Cryptography

Cryptographic Modules

VxSuite v3.1 contains four distinct cryptographic modules:

• Smartcards

• VxScan TPM

• VxAdmin / VxCentralScan TPM (they run on the same hardware)

• OpenSSL software

Smartcards

VxSuite v3.1 uses NXP JCOP 3 smartcards, specifically this model: https://www.cardlogix.com/product/nxp-jcop3-j3h145-java-card-3-0-4-dual-interface/

These cards are FIPS140-2 certified: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2920

A future version of VxSuite will support JCOP4 cards from NXP, which have a more recent FIPS compliance record: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3746

The applet we run on the card, OpenFIPS201, is an implementation of the NIST 201 PIV protocol, which sits on top of FIPS140 cryptography. In the applet, all cryptographic operations are handled by the JavaCard operating system, implemented by the NXP JCOP card, which is FIPS140 compliant.

VxScan TPM

Asus uses a TPM2.0 chip by Nuvoton: https://shop.asus.com/us/90mc07d0-mvxbn1-tpm-spi.html

This chip is FIPS-compliant: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4622

VxAdmin / VxCentralScan TPM

Lenovo uses a TPM 2.0 chip by Nuvoton, the NTC 75x series, covered by the same CMVP for FIPS compliance: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4622

OpenSSL

We use OpenSSL v3 with the hardware module, which outsources all cryptographic operations performed with secret keys to the underlying TPM 2.0 chip, which, as specified above, are FIPS compliant. See our source code here for calling OpenSSL with the appropriate hardware module.

For verification of signatures, we use OpenSSL in software mode. This does have a CMVP: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282

That CMVP requires Debian 11.5 (released September 2022). VxSuite v3.1 uses Debian 12 (released June 2023), in order to ensure a maximally patched operating system. OpenSSL on Debian12 does not yet have a FIPS-compliant certificate. That said, we use only FIPS-compliant algorithms (ECDSA), and we use OpenSSL in this software mode only for verification operations that do not require secret-key access.

Authentication vs. Encryption

VxSuite does not use encryption to secure data (CVRs, election definitions), because that data does not need to be confidential – and in fact trust in a voting system is better achieved by transparency of this data. In particular, CVRs stored on USB sticks are not encrypted, so they can be viewed using any computer. This is by design.

On the other hand, VxSuite strongly authenticates all data, which is critical. Thus, CVRs and election definitions are in plaintext on the USB drives that transfer them, accompanied by strong digital signatures, rooted in signing keys stored in hardware TPMs, as described in Artifact Authentication.

Cryptographic Keying Material

All digital signatures used to authenticate election definitions and CVRs are ECC 256-bit keys, specifically using the standard NIST P256 curve.

All hashes – used to generate election IDs and in the Merkle-tree hash of CVRs on the USB – are performed using the NIST standard SHA256.

System integrity on the drive, using dm-verity, is done using SHA256 hashes, and the code signing is done using RSA-4096 bit keys.