Announcing DRAFT Federal Information Processing Standard (FIPS) Publication 186-3, Digital Signature Standard (DSS) and Request for Comments, 66842-66844 [E8-26841]
Download as PDF
<![CDATA[
66842
Federal Register / Vol. 73, No. 219 / Wednesday, November 12, 2008 / Notices
review, in whole or in part, if a party
that requested a review withdraws the
request within 90 days of the date of
publication of notice of initiation of the
requested review. The Secretary may
extend this time limit if the Secretary
decides that it is reasonable to do so.
See 19 CFR 351.213(d)(1). Both
Petitioner and Akzo Nobel withdrew
their requests for review with respect to
the latter within the 90-day time limit.
Therefore, in response to the
withdrawal of requests for
administrative reviews by both Akzo
Nobel and Petitioner, the Department
hereby rescinds the administrative
review of the antidumping duty order
on purified CMC from the Netherlands
for the period July 1, 2007, through June
30, 2008 for Akzo Nobel.
Assessment Rates
The Department intends to issue
assessment instructions to the U.S.
Customs and Border Protection (‘‘CBP’’)
15 days after the date of publication of
this partial rescission of administrative
review. The Department will direct CBP
to assess antidumping duties for Akzo
Nobel at the cash deposit rate in effect
on the date of entry for entries during
the period July 1, 2007, through June 30,
2008.
Notification to Importers
This notice serves as a final reminder
to importers for whom this review is
being rescinded, of their responsibility
under 19 CFR 351.402(f) to file a
certificate regarding reimbursement of
antidumping duties prior to liquidation
of the relevant entries during this
review period. Failure to comply with
this requirement could result in the
Secretary’s presumption that
reimbursement of antidumping duties
occurred and the subsequent assessment
of double antidumping duties.
mstockstill on PROD1PC66 with NOTICES
Notification Regarding Administrative
Protective Orders
This notice serves as a reminder to
parties subject to administrative
protective order (‘‘APO’’) of their
responsibility concerning the
disposition of proprietary information
disclosed under APO in accordance
with 19 CFR 351.305(a)(3). Timely
written notification of the return or
destruction of APO materials or
conversion to judicial protective order is
hereby requested. Failure to comply
with the regulations and terms of an
APO is a sanctionable violation.
This notice is published in
accordance with sections 751(a)(1) and
777(i)(1) of the Tariff Act of 1930, as
amended, and 19 CFR 351.213(d)(4).
VerDate Aug<31>2005
18:30 Nov 10, 2008
Jkt 217001
Dated: November 4, 2008.
Stephen J. Claeys,
Deputy Assistant Secretary for Import
Administration.
[FR Doc. E8–26836 Filed 11–10–08; 8:45 am]
BILLING CODE 3510–DS–S
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No. [0810011295–81297–01]]
Announcing DRAFT Federal
Information Processing Standard
(FIPS) Publication 186–3, Digital
Signature Standard (DSS) and Request
for Comments
National Institute of Standards
and Technology (NIST), Commerce
Department.
ACTION: Notice.
AGENCY:
SUMMARY: This notice announces a
second public review and comment
period for Draft Federal Information
Processing Standard 186–3, Digital
Signature Standard. The draft standard,
designated ‘‘Draft FIPS 186–3,’’ is
proposed to revise and supersede FIPS
186–2. Draft FIPS 186–3 is a revision of
FIPS 186–2, the Digital Signature
Standard. The Draft FIPS specifies three
techniques for the generation and
verification of digital signatures that can
be used for the protection of data: the
Digital Signature Algorithm (DSA), the
Elliptic Curve Digital Signature
Algorithm (ECDSA) and the RivestShamir-Adelman (RSA) algorithm.
Although all three of these algorithms
were approved in FIPS 186–2, this
revision increases the key sizes allowed
for DSA, provides additional
requirements for the use of RSA and
ECDSA, and includes requirements for
obtaining the assurances necessary for
valid digital signatures. FIPS 186–2
contained specifications for random
number generators (RNGs); this revision
does not include such specifications,
but refers to NIST Special Publication
(SP) 800–90 for obtaining random
numbers.
Prior to the submission of this
proposed standard to the Secretary of
Commerce for review and approval, it is
essential that consideration is given to
the needs and views of the public, users,
the information technology industry,
and Federal, State and local government
organizations. The purpose of this
notice is to solicit such views.
DATES: Comments must be received on
or before December 12, 2008.
ADDRESSES: Written comments may be
sent to: Chief, Computer Security
PO 00000
Frm 00008
Fmt 4703
Sfmt 4703
Division, Information Technology
Laboratory, Attention: Comments on
Draft FIPS 186–3, 100 Bureau Drive—
Stop 8930, National Institute of
Standards and Technology,
Gaithersburg, MD 20899–8930.
Electronic comments may also be sent
to: ebarker@nist.gov.
FOR FURTHER INFORMATION CONTACT:
Elaine Barker, (301) 975–2911, National
Institute of Standards and Technology,
100 Bureau Drive, STOP 8930,
Gaithersburg, MD 20899–8930, e-mail:
elaine.barker@nist.gov.
FIPS 186,
first published in 1994, specified a
digital signature algorithm (DSA) to
generate and verify digital signatures.
Later revisions (FIPS 186–1 and FIPS
186–2, adopted in 1998 and 1999,
respectively) adopted two additional
algorithms specified in American
National Standards (ANS) X9.31 (Digital
Signatures Using Reversible Public Key
Cryptography for the Financial Services
Industry (rDSA)), and X9.62 (The
Elliptic Curve Digital Signature
Algorithm (ECDSA)).
The original DSA algorithm, as
specified in FIPS 186, 186–1 and 186–
2, allows key sizes of 512 to 1024 bits.
With advances in technology, it is
prudent to consider larger key sizes.
Draft FIPS 186–3 allows the use of 1024,
2048 and 3072-bit keys. Other
requirements have also been added
concerning the use of ANS X9.31 and
ANS X9.62. In addition, the use of the
RSA algorithm as specified in Public
Key Cryptography Standard (PKCS) #1
(RSA Cryptography Standard) is
allowed.
A request for public comments was
published in the Federal Register on
March 13, 2006 (71 FR 12678). After
receiving comments in response to this
notice, NIST incorporated the comments
and posted a revised version of the FIPS
on its Web site. NIST received some
additional comments in response to this
posting. In all, a total of 15 individuals
and organizations provided comments
(two U.S. government agencies, a
foreign government agency, one
university, eight private organizations,
and three from individuals). The
following is a summary of the comments
received and NIST’s responses to them:
Comment: Seven commenters
suggested a number of editorial changes.
Response: NIST made the appropriate
editorial changes, which included
correcting typographical errors; spelling,
format and font size changes; reference
restrictions and updates, where
appropriate; minor word changes and
clarifications.
SUPPLEMENTARY INFORMATION:
E:\FR\FM\12NON1.SGM
12NON1
mstockstill on PROD1PC66 with NOTICES
Federal Register / Vol. 73, No. 219 / Wednesday, November 12, 2008 / Notices
Comment: One commenter requested
that examples be provided for each of
the digital signatures algorithms and key
sizes.
Response: Examples will be provided
at https://csrc.nist.gov/groups/ST/toolkit/
examples.html, and a link to this Web
page has been included in the
implementation section of the
announcement.
Comment: Eight commenters
suggested a number of minor technical
changes.
Response: The appropriate changes
were made, which included:
Corrections to the input to and
pseudocode for defined functions;
Corrections to table entries;
Removal of the appendix on
timestamping, and placing the contents
in a different document;
Allowing the use of the Chinese
Remainder Theorem (CRT) for the
representation of the private key; and
Stating that the minimum lengths for
the auxiliary primes for the generation
of RSA keys may be either fixed or
randomly chosen.
Comment: Two commenters noted
that the allowed values for the public
exponent e differ significantly from
those allowed in ANS X9.31 and PKCS
#1.
Response: The restricted values in the
FIPS are a Federal government choice to
provide a higher level of security for its
agencies. Non-Federal government
entities may voluntarily adopt these
restrictions.
Comment: One commenter asked why
the new DSA domain parameter
validation method in A.1.1.3 is not
compatible with the old verification
method in A.1.1.1, since the change
breaks interoperability with the FIPS
186–2 generation method.
Response: A.1.1.3 is intentionally
different from A.1.1.1. The change in
the use of the hash function (no
XORing) was in response to a
cryptanalytic attack that showed how to
select a set of domain parameters
generated in the A.1.1.1 fashion in such
a way that two ‘‘messages’’ with the
same DSA signature could be found.
Note that A.1.1.1 still allows domain
parameters generated using the older
method to be verified.
Comment: One commenter asked why
the DSA key sizes are limited to the
smaller values?
Response: The length of the larger
keys has a huge impact on
communications and storage
requirements. The strategy of the U.S.
government is to transition to elliptic
curve algorithms in order to reduce the
key sizes.
VerDate Aug<31>2005
18:30 Nov 10, 2008
Jkt 217001
Comment: One commenter asked that
a specification of the Shawe-Taylor
algorithm be included for use in the
generation of RSA primes, as well as for
DSA primes.
Response: The Shawe-Taylor method
was rewritten as a general routine that
is used for both DSA and RSA prime
generation.
Comment: Two commenters provided
comments with regard to the
inconsistencies in the number of
iterations required for the probabilistic
primality tests.
Response: The number of iterations
was taken from several FIPS and ANSI
standards. As a result of these
comments, NIST reviewed the methods
used to calculate the number of
iterations and calculated new values for
each digital signature method and prime
length.
After the proposed values and
associated explanatory text were posted
on the NIST Web site (in January 2007)
the following five comments were
received:
Comment: One commenter stated the
values in ANS X9.80 (Prime Number
Generation, Primality Testing, and
Primality Certificates) should be used
for the number of iterations.
Response: The values ANS X9.80
were based on assumptions and
estimates that have been superseded by
more recent considerations, and these
newer values have been included the
FIPS.
Comment: One commenter suggested
that fewer categories be provided in the
tables.
Response: NIST has chosen to base
the number of tests on the key sizes and
provided separate requirements for
each. An implementer can choose to
combine the requirements into fewer
categories, as long as the number of
rounds for each key size are equal to or
greater than the numbers provided in
the FIPS.
Comment: One commenter felt that
the error probability should always be
2¥100 to align with the ANSI standards.
Response: The 2¥100 error probability
is included in FIPS 186–3, along with
others that are dependent on the
security strength, to allow an
implementer to select the most suitable
probability for their application.
Comment: One commenter asked why
the Lucas test is not required in some
cases?
Response: After extensive analysis by
NIST, it was determined the Lucas test
is not required. However, the test can be
performed after the required number of
iterations of the Miller-Rabin tests in
order to provide higher assurance.
PO 00000
Frm 00009
Fmt 4703
Sfmt 4703
66843
Wording has been included to clarify
this.
Comment: One commenter suggested
that the Frobenius-Grantham (FG)
method for prime candidate testing
should be included, in addition to the
Miller-Rabin (MR) and Lucas tests.
Response: NIST has decided to
remain with the testing methods used in
ANS X9.31, which includes the MR and
Lucas tests, but not the FG tests. In
addition, the FG tests are more complex,
so would be more likely to be
implemented incorrectly.
Comment: The criteria for the
generation of strong primes in ASC
X9.31, upon which RSA key generation
is based, does not agree with the
definition of strong primes in the
Handbook of Applied Cryptography
(HAC).
Response: NIST researched and
analyzed the requirements for RSA key
pair generation, including requirements
for the use of strong primes, and
determined that strong primes as
defined by the HAC are not required.
The RSA key pair generation methods
were modified to include a number of
different methods that were not
previously included in the draft FIPS.
Comment: The draft FIPS refers to
approved random number generators. It
is not clear whether SP 800–90 contains
the only approved methods for random
number generation, or if other approved
methods can be used.
Response: The only other NIST
document containing approved methods
for random number generation is FIPS
186–2. With the approval of FIPS 186–
3, those methods will no longer be
approved, subject to a transition period
posted by the Cryptographic Module
Validation Program (CMVP).
NIST has incorporated the comments
previously received as described above.
NIST now seeks public comments on
the revised draft of FIPS 186–3. This
second draft of FIPS 186–3 is available
electronically from the NIST Web site
at: https://csrc.nist.gov/publications/
drafts.html. The current FIPS 186–2 is
available electronically from the NIST
Web site at: https://csrc.nist.gov/
publications/fips/. The first
draft of FIPS 186–3 and comments
received on that draft are available
electronically from the NIST Web site
at: https://csrc.nist.gov/groups/ST/
toolkit/digital_signatures.html,
respectively. Comments received in
response to this notice will be published
electronically at https://csrc.nist.gov/
groups/ST/toolkit/
digital_signatures.html.
Authority: In accordance the Federal
Information Security Management Act
(FISMA) of 2002 (Pub. L. 107–347), the
E:\FR\FM\12NON1.SGM
12NON1
66844
Federal Register / Vol. 73, No. 219 / Wednesday, November 12, 2008 / Notices
Secretary of Commerce is authorized to
approve Federal Information Processing
Standards (FIPS). NIST activities to
develop computer security standards to
protect Federal sensitive (unclassified)
information systems are undertaken
pursuant to specific responsibilities
assigned to NIST by section 20 of the
National Institute of Standards and
Technology Act (5 U.S.C. 278g–3), as
amended by section 303 of the Federal
Information Security Management Act
of 2002.
Executive Order 12866: This notice
has been determined not to be
significant for the purposes of Executive
Order 12866.
Dated: November 5, 2008.
Patrick Gallagher,
Deputy Director.
[FR Doc. E8–26841 Filed 11–10–08; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
Announcing a Meeting of the
Information Security and Privacy
Advisory Board
National Institute of Standards
and Technology.
ACTION: Meeting notice.
mstockstill on PROD1PC66 with NOTICES
AGENCY:
SUMMARY: Pursuant to the Federal
Advisory Committee Act, 5 U.S.C. App.,
notice is hereby given that the
Information Security and Privacy
Advisory Board (ISPAB) will meet
Wednesday, December 3, 2008 from
8:30 p.m. until 5 p.m., Thursday,
December 4, 2008, from 8:30 a.m. until
5 p.m., and Friday, December 5, 2008
from 8 a.m. until 5:15 p.m. All sessions
will be open to the public. The Advisory
Board was established by the Computer
Security Act of 1987 (Pub. L. 100–235)
and amended by the Federal
Information Security Management Act
of 2002 (Pub. L. 107–347) to advise the
Secretary of Commerce and the Director
of NIST on security and privacy issues
pertaining to federal computer systems.
Details regarding the Board’s activities
are available at https://csrc.nist.gov/
groups/SMA/ispab//.
DATES: The meeting will be held on
December 3, 2008 from 8:30 p.m. until
5 p.m., December 4, 2008 from 8:30 a.m.
until 5 p.m. and December 5, 2008, from
8 a.m. until 5:15 p.m.
ADDRESSES: The meeting will take place
at George Washington University Cafritz
Conference Center 800 21st Street, NW.,
Washington, DC, Room 405, on
December 3 and 4, 2008 and 3rd Floor
VerDate Aug<31>2005
18:30 Nov 10, 2008
Jkt 217001
Continental Ballroom on December 5,
2008.
FOR FURTHER INFORMATION CONTACT:
Ms.
Pauline Bowen, Board Secretariat,
Information Technology Laboratory,
National Institute of Standards and
Technology, 100 Bureau Drive, Stop
8930, Gaithersburg, MD 20899–8930,
telephone: (301) 975–2938.
SUPPLEMENTARY INFORMATION:
Agenda:
—Welcome and Overview
—OMB Update
—USCERT and Einstein
—ID Management
—Privacy Technology Report
—Center for Strategic and International
Studies (CSIS) Commission Briefing
—ISC2 Software Credentialing
—Metrics and FISMA 08
—ISPAB Work Plan Discussion
—SCADA Security
—Threat Analysis, IC to Civilian
—Panel—Cloud Computing—Basics
—Panel—Cloud Computing—Security
Strengths and Challenges
—Panel—Virtualization—Basics
—Panel—Cloud Computing and
Virtualization
Note that agenda items may change
without notice because of possible
unexpected schedule conflicts of
presenters. The final agenda will be
posted on the Web site indicated above.
Public Participation: The Board
agenda will include a period of time,
not to exceed thirty minutes, for oral
comments and questions from the
public (Thursday, December 5, 2008 at
3:45–4:15 p.m.). Each speaker will be
limited to five minutes. Members of the
public who are interested in speaking
are asked to contact the Board
Secretariat at the telephone number
indicated above. In addition, written
statements are invited and may be
submitted to the Board at any time.
Written statements should be directed to
the ISPAB Secretariat, Information
Technology Laboratory, 100 Bureau
Drive, Stop 8930, National Institute of
Standards and Technology,
Gaithersburg, MD 20899–8930.
Approximately 15 seats will be available
for the public and media on December
3 and 4, 2008 and approximately 200
seats will be available for the public and
media on December 5, 2008.
Dated: November 5, 2008.
Patrick Gallagher,
Deputy Director.
[FR Doc. E8–26840 Filed 11–10–08; 8:45 am]
BILLING CODE 3510–13–P
PO 00000
Frm 00010
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–AV00
Atlantic Highly Migratory Species;
Essential Fish Habitat
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Extension of comment period.
AGENCY:
SUMMARY: In order to provide additional
opportunities for the public, the
Atlantic Regional Fishery Management
Councils, the Atlantic and Gulf States
Marine Fisheries Commissions, and
other interested parties to comment on
the Essential Fish Habitat Draft
Amendment 1 to the 2006 Consolidated
Highly Migratory Species (HMS) Fishery
Management Plan (FMP), NMFS is
extending the comment period for this
action. On September 19, 2008, NMFS
published a Notice of Availability
(NOA) of a draft environmental impact
statement and a fishery management
plan amendment. Based on the
September 19, 2008, notice, the
comment period was scheduled to
conclude on November 18, 2008. NMFS
is now extending the comment period
until December 12, 2008. Comments
received by NMFS on the Draft
Amendment will be used in the
development of Final Amendment 1 to
the 2006 Consolidated HMS FMP.
DATES: The deadline for comments on
Draft Amendment 1 has been extended
from November 18, 2008, as published
on September 19, 2008 (73 FR 54384),
to 5:00 p.m. on December 12, 2008.
ADDRESSES: Written comments on this
action should be sent to Chris Rilling,
Highly Migratory Species Management
Division by any of the following
methods:
• E–mail: HMSEFH@noaa.gov.
• Mail: 1315 East–West Highway,
Silver Spring, MD 20910. Please mark
the outside of the envelope ‘‘Comments
on EFH Amendment to HMS FMP.’’
• Fax: 301–713–1917.
Copies of Draft Amendment 1 to the
Consolidated HMS FMP are available
from the HMS website under ‘‘Breaking
News’’ at https://www.nmfs.noaa.gov/
sfa/hms/ or by contacting Chris Rilling
(see FOR FURTHER INFORMATION CONTACT).
FOR FURTHER INFORMATION CONTACT:
Chris Rilling or Sari Kiraly by phone at
(301) 713–2347 or by fax at (301) 713–
1917.
SUPPLEMENTARY INFORMATION: The
Magnuson–Stevens Act (16 U.S.C. 1801
E:\FR\FM\12NON1.SGM
12NON1
]]>Agencies
[Federal Register Volume 73, Number 219 (Wednesday, November 12, 2008)]
[Notices]
[Pages 66842-66844]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-26841]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. [0810011295-81297-01]]
Announcing DRAFT Federal Information Processing Standard (FIPS)
Publication 186-3, Digital Signature Standard (DSS) and Request for
Comments
AGENCY: National Institute of Standards and Technology (NIST), Commerce
Department.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: This notice announces a second public review and comment
period for Draft Federal Information Processing Standard 186-3, Digital
Signature Standard. The draft standard, designated ``Draft FIPS 186-
3,'' is proposed to revise and supersede FIPS 186-2. Draft FIPS 186-3
is a revision of FIPS 186-2, the Digital Signature Standard. The Draft
FIPS specifies three techniques for the generation and verification of
digital signatures that can be used for the protection of data: the
Digital Signature Algorithm (DSA), the Elliptic Curve Digital Signature
Algorithm (ECDSA) and the Rivest-Shamir-Adelman (RSA) algorithm.
Although all three of these algorithms were approved in FIPS 186-2,
this revision increases the key sizes allowed for DSA, provides
additional requirements for the use of RSA and ECDSA, and includes
requirements for obtaining the assurances necessary for valid digital
signatures. FIPS 186-2 contained specifications for random number
generators (RNGs); this revision does not include such specifications,
but refers to NIST Special Publication (SP) 800-90 for obtaining random
numbers.
Prior to the submission of this proposed standard to the Secretary
of Commerce for review and approval, it is essential that consideration
is given to the needs and views of the public, users, the information
technology industry, and Federal, State and local government
organizations. The purpose of this notice is to solicit such views.
DATES: Comments must be received on or before December 12, 2008.
ADDRESSES: Written comments may be sent to: Chief, Computer Security
Division, Information Technology Laboratory, Attention: Comments on
Draft FIPS 186-3, 100 Bureau Drive--Stop 8930, National Institute of
Standards and Technology, Gaithersburg, MD 20899-8930. Electronic
comments may also be sent to: ebarker@nist.gov.
FOR FURTHER INFORMATION CONTACT: Elaine Barker, (301) 975-2911,
National Institute of Standards and Technology, 100 Bureau Drive, STOP
8930, Gaithersburg, MD 20899-8930, e-mail: elaine.barker@nist.gov.
SUPPLEMENTARY INFORMATION: FIPS 186, first published in 1994, specified
a digital signature algorithm (DSA) to generate and verify digital
signatures. Later revisions (FIPS 186-1 and FIPS 186-2, adopted in 1998
and 1999, respectively) adopted two additional algorithms specified in
American National Standards (ANS) X9.31 (Digital Signatures Using
Reversible Public Key Cryptography for the Financial Services Industry
(rDSA)), and X9.62 (The Elliptic Curve Digital Signature Algorithm
(ECDSA)).
The original DSA algorithm, as specified in FIPS 186, 186-1 and
186-2, allows key sizes of 512 to 1024 bits. With advances in
technology, it is prudent to consider larger key sizes. Draft FIPS 186-
3 allows the use of 1024, 2048 and 3072-bit keys. Other requirements
have also been added concerning the use of ANS X9.31 and ANS X9.62. In
addition, the use of the RSA algorithm as specified in Public Key
Cryptography Standard (PKCS) 1 (RSA Cryptography Standard) is
allowed.
A request for public comments was published in the Federal Register
on March 13, 2006 (71 FR 12678). After receiving comments in response
to this notice, NIST incorporated the comments and posted a revised
version of the FIPS on its Web site. NIST received some additional
comments in response to this posting. In all, a total of 15 individuals
and organizations provided comments (two U.S. government agencies, a
foreign government agency, one university, eight private organizations,
and three from individuals). The following is a summary of the comments
received and NIST's responses to them:
Comment: Seven commenters suggested a number of editorial changes.
Response: NIST made the appropriate editorial changes, which
included correcting typographical errors; spelling, format and font
size changes; reference restrictions and updates, where appropriate;
minor word changes and clarifications.
[[Page 66843]]
Comment: One commenter requested that examples be provided for each
of the digital signatures algorithms and key sizes.
Response: Examples will be provided at https://csrc.nist.gov/groups/
ST/toolkit/examples.html, and a link to this Web page has been included
in the implementation section of the announcement.
Comment: Eight commenters suggested a number of minor technical
changes.
Response: The appropriate changes were made, which included:
Corrections to the input to and pseudocode for defined functions;
Corrections to table entries;
Removal of the appendix on timestamping, and placing the contents
in a different document;
Allowing the use of the Chinese Remainder Theorem (CRT) for the
representation of the private key; and
Stating that the minimum lengths for the auxiliary primes for the
generation of RSA keys may be either fixed or randomly chosen.
Comment: Two commenters noted that the allowed values for the
public exponent e differ significantly from those allowed in ANS X9.31
and PKCS 1.
Response: The restricted values in the FIPS are a Federal
government choice to provide a higher level of security for its
agencies. Non-Federal government entities may voluntarily adopt these
restrictions.
Comment: One commenter asked why the new DSA domain parameter
validation method in A.1.1.3 is not compatible with the old
verification method in A.1.1.1, since the change breaks
interoperability with the FIPS 186-2 generation method.
Response: A.1.1.3 is intentionally different from A.1.1.1. The
change in the use of the hash function (no XORing) was in response to a
cryptanalytic attack that showed how to select a set of domain
parameters generated in the A.1.1.1 fashion in such a way that two
``messages'' with the same DSA signature could be found. Note that
A.1.1.1 still allows domain parameters generated using the older method
to be verified.
Comment: One commenter asked why the DSA key sizes are limited to
the smaller values?
Response: The length of the larger keys has a huge impact on
communications and storage requirements. The strategy of the U.S.
government is to transition to elliptic curve algorithms in order to
reduce the key sizes.
Comment: One commenter asked that a specification of the Shawe-
Taylor algorithm be included for use in the generation of RSA primes,
as well as for DSA primes.
Response: The Shawe-Taylor method was rewritten as a general
routine that is used for both DSA and RSA prime generation.
Comment: Two commenters provided comments with regard to the
inconsistencies in the number of iterations required for the
probabilistic primality tests.
Response: The number of iterations was taken from several FIPS and
ANSI standards. As a result of these comments, NIST reviewed the
methods used to calculate the number of iterations and calculated new
values for each digital signature method and prime length.
After the proposed values and associated explanatory text were
posted on the NIST Web site (in January 2007) the following five
comments were received:
Comment: One commenter stated the values in ANS X9.80 (Prime Number
Generation, Primality Testing, and Primality Certificates) should be
used for the number of iterations.
Response: The values ANS X9.80 were based on assumptions and
estimates that have been superseded by more recent considerations, and
these newer values have been included the FIPS.
Comment: One commenter suggested that fewer categories be provided
in the tables.
Response: NIST has chosen to base the number of tests on the key
sizes and provided separate requirements for each. An implementer can
choose to combine the requirements into fewer categories, as long as
the number of rounds for each key size are equal to or greater than the
numbers provided in the FIPS.
Comment: One commenter felt that the error probability should
always be 2-100 to align with the ANSI standards.
Response: The 2-100 error probability is included in
FIPS 186-3, along with others that are dependent on the security
strength, to allow an implementer to select the most suitable
probability for their application.
Comment: One commenter asked why the Lucas test is not required in
some cases?
Response: After extensive analysis by NIST, it was determined the
Lucas test is not required. However, the test can be performed after
the required number of iterations of the Miller-Rabin tests in order to
provide higher assurance. Wording has been included to clarify this.
Comment: One commenter suggested that the Frobenius-Grantham (FG)
method for prime candidate testing should be included, in addition to
the Miller-Rabin (MR) and Lucas tests.
Response: NIST has decided to remain with the testing methods used
in ANS X9.31, which includes the MR and Lucas tests, but not the FG
tests. In addition, the FG tests are more complex, so would be more
likely to be implemented incorrectly.
Comment: The criteria for the generation of strong primes in ASC
X9.31, upon which RSA key generation is based, does not agree with the
definition of strong primes in the Handbook of Applied Cryptography
(HAC).
Response: NIST researched and analyzed the requirements for RSA key
pair generation, including requirements for the use of strong primes,
and determined that strong primes as defined by the HAC are not
required. The RSA key pair generation methods were modified to include
a number of different methods that were not previously included in the
draft FIPS.
Comment: The draft FIPS refers to approved random number
generators. It is not clear whether SP 800-90 contains the only
approved methods for random number generation, or if other approved
methods can be used.
Response: The only other NIST document containing approved methods
for random number generation is FIPS 186-2. With the approval of FIPS
186-3, those methods will no longer be approved, subject to a
transition period posted by the Cryptographic Module Validation Program
(CMVP).
NIST has incorporated the comments previously received as described
above. NIST now seeks public comments on the revised draft of FIPS 186-
3. This second draft of FIPS 186-3 is available electronically from the
NIST Web site at: https://csrc.nist.gov/publications/drafts.html. The
current FIPS 186-2 is available electronically from the NIST Web site
at: https://csrc.nist.gov/publications/fips/. The first draft
of FIPS 186-3 and comments received on that draft are available
electronically from the NIST Web site at: https://csrc.nist.gov/groups/
ST/toolkit/digital_signatures.html, respectively. Comments received in
response to this notice will be published electronically at https://
csrc.nist.gov/groups/ST/toolkit/digital_signatures.html.
Authority: In accordance the Federal Information Security
Management Act (FISMA) of 2002 (Pub. L. 107-347), the
[[Page 66844]]
Secretary of Commerce is authorized to approve Federal Information
Processing Standards (FIPS). NIST activities to develop computer
security standards to protect Federal sensitive (unclassified)
information systems are undertaken pursuant to specific
responsibilities assigned to NIST by section 20 of the National
Institute of Standards and Technology Act (5 U.S.C. 278g-3), as amended
by section 303 of the Federal Information Security Management Act of
2002.
Executive Order 12866: This notice has been determined not to be
significant for the purposes of Executive Order 12866.
Dated: November 5, 2008.
Patrick Gallagher,
Deputy Director.
[FR Doc. E8-26841 Filed 11-10-08; 8:45 am]
BILLING CODE 3510-13-P
