Page:Fips186-2-change1.pdf/74

 FIPS 186-2, DIGITAL SIGNATURE STANDARD CHANGE NOTICE 1

U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Gaithersburg, MD 20899

DATE OF CHANGE: 2001 October 5

Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard, specifies the Digital Signature Algorithm (DSA) that may be used in the generation and verification of digital signatures for sensitive, unclassified applications. FIPS 186-2 also allows the use of the digital signature techniques specified in American National Standards Institute (ANSI) X9.31 (Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)) and ANSI X9.62 (Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)). The standard also specifies a transition period for the use of existing (legacy) digital signature systems. Reversible public key algorithms, such as the RSA or Rabin-Williams algorithms, are often used in these legacy systems.

FIPS 186-2 is used in conjunction with the hash function specified in FIPS 180-1, Secure Hash Standard (SHS), and includes specifications for the size of the prime modulus p, and algorithms for the generation of a user's private key, x, and a user's per message secret number, k.

This change notice provides changes for the continued use of DSA as specified in FIPS 186-2 about the size of the prime modulus p, modifications for the random number generation techniques specified in Appendix 3 of FIPS 186-2, and provides instructions for the use of these techniques when used in contexts other than the generation of DSA keys. This change notice also provides guidance for the use of the reversible public key algorithms within legacy systems.

Questions regarding this change notice may be directed to [mailto:FIPS186@nist.gov FIPS186@nist.gov] or to Elaine Barker ([mailto:ebarker@nist.gov ebarker@nist.gov], 301-975-2911).

The Size of the Prime Modulus

Section 4 of FIPS 186-2 specifies that the prime modulus p of DSA is defined for the range of prime integers 2$L-1$ &lt; p &lt; 2L, where 512 ≤ L ≤ 1024 and L is a multiple of 64. This change notice specifies that L should assume only the value 1024 for DSA as specified in FIPS 186-2, i.e., the prime modulus p should be defined in the range 2$1023$ &lt; p &lt; 2$1024$.

The RSA and Rabin-Williams algorithms used within legacy systems are defined with a modulus n and prime factors p and q of n. This change notice specifies that n should be at least 1024 bits