NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.
Currently, we are reviewing the following publication:
NIST Special Publication (SP) 800-106, Randomized Hashing for Digital Signatures, 2009.
SP 800-106 provides a way to enhance the security of the cryptographic hash functions used in digital signatures by randomizing the messages.
NIST requests feedback on all aspects of SP 800-106. Also, since SP 800-106 was originally published to address concerns about using SHA-1 for digital signatures, NIST would appreciate feedback on the following issues:
Is this publication still needed, given the following?
SHA-1 has been deprecated for signature generation (per SP 800-131A Rev. 1).
The security of SHA-2—defined in FIPS 180-4—is better understood.
SHA-3 is defined in FIPS 202.
Are there any existing or new use cases that depend on SP 800-106?
The public comment period is open through March 16, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementations, clarity, risk, or relevance to current applications.
Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-106” in the Subject.
For more information about the review process, visit the Crypto Publication Review Project page.
Security and Privacy: digital signatures, secure hashing