Entropy Validation in FIPS 140-3 (ENT vs ESV)

Ryan Thomas Entropy, FIPS 140-3

To get an entropy source approved under FIPS 140-3 there are two options:

  1. ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022)
  2. ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT)

This blog post will address these entropy validation requirements in FIPS 140-3. We’ll provide details on the differences between the “ENT” validation certificate entry and Entropy Source Validation or “ESV” certificates. Relevant NIST Special Publications (SPs), important Implementation Guidance (IG) and links to templates and other important references will also be provided.

ENT entry on the FIPS module validation certificate

An entropy source validation package (assessment report and test results) can be submitted as part of the FIPS 140 module validation package through an accredited Cryptographic Security Testing Laboratory (CSTL). At the conclusion of the module (and entropy source) review the module will be awarded a FIPS 140 validation certificate which includes an “ENT” designation. The ENT certificate entry indicates the presence of an entropy source conformant to NIST SP 800-90B. The “P” in parenthesis next to ENT indicates the noise source tested is physical (ie. hardware-based). While “NP” indicates the tested noise source is non-physical (ie. software-based). Additional details on “P” and “NP” designations can be found in FIPS 140-3 IG D.O (Combining Entropy from Multiple Sources).

Based on NIST’s Entropy Validation Roadmap the ENT option will be available until October 1st, 2022. After that date all entropy validations will be “ESV” performed under ESVTS.

ESV Certificate

The ESV process recently kicked-off April 29th, 2022. CMVP will only award ESV certificates to a conformant submission from an accredited testing lab under a standalone program called Entropy Source Validation Testing Scope (ESVTS).

Similar to ACVTS, entropy validation submissions (assessment report and test results) are sent to a NIST server using either a python-based ESV client or a web-based client.

A standalone ESV certificate (E) is awarded at the conclusion of a CMVP review of the ESV submission and posted to the CMVP ESV website (not online as of this post).

What are the similarities between ENT and ESV?

From a validation standpoint much of the upfront work (requirements analysis, documentation and statistical testing) will be the same. An entropy assessment report addressing the “shall” statements in NIST SP 800-90B, FIPS 140-3 IG D.J (Entropy Estimation and Compliance with SP 800-90B), IG D.K (Interpretation of SP 800-90B Requirements) and if applicable IG D.O (Combining Entropy from Multiple Sources) must be produced for the entropy source. We recommend using the NIST provided report template for a good idea of what is required.

ACVTS algorithm certificates for vetted conditioning components (if applicable) are a prerequisite to an ENT or ESV submission.

The NIST 90B Entropy Assessment tool can still be utilised offline to perform statistical analysis results on samples collected from the noise source.

What are the major differences between ESV and ENT?

ENT certificates are bound to a FIPS 140 module validation certificate. The ENT certificate is not portable to other modules. The objective for standalone ESV certificates (based on the type of noise source) is that they can be ported and utilised by other FIPS modules “as is”.

The most impactful change is that an ESV submission must be made prior to the FIPS 140-3 module submission to CMVP. Many of the differences during an ESV project will materialise near the end of the documentation and validation testing work. ESV submissions do not get submitted along with the FIPS 140 module submission. There will be a couple of additional steps required for ESV that will need to be completed in advance of the FIPS 140 module submission similar to CAVP testing. Plan accordingly.

A Public Use Document is required describing how the entropy source shall be utilised within a cryptographic module. Once again we recommend using the NIST provided Public Use Document template.

The offline tool can still be utlised for offline analysis but is no longer the preferred option for the official statistical analysis. NIST now offers a DEMO ESV server environment (similar to ACVTS) that third party vendors or labs can utilise to obtain statistical analysis on samples collected from the noise source. The DEMO ESV server simulates the official “PROD” ESV server but will not award any validation certificates at the end of the process. Instructions on how to obtain DEMO ESV access can be found here.

Once the Entropy Assessment Report, Public Use Document, Implementation details for the entropy source are ready and the applicable ACVTS certificates, noise source sample data have been obtained. An accredited laboratory can proceed with the formal ESVTS validation request to CMVP in the ESV “PROD” environment. Once this has been completed the ESV submission will receive an “EID” in-process identifier.

Recommendations and Key Dates for Vendors

  • October 2022 will be here before you know it! If you are not on track to submit your FIPS 140 module validation in the next couple of months, the “ENT” option may no longer be a viable option.
  • Stuck? Talk to your testing lab about contingencies. You can likely pivot from “ENT” to “ESV” with minimal disruptions to the overall FIPS 140-3 project.
  • ESV will take advance planning! ESV submissions must be completed in advance of the FIPS 140-3 submission. The CMVP will NOT accept FIPS 140-3 module submissions that do not have an ESV (or an EID in-process identifier) post October 1st, 2022.
  • ESVTS will be similar in nature to ACVTS. With DEMO and PROD environments. ESV certificates will only be issued by accredited 3rd parties using PROD.  
  • The concept of leveraging an existing ESV certificate is very promising! But prep work is still required. A justification for a module’s use of an ESV certificate will still be required per NIST SP 800-140Brev1 Section B.2.9. The entropy claimed in the ESV may not meet the module’s requirements (ex. Full entropy in the case of CTR_DRBG. See FIPS 140-3 IG D.L).

If you have further questions or want to obtain an ESV certificate, let the team at Lightship Security help. Contact us today!

Ryan Thomas

Ryan Thomas is a Certification Program Director at Lightship Security. Ryan’s passion lies in finding efficient ways to meet each customer's security certification objectives. He has an extensive background in auditing, evaluating and testing IT systems against a wide spectrum of technical security standards and specifications. He is certified under the CMVP’s Cryptographic Validation Program (CVP).