Cryptography
Last updated
Last updated
VxSuite v3.1 contains four distinct cryptographic modules:
Smartcards
VxScan TPM
VxAdmin / VxCentralScan TPM (they run on the same hardware)
OpenSSL software
VxSuite v3.1 uses NXP JCOP 3 smartcards, specifically this model:
These cards are FIPS140-2 certified:
A future version of VxSuite will support JCOP4 cards from NXP, which have a more recent FIPS compliance record:
The applet we run on the card, , is an implementation of the NIST 201 PIV protocol, which sits on top of FIPS140 cryptography. In the applet, all cryptographic operations are handled by the JavaCard operating system, implemented by the NXP JCOP card, which is FIPS140 compliant.
Asus uses a TPM2.0 chip by Nuvoton:
This chip is FIPS-compliant:
That CMVP requires Debian 11.5 (released September 2022). VxSuite v3.1 uses Debian 12 (released June 2023), in order to ensure a maximally patched operating system. OpenSSL on Debian12 does not yet have a FIPS-compliant certificate. That said, we use only FIPS-compliant algorithms (ECDSA), and we use OpenSSL in this software mode only for verification operations that do not require secret-key access.
VxSuite does not use encryption to secure data (CVRs, election definitions), because that data does not need to be confidential – and in fact trust in a voting system is better achieved by transparency of this data. In particular, CVRs stored on USB sticks are not encrypted, so they can be viewed using any computer. This is by design.
On the other hand, VxSuite strongly authenticates all data, which is critical. Thus, CVRs and election definitions are in plaintext on the USB drives that transfer them, accompanied by strong digital signatures, rooted in signing keys stored in hardware TPMs, as described in Artifact Authentication.
All digital signatures used to authenticate election definitions and CVRs are ECC 256-bit keys, specifically using the standard NIST P256 curve.
All hashes – used to generate election IDs and in the Merkle-tree hash of CVRs on the USB – are performed using the NIST standard SHA256.
System integrity on the drive, using dm-verity, is done using SHA256 hashes, and the code signing is done using RSA-4096 bit keys.
Lenovo uses a TPM 2.0 chip by Nuvoton, the NTC 75x series, covered by the same CMVP for FIPS compliance:
We use OpenSSL v3 with the hardware module, which outsources all cryptographic operations performed with secret keys to the underlying TPM 2.0 chip, which, as specified above, are FIPS compliant. See for calling OpenSSL with the appropriate hardware module.
For verification of signatures, we use OpenSSL in software mode. This does have a CMVP: