kriskwiatkowski
commented
2 years ago Good question. My interpretation is this:
-
KAS-ECC-CDH: Compliance with the agreement on shared secret Z (only). The key agreement scheme is the one mentioned in the SP800-56C r3, Section 6. No key derivation is done after Z is agreed upon.
-
KAS-ECC: Compliance with NIST-approved key agreement AND (optionally) derivation. Testing may be done End-to-End, meaning both operations (derivation and KEX) are done by single security service and a calling sequence is within the module boundary. You may also certify key confirmation (i.e. 56Ar3, 5.9)
So depends what you need, but it's worth noting that KAS-ECC-CDH is rarely used in practice by it's own. So maybe at some point you will need FIPS-certified key derivation.
livebe01
Protocol Section https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ecc.html https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ssc-ecc.html
Protocol Question Hi, I do not well understand the difference between "KAS ECC CDH-Component - HTML" and "KAS ECC SSC ephemeralUnified Sp800-56Ar3 - HTML". Both seem allow to test the Diffie-Hellman primitive specified in [SP 800-56A] that generates a shared secret. The only difference I can see is the version of SP800-56A covered:
But since the computation shared secret method is the same for ECC CDH in the both cases, I do not know which one to use. So my question is "how do I choose between this 2 test methods for an implementation that performs key agreement with ECC CDH share secret computation and key derivation are tested individually?"
Thanks you. Davy