So, the FIPS 186-3 is getting closer to finalization, and a new draft has been published for public comment.
As stated in today’s (Nov. 12, 2008) Federal Register Notice, NIST requests final comments on FIPS 186-3, the proposed revision of FIPS 186-2, the Digital Signature Standard. The draft defines methods for digital signature generation that can be used for the protection of messages, and for the verification and validation of those digital signatures using DSA, RSA and ECDSA. [...] The comment period closes on Friday, December 12, 2008.
Along with a draft of SP 800-102 being announced for public comment.
NIST requests comments on SP 800-102, Recommendation for Digital Signature Timeliness. This Recommendation provides methods for obtaining assurance about the time that a message was signed. The concepts in this Recommendation were presented in the original public comment draft of FIPS 186,3, The Digital Signature Standard. Please provide comments [...] by December 19, 2008 [...]
A summary of the changes between this draft and the earlier ones, as well as a brief summary of the changes between FIPS 186-2 between 186-3, can be found in the Federal Register notice. In the notice, the changes between drafts are covered in a comments received and NIST response format. For those that will be specifically dealing with this future standard, I found the most interesting NIST responses to be…
A.1.1.3 is intentionally different from A.1.1.1. The change in the use of the hash function (no XORing) was in response to a cryptanalytic attack that showed how to select a set of domain parameters generated in the A.1.1.1 fashion in such a way that two ‘‘messages’’ with the same DSA signature could be found. Note that A.1.1.1 still allows domain parameters generated using the older method to be verified.
The length of the larger keys has a huge impact on communications and storage requirements. The strategy of the U.S. government is to transition to elliptic curve algorithms in order to reduce the key sizes.
NIST has chosen to base the number of tests on the key sizes and provided separate requirements for each. An implementer can choose to combine the requirements into fewer categories, as long as the number of rounds for each key size are equal to or greater than the numbers provided in the FIPS.
The only other NIST document containing approved methods for random number generation is FIPS 186–2. With the approval of FIPS 186–3, those methods will no longer be approved, subject to a transition period posted by the Cryptographic Module Validation Program (CMVP).
My comments on the draft proposed back in 2006 plus feedback from readers can be found here. I was happy to see the focus refined to be solely on the digital signature algorithms, and other information migrated elsewhere. Even so, I do have a little concern about the complexity of the document – it almost feels like there is too much information and too many options to make a clear standard, but maybe not.
Update: As with RSA digital signatures, the world has been using RSA for key exchange for years, even in FIPS-validated modules. So, a draft of SP800-56B has been released for public comment.
NIST requests comments on Draft SP 800-56B, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. This Recommendation provides the specifications of asymmetric-based key agreement and key transport schemes that are based on the Rivest Shamir Adleman (RSA) algorithm.