Request for Comments on FIPS 186-5 and SP 800-186, 58373-58375 [2019-23742]
Download as PDF
<![CDATA[
Federal Register / Vol. 84, No. 211 / Thursday, October 31, 2019 / Notices
(202) 482–2044 or (202) 482–1791,
respectively.
SUPPLEMENTARY INFORMATION:
Background
On May 1, 2019, Commerce published
in the Federal Register a notice of
opportunity to request an administrative
review of the AD order on CTL plate
from Taiwan for the POR.1 Commerce
received a timely request from
ArcelorMittal USA LLC, Nucor
Corporation, and SSAB Enterprises, LLC
(collectively, the petitioners), in
accordance with section 751(a) of the
Tariff Act of 1930, as amended (the Act),
and 19 CFR 351.213(b), to conduct an
administrative review of this AD order
for 19 companies.2
On July 15, 2019, Commerce
published in the Federal Register a
notice of initiation with respect to these
companies.3 On October 8, 2019, the
petitioners timely withdrew their
request for an administrative review for
all 19 companies.4
Rescission of Administrative Review
Pursuant to 19 CFR 351.213(d)(1),
Commerce will rescind an
administrative review, in whole or in
part, if the parties that requested a
review withdraw the request within 90
days of the date of publication of the
notice of initiation of the requested
review. The petitioners withdrew their
request for review before the 90-day
deadline, and no other party requested
an administrative review of this order.
Therefore, we are rescinding the
administrative review of the AD order
on CTL plate from Taiwan covering the
period May 1, 2018, through April 30,
2019, in its entirety.
Assessment
Commerce will instruct U.S. Customs
and Border Protection (CBP) to assess
antidumping duties on all appropriate
entries. Because Commerce is
rescinding this administrative review in
its entirety, the entries to which this
administrative review pertained shall be
assessed at rates equal to the cash
deposit of estimated antidumping duties
khammond on DSKJM1Z7X2PROD with NOTICES
1 See
Antidumping or Countervailing Duty Order,
Finding, or Suspended Investigation; Opportunity
To Request Administrative Review, 84 FR 18479
(May 1, 2019).
2 See Petitioners’ Letter, ‘‘Carbon and Alloy Steel
Cut-To-Length Plate from Taiwan—Petitioner’s
Request for 2018/2019 Administrative Review,’’
dated May 31, 2019.
3 See Initiation of Antidumping and
Countervailing Duty Administrative Reviews, 84 FR
33739 (July 15, 2019).
4 See Petitioners’ Letter, ‘‘Carbon and Alloy Steel
Cut-To-Length Plate from Taiwan—Petitioner’s
Withdrawal of Review Request for 2018/2019
Administrative Review,’’ dated October 8, 2019.
VerDate Sep<11>2014
16:38 Oct 30, 2019
Jkt 250001
required at the time of entry, or
withdrawal from warehouse, for
consumption, in accordance with 19
CFR 351.212(c)(1)(i). Commerce intends
to issue appropriate assessment
instructions directly to CBP 15 days
after the date of publication of this
notice in the Federal Register.
Notification to Importers
This notice serves as the only
reminder to importers of their
responsibility, under 19 CFR
351.402(f)(2), to file a certificate
regarding the reimbursement of
antidumping duties prior to liquidation
of the relevant entries during this
review period. Failure to comply with
this requirement may result in the
presumption that reimbursement of
antidumping duties occurred and the
subsequent assessment of double
antidumping duties.
Notification Regarding Administrative
Protective Orders
This notice serves as the only
reminder to parties subject to
administrative protective order (APO) of
their responsibility concerning the
disposition of proprietary information
disclosed under APO in accordance
with 19 CFR 351.305(a)(3). Timely
written notification of the return or
destruction of APO materials or
conversion to judicial protective order is
hereby requested. Failure to comply
with the regulations and the terms of an
APO is a sanctionable violation.
Notification to Interested Parties
This notice is published in
accordance with sections 751(a)(1) and
777(i)(1) of the Act and 19 CFR
351.213(d)(4).
Dated: October 24, 2019.
James Maeder,
Deputy Assistant Secretary for Antidumping
and Countervailing Duty Operations.
[FR Doc. 2019–23772 Filed 10–30–19; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No. 191016–0064]
Request for Comments on FIPS 186–5
and SP 800–186
National Institute of Standards
and Technology (NIST), Commerce.
ACTION: Notice; request for comments.
AGENCY:
The National Institute of
Standards and Technology (NIST)
requests comments on Federal
SUMMARY:
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
58373
Information Processing Standard (FIPS)
186–5, Digital Signature Standard. FIPS
186–5 specifies four techniques for the
generation and verification of digital
signatures that can be used for the
protection of data: The Rivest-Shamir
Adelman Algorithm (RSA), the Digital
Signature Algorithm (DSA), the Elliptic
Curve Digital Signature Algorithm
(ECDSA), and the Edwards curve Digital
Signature Algorithm (EdDSA). Elliptic
curves recommended for government
use with ECDSA and EdDSA are
specified in draft NIST Special
Publication (SP) 800–186,
Recommendations for DiscreteLogarithm Based Cryptography: Elliptic
Curve Domain Parameters. We are also
requesting comments on draft SP 800–
186.
DATES: Comments on FIPS 186–5 and SP
800–186 must be received on or before
January 29, 2020.
ADDRESSES: The drafts of FIPS 186–5
and SP 800–186 are available for review
and comment on the NIST Computer
Security Resource Center website at
https://csrc.nist.gov and at
www.regulations.gov. Comments on
FIPS 186–5 may be sent electronically to
FIPS186-comments@nist.gov with
‘‘Comment on FIPS 186’’ in the subject
line or submitted via
www.regulations.gov. Comments on SP
800–186 may be sent electronically to
SP800–186-comments@nist.gov with
‘‘Comment on SP 800–186’’ in the
subject line. Written comments may also
be submitted by mail to Information
Technology Laboratory, ATTN: FIPS
186–5 and SP 800-186 Comments,
National Institute of Standards and
Technology, 100 Bureau Drive, Mail
Stop 8930, Gaithersburg, MD 20899–
8930.
Relevant comments received by the
deadline will be published
electronically at https://csrc.nist.gov/ and
www.regulations.gov without change or
redaction, so commenters should not
include information they do not wish to
be posted (e.g., personal or confidential
business information). Comments that
contain profanity, vulgarity, threats, or
other inappropriate language or content
will not be posted or considered.
FOR FURTHER INFORMATION CONTACT: Dr.
Dustin Moody, National Institute of
Standards and Technology, 100 Bureau
Drive, Mail Stop 8930, Gaithersburg,
MD 20899–8930, email: Dustin.Moody@
nist.gov, phone: (301) 975–8136.
SUPPLEMENTARY INFORMATION: FIPS 186
was initially developed by NIST in
collaboration with the National Security
Agency (NSA), using the NSA-designed
Digital Signature Algorithm (DSA). Later
versions of the standard approved the
E:\FR\FM\31OCN1.SGM
31OCN1
khammond on DSKJM1Z7X2PROD with NOTICES
58374
Federal Register / Vol. 84, No. 211 / Thursday, October 31, 2019 / Notices
use of ECDSA, developed by Certicom,
and RSA, developed by Ron Rivest, Adi
Shamir and Len Adelman. The
American Standards Committee (ASC)
on Financial Services, X9, developed
standards specifying the use of both
ECDSA and RSA; the standards
included methods for generating key
pairs, which were used as the basis for
the later versions of FIPS 186.
The ECDSA was included by
reference in FIPS 186–2, the second
revision to FIPS 186, which was
announced in the Federal Register (65
FR 7507) on February 15, 2000. The
FIPS was revised in order to align the
standard with new digital signature
algorithms included in ASC X9
standards. To facilitate testing and
interoperability, NIST needed to specify
elliptic curves that could be used with
ECDSA. Working in collaboration with
the NSA, NIST included three sets of
recommended elliptic curves in FIPS
186–2 that were generated using the
algorithms in the American National
Standard (ANS) X9.62 standard and
Institute of Electrical and Electronics
Engineers (IEEE) P1363 standards. The
provenance of the curves was not fully
specified, leading to public concerns
that there could be an unknown
weakness in these curves. NIST is not
aware of any vulnerabilities to attacks
on these curves when they are
implemented correctly and used as
described in NIST standards and
guidelines.
Advances in the understanding of
elliptic curves within the cryptographic
community have led to the development
of new elliptic curves and algorithms,
and their designers claim that they offer
better performance and are easier to
implement in a secure manner than
previous versions. In 2014, NIST’s
Visiting Committee on Advanced
Technology (VCAT) conducted a review
of NIST’s cryptographic standards
program. As part of their review, the
VCAT recommended that NIST
‘‘generate a new set of elliptic curves for
use with ECDSA in FIPS 186.’’ See
https://www.nist.gov/sites/default/files/
documents/2017/05/09/VCAT-Reporton-NIST-Cryptographic-Standards-andGuidelines-Process.pdf.
In June 2015, NIST hosted a technical
workshop on Elliptic Curve
Cryptography Standards to discuss
possible approaches to promote the
adoption of secure, interoperable and
efficient elliptic curve mechanisms.
Workshop participants expressed
significant interest on the development,
standardization, and adoption of new
elliptic curves.
In October 2015, NIST solicited
comments on the elliptic curves and
VerDate Sep<11>2014
16:38 Oct 30, 2019
Jkt 250001
signature algorithms specified in FIPS
186–4 (80 FR 63539). The comments
noted the broad use of the NIST prime
curves and ECDSA within industry, but
many commenters called for the
standardization of new elliptic curves
and signature algorithms.
As a result of this input, NIST is
proposing updates to its standards on
digital signatures and elliptic curve
cryptography to align with existing and
emerging industry standards. As part of
these updates, NIST is proposing to
adopt two new elliptic curves, Ed25519
and Ed448, for use with EdDSA. EdDSA
is a deterministic elliptic curve
signature scheme currently specified in
the Internet Research Task Force (IRTF)
RFC 8032, Edwards-Curve Digital
Signature Algorithm. NIST further
proposes adopting a deterministic
variant of ECDSA; this variant is
currently specified in RFC 6979,
Deterministic Usage of the Digital
Signature Algorithm and Elliptic Curve
Digital Signature Algorithm. Finally,
based on feedback received on the
adoption of the current elliptic curve
standards, the draft standards deprecate
curves over binary fields due to their
limited use by industry.
The proposed digital signature
algorithms are included in the draft
FIPS 186–5, Digital Signature Standard.
NIST-recommended elliptic curves,
previously specified in FIPS 186–4
Appendix D, are now included in the
draft SP 800–186, Recommendations for
Discrete-Logarithm Based Cryptography:
Elliptic Curve Domain Parameters. Both
documents are available for review and
comment on the NIST Computer
Security Resource Center website at
https://csrc.nist.gov/ as well as
www.regulations.gov.
Noting increased industry adoption of
ECDSA within security products, the
draft FIPS 186–5 proposes the removal
of the DSA. DSA was initially the only
approved signature algorithm in the
Digital Signature Standard when FIPS
186 was originally published in 1994
(59 FR 26208). Industry adoption of
DSA was limited, and subsequent
versions of FIPS 186 added other
signature algorithms that are in broad
use within products and protocols,
including ECDSA and RSA-based
signature algorithms. At this time, NIST
is not aware of any applications where
DSA is currently broadly used.
Furthermore, recent academic analysis
observed that implementations of DSA
may be vulnerable to attacks if domain
parameters are not properly generated.
These parameters are not commonly
verified before use. The removal of DSA
from FIPS 186–5 would prohibit use of
DSA for generating digital signatures,
PO 00000
Frm 00006
Fmt 4703
Sfmt 4703
while legacy use of DSA to verify
existing signatures would be allowed.
Draft FIPS 186–5 includes other
updates intended to maintain normative
references within the standard, as well
as updates to technical content based on
current cryptographic research. RSA
digital signature schemes based on ANS
X9.31, Digital Signatures Using
Reversible Public Key Cryptographic for
the Financial Services Industry, are no
longer referenced in FIPS 185–5, as that
standard is no longer being maintained
by the Accredited Standards Committee
on Financial Services, X9. RSA digital
signature schemes based on Public-Key
Cryptography Standard (PKCS) #1, RSA
Cryptography Standard, is also specified
in IETF RFC 8017, and the draft FIPS
186–5 approves the use of
implementations of either or both of
these standards, along with some
additional requirements.
Request for Comments
NIST is seeking public comments on
the proposed revisions to the digital
signature algorithms specified in draft
FIPS 186–5. NIST further invites public
comments on the related elliptic curve
specifications in draft NIST SP 800–186.
As part of this request, NIST seeks
public feedback on the variants and
parameters specified for EdDSA in draft
FIPS 186–5. The draft revisions include
a variant known as Pre-hash EdDSA.
NIST seeks input on the need for this
variant in cryptographic products and
protocols. Furthermore, NIST seeks
input on the allowed hash functions
specified for use with EdDSA.
In addition to EdDSA, Draft FIPS 186–
5 includes a second deterministic
signature algorithm which is a variant of
ECDSA. As referenced in the draft FIPS
186–5, recent security research has
found that implementations of these
deterministic signature algorithms may
be vulnerable to certain kinds of sidechannel or fault injection attacks. NIST
seeks comments on the suitability of
these algorithms for broad use in
security products and protocols, and
comments on the need for any
additional guidance for implementors.
NIST also requests comments on the
set of recommended and allowed
elliptic curves included in draft NIST
SP 800–186. In particular, NIST requests
feedback on the use of these curves by
industry, and industry’s need for
additional elliptic curve specifications
to meet security or customer
requirements.
Finally, NIST requests comments on
the proposal to remove DSA from FIPS
186–5. In particular, NIST seeks
comments on applications where DSA is
being used, security considerations
E:\FR\FM\31OCN1.SGM
31OCN1
Federal Register / Vol. 84, No. 211 / Thursday, October 31, 2019 / Notices
around its use, and the need for a
deprecation plan rather than an
immediate removal.
Authority: 44 U.S.C. 3553(f)(1), 15 U.S.C.
278g–3.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2019–23742 Filed 10–30–19; 8:45 am]
BILLING CODE 3510–13–P
COMMODITY FUTURES TRADING
COMMISSION
Agency Information Collection
Activities Under OMB Review
Commodity Futures Trading
Commission.
ACTION: Notice.
AGENCY:
In compliance with the
Paperwork Reduction Act of 1995
(PRA), this notice announces that the
Information Collection Request (ICR)
abstracted below has been forwarded to
the Office of Management and Budget
(OMB) for review and comment. The
ICR describes the nature of the
information collection and its expected
costs and burden.
DATES: Comments must be submitted on
or before December 2, 2019.
ADDRESSES: Comments regarding the
burden estimate or any other aspect of
the information collection, including
suggestions for reducing the burden,
may be submitted directly to the Office
of Information and Regulatory Affairs
(OIRA) in OMB within 30 days of this
notice’s publication by either of the
following methods. Please identify the
comments by ‘‘Margin Requirements for
Uncleared Swaps for Swap Dealers and
Major Swap Participants, Comparability
Determinations With Margin
Requirements, OMB Control No. 3038–
0111.’’
• By email addressed to:
OIRAsubmissions@omb.eop.gov or
• By mail addressed to: the Office of
Information and Regulatory Affairs,
Office of Management and Budget,
Attention Desk Officer for the
Commodity Futures Trading
Commission, 725 17th Street NW,
Washington DC 20503.
A copy of all comments submitted to
OIRA should be sent to the Commodity
Futures Trading Commission (the
‘‘Commission’’) by either of the
following methods. The copies should
refer to ‘‘OMB Control No. 3038–0111.’’
• By mail addressed to: Christopher
Kirkpatrick, Secretary of the
Commission, Commodity Futures
Trading Commission, Three Lafayette
khammond on DSKJM1Z7X2PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
16:38 Oct 30, 2019
Jkt 250001
Centre, 1155 21st Street NW,
Washington, DC 20581;
• By Hand Delivery/Courier to the
same address; or
• Through the Commission’s website
at https://comments.cftc.gov. Please
follow the instructions for submitting
comments through the website.
A copy of the supporting statement
for the collection of information
discussed herein may be obtained by
visiting https://RegInfo.gov.
All comments must be submitted in
English, or if not, accompanied by an
English translation. Comments will be
posted as received to https://
www.cftc.gov. You should submit only
information that you wish to make
available publicly. If you wish the
Commission to consider information
that you believe is exempt from
disclosure under the Freedom of
Information Act, a petition for
confidential treatment of the exempt
information may be submitted according
to the procedures established in § 145.9
of the Commission’s regulations.1 The
Commission reserves the right, but shall
have no obligation, to review, prescreen, filter, redact, refuse or remove
any or all of your submission from
https://www.cftc.gov that it may deem to
be inappropriate for publication, such as
obscene language. All submissions that
have been redacted or removed that
contain comments on the merits of the
ICR will be retained in the public
comment file and will be considered as
required under the Administrative
Procedure Act and other applicable
laws, and may be accessible under the
Freedom of Information Act.
FOR FURTHER INFORMATION CONTACT:
Lauren Bennett, Special Counsel,
Division of Swap Dealer and
Intermediary Oversight, Commodity
Futures Trading Commission, (202)
418–5290 or lbennett@cftc.gov.
SUPPLEMENTARY INFORMATION:
Title: Margin Requirements for
Uncleared Swaps for Swap Dealers and
Major Swap Participants; Comparability
Determinations With Margin
Requirements (OMB Control No. 3038–
0111). This is a request for an extension
and revision of a currently approved
information collection.
Abstract: Section 731 of the DoddFrank Wall Street Reform and Consumer
Protection Act (‘‘Dodd-Frank Act’’),2
amended the Commodity Exchange Act
(‘‘CEA’’), 7 U.S.C. 1 et seq., to add, as
section 4s(e) thereof, provisions
concerning the setting of initial and
variation margin requirements for swap
1 17
CFR 145.9.
Law 111–023, 124 Stat. 1376 (2010).
dealers (‘‘SDs’’) and major swap
participants (‘‘MSPs’’).3 Each SD and
MSP for which there is a Prudential
Regulator, as defined in section 1a(39)
of the CEA,4 must meet margin
requirements established by the
applicable Prudential Regulator, and
each SD and MSP for which there is no
Prudential Regulator (‘‘Covered Swap
Entities’’ or ‘‘CSEs’’) must comply with
the Commission’s regulations governing
margin on all swaps that are not
centrally cleared.
With regard to the cross-border
application of the Commission’s margin
rules, section 2(i) 5 of the CEA provides
the Commission with express authority
over activities outside the United States
relating to swaps when certain
conditions are met. Section 2(i) of the
CEA provides that the provisions of the
CEA relating to swaps that were enacted
by the Wall Street Transparency and
Accountability Act of 2010 (including
any rule prescribed or regulation
promulgated under that Act), shall not
apply to activities outside the United
States unless those activities (1) have a
direct and significant connection with
activities in, or effect on, commerce of
the United States or (2) contravene such
rules or regulations as the Commission
may prescribe or promulgate as are
necessary or appropriate to prevent the
evasion of any provision of the CEA that
was enacted by the Wall Street
Transparency and Accountability Act of
2010.
On May 31, 2016, the Commission
published a final rule addressing the
cross-border application of its margin
requirements for uncleared swaps
applicable to CSEs.6 As described
below, the adopting release for the Final
Rule contained a collection of
information regarding requests for
comparability determinations, which
was previously included in the
proposing release, and for which the
Office of Management and Budget
(‘‘OMB’’) assigned OMB control number
3038–0111, titled ‘‘Margin
Requirements for Uncleared Swaps for
Swap Dealers and Major Swap
Participants; Comparability
Determinations With Margin
Requirements.’’ In addition, the
adopting release included two
additional information collections
regarding non-netting jurisdictions 7 and
37
U.S.C. 6s(e).
U.S.C. 1a(39).
5 7 U.S.C. 2(i).
6 81 FR 34818 (May 31, 2016).
7 As used in the adopting release, a ‘‘non-netting
jurisdiction’’ is a jurisdiction in which a CSE
cannot conclude, with a well-founded basis, that
the netting agreement with a counterparty in that
47
2 Public
PO 00000
Frm 00007
Fmt 4703
Sfmt 4703
58375
E:\FR\FM\31OCN1.SGM
Continued
31OCN1
]]>Agencies
[Federal Register Volume 84, Number 211 (Thursday, October 31, 2019)]
[Notices]
[Pages 58373-58375]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-23742]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 191016-0064]
Request for Comments on FIPS 186-5 and SP 800-186
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
requests comments on Federal Information Processing Standard (FIPS)
186-5, Digital Signature Standard. FIPS 186-5 specifies four techniques
for the generation and verification of digital signatures that can be
used for the protection of data: The Rivest-Shamir Adelman Algorithm
(RSA), the Digital Signature Algorithm (DSA), the Elliptic Curve
Digital Signature Algorithm (ECDSA), and the Edwards curve Digital
Signature Algorithm (EdDSA). Elliptic curves recommended for government
use with ECDSA and EdDSA are specified in draft NIST Special
Publication (SP) 800-186, Recommendations for Discrete-Logarithm Based
Cryptography: Elliptic Curve Domain Parameters. We are also requesting
comments on draft SP 800-186.
DATES: Comments on FIPS 186-5 and SP 800-186 must be received on or
before January 29, 2020.
ADDRESSES: The drafts of FIPS 186-5 and SP 800-186 are available for
review and comment on the NIST Computer Security Resource Center
website at https://csrc.nist.gov and at www.regulations.gov. Comments on
FIPS 186-5 may be sent electronically to [email protected] with
``Comment on FIPS 186'' in the subject line or submitted via
www.regulations.gov. Comments on SP 800-186 may be sent electronically
to [email protected] with ``Comment on SP 800-186'' in the
subject line. Written comments may also be submitted by mail to
Information Technology Laboratory, ATTN: FIPS 186-5 and SP 800-186
Comments, National Institute of Standards and Technology, 100 Bureau
Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930.
Relevant comments received by the deadline will be published
electronically at https://csrc.nist.gov/ and www.regulations.gov without
change or redaction, so commenters should not include information they
do not wish to be posted (e.g., personal or confidential business
information). Comments that contain profanity, vulgarity, threats, or
other inappropriate language or content will not be posted or
considered.
FOR FURTHER INFORMATION CONTACT: Dr. Dustin Moody, National Institute
of Standards and Technology, 100 Bureau Drive, Mail Stop 8930,
Gaithersburg, MD 20899-8930, email: [email protected], phone: (301)
975-8136.
SUPPLEMENTARY INFORMATION: FIPS 186 was initially developed by NIST in
collaboration with the National Security Agency (NSA), using the NSA-
designed Digital Signature Algorithm (DSA). Later versions of the
standard approved the
[[Page 58374]]
use of ECDSA, developed by Certicom, and RSA, developed by Ron Rivest,
Adi Shamir and Len Adelman. The American Standards Committee (ASC) on
Financial Services, X9, developed standards specifying the use of both
ECDSA and RSA; the standards included methods for generating key pairs,
which were used as the basis for the later versions of FIPS 186.
The ECDSA was included by reference in FIPS 186-2, the second
revision to FIPS 186, which was announced in the Federal Register (65
FR 7507) on February 15, 2000. The FIPS was revised in order to align
the standard with new digital signature algorithms included in ASC X9
standards. To facilitate testing and interoperability, NIST needed to
specify elliptic curves that could be used with ECDSA. Working in
collaboration with the NSA, NIST included three sets of recommended
elliptic curves in FIPS 186-2 that were generated using the algorithms
in the American National Standard (ANS) X9.62 standard and Institute of
Electrical and Electronics Engineers (IEEE) P1363 standards. The
provenance of the curves was not fully specified, leading to public
concerns that there could be an unknown weakness in these curves. NIST
is not aware of any vulnerabilities to attacks on these curves when
they are implemented correctly and used as described in NIST standards
and guidelines.
Advances in the understanding of elliptic curves within the
cryptographic community have led to the development of new elliptic
curves and algorithms, and their designers claim that they offer better
performance and are easier to implement in a secure manner than
previous versions. In 2014, NIST's Visiting Committee on Advanced
Technology (VCAT) conducted a review of NIST's cryptographic standards
program. As part of their review, the VCAT recommended that NIST
``generate a new set of elliptic curves for use with ECDSA in FIPS
186.'' See https://www.nist.gov/sites/default/files/documents/2017/05/09/VCAT-Report-on-NIST-Cryptographic-Standards-and-Guidelines-Process.pdf.
In June 2015, NIST hosted a technical workshop on Elliptic Curve
Cryptography Standards to discuss possible approaches to promote the
adoption of secure, interoperable and efficient elliptic curve
mechanisms. Workshop participants expressed significant interest on the
development, standardization, and adoption of new elliptic curves.
In October 2015, NIST solicited comments on the elliptic curves and
signature algorithms specified in FIPS 186-4 (80 FR 63539). The
comments noted the broad use of the NIST prime curves and ECDSA within
industry, but many commenters called for the standardization of new
elliptic curves and signature algorithms.
As a result of this input, NIST is proposing updates to its
standards on digital signatures and elliptic curve cryptography to
align with existing and emerging industry standards. As part of these
updates, NIST is proposing to adopt two new elliptic curves, Ed25519
and Ed448, for use with EdDSA. EdDSA is a deterministic elliptic curve
signature scheme currently specified in the Internet Research Task
Force (IRTF) RFC 8032, Edwards-Curve Digital Signature Algorithm. NIST
further proposes adopting a deterministic variant of ECDSA; this
variant is currently specified in RFC 6979, Deterministic Usage of the
Digital Signature Algorithm and Elliptic Curve Digital Signature
Algorithm. Finally, based on feedback received on the adoption of the
current elliptic curve standards, the draft standards deprecate curves
over binary fields due to their limited use by industry.
The proposed digital signature algorithms are included in the draft
FIPS 186-5, Digital Signature Standard. NIST-recommended elliptic
curves, previously specified in FIPS 186-4 Appendix D, are now included
in the draft SP 800-186, Recommendations for Discrete-Logarithm Based
Cryptography: Elliptic Curve Domain Parameters. Both documents are
available for review and comment on the NIST Computer Security Resource
Center website at https://csrc.nist.gov/ as well as www.regulations.gov.
Noting increased industry adoption of ECDSA within security
products, the draft FIPS 186-5 proposes the removal of the DSA. DSA was
initially the only approved signature algorithm in the Digital
Signature Standard when FIPS 186 was originally published in 1994 (59
FR 26208). Industry adoption of DSA was limited, and subsequent
versions of FIPS 186 added other signature algorithms that are in broad
use within products and protocols, including ECDSA and RSA-based
signature algorithms. At this time, NIST is not aware of any
applications where DSA is currently broadly used. Furthermore, recent
academic analysis observed that implementations of DSA may be
vulnerable to attacks if domain parameters are not properly generated.
These parameters are not commonly verified before use. The removal of
DSA from FIPS 186-5 would prohibit use of DSA for generating digital
signatures, while legacy use of DSA to verify existing signatures would
be allowed.
Draft FIPS 186-5 includes other updates intended to maintain
normative references within the standard, as well as updates to
technical content based on current cryptographic research. RSA digital
signature schemes based on ANS X9.31, Digital Signatures Using
Reversible Public Key Cryptographic for the Financial Services
Industry, are no longer referenced in FIPS 185-5, as that standard is
no longer being maintained by the Accredited Standards Committee on
Financial Services, X9. RSA digital signature schemes based on Public-
Key Cryptography Standard (PKCS) #1, RSA Cryptography Standard, is also
specified in IETF RFC 8017, and the draft FIPS 186-5 approves the use
of implementations of either or both of these standards, along with
some additional requirements.
Request for Comments
NIST is seeking public comments on the proposed revisions to the
digital signature algorithms specified in draft FIPS 186-5. NIST
further invites public comments on the related elliptic curve
specifications in draft NIST SP 800-186.
As part of this request, NIST seeks public feedback on the variants
and parameters specified for EdDSA in draft FIPS 186-5. The draft
revisions include a variant known as Pre-hash EdDSA. NIST seeks input
on the need for this variant in cryptographic products and protocols.
Furthermore, NIST seeks input on the allowed hash functions specified
for use with EdDSA.
In addition to EdDSA, Draft FIPS 186-5 includes a second
deterministic signature algorithm which is a variant of ECDSA. As
referenced in the draft FIPS 186-5, recent security research has found
that implementations of these deterministic signature algorithms may be
vulnerable to certain kinds of side-channel or fault injection attacks.
NIST seeks comments on the suitability of these algorithms for broad
use in security products and protocols, and comments on the need for
any additional guidance for implementors.
NIST also requests comments on the set of recommended and allowed
elliptic curves included in draft NIST SP 800-186. In particular, NIST
requests feedback on the use of these curves by industry, and
industry's need for additional elliptic curve specifications to meet
security or customer requirements.
Finally, NIST requests comments on the proposal to remove DSA from
FIPS 186-5. In particular, NIST seeks comments on applications where
DSA is being used, security considerations
[[Page 58375]]
around its use, and the need for a deprecation plan rather than an
immediate removal.
Authority: 44 U.S.C. 3553(f)(1), 15 U.S.C. 278g-3.
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2019-23742 Filed 10-30-19; 8:45 am]
BILLING CODE 3510-13-P
