[Federal Register Volume 74, Number 109 (Tuesday, June 9, 2009)]
[Notices]
[Pages 27287-27288]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-13513]



[[Page 27287]]

-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No.: 0810011295-81636-02]


Announcing Approval of Federal Information Processing Standard 
(FIPS) Publication 186-3, Digital Signature Standard (DSS)

AGENCY: National Institute of Standards and Technology (NIST), 
Department of Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces the Secretary of Commerce's approval of 
Federal Information Processing Standard (FIPS) Publication 186-3, 
Digital Signature Standard (DSS). FIPS 186-3 is a revision of FIPS 186-
2. The FIPS specifies three techniques for the generation and 
verification of digital signatures that can be used for the protection 
of data: the Digital Signature Algorithm (DSA), the Elliptic Curve 
Digital Signature Algorithm (ECDSA) and the Rivest-Shamir-Adelman (RSA) 
algorithm. Although all three of these algorithms were approved in FIPS 
186-2, FIPS 186-3 increases the key sizes allowed for DSA, provides 
additional requirements for the use of RSA and ECDSA, and includes 
requirements for obtaining the assurances necessary for valid digital 
signatures. FIPS 186-2 contained specifications for random number 
generators (RNGs); this revision does not include such specifications, 
but refers to NIST Special Publication (SP) 800-90 for obtaining random 
numbers. FIPS 186-3 is available at http://csrc.nist.gov/publications/PubsFIPS.html; SP 800-90 is available at http://csrc.nist.gov/publications/PubsSPs.html.

FOR FURTHER INFORMATION CONTACT: Elaine Barker, (301) 975-2911, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930, e-mail: [email protected].

SUPPLEMENTARY INFORMATION: FIPS 186, first published in 1994, specified 
a digital signature algorithm (DSA) to generate and verify digital 
signatures. Later revisions (FIPS 186-1 and FIPS 186-2, adopted in 1998 
and 1999, respectively) adopted two additional algorithms specified in 
American National Standards (ANS) X9.31 (Digital Signatures Using 
Reversible Public Key Cryptography for the Financial Services Industry 
(rDSA)), and X9.62 (The Elliptic Curve Digital Signature Algorithm 
(ECDSA)).
    The original DSA algorithm, as specified in FIPS 186, 186-1 and 
186-2, allows key sizes of 512 to 1024 bits. With advances in 
technology, it is prudent to consider larger key sizes. FIPS 186-3 
allows the use of 1024, 2048 and 3072-bit keys. Other requirements have 
also been added concerning the use of ANS X9.31 and ANS X9.62. In 
addition, the use of the RSA algorithm as specified in Public Key 
Cryptography Standard (PKCS) 1 (RSA Cryptography Standard) is 
allowed.
    A Federal Register Notice (73 FR 66842) was published on November 
12, 2008 to request public comments on the draft FIPS 186-3. A total of 
thirteen parties provided comments (six U.S. government agencies, one 
university, five private organizations, and one individual). Three 
parties indicated that the FIPS should be approved without changes. The 
following is a summary of the remaining comments received and NIST's 
responses to them:
    Comment: Seven commenters suggested a number of editorial changes.
    Response: NIST made the appropriate editorial changes, which 
included correcting typographical errors, format changes, minor word 
changes and clarifications.
    Comment: One commenter suggested relaxing the requirement for hash 
algorithms to provide equivalent or stronger security than the public 
key algorithm and key size.
    Response: NIST accepted the comment and substituted a requirement 
that both the hash algorithm and the public key algorithm and key size 
meet the security requirements for the application. This permits the 
use of a public key algorithm and key size that is stronger in security 
than a hash algorithm, so long as both provide sufficient security for 
the digital signature process. The use of hash algorithms that provide 
equivalent or stronger security than the public key algorithm and key 
size is still encouraged as a general practice.
    Comment: One commenter suggested imposing additional restrictions 
on the selection of the public exponent e when generating RSA key 
pairs.
    Response: NIST studied the suggestion and decided not to impose 
further restrictions on the selection of the public exponent e. Such 
restrictions would negatively impact NIST's Cryptographic Module 
Validation Program (CMVP) by precluding the validation of currently 
accepted implementations without providing a significant increase in 
security.
    Comment: One commenter suggested relaxing requirements on the 
generation of the private exponent d to improve efficiency when 
generating RSA key pairs.
    Response: NIST studied the suggestion and decided not to make the 
change, due to a risk of reducing the level of security assurance 
provided by the suggested method.
    Comment: One commenter requested the inclusion of an alternative 
method for strong prime generation when generating RSA key pairs on 
constrained computing devices.
    Response: NIST decided not to adopt the proposed method for strong 
prime generation. NIST would need to perform significant further study 
on any alternative methods before expanding the set of approved methods 
for strong prime generation in the FIPS. In addition, NIST believes 
that the methods specified in the standard can be implemented on 
constrained devices. If implementation experience establishes the need 
for alternative methods, NIST will conduct the further study necessary 
and, if appropriate, will include alternative techniques in a later 
version of the FIPS.
    Comment: One commenter requested changes to enhance alignment of 
ECDSA domain parameter generation and management in the FIPS with 
American National Standard X9.62.
    Response: NIST reviewed the comments and made the appropriate 
changes to ensure alignment with respect to the generation and 
management of ECDSA domain parameters. NIST deleted the statement 
``ANSI X9.62 has no restriction on the maximum size of [the 
cofactor]'', since the current version of X9.62 imposes limitations on 
the size of the cofactor. NIST also revised statements regarding 
elliptic curve domain parameter generation for purposes other than 
digital signature generation.

    Authority: In accordance with the Information Technology 
Management Reform Act of 1996 (Pub. L. 104-106) and the Federal 
Information Security Management Act (FISMA) of 2002 (Pub. L. 107-
347), the Secretary of Commerce is authorized to approve Federal 
Information Processing Standards (FIPS). NIST activities to develop 
computer security standards to protect Federal sensitive 
(unclassified) information systems are undertaken pursuant to 
specific responsibilities assigned to NIST by section 20 of the 
National Institute of Standards and Technology Act (15 U.S.C. 278g-
3), as amended by section 303 of the Federal Information Security 
Management Act of 2002.

    E.O. 12866: This notice has been determined not to be significant 
for the purposes of E.O. 12866.


[[Page 27288]]


    Dated: June 1, 2009.
Patrick Gallagher,
Deputy Director.
[FR Doc. E9-13513 Filed 6-8-09; 8:45 am]
BILLING CODE 3510-13-P