Multi-Certifiability of Cryptographic Modules: How to Make a TRNG Multi-Certifiable? (N11a)
Correct and secure implementation of crypto modules is crucial for the overall system security which is, however, an error-prone and non-trivial task. A reliable and practical solution is to design and implement such modules by following standardized requirements. Yet the requirements in various standards differ among schemes and regions, leading to the need for multi-certifiable modules. In this talk we consider multi-certifiability of TRNGs. Challenges of multi-certifiability of a TRNG module are encountered in health-tests, diversity of entropy sources (OSCCA specific), post-processing requirements (conditioning components, underlying approved cryptographic algorithm, and reseeding in case of OSCCA), and other offline statistical tests. For example, the T3 test in OSCCA GM/T 0078-2020 does not match T3 in BSI AIS-31.
This talk will present an approach, with a discussion about the challenges and trade-offs, in designing a multi-certifiable TRNG that meets compliance requirements from NIST SP800-90B, NIST SP800-22, BSI AIS-31, and OSCCA GM/T 0078-2020. For instance, the speaker is able to reach multi-certifiability with the support of switching mechanism enforced by hardware flags (that can be fused in the OTP) at the time of provisioning or first programming to select a given conformance.
Additionally, this talk will also present the evolution of the OSCCA standard in general (GM/T 0008-2012, which is to be revised soon), concerning cryptographic modules, considering the updates in OSCCA TRNG requirements (GM/T 0078-2020). Also, the speaker will cover the upcoming revision of the BSI AIS-31 (version 2.35, currently in draft stage) and implications in terms of TRNG architecture.