Transition to ACVP: Challenges for CAVS Users (U21b)
NIST announced that the transition from the legacy CAVS cryptographic testing tool to ACVP would likely happen in the beginning of 2019. The transition involves a new method of communication with NIST as well as a different data format of the test vectors and responses. The ACVP testing framework is based on the same testing method documented in the various NIST documents, including known answer tests and Monte Carlo Tests.
Thus, the transition from CAVS to ACVP should only entail a change of the data format from plain ASCII to JSON. Or maybe not? Indeed, the switch to use the JSON data format and the new method of communication with NIST are the largest transitions, but they are not the only ones as more subtle issues need to be considered.
In this presentation, all areas relevant for transition beyond the protocol switch will be analyzed. Vendors need to consider additional security tests in existing cipher algorithms previously not required. Also, previously untested cryptographic algorithms are now subject to testing, including Curve 25519.
A vendor may also consider developing a data converter between CAVS and ACVP data formats to avoid re-development of the test framework. This approach generally is possible except for a set of several ciphers which are presented.
Finally, it’s worth noting that ACVP decouples the algorithm testing and certificate posting steps, known as late-binding. A vendor may get their algorithms tested with the passing status, but decide to post the algorithm certificates at a later time when their product is publically announced. This approach permits vendors to complete all testing even before the general announcement of their product.