Constituents Speak, NIST ListensNew Guidance Issued on Digital Signatures All guidance from the National Institute of Standards and Technology is initially presented in a draft form, and solicits comments from interested parties on how to improve its standards before final publication. And, NIST listens to its constituencies.
NIST announced Wednesday the adoption of Federal Information Processing Standard186-3, the Digital Signature. FIPS 186-3 is a revision of FIPS 186-2, and allows up to 3,072-bit keys; the older standards had key-size limits of 1,024 bits.
According to a posting by NIST in the Federal Register, 13 parties provide comments: six federal agencies, one university, five private organizations and a single individual.
One commenter suggested relaxing the requirement for hash algorithms to provide equivalent or stronger security than the public key algorithm and key size. NIST accepted the comment and substituted a requirement that the hash algorithm and the public key algorithm and key size meet the security requirements for the application. This permits the use of a public key algorithm and key size that is stronger in security than a hash algorithm, so long as both provide sufficient security for the digital signature process. The use of hash algorithms -mathematical processes that converts a large, variable-sized amount of data into a small datum -that provide equivalent or stronger security than the public key algorithm and key size is still encouraged as a general practice.
The FIPS specifies three techniques for the generation and verification of digital signatures: DSA (Digital Signature Algorithm), ECDSA (Elliptic Curve Digital Signature Algorithm) and RSA. This revision increases the length of the keys allowed for DSA, provides additional requirements for the use of ECDSA and RSA and includes requirements for obtaining assurances necessary for valid digital signatures.
The original DSA algorithm, as specified in FIPS 186, 186-1 and 186- 2, allows key sizes of 512 to 1024 bits. With advances in technology, according to NIST, it is prudent to consider larger key sizes. FIPS 186-3 allows the use of 1024, 2048 and 3072-bit keys.