NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Digital Signatures

Approved Algorithms

Currently, there exist three (3) Approved* algorithms for generating and verifying digital signatures: DSA, RSA, and ECDSA. All three algorithms are used in conjunction with an Approved hash function.

April 10, 2012: NIST requests comments on proposed changes to Federal Information Processing Standard 186-3, the Digital Signature Standard. The Federal Register Notice requests that electronic comments be sent by May 25, 2012 to fips_186-3_change_notice@nist.gov, with “186-3 Change Notice” in the subject line. The proposed revisions are here.

Digital Signature Algorithm (DSA)

FIPS 186-3, Digital Signature Standard (DSS), June 2009.

NIST is proud to announce the publication of FIPS 186-3, The Digital Signature Standard. FIPS 186-3 is a revision of FIPS 186-2. The FIPS specifies three techniques for the generation and verification of digital signatures: DSA, ECDSA and RSA. This revision increases the length of the keys allowed for DSA, provides additional requirements for the use of ECDSA and RSA, and includes requirements for obtaining assurances necessary for valid digital signatures.

September 22, 2009: NIST announces the completion of SP 800-102, Recommendation for Digital Signature Timeliness. Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the accuracy of the time can be trusted. With the appropriate use of digital signature-based timestamps from a Trusted Timestamp Authority (TTA) and/or verifier-supplied data that is included in the signed message, the signatory can provide some level of assurance about the time that the message was signed.

An accompanying document to FIPS 186-3, NIST Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurances necessary for valid digital signatures.

NIST announces the release of Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize the input messages to hash functions prior to the generation of digital signatures to strengthen security of the digital signatures.

RSA Digital Signatures

FIPS 186-3, Digital Signature Standard (DSS), June 2009.

FIPS 186-3 indicates that the RSA digital signature algorithm, as specified in ANSI X9.31 and PKCS #1, may be used for digital signature generation and verification.

October 20, 2006: An attack has been found on some implementations of RSA digital signatures using the padding scheme for RSASSA-PKCS1-v1_5 as specified in Public Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard-2002. A statement discussing the attack is available. A similar attack could also be applied to implementations of digital signatures as specified in American National Standard (ANS) X9.31. Note that this attack is not on the RSA algorithm itself, but on improper implementations of the signature verification process.

ECDSA Digital Signature Algorithm

FIPS 186-3, Digital Signature Standard (DSS), June 2009.

FIPS 186-3 indicates that the ECDSA digital signature algorithm, as specified in ANSI X9.62, may be used for digital signature generation and verification.

See the Notes in DSA section regarding the new drafts.

ANSI X9.62-2005, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005 (available from the ANSI X9 catalog).

ANSI X9.62 contains the complete specification for the ECDSA signature algorithm.

Elliptic curves recommended for Federal Government use can be found in Appendix D of FIPS 186-3. The white paper that originally specified these curves is also available.

Back to Top

Testing Products

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

Additional Information

ITL Bulletin: Digital Signature Standard, November 1994. This bulletin provides an overview of the DSS, including some information on patents (however, it does not include information on RSA or ECDSA - only DSA).

January 13, 2011: NIST announces the completion of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. This Recommendation provides the approach for transitioning from the use of one algorithm or key length to another, as initially addressed in Part 1 of SP 800-57.

Back to Top
Note: An algorithm or technique that is either specified in a FIPS or NIST Recommendation.