FIPS 186-5 & Its Impact on FIPS 140-3

In 1994 the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) released a collaborative standard to specify a suite of algorithms that could be used to generate a digital signature.

A digital signature is defined as a tool to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory.

The new NIST and NSA standard was to be built on the previously proposed NSA-designed Digital Signature Algorithm (DSA), a public-key cryptosystem. The result was the release of the Federal Information Processing Standard 186, otherwise referred to as FIPS 186. Since that time, FIPS 186 has gone through many iterations, changing the approved algorithms, and adding requirements. The following is a brief history of the versioning and changes, including the recent release in February of 2023:

1994: Release of FIPS 186
1996: Change to FIPS 186 for precomputing
1998: Release of FIPS 186-1, approves the use of RSA
2000: Release of FIPS 186-2, approves the use of ECDSA and elliptical curves associated with ECDSA
2009: Release of FIPS 186-3:

• • Increases the key sizes for DSA
  • Provides additional requirements for the use of RSA and ECDSA
  • Allows the use of the RSA algorithm specified in Public Key Cryptography Standard (PKCS) #1
  • Includes requirements for obtaining the assurances necessary for valid digital signatures
  • Replaces the random number generators specified in previous versions of the FIPS with a reference to NIST Special Publication (SP) 800-90 (Recommendation for Random Number Generation Using Deterministic Random Bit Generators)

2013: Release of FIPS 186-4:

• • Reduces restrictions on the use of random number generators and the retention and use of prime number generation seeds
  • Aligns the specification for the use of a random salt value in the RSASSA-PSS digital signature scheme with PKCS #1.

2023:  Release of FIPS 186-5 (see below for the changes)

What is Significant About the Latest Release?

NIST’s Visiting Committee on Advanced Technology (VCAT), which conducts reviews of NIST’s cryptographic standards program, recently recommended that NIST “generate a new set of elliptic curves for use with ECDSA in the form of FIPS 186”. This recommendation led NIST to change the standard to specify three techniques for the generation and verification of digital signatures that can be used for the protection of data: the Rivest-Shamir-Adleman (RSA) Algorithm, the Elliptic Curve Digital Signature Algorithm (ECDSA), and the Edwards Curve Digital Signature Algorithm (EdDSA).

Notably, FIPS 186-5 removes DSA as an approved digital signature algorithm “due to a lack of use by industry and based on academic analyses that observed that implementations of DSA may be vulnerable to attacks if domain parameters are not properly generated. DSA is retained only for the purposes of verifying existing signatures.”

To facilitate a transition to the new standard, FIPS 186-4 will remain in effect alongside FIPS 186-5 for a period of one year. During the transition period (02/03/2023 – 02/03/2024) vendors may elect to comply with FIPS 186-4 or FIPS 186-5. After the one-year transition period vendors must comply with the new FIPS 186-5 standards.

The Correlation to FIPS 140-3 & The Impact to Vendors

In order to achieve a FIPS 140-3 validation vendors must comply with FIPS 186 if using digital signatures in their cryptographic module(s).

During the one-year transition period, vendors may elect to conform to either FIPS 186-4 or FIPS 186-5 for FIPS 140-3 validations. The Cryptographic Module Validation Program (CMVP) will adopt FIPS 186-5 for Cryptographic Algorithm Validation Program (CAVP) testing and is already offering production-level testing for the new FIPS 186-5 standard. Additionally, NIST SP 800-131A and the CMVP will provide transition guidance concerning the use of DSA and the binary elliptic curves.

The FIPS 186-5 transition is a “soft” transition and will not result in modules conforming to FIPS 186-4 being moved to the CMVP Historical List. However, all FIPS 140-3 submissions conforming to FIPS 186-4 must be submitted to the CMVP no later than 12 months after the publication of FIPS 186-5 (02/03/2024). Modules conforming to the FIPS 186-4 standard and submitted prior to 02/03/2024 will remain valid until their sunset date. Modules that modify their sunset date (resubmission of validated module for modifications or updates) and that were originally submitted with FIPS 186-4 will need to conform to FIPS 186-5 if being resubmitted after a certain date. This date has yet to be determined by CMVP.

The CMVP is still working to release the following: transition guidance, implementation guidance, and updates to the NIST special publication which defines CMVP approved security functions. The implementation guidance for FIPS 186-5 is planned to be sent out for a four-week review period by the end of March 2023.

After the transition date, no modules conforming to the FIPS 186-4 standard can be submitted. To avoid having to retest and conform to FIPS 186-5 later if modifications are made, it would be best to proceed with conforming to FIPS 186-5 from the project’s start. FIPS 186-5 testing was made available on the CAVP production server on 02/03/2023*.

*Note: X25519 and X448 curves are not currently approved key agreement schemes, therefore no testing will be provided by CAVP at this time.