FEDERAL REGISTER VOL. 59, No. 096 Notices DEPARTMENT OF COMMERCE (DOC) National Institute of Standards and Technology (NIST) [Docket No. 940535-4135] RIN 0693-AA86 Approval of Federal Information Processing Standards Publication 186, Digital Signature Standard (DSS) 59 FR 26208 DATE: Thursday, May 19, 1994 ACTION: Notice of approval of Federal Information Processing Standard 186, Digital Signature Standard. SUMMARY: This notice announces that the Secretary of Commerce has approved the Digital Signature Standard (DSS) as Federal Information Processing Standard (FIPS) 186. The DSS provides the capability to generate digital signatures that cannot be forged. This capability is needed by Federal government agencies to carry out their responsibilities for electronic exchanges and to improve government operations through the use of information technology. [*26209] EFFECTIVE DATE: This standard is effective December 1, 1994. ADDRESSES: Interested parties may purchase copies of this standard, including the technical specifications section, from the National Technical Information Service (NTIS). Specific ordering information from NTIS for this standard is set out in the "Where to Obtain Copies" Section of the announcement section of the standard. FOR FURTHER INFORMATION CONTACT: Mr. Miles Smid, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-2938. SUPPLEMENTARY INFORMATION: On August 30, 1991, NIST published in the Federal Register (56 FR 42980) a notice which announced the proposed FIPS for DSS. On December 2, 1991, the comment period for the proposed FIPS for DSS was extended by notice published in the Federal Register (56 FR 61231). NIST received comments from 109 organizations and individuals in response to the Federal Register notice and to information sent to Federal agencies on the proposed FIPS for DSS. Many of the comments supported the proposed DSS and stated requirements for a digital signature capability for use in electronic data applications. Other comments in support of the DSS backed NIST's goal of a digital signature standard that is free of patent impediments and that provides for interoperability and a uniform level of security. NIST also received many comments criticizing the adoption of the proposed DSS. Some of the arguments in opposition included: The selection process for the Digital Signature Algorithm (DSA) was not public; time provided for analysis of the DSA was not sufficient; the DSA may infringe on other patents; the DSA does not provide for secret key distribution; the DSA is incomplete because no hash algorithm is specified; the DSA is not compatible with international standards; the DSA is not secure; the DSA is not efficient. NIST considered all of the issues raised and believes that is has addressed them. The development of this standard was carried out through NIST's usual procedures including solicitation of input from different sources. To provide more time for analysis of the DSA, NIST extended the original three month review and comment period for an additional three months. NIST has addressed the possible patent infringement claims, and has concluded that there are no valid claims. The DSA does not provide for secret key distribution since it is not intended for that purpose. Since the proposed DSS was announced, a Secure Hash Standard was proposed and approved as FIPS 180. With respect to the compatibility of the DSS with international standards, NIST has proposed that the DSA be an alternative signature standard within the appropriate international standard (IS 9796). Concerning the security of the DSA, no cryptographic shortcut attacks on the DSA have been discovered. However, NIST has revised the proposed standard to provide a larger modulus size. This modification will accommodate requirements for long term security of digital signatures. NIST believes that the efficiency of the DSA is adequate for most applications. Given the complexity of the public comments, NIST proceeded deliberatively in its consideration of the August 1991 proposal. The written comments submitted by interested parties and other available material were carefully reviewed and considered in the determination to finalize the proposed FIPS for DSS. On the basis of this review, NIST recommended that the Secretary approve the standard as a Federal Information Processing Standards Publication, and prepared a detailed justification document for the Secretary's review in support of that recommendation. The detailed justification document which was presented to the Secretary is part of the public record and is available for inspection and copying in the Department's Central Reference and Records Inspection Facility, room 6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and Constitution Avenues, NW., Washington, DC 20230. This FIPS contains two sections: (1) An announcement section, which provides information concerning the applicability, implementation, and maintenance of the standard; and (2) a specifications section which deals with the technical requirements of the standard. Only the announcement section is provided in this notice. Dated: May 13, 1994. Samuel Kramer, Associate Director. Processing Standards Publication 186 Announcing the Digital Signature Standard (DSS) Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public law 100-235. Name of Standard: Digital Signature Standard (DSS). Category of Standard: Computer Security; Cryptography. Explanation: This Standard specifies a Digital Signature Algorithm (DSA) appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature verification makes use of a public key which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are assumed to be known to the public in general. Private keys are never shared. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key. A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest (see Figure 1). The message digest is then input to the DSA to generate the digital signature. The digital signature is sent to the intended verifier along with the signed data (often called the message). The verifier of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The hash function is specified in a separate standard, the Secure Hash Standard (SHS), FIPS 180. Similar procedures may be used to generate and verify signatures for stored as well as transmitted data. [*26210] Signature Generation Signature Verification Message Received Message ^ ^ / / Secure Hash Algorithm Secure Hash Algorithm ^ ^ / / Message Digest Message Digest ^ ^ / / Private Digital Digital Public --> DSA Sign --> --> DSA Verify <-- Operation Operation Key Signature Signature ^ Key / Yes - Signature Verified or No - Signature Verification Failed Figure 1: Using the SHA with the DSA Approving Authority: Secretary of Commerce. Maintenance Agency: U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Computer Systems Laboratory (CSL). Applicability: This standard is applicable to all Federal departments and agencies for the protection of unclassified information that is not subject to section 2315 of Title 10, United States Code, or section 3502(2) of Title 44, United States Code. This standard shall be used in designing and implementing public-key based signature systems which Federal departments and agencies operate or which are operated for them under contract. Adoption and use of this standard is available to private and commercial organizations. Applications: The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used in proving to a third party that data was actually signed by the generator of the signature. The DSA is intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication. Implementations: The DSA may be implemented in software, firmware, hardware, or any combination thereof. NIST is developing a validation program to test implementations for conformance to this standard. Information about the planned validation program can be obtained from the National Institute of Standards and Technology, Computer Systems Laboratory, Attn: DSS Validation, Gaithersburg, MD 20899. Export Control: Implementations of this standard are subject to Federal Government export controls as specified in Title 15, Code of Federal Regulations, Parts 768 through 799. Exporters are advised to contact the Department of Commerce, Bureau of Export Administration for more information. Patents: The Department of Commerce is not aware of any patents that would be infringed by this standard. Implemented Schedule: This standard becomes effective December 1, 1994. Specifications: Federal Information Processing Standard (FIPS186) Digital Signature Standard (DSS), (affixed). Cross Index a. Federal Information Resources Management Regulations (FIRMR) subpart 201.20.303, Standards, and subpart 201.39.1002, Federal Standards. b. FIPS PUB 46-2, Data Encryption Standard. c. FIPS PUB 73, Guidelines for Security of Computer Applications. d. FIPS PUB 140-1, Security Requirements for Cryptographic Modules. e. FIPS PUB 171, Key Management Using ANSI X9.17. f. FIPS PUB 180, Secure Hash Standard. Qualifications: The security of a digital signature system is dependent on maintaining the secrecy of users' private keys. Users must therefore guard against the unauthorized acquisition of their private keys. While it is the intent of this standard to specify general security requirements for generating digital signatures, conformance to this standard does not assure that a particular implementation is secure. The responsible authority in each agency or department shall assure that an overall implementation provides an acceptable level of security. This standard will be reviewed every five years in order to assess its adequacy. [*26211] Waiver Procedure: Under certain exceptional circumstances, the heads of Federal departments and agencies may approve waivers to Federal Information Processing Standards (FIPS). The head of such agency may redelegate such authority only to a senior official designated pursuant to section 3506(b) of Title 44, United States Code. Waiver shall be granted only when: a. Compliance with a standard would adversely affect the accomplishment of the mission of an operator of a Federal computer system; or b. Compliance with a standard would cause a major adverse financial impact on the operator which is not offset by Government-wide savings. Agency heads may act upon a written waiver request containing the information detailed above. Agency heads may also act without a written waiver request when they determine that conditions for meeting the standard cannot be met. Agency heads may approve waivers only by a written decision which explains the basis on which the agency head made with required finding(s). A copy of each decision, with procurement sensitive or classified portions clearly identified, shall be sent to: National Institute of Standards and Technology; ATTN: FIPS Waiver Decisions, Technology Building, room B-154, Gaithersburg, MD 20899. In addition, notice of each waiver granted and each delegation of authority to approve waivers shall be sent promptly to the Committee on Government Operations of the House of Representatives and the Committee on Government Affairs of the Senate and shall be published promptly in the Federal Register. When the determination on a waiver applies to the procurement of equipment and/or services, a notice of the waiver determination must be published in the Commerce Business Daily as a part of the notice of solicitation for offers of an acquisition or, if the waiver determination is made after that notice is published, by amendment to such notice. A copy of the waiver, any supporting documents, the document approving the waiver and any accompanying documents, with such deletions as the agency is authorized and decides to make under 5 U.S.C. 552(b), shall be part of the procurement documentation and retained by the agency. Where to Obtain Copies of the Standard: Copies of this publication are for sale by the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering, refer to Federal Information Processing Standards Publication 186 (FIPSPUB186), and identify the title. When microfiche is desired, this should be specified. Prices are published by NTIS in current catalogs and other issuances. Payment may be made by check, money order, deposit account or charged to a credit card accepted by NTIS. [FR Doc. 94-12218 Filed 5-18-94; 8:45 am]
Return to: Digital Signature Standard Page Cryptography Policy Page EPIC Home Page