[Federal Register Volume 63, Number 240 (Tuesday, December 15, 1998)]
[Notices]
[Pages 69049-69051]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-33167]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology
[Docket No. 981028268-8268-01]


Announcing Approval of Federal Information Processing Standard 
186-1, Digital Signature Standard, and Request for Comments

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; Request for comments.

-----------------------------------------------------------------------

SUMMARY: The Secretary of Commerce approved an interim final standard,

[[Page 69050]]

which will be known as Federal Information Processing Standard (FIPS) 
186-1, Digital Signature Standard (DSS). This interim final standard 
allows for both the use of the Digital Signature Algorithm (DSA) and 
the American National Standards Institute X9.31 standard by federal 
organizations. The X9.31 standard describes the Rivest-Shamir-Adleman 
(RSA) digital signature technique.
    This notice advises the public of the Secretary's decision and 
solicits comments from the public, academic and research communities, 
manufacturers, voluntary standards organizations, and Federal, state, 
and local government organizations. These comments will assist NIST in 
making a recommendation to the Secretary regarding a final decision.

DATES: Effective date: December 15, 1998. Comment Date: Comments are 
due on or before March 15, 1999.

ADDRESSES: Comments should be sent to Information Technology 
Laboratory, Attn: DSS/X9.31 Comments, National Institute of Standards 
and Technology, 100 Bureau Drive Stop 8970, Gaithersburg, MD 20899-
8970.
    Comments may also be sent electronically to: 
``[email protected]''.
    Specifications of the FIPS 186 are available electronically at: 
<http://csrc.nit.gov/fips/>
    Ordering information for the ANSI X9.31 standard is available from 
American Bankers Assoc./DC, X9 Customer Service Dept., P.O. Box 79064, 
Baltimore, MD 21279-0064, telephone 1-800-338-0626.

FOR FURTHER INFORMATION CONTACT:
Edward Roback, National Institute of Standards and Technology, 100 
Bureau Drive Stop 8930, Gaithersburg, MD 20899-8930; telephone 301-975-
3696 or via fax at 301-948-1233.

SUPPLEMENTARY INFORMATION: Under Section 5131 of the Information 
Technology Management Reform Act of 1996 and the Computer Security Act 
of 1987, the Secretary of Commerce is authorized to approve standards 
and guidelines for the cost effective security and privacy of sensitive 
information processed by federal computer systems. On May 10, 1994, the 
Secretary of Commerce approved FIPS 186, ``Digital Signature 
Standard,'' which specifies a single technique for the generation and 
verification of digital signatures. Recently, another technique, known 
as RSA, was approved as the X9.31 standard [X9.31-1998 Digital 
Signatures Using Reversible Public Key Cryptography for the Financial 
Services Industry (rDSA)] by ANSI. A second standard, based upon a 
technique known as elliptic curve, is expected to be completed and 
approved by ANSI in the near future. Agencies have expressed 
considerable interest to NIST in using these technologies.
    On May 13, 1997, NIST published a Federal Register notice 
soliciting comments on amending FIPS 186 to allow for the use of other 
techniques, specifically mentioning RSA and elliptic curve (but not 
with detailed specifications as now exist for RSA in the ANSI X9.31 
standard). The public comments overwhelmingly supported revising FIPS 
186 to include these additional algorithms. RSA, which has withstood 
widespread scrutiny by the cryptographic research community, is 
available in many commercial products. NIST believes it to be robust 
and sufficiently strong for use by federal agencies.
    Following ANSI's recent approval of the ANSI X9.31 standard, the 
Secretary of Commerce approved an interim modification to FIPS 186 
(FIPS 186-1) to approve use of the digital signature technique 
specified in X9.31 in addition to the algorithm currently specified in 
FIPS 186. The Secretary's decision revise the old FIPS 186 by adding 
the following statements into the new FIPS 186-1.
    Add the following as the last sentences of the ``Applications'' 
paragraph: The technique specified in ANSI X9.31 may be used in 
addition to the Digital Signature Algorithm (DSA) specified herein.
    Add the following as the last two sentences of the 
``Implementations'' paragraph: Agencies are advised that separate keys 
should be used for signature and confidentiality purposes when using 
the X9.31 standard. This is because the RSA algorithm can be used for 
both data encryption and digital signature purposes.
    To minimize any potential for spoofing digital signatures, keys 
used for signature purposes should not be recoverable. Using separate 
keys will allow agencies to recover confidentiality keys but not 
signature keys.
    The standard has also been modified to reflect the availability of 
conformity testing for DSA implementations. (ANSI's conformity testing 
program for X9.31 implementations is not yet in place.) Minor language 
modifications (e.g., indicating that two algorithms are now approved) 
and other administrative updates have also been made to the standard.
    Since ANSI's conformance testing program for the X9.31 standard is 
not yet in place, federal agencies are advised, in the interim, to 
acquire products that vendors hold out as in conformance with ANSI 
X9.31. Agencies will be advised by NIST when a conformance testing 
program is in effect.
    Comments are sought by NIST so as to make a recommendation to the 
Secretary regarding a final FIPS.

Federal Information Processing Standards Publication 186-1

 1998

Announcing the Digital Signature Standard (DSS)
    Federal Information Processing Standards Publications (FIPS PUBS) 
are issued by the National Institute of Standards and Technology (NIST) 
after approval by the Secretary of Commerce pursuant to Section 5131 of 
the Information Technology Management Reform Act of 1996 (Public Law 
104-106), and the Computer Security Act of 1987 (Public Law 100-235).
    Name of Standard: Digital Signature Standard (DSS).
    Category of Standard: Computer Security, Cryptography.
    Explanation: This Standard specifies algorithms appropriate for 
applications requiring a digital, rather than written, signature. A 
digital signature is represented in a computer as a string of binary 
digits. A digital signature is computed using a set of rules and a set 
of parameters such that the identity of the signatory and integrity of 
the data can be verified. An algorithm provides the capability to 
generate and verify signatures. Signature generation makes use of a 
private key to generate a digital signature. Signature verification 
makes use of a public key which corresponds to, but is not the same as, 
the private key. Each user possesses a private and public pair. Public 
keys are assumed to be known to the public in general. Private keys are 
never shared. Anyone can verify the signature of a user by employing 
that user's public key. Signature generation can be performed only by 
the possessor of the user's private key.
    A hash function is used in the signature generation process to 
obtain a condensed version of data, called a message digest (see Figure 
1). The message digest is then input to the digital signature (ds) 
algorithm to generate the digital signature. The digital signature is 
set to the intended verifier along with the signed data (often called 
the message). The verifier of the message and signature verifies the 
signature by using the sender's public key. The same hash function must 
also be used in the verification process. The hash function is 
specified in a separate

[[Page 69051]]

standard, the Secure Hash Standard (SHS), FIPS 180-1. FIPS approved ds 
algorithms must be implemented with the SHS. Similar procedures may be 
used to generate and verify signatures for stored as well as 
transmitted data.
    [Figure 1 not reproduced in this Federal Register notice.]
    Approving Authority: Secretary of Commerce.
    Maintenance Agency: U.S. Department of Commerce, National Institute 
of Standards and Technology (NIST), Information Technology Laboratory 
(ITL).
    Applicability: This standards is applicable to all Federal 
departments and agencies for the protection of sensitive unclassified 
information that is not subject to section 2315 of Title 10, United 
States Code, or section 3502(2) of Title 44, United States Code. This 
standard shall be used in designing and implementing public-key based 
signature systems which Federal departments and agencies operate or 
which are operated for them under contract. Adoption and use of this 
standard is available to private and commercial organizations.
    Applications: A digital signature (ds) algorithm authenticates the 
integrity of the signed data and the identity of the signatory. A ds 
algorithm may also be used in proving to a third party that data was 
actually signed by the generator of the signature. A ds algorithm is 
intended for use in electronic mail, electronic funds transfer, 
electronic data interchange, software distribution, data storage, and 
other applications which require data integrity assurance and data 
origin authentication. The technique specified in ANSI X9.31 may be 
used in addition to the Digital Signature Algorithm (DSA) specified 
herein.
    Implementations: A ds algorithm may be implemented in software, 
firmware, hardware, or any combination thereof. NIST is developing a 
validation program to test implementations for conformance to this 
standard. Currently, conformance tests for ANSI X9.31 have not been 
developed. These tests will be developed and made available in the 
future. Information about the planned validation program can be 
obtained from the National Institute of Standards and Technology, 
Information Technology Laboratory, Attn: DSS Validation, 100 Bureau 
Drive Stop 8930, Gaithersburg, MD 20899-8930.
    Agencies are advised that separate keys should be used for 
signature and confidentiality purposes when using the X9.31 standard. 
This is because the RSA algorithm can be used for both data encryption 
and digital signature purposes.
    Export Control: Implementations of this standard are subject to 
Federal Government export controls as specified in Title 15, Code of 
Federal Regulations, Parts 768 through 799. Exporters are advised to 
contact the Department of Commerce, Bureau of Export Administration for 
more information.
    Patents: The algorithms in this standard may be covered by U.S. or 
foreign patents.
    Implementation Schedule: This standard becomes effective .
    Specifications: Federal Information Processing Standard (FIPS) 186-
1 Digital Signature Standard (affixed).
    Cross Index:
    a. FIPS PUB 46-2, Data Encryption Standard.
    b. FIPS PUB 73, Guidelines for Security of Computer Applications.
    c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules.
    d. FIPS PUB 171, Key Management Using ANSI X9.17.
    e. FIPS PUB 180-1, Secure Hash Standard.
    Qualifications: The security of a digital signature system is 
dependent on maintaining the secrecy of users' private keys. Users must 
therefore guard against the unauthorized acquisition of their private 
keys. While it is the intent of this standard to specify general 
security requirements for generating digital signatures, conformance to 
this standard does not assure that a particular implementation is 
secure. The responsible authority in each agency or department shall 
assure that an overall implementation provides an acceptable level of 
security. This standard will be reviewed every five years in order to 
assess its adequacy.
    Waiver Procedure: Under certain exceptional circumstances, the 
heads of Federal departments and agencies may approve waivers to 
Federal Information Processing Standards (FIPS). The head of such 
agency may redelegate such authority only to a senior official 
designated pursuant to section 3506(b) of Title 44, United States Code. 
Waiver shall be granted only when:
    a. Compliance with a standard would adversely affect the 
accomplishment of the mission of an operator of a Federal computer 
system; or
    b. Cause a major adverse financial impact on the operator which is 
not offset by Government wide savings.
    Agency heads may act upon a written waiver request containing the 
information detailed above. Agency heads may also act without a written 
waiver request when they determine that conditions for meeting the 
standard cannot be met. Agency heads may approve waivers only by a 
written decision which explains the basis on which the agency head made 
with required finding(s). A copy of each such decision, with 
procurement sensitive or classified portions clearly identified, shall 
be sent to: National Institute of Standards and Technology; ATTN: FIPS 
Waiver Decisions, 100 Bureau Drive Stop 8970, Gaithersburg, MD 20899-
8970.
    In addition, notice of each waiver granted and each delegation of 
authority to approve waivers shall be sent promptly to the Committee on 
Government Operations of the House of Representatives and the Committee 
on Governmental Affairs of the Senate and shall be published promptly 
in the Federal Register.
    When the determination on a waiver applies to the procurement of 
equipment and/or services, a notice of the waiver determination must be 
published in the Commerce Business Daily as a part of the notice of 
solicitation for offers of an acquisition or, if the waiver 
determination is made after that notice is published, by amendment to 
such notice.
    A copy of the waiver, any supporting documents, the document 
approving the waiver and any supporting and accompanying documents, 
with such deletions as the agency is authorized and decides to make 
under 5 U.S.C. Sec. 552(b), shall be part of the procurement 
documentation and retained by the agency.
    Where to Obtain Copies of the Standard: Copies of this publication 
are for sale by the National Technical Information Service, U.S. 
Department of Commerce, Springfield, VA 22161. When ordering, refer to 
Federal Information Processing Standards Publication 186-1 (FIPSPUB186-
1), and identify the title. When microfiche is desired, this should be 
specified. Prices are published by NTIS in current catalogs and other 
issuances. Payment may be made by check, money order, deposit account 
or charged to a credit card accepted by NTIS.

    Dated: December 9, 1998.
Robert E. Hebner,
Acting Deputy Director.
[FR Doc. 98-33167 Filed 12-14-98; 8:45 am]
BILLING CODE 3510-CN-M