of this cryptographic methodology is to establish a standardized framework for conducting cryptographic evaluations of Target of Evaluations (TOEs). This evaluation methodology aims to meet the requirements defined in Europe for evaluating crypto primitives, particularly targeting products where cryptographic mechanisms are integral to their core functionality, such as VPNs, HSMs, ciphers, or communication apps. During the talk, the speaker will introduce the new approach to evaluating cryptography in Spain, based on the methodology jointly developed by CCN and jtsec. He will also showcase a tool designed to verify the compliance of cryptographic primitives. This talk will be particularly valuable for product developers, providing insight into the expected requirements in Spain moving forward. Additionally, it will be of interest to other Certification Bodies (CBs) seeking a valuable methodology and tool for their own evaluations.