Department of Commerce National Institute of Standards and Technology RIN 0693-AA86 A Proposed Federal Information Processing Standard for Digital Signature Standard (DSS) August 30, 1991 AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice; request for commments. SUMMARY: A Federal Information Processing Standard (FIPS) for Digital Signature Standard (DSS) is being proposed. This proposed standard specifies a public- key based digital signature algorithm (DSA) appropriate for Federal digital signature applications. The proposed DSS uses a public key to verify to a recipient the integrity of data and the identity of the sender of the data. The DSS can also be used by a third party to ascertain the authenticity of a signature and the data associated with it. This proposed standard adopts a public-key signature system that uses a pair of transformations to generate and verify a digital value called a signature. The government has applied to the U.S. Patent Office for a patent on this technique. The government will also seek foreign patents as appropriate. NIST intends to make this DSS technique available world-wide on a royalty-free basis in the public interest. We believe this technique is patentable and that no other patents would apply to the DSS, but we cannot give firm assurances to such effect in advance of issuance of the patent. The purpose of this notice is to solicit views from the public, manufacturers, and Federal, state, and local government users so that their needs can be considered prior to submission of this proposed standard to the Secretary of Commerce for review and approval. The proposed standard contains two sections: (1) An announcement section, which provides information concerning the applicability, implementation, and maintenance of the standard; and (2) a specifications section which deals with the technical aspects of the standard. Only the announcement section of the standard is provided in this notice. Interested parties may obtain copies of the specifications section from the Standards Processing Coordinator (ADP), National Institute of Standards and Technology, Technology Building, room B-64, Gaithersburg, MD 20899, telephone (301) 975-2816. DATES: Comments on this proposed standard must be received on or before November 29, 1991. ADDRESSES: Written comments concerning the proposed standard should be sent to: Director, Computer Systems Laboratory, ATTN: Proposed FIPS for DSS, Technology Building, room B-154, National Institute of Standards and Technology, Gaithersburg, MD 20899. Written comments received in response to this notice will be made part of the public record and will be made available for inspection and copying in the Central Reference and Records Inspection Facility, room 6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and Constitution Avenue, NW., Washington, DC 20230. FOR FURTHER INFORMATION CONTACT:Mr. Miles Smid, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-2938. SUPPLEMENTARY INFORMATION: This proposed FIPS is the result of evaluating a number of alternative digital signature techniques. In making the selection, the NIST has followed the mandate contained in section 2 of the Computer Security Act of 1987 that NIST develop standards and guidelines to "...assure the cost-effective security and privacy of sensitive information in Federal systems". In meeting this statutory responsibility, NIST has placed primary emphasis on selecting the technology that best assures the appropriate security of Federal information and, among technologies offering comparable protection, on selecting the option with the most desirable operating and use characteristics. Among the factors that were considered during this process were the level of security provided, the ease of implementation in both hardware and software, the ease of export from the U.S., the applicability of patents, impact on national security and law enforcement and the level of efficiency in both the signing and verification functions. A number of techniques were deemed to provide appropriate protection for Federal systems. The technique selected has the following desirable characteristics: --NIST expects it to be available for public use on a royalty-free basis. Broader use of this technique resulting from public availability should be an economic benefit to the government and the public. --The technique selected provides for efficient implementation of the signature operations in smart card applications. In these applications the signing operations are performed in the computationally modest environment of the smart card while the verification process is implemented in a more computationally rich environment such as a personal computer, a hardware cryptographic module, or a mainframe computer. NIST has received agreement from Department of Defense authorities that this digital signature technique may be used to sign unclassified data processed by "Warner Amendment" systems (10 U.S.C. 2315 and 44 U.S.C. 3502(2)) as well as classified data in selected applications. A hashing function has not been specified by NIST at this time for use with the DSS. NIST has been reviewing various candidate hashing functions; however, we are not satisfied with any of the functions we have studied thus far. NIST does intend to publish a hashing function that is complementary to the DSS. Dated: August 26, 1991. John W. Lyons, Director. Federal Information Processing Standards Publication XX DRAFT 1991 August 19 DRAFT Announcing a Digital Signature Standard Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. Name of Standard: Digital Signature Standard. Category of Standard; ADP Operations, Computer Security. Explanation: This Standard specifies a Digital Signature Algorithm (DSA) appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that it can be used to verify the identity of the originator and integrity of the data. The DSA includes signature generation and verification. Generation makes use of a private key to generate a digital signature. Verification of the signature makes use of a public key which corresponds to, but is not the same as, the private key used to generate the signature. Each user possesses a private and public key pair. Public keys are assumed to be known to all members of a group of users or to the public in general. Private keys must be known only by their creators. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key. A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest. The message digest is then signed. The digital signature is sent to the intended recipient along with the signed data (often called the message). The recipient of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The has function will be specified in a separate standard. Similar procedures may be used to generate and verify signatures for stored as well as transmitted data. Approving Authority: Secretary of Commerce. Maintenance Agency: Computer Systems Laboratory, National Institute of Standards and Technology. Applicability: This standard is applicable to all federal departments and agencies for the protection of unclassified information that is not subject to section 2315 of title 10, United States Code, or section 3502(2) of title 44, United States Code. This standard shall be used in designing and implementing public-key based signature systems which Federal departments and agencies operate or which are operated for them under contract. Private and commercial organizations are encouraged to adopt and use this standards. Applications: The DSA authenticates the integrity of the signed data and the identity of the signer. The DSA may also be used in proving to a third party that data was actually signed by the generator of the signature. The DSA is intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication. Implementations: The DSA may be implemented in software, firmware or hardware. Only implementations of the DSA that are validated by NIST will be considered as complying with this standard. Information about the requirements for validating implementations of this standard can be obtained from the National Institute of Standards and Technology, Computer Systems Laboratory, Attn: DSS Validation, Gaithersburg, MD 20899. Export Control: Implementations of this standard are subject to Federal Government export controls as specified in title 15, Code of Federal Regulations, parts 768 through 799. Exporters are advised to contact the Department of Commerce, Bureau of Export Administration for more information. Patents: Implementations of the DSA in this standard may be covered by U.S. and foreign patents. Implementation Schedule: This standard is effective six months after publication in the Federal Register announcing approval by the Secretary of Commerce. Specificatins: Federal Information Processing Standard (FIPS XX) Digital Signature Standard (affixed). Cross Index: a. FIPS PUB 46-1, Data Encryption Standard. b. FIPS PUB 73, Guidelines for Security of Computer Applications. c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules. Qualifications: The security of a digital signature system is dependent on maintaining the secrecy of users' private keys. Users must therefore guard against the unauthorized acquisition of their private keys. While it is the intent of this standard to specify general security requirements for generating digital signatures, conformance to this standard does not assure that a particular implementation is secure. The responsible authority in each agency or department shall assure that an overall implementation provides an acceptable level of security. This standard will be reviewed every five years in order to assess its adequacy. Waiver Procedure Under certain exceptional circumstances, the heads of Federal departments and agencies may approve waivers to Federal Information Processing Standards (FIPS). The head of such agency may redelegate such authority only to a senior official designated pursuant to section 3506(b) of Title 44, United States Code. Waiver shall be granted only when: a. Compliance with a standard would adversely affect the accomplishment of the mission of an operator of a Federal computer system; or b. Compliance with a standard would cause a major adverse financial impact on the operator which is not offset by Government-wide savings. Agency heads may act upon a written waiver request containing the information detailed above. Agency heads may also act without a written waiver request when they determine that conditions for meeting the standard cannot be met. Agency heads may approve waivers only by a written decision which explains the basis on which the agency head made the required finding(s). A copy of each decision, with procurement sensitive or classified portions clearly identified, shall be sent to: National Institute of Standards and Technology; ATTN: FIPS Waiver Decisions, Technology Building, room B-154, Gaithersburg, MD 20899. In addition, notice of each waiver granted and each delegation of authority to approve waivers shall be sent promptly to the Committee on Government Operations of the House of Representatives and the Committee on Government Affairs of the Senate and shall be published promptly in the Federal Register. When the determination on a waiver applies to the procurement of equipment and/or services, a notice of the waiver determination must be published in the Commerce Business Daily as a part of the notice of solicitation for offers of an acquisition or, if the waiver determination is made after that notice is published, by amendment to such notice. A copy of the waiver, any supporting documents, the document approving the waiver and any accompanying documents, with such deletions as the agency is authorized and decides to make under 5 United States Code section 552(b), shall be part of the procurement documentation and retained by the agency. Where to Obtain Copies of the Standard: Copies of this publication are for sale by the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering, refer to Federal Information Processing Standards Publication XX (FIPS PUB XX), and identify the title. When microfiche is desired, this should be specified. Prices are published by NTIS in current catalogs and other issuances. Payment may be made by check, money order, deposit account or charged to a credit card accepted by NTIS.
Return to: Digital Signature Standard Page Cryptography Policy Page EPIC Home Page