home *** CD-ROM | disk | FTP | other *** search
-
- Date: Thu, 27 Jun 91 11:39:59 -0700
- From: gnu@TOAD.COM
- Subject: NIST announces public-key digital signature standard
-
- Statement of Raymond G. Kammer, Deputy Director
- National Institute of Standards and Technology
- Before the Subcommittee on Technology and Competitiveness
- of the Committee on Science, Space, and Technology
- On Computer Security Implementation
- House of Representatives
- June 27, 1991
-
- Digital Signature Standard
-
- I know that you are interested in our progress in developing a federal
- digital signature standard based upon the principles of public-key
- cryptography. I am pleased to tell you that we are working out the
- final arrangements on the planned standard, and hope to announce later
- this summer our selection of a digital signature standard based on a
- variant of the ElGamal signature technique.
-
- Our efforts in this area have been slow, difficult, and complex. We
- evaluated a number of alternative digital signature techniques, and
- considered a variety of factors in this review: the level of security
- provided, the ease of implementation in both hardware and software,
- the ease of export from the U.S., the applicability of patents and the
- level of efficiency in both the signature and verification functions
- that the technique performs.
-
- In selecting digital signature technique method [sic], we followed the
- mandate contained in section 2 of the Computer Security Act of 1987 to
- develop standards and guidelines that ". . . assure the cost-effective
- security and privacy of sensitive information in Federal systems." We
- placed primary emphasis on selecting the technology that best assures
- the appropriate security of Federal information. We were also
- concerned with selecting the technique with the most desirable
- operating and use characteristics.
-
- In terms of operating characteristics, the digital signature technique
- provides for a less computational-intensive signing function than
- verification function. This matches up well with anticipated Federal
- uses of the standard. The signing function is expected to be
- performed in a relatively computationally modest environment such as
- with smart cards. The verification process, however, is expected to
- be implemented in a computationally rich environment such as on
- mainframe systems or super-minicomputers.
-
- With respect to use characteristics, the digital signature technique
- is expected to be available on a royalty-free basis in the public
- interest world-wide. This should result in broader use by both
- government and the private sector, and bring economic benefits to both
- sectors.
-
- A few details related to the selection of this technique remain to be
- worked out. The government is applying to the U.S. Patent Office for
- a patent, and will also seek foreign protection as appropriate. As I
- stated, we intend to make the technique available world-wide on a
- royalty-free basis in the public interest.
-
- A hashing function has not been specified by NIST for use with the
- digital signature standard. NIST has been reviewing various candidate
- hashing functions; however, we are not satisfied with any of the
- functions we have studied thus far. We will provide a hashing
- function that is complementary to the standard.
-
- I want to speak to two issues that have been raised in the public
- debate over digital signature techniques. One is the allegation that
- a "trap door", a method for the surreptitious defeat of the security
- of this system, has been built into the technique that we are
- selecting. I state categorically that no trap door has been designed
- into this standard nor does the U.S. Government know of any which is
- inherent in the ElGamal signature method that is the foundation of our
- technique.
-
- Another issue raised is the lack of public key exchange capabilities.
- I believe that, to avoid capricious activity, Public Key Exchange
- under control of a certifying authority is required for government
- applications. The details of such a process will be developed for
- government/industry use.
-
- NIST/NSA Technical Working Group
-
- Aspects of digital signature standard were discussed by the NIST/NSA
- Technical Working Group, established under the NIST/NSA Memorandum of
- Understanding. The Working Group also discussed issues involving the
- applicability of the digital signature algorithm to the classified
- community, cryptographic key management techniques, and the hashing
- function to be used in conjunction with the digital signature
- standard. Progress on these items has taken place; however, as with
- the digital signature standard, non-technical issues such as patents
- and exportability require examination, and this can be a lengthy
- process. We have found that working with NSA is productive. The
- Technical Working Group provides an essential mechanism by which NIST
- and NSA can conduct the technical discussions and exchange
- contemplated by the Computer Security Act and also allows us to
- address important issues drawing upon NSA's expertise.
-
- ------------------------------
-