Department of Commerce

National Institute of Standards and Technology

RIN 0693-AA86

A Proposed Federal Information Processing Standard for Digital Signature
Standard (DSS)

August 30, 1991

AGENCY: National Institute of Standards and Technology (NIST), Commerce.

ACTION: Notice;  request for commments.

SUMMARY: A Federal Information Processing Standard (FIPS) for Digital
Signature Standard (DSS) is being proposed.  This proposed standard
specifies a public- key based digital signature algorithm (DSA)
appropriate for Federal digital signature applications.  The proposed
DSS uses a public key to verify to a recipient the integrity of data and
the identity of the sender of the data. The DSS can also be used by a
third party to ascertain the authenticity of a signature and the data
associated with it.

This proposed standard adopts a public-key signature system that uses a
pair of transformations to generate and verify a digital value called a
signature. The government has applied to the U.S. Patent Office for a
patent on this technique.  The government will also seek foreign patents
as appropriate.  NIST intends to make this DSS technique available
world-wide on a royalty-free basis in the public interest.  We believe
this technique is patentable and that no other patents would apply to
the DSS, but we cannot give firm assurances to such effect in advance of
issuance of the patent.

The purpose of this notice is to solicit views from the public,
manufacturers, and Federal, state, and local government users so that
their needs can be considered prior to submission of this proposed
standard to the Secretary of Commerce for review and approval.

The proposed standard contains two sections:  (1) An announcement
section, which provides information concerning the applicability,
implementation, and maintenance of the standard;  and (2) a
specifications section which deals with the technical aspects of the
standard.  Only the announcement section of the standard is provided in
this notice.  Interested parties may obtain copies of the specifications
section from the Standards Processing Coordinator (ADP), National
Institute of Standards and Technology, Technology Building, room B-64,
Gaithersburg, MD 20899, telephone (301) 975-2816.

DATES: Comments on this proposed standard must be received on or before
November 29, 1991.

ADDRESSES: Written comments concerning the proposed standard should be
sent to:  Director, Computer Systems Laboratory, ATTN:  Proposed FIPS
for DSS, Technology Building, room B-154, National Institute of
Standards and Technology, Gaithersburg, MD 20899.

Written comments received in response to this notice will be made part
of the public record and will be made available for inspection and
copying in the Central Reference and Records Inspection Facility, room
6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and
Constitution Avenue, NW., Washington, DC 20230.

FOR FURTHER INFORMATION CONTACT:Mr. Miles Smid, National Institute of
Standards and Technology, Gaithersburg, MD 20899, telephone (301)
975-2938.

SUPPLEMENTARY INFORMATION: This proposed FIPS is the result of
evaluating a number of alternative digital signature techniques.  In
making the selection, the NIST has followed the mandate contained in
section 2 of the Computer Security Act of 1987 that NIST develop
standards and guidelines to "...assure the cost-effective security and
privacy of sensitive information in Federal systems".  In meeting this
statutory responsibility, NIST has placed primary emphasis on selecting
the technology that best assures the appropriate security of Federal
information and, among technologies offering comparable protection, on
selecting the option with the most desirable operating and use
characteristics. Among the factors that were considered during this
process were the level of security provided, the ease of implementation
in both hardware and software, the ease of export from the U.S., the
applicability of patents, impact on national security and law
enforcement and the level of efficiency in both the signing and
verification functions.  A number of techniques were deemed to provide
appropriate protection for Federal systems.  The technique selected has
the following desirable characteristics: --NIST expects it to be
available for public use on a royalty-free basis. Broader use of this
technique resulting from public availability should be an economic
benefit to the government and the public. --The technique selected
provides for efficient implementation of the signature operations in
smart card applications.  In these applications the signing operations
are performed in the computationally modest environment of the smart
card while the verification process is implemented in a more
computationally rich environment such as a personal computer, a hardware
cryptographic module, or a mainframe computer. NIST has received
agreement from Department of Defense authorities that this digital
signature technique may be used to sign unclassified data processed by
"Warner Amendment" systems (10 U.S.C. 2315 and 44 U.S.C. 3502(2)) as
well as classified data in selected applications. A hashing function has
not been specified by NIST at this time for use with the DSS. NIST has
been reviewing various candidate hashing functions;  however, we are not
satisfied with any of the functions we have studied thus far.  NIST does
intend to publish a hashing function that is complementary to the DSS.
Dated:  August 26, 1991.

John W. Lyons,

Director.

Federal Information Processing Standards Publication XX


DRAFT  1991 August 19  DRAFT

Announcing a Digital Signature Standard

Federal Information Processing Standards Publications (FIPS PUBS) are
issued by the National Institute of Standards and Technology (NIST)
after approval by the Secretary of Commerce pursuant to section 111(d)
of the Federal Property and Administrative Services Act of 1949 as
amended by the Computer Security Act of 1987, Public Law 100-235.

Name of Standard: Digital Signature Standard.

Category of Standard; ADP Operations, Computer Security.

Explanation: This Standard specifies a Digital Signature Algorithm (DSA)
appropriate for applications requiring a digital rather than written
signature.  The DSA digital signature is a pair of large numbers
represented in a computer as strings of binary digits.  The digital
signature is computed using a set of rules (i.e., the DSA) and a set of
parameters such that it can be used to verify the identity of the
originator and integrity of the data. The DSA includes signature
generation and verification.  Generation makes use of a private key to
generate a digital signature.  Verification of the signature makes use
of a public key which corresponds to, but is not the same as, the
private key used to generate the signature.  Each user possesses a
private and public key pair.  Public keys are assumed to be known to all
members of a group of users or to the public in general.  Private keys
must be known only by their creators.  Anyone can verify the signature
of a user by employing that user's public key.  Signature generation can
be performed only by the possessor of the user's private key. A hash
function is used in the signature generation process to obtain a
condensed version of data, called a message digest.  The message digest
is then signed.  The digital signature is sent to the intended recipient
along with the signed data (often called the message).  The recipient of
the message and signature verifies the signature by using the sender's
public key.  The same hash function must also be used in the
verification process.  The has function will be specified in a separate
standard.  Similar procedures may be used to generate and verify
signatures for stored as well as transmitted data.

Approving Authority: Secretary of Commerce.

Maintenance Agency: Computer Systems Laboratory, National Institute of
Standards and Technology.

Applicability: This standard is applicable to all federal departments
and agencies for the protection of unclassified information that is not
subject to section 2315 of title 10, United States Code, or section
3502(2) of title 44, United States Code. This standard shall be used in
designing and implementing public-key based signature systems which
Federal departments and agencies operate or which are operated for them
under contract.  Private and commercial organizations are encouraged to
adopt and use this standards.

Applications: The DSA authenticates the integrity of the signed data and
the identity of the signer.  The DSA may also be used in proving to a
third party that data was actually signed by the generator of the
signature.  The DSA is intended for use in electronic mail, electronic
funds transfer, electronic data interchange, software distribution, data
storage, and other applications which require data integrity assurance
and data origin authentication.

Implementations: The DSA may be implemented in software, firmware or
hardware.  Only implementations of the DSA that are validated by NIST
will be considered as complying with this standard.  Information about
the requirements for validating implementations of this standard can be
obtained from the National Institute of Standards and Technology,
Computer Systems Laboratory, Attn:  DSS Validation, Gaithersburg, MD
20899.

Export Control: Implementations of this standard are subject to Federal
Government export controls as specified in title 15, Code of Federal
Regulations, parts 768 through 799.  Exporters are advised to contact
the Department of Commerce, Bureau of Export Administration for more
information.

Patents: Implementations of the DSA in this standard may be covered by
U.S. and foreign patents.

Implementation Schedule: This standard is effective six months after
publication in the Federal Register announcing approval by the Secretary
of Commerce.

Specificatins: Federal Information Processing Standard (FIPS XX) Digital
Signature Standard (affixed).

Cross Index: a. FIPS PUB 46-1, Data Encryption Standard. b. FIPS PUB 73,
Guidelines for Security of Computer Applications. c. FIPS PUB 140-1,
Security Requirements for Cryptographic Modules. Qualifications: The
security of a digital signature system is dependent on maintaining the
secrecy of users' private keys.  Users must therefore guard against the
unauthorized acquisition of their private keys.  While it is the intent
of this standard to specify general security requirements for generating
digital signatures, conformance to this standard does not assure that a
particular implementation is secure.  The responsible authority in each
agency or department shall assure that an overall implementation
provides an acceptable level of security.  This standard will be
reviewed every five years in order to assess its adequacy. Waiver
Procedure Under certain exceptional circumstances, the heads of Federal
departments and agencies may approve waivers to Federal Information
Processing Standards (FIPS).  The head of such agency may redelegate
such authority only to a senior official designated pursuant to section
3506(b) of Title 44, United States Code. Waiver shall be granted only
when: a. Compliance with a standard would adversely affect the
accomplishment of the mission of an operator of a Federal computer
system;  or b. Compliance with a standard would cause a major adverse
financial impact on the operator which is not offset by Government-wide
savings.

Agency heads may act upon a written waiver request containing the
information detailed above.  Agency heads may also act without a written
waiver request when they determine that conditions for meeting the
standard cannot be met. Agency heads may approve waivers only by a
written decision which explains the basis on which the agency head made
the required finding(s).  A copy of each decision, with procurement
sensitive or classified portions clearly identified, shall be sent to:
National Institute of Standards and Technology;  ATTN:  FIPS Waiver
Decisions, Technology Building, room B-154, Gaithersburg, MD 20899. In
addition, notice of each waiver granted and each delegation of authority
to approve waivers shall be sent promptly to the Committee on Government
Operations of the House of Representatives and the Committee on
Government Affairs of the Senate and shall be published promptly in the
Federal Register. When the determination on a waiver applies to the
procurement of equipment and/or services, a notice of the waiver
determination must be published in the Commerce Business Daily as a part
of the notice of solicitation for offers of an acquisition or, if the
waiver determination is made after that notice is published, by
amendment to such notice. A copy of the waiver, any supporting
documents, the document approving the waiver and any accompanying
documents, with such deletions as the agency is authorized and decides
to make under 5 United States Code section 552(b), shall be part of the
procurement documentation and retained by the agency. Where to Obtain
Copies of the Standard: Copies of this publication are for sale by the
National Technical Information Service, U.S. Department of Commerce,
Springfield, VA 22161.  When ordering, refer to Federal Information
Processing Standards Publication XX (FIPS PUB XX), and identify the
title. When microfiche is desired, this should be specified.  Prices are
published by NTIS in current catalogs and other issuances.  Payment may
be made by check, money order, deposit account or charged to a credit
card accepted by NTIS.
