-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
None
-
None
-
generic
-
generic
FIPS 186-5 has been released as a draft in Oct 2019 and is finalized in Feb 2023
https://csrc.nist.gov/publications/detail/fips/186/5/final
We should consider its guidelines especially for newer algorithms such as EdDSA during development to minimize backward incompatibility impact.
(From its Appendix E)
Main differences in FIPS 186-5 comparing to 186-4:
• DSA is no longer approved for digital signature generation. DSA may be used to verify
signatures generated prior to the implementation date of this standard.
o The specifications and algorithms for DSA are no longer included in FIPS 186-5.
They may be found in FIPS 186-4.
• ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from this standard.
• ANSI X9.62 was removed, so new specifications for ECDSA were added to FIPS 186-5.
Note: X9.62 will be replaced by X9.142 (under development).
• Many elliptic curve details and algorithms from FIPS 186-4 will now be included in SP
800-186.
o Elliptic curves defined over binary curves (specified in SP 800-186) are now
deprecated.
• A new deterministic signature algorithm, EdDSA, is included, as is the prehash version.
• A deterministic version of ECDSA is specified.
• Larger modulus sizes are allowed for RSA (with updated tables A.1, B.1).
• XOFs are allowed for use in ECDSA, RSASSA-PSS.
• Constructing primes with congruence conditions mod 8 is allowed.
• In B.3.1, the two most significant bits of p and q may be set arbitrarily.
• Trial division before checking primality is allowed.
• Updated algorithms are included in Appendices B and C to better prevent bias.
• The option to generate elliptic curves (besides those specified in SP 800-186) is removed.
Similarly, users are not given the option to generate their own base points on elliptic
curves
https://csrc.nist.gov/publications/detail/fips/186/5/final
We should consider its guidelines especially for newer algorithms such as EdDSA during development to minimize backward incompatibility impact.
(From its Appendix E)
Main differences in FIPS 186-5 comparing to 186-4:
• DSA is no longer approved for digital signature generation. DSA may be used to verify
signatures generated prior to the implementation date of this standard.
o The specifications and algorithms for DSA are no longer included in FIPS 186-5.
They may be found in FIPS 186-4.
• ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from this standard.
• ANSI X9.62 was removed, so new specifications for ECDSA were added to FIPS 186-5.
Note: X9.62 will be replaced by X9.142 (under development).
• Many elliptic curve details and algorithms from FIPS 186-4 will now be included in SP
800-186.
o Elliptic curves defined over binary curves (specified in SP 800-186) are now
deprecated.
• A new deterministic signature algorithm, EdDSA, is included, as is the prehash version.
• A deterministic version of ECDSA is specified.
• Larger modulus sizes are allowed for RSA (with updated tables A.1, B.1).
• XOFs are allowed for use in ECDSA, RSASSA-PSS.
• Constructing primes with congruence conditions mod 8 is allowed.
• In B.3.1, the two most significant bits of p and q may be set arbitrarily.
• Trial division before checking primality is allowed.
• Updated algorithms are included in Appendices B and C to better prevent bias.
• The option to generate elliptic curves (besides those specified in SP 800-186) is removed.
Similarly, users are not given the option to generate their own base points on elliptic
curves
1.
|
Check RSA impl for FIPS 186-5 compliance |
|
Open | Valerie Peng | |
2.
|
Check ECDSA impl for FIPS 186-5 compliance |
|
Open | Unassigned | |
3.
|
Check EdDSA impl for FIPS 186-5 compliance |
|
Open | Unassigned |