Entropy Source Validation (ESV) Certificate Issued for the Intel DRNG

by Marcos Portnoi

Recently the CMVP has granted ESV certificate #E57 to the Intel DRNG entropy source. The testing and submission was done by atsec and it marks the first ESV certificate granted to the Intel DRNG.

The Intel DRNG (Digital Random Number Generator) is a hardware Random Bit Generator (RBG) integrated into a multitude of Intel processors, and offers both an entropy source and an SP800-90A DRBG to users of the processors. The DRNG is commonly accessed through the well-known RDRAND and RDSEED processor instructions. There is massive use of those instructions, such as in the Linux kernel, and the ESV certificate is a key step in facilitating the use of the entropy source in FIPS 140-3 validated modules.

Intel Corporation commented: "Today's US Government Cyber Security standards are highly complex. With the increasingly critical urgency for better security for cryptographic products comes the need for greater technical expertise along with the ability to navigate government standards. Despite extremely complex designs, atsec collaborated with Intel Corporation to obtain Intel's first Entropy Source Validation certificate which can be viewed on the NIST website."

The design of the Intel DRNG includes compliance with SP800-90A, SP800-90B and the upcoming new version of SP800-90C. 

The ESV certificate covers the components compliant with SP800-90B. The ESV program rolled out in April 2022 and facilitates validation through two key points: confering a certificate exclusively for the entropy source, allowing for the reuse of validated entropy sources by multiple module validations; and facilitating the validation process by providing an automated process and protocol, similar to the Automated Cryptographic Validation Protocol (ACVP). The CMVP has been reviewing the ESV submissions in a relatively quick cycle of about 6 weeks, including submission, review, comments and certification. The talented technical personnel of the CMVP are engaged in the review process, producing interesting comments, and in the dynamic evolution of the ESV program. 

 The certificate is available at https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/57.