On September 18, 2017 this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Digital Signatures

As an electronic analogue of a written signature, a digital signature provides assurance that:

  1. the claimed signatory signed the information, and
  2. the information was not modified after signature generation.

Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function.

Learn more about the history of the DSS.

Current Work

October 20, 2015: A Federal Register Notice (FRN) from NIST requests comments on the recommended elliptic curves specified in Appendix D of FIPS 186-4; comments on other parts of the FIPS will also be considered. The FRN includes questions that NIST would like commenters to address. The comment period ended December 4, 2015.

Hash Functions

FIPS 180-4, Secure Hash Standard (SHS), and FIPS 202, SHA-3 Standard, specify approved hash functions for use with digital signatures (see the Secure Hashing toolkit page).

Assurance

Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurance of:

    • domain parameter validity (DSA and ECDSA),
    • public key validity, and
    • private key possession.

All assurances are necessary for valid digital signatures.

Random Number Generation

Three publications, SP 800-90[A|B|C], specify approved methods for random number generation (see the Random Number Generation toolkit page).

Timeliness

SP 800-102, Recommendation for Digital Signature Timeliness, provides guidance for establishing when a digital signature was generated.

Transitioning Algorithms and Key Lengths

SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, provides the approach for transitioning between different algorithms and key lengths.

Back to Top

Testing DSS Implementations

Testing requirements and validation lists for DSS implementations are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

History of the DSS (FIPS 186)

FIPS 186 was first published in 1994 and specified a digital signature algorithm (DSA) to generate and verify digital signatures.  Later revisions − FIPS 186-1 (1998) and FIPS 186-2 (2000) − adopted two additional algorithms: the Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA digital signature algorithm. 

FIPS 186-3 (2009) increased the key sizes allowed for DSA, provided additional requirements for the use of ECDSA and RSA, and included requirements for obtaining the assurances necessary for valid digital signatures. FIPS 186-3 also replaced the random number generator specifications included in previous versions with a reference to SP 800-90.

The latest version, FIPS 186-4 (2013), reduces restrictions on the use of random number generators and the retention and use of prime number generation seeds, and improves alignment with Public-Key Cryptography Standard (PKCS) #1.

Back to Top