National Institute of Standards and Technology (NIST), Commerce.
Notice; Request for Comments.
This notice announces Draft Federal Information Processing Standard 186-3, Digital Signature Standard, for public review and comment. The draft standard, designated “Draft FIPS 186-3,” is proposed to revise and supersede FIPS 186-2.
FIPS 186, first published in 1994, specifies a digital signature algorithm (DSA) to generate and verify digital signatures. Later revisions (FIPS 186-1 and FIPS 186-2, adopted in 1998 and 1999, respectively) adopt two additional algorithms specified in American National Standards (ANS) X9.31 (Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)), and X9.62 (The Elliptic Curve Digital Signature Algorithm (ECDSA)).
The original DSA algorithm, as specified in FIPS 186, 186-1 and 186-2, allows key sizes of 512 to 1024 bits. With advances in technology, it is prudent to consider larger key sizes. Draft FIPS 186-3 allows the use of 1024, 2048 and 3072-bit keys. Other requirements have also been added concerning the use of ANS X9.31 and ANS X9.62. In addition, the use of the RSA algorithm as specified in Public Key Cryptography Standard (PKCS) #1 (RSA Cryptography Standard) is allowed.
Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration is given to the needs and views of the public, users, the information technology industry, and Federal, State and local government organizations. The purpose of this notice is to solicit such views.
Comments must be received on or before June 12, 2006.
Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Comments on Draft FIPS 186-3, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.
Electronic comments may also be sent to: firstname.lastname@example.org.
The current FIPS 186-2 and its proposed replacement, Draft FIPS 186-3, are available electronically at http://csrc.nist.gov/publications/fips/index.html and http://csrc.nist.gov/publications/drafts.html, respectively. Comments received in response to this notice will be published electronically at http://csrc.nist.gov/CryptoToolkit/tkdigsigs.html.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Elaine Barker, Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, telephone (301) 975-2911.End Further Info End Preamble Start Supplemental Information
FIPS 186, Digital Signature Standard (DSS), first issued in 1994, specified a single technique for the generation and verification of digital signatures. FIPS 186-1 adopted a second technique that was approved as ANS X9.31, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), by the American National Standards Institute (ANSI). FIPS 186-2 adopted a third technique that computed digital signatures using elliptic curve technology as specified in another ANSI standard, ANS X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA).
Digital signature algorithms require keys to generate secure signatures. With advances in technology, the size of these keys must be increased to provide adequate security. rDSA and ECDSA have been specified with sufficient flexibility to use various key sizes. DSA was specified for key sizes between 512 and 1024 bits. Key sizes below 1024 bits are currently not considered adequate. Therefore, the requirements for key sizes for DSA, as specified in FIPS 186-3, have been revised to include key sizes of 2048 and 3072 bits, in addition to the previously allowed 1024-bit key size. These key sizes provide security that is equivalent to the 80, 112 and 128-bit key sizes of symmetric key encryption algorithms such as TDEA (Triple Data Encryption Algorithm), as specified in NIST Special Publication 800-67, and AES (Advanced Encryption Standard), as specified in FIPS 197.
ANS X9.31, published in 1998, specifies the generation of keys and digital signatures for only an 80-bit security level. Draft FIPS 186-3 specifies criteria for the generation of keys and digital signatures for additional security levels.
Many cryptographic applications use the RSA algorithm that was specified in PKCS #1 and that was developed by RSA Security. PKCS #1 is considered to provide adequate security for Federal Government applications. Therefore, in the interests of providing interoperability, Draft FIPS 186-3 allows implementations of PKCS #1 in addition to that of ANS X9.31 and specifies criteria for the generation of keys for PKCS #1 digital signature applications; no provision is currently provided in PKCS #1 for the generation of digital signature keys.
ANS X9.62 was published in 1998 and is currently under revision. Other requirements have been added in Draft FIPS 186-3 to address deficiencies present in the current ANS X9.62; these additional requirements are consistent with the proposed ANS X9.62 revision.
FIPS 186-2 included several methods for random number generation for the 80-bit security level. Draft FIPS 186-3 includes a new random number generator that can be used to provide random numbers at multiple security levels. This random number generator is based on the Approved hash functions specified in FIPS 180-2, Secure Hash Standard.
Draft FIPS186-3 includes methods for the generation of domain parameters and digital signature keys. These methods are referenced by NIST Special Publication 800-56, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, for the generation of domain parameters and keys for key establishment.
Draft FIPS 186-3 requires that parties have various assurances when generating and verifying digital signatures. Methods for obtaining these assurances will be specified in a future publication to be issued in the NIST Special Publication (SP) series, SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications.
E.O. 12866: This notice has been determined not to be significant for the purposes of E.O. 12866.Start Signature
Dated: March 4, 2006.
[FR Doc. E6-3521 Filed 3-10-06; 8:45 am]
BILLING CODE 3510-CN-P