Overview

As an electronic analogue of a written signature, a digital signature provides assurance that:

the claimed signatory signed the information, and

the information was not modified after signature generation.

Federal Information Processing Standard $($FIPS$)186-4,$ Digital Signature Standard $($DSS$),$ specifies three NIST$-$approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function specified in FIPS $180-4,$ Secure Hash Standard or FIPS $202,$ SHA$-3$ Standard: Permutation$-$Based Hash and Extendable$-$Output Functions.

February $3,2023$

NIST published Federal Information Processing Standard $($FIPS$)186-5,$ Digital Signature Standard $($DSS$),$ along with NIST Special Publication $($SP$)800-186,$ Recommendations for Discrete Logarithm$-$based Cryptography: Elliptic Curve Domain Parameters.

Please see the CSRC News item for full details. A Federal Register Notice $($FRN$)$ was also issued announcing the issuance of FIPS $186-5,$ Digital Signature Standard.

Testing DSS Implementations

Testing requirements and validation lists for DSS implementations are available from the Cryptographic Algorithm Validation Program $($CAVP$).$

Implementation$-$related References

Examples with Intermediate Values

Object Identifiers $($OIDs$)$

History of the DSS $($FIPS $186)$

FIPS $186$ was first published in $1994$ and specified a digital signature algorithm $($DSA$)$ to generate and verify digital signatures. Later revisions $$ FIPS $186-1(1998)$ and FIPS $186-2(2000)$ adopted two additional algorithms: the Elliptic Curve Digital Signature Algorithm $($ECDSA$)$ and the RSA digital signature algorithm.

FIPS $186-3(2009)$ increased the key sizes allowed for DSA, provided additional requirements for the use of ECDSA and RSA, and included requirements for obtaining the assurances necessary for valid digital signatures. FIPS $186-3$ also replaced the random number generator specifications included in previous versions with a reference to SP $800-90.$

The latest version, FIPS $186-4(2013),$ reduces restrictions on the use of random number generators and the retention and use of prime number generation seeds, and improves alignment with Public$-$Key Cryptography Standard $($PKCS$)$ #$1.$

Summarize the above