NIST, Computer Security Division, Computer Security Resource Center
Digital Signatures
Approved Algorithms
Currently, there exist three (3) Approved* algorithms for generating and verifying digital signatures: DSA, RSA, and ECDSA. All three algorithms are used in conjunction with an Approved hash function.
Digital Signature Algorithm (DSA)
FIPS 186-2, Digital Signature Standard (DSS), February 2000.
FIPS 186-2 contains the complete specification of the Digital Signature Algorithm (DSA), with several examples.
On October 5, 2001 a change notice was appended to the end of FIPS 186-2. Use the link at the head of this section to access the revised document.
Multiple examples of DSA are available. These examples use the 1024-bit modulus size. Additionally, they use the original PRNGs as well as the revised versions found in Change Notice #1 of FIPS 186-2.
An initial draft of FIPS 186-3 was posted for public review and comment on March 13, 2006. While addressing the received comments, two issues related to primality testing and RSA key generation were addressed, resulting in significant changes. These changes were provided for informal comment periods. A total list of the comments on the draft of FIPS 186-3 is now available.
An accompanying document to FIPS 186-3, NIST Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurances necessary for valid digital signatures.
NIST announces the release of 2nd draft Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize messages that are input to a cryptographic hash function during the generation of digital signatures. Please submit comments to quynh.dang@nist.gov with "Comments on Draft 800-106" in the subject line. The comment period closes on September 5, 2008.
RSA Digital Signatures
FIPS 186-2, Digital Signature Standard (DSS), February 2000.
FIPS 186-2 indicates that the RSA digital signature algorithm, as specified in ANSI X9.31, may be used for digital signature generation and verification.
See the Notes in DSA section regarding the new drafts.
October 20, 2006: An attack has been found on some implementations of RSA digital signatures using the padding scheme for RSASSA-PKCS1-v1_5 as specified in Public Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard-2002. A statement discussing the attack is available. A similar attack could also be applied to implementations of digital signatures as specified in American National Standard (ANS) X9.31. Note that this attack is not on the RSA algorithm itself, but on improper implementations of the signature verification process.
ANSI X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry, 1998 (available from the ANSI X9 catalog).
ANSI X9.31 contains the complete specification for the RSA signature algorithm.
ECDSA Digital Signature Algorithm
FIPS 186-2, Digital Signature Standard (DSS), February 2000.
FIPS 186-2 indicates that the ECDSA digital signature algorithm, as specified in ANSI X9.62, may be used for digital signature generation and verification.
See the Notes in DSA section regarding the new drafts.
ANSI X9.62-1998, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1998 (available from the ANSI X9 catalog).
ANSI X9.62 contains the complete specification for the ECDSA signature algorithm.
Elliptic curves recommended for Federal Government use can be found in Appendix 6 of FIPS 186-2. The white paper that originally specified these curves is also available.
Back to TopTesting Products
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopAdditional Information
ITL Bulletin: Digital Signature Standard, November 1994.
This bulletin provides an overview of the DSS, including some information on patents (however, it does not include information on RSA or ECDSA - only DSA).
Back to Top