In what looks like a surprise announcement, NIST has published a request-for-comments on a new Digital Signature Algorithm that expands the hash size to the newer SHA-2 family.
March 13, 2006: Draft Federal Information Processing Standard (FIPS) 186-3 - Digital Signature Standard (DSS)
Draft FIPS 186-3 is the proposed revision of FIPS 186-2. The draft defines methods for digital signature generation that can be used for the protection of messages, and for the verification and validation of those digital signatures. Three techniques are allowed: DSA, RSA and ECDSA. This draft includes requirements for obtaining the assurances necessary for valid digital signatures. Methods for obtaining these assurances are provided in Draft NIST Special Publication 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications. (see write-up for draft SP 800-89 below)
David Shaw notes the larger sizes:
In the OpenPGP context, probably the most interesting bit is that the 160-bit hash limit has been removed. The sizes supported are:
- 1024-bit key, 160-bit hash (the current DSA)
- 2048-bit key, 224-bit hash (presumably aimed at SHA-224)
- 2048-bit key, 256-bit hash (presumably aimed at SHA-256)
- 3072-bit key, 256-bit hash (presumably aimed at SHA-256)
It also adds the concept of using a larger hash than will fit by taking the leftmost bits.
More later ...Posted by iang at March 14, 2006 12:59 PM | TrackBack