U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Requests Public Comments on SP 800-106, Randomized Hashing for Digital Signatures
January 13, 2022

NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines.   

Currently, we are reviewing the following publication: 

SP 800-106 provides a way to enhance the security of the cryptographic hash functions used in digital signatures by randomizing the messages.  

NIST requests feedback on all aspects of SP 800-106. Also, since SP 800-106 was originally published to address concerns about using SHA-1 for digital signatures, NIST would appreciate feedback on the following issues: 

  • Is this publication still needed, given the following?

    • SHA-1 has been deprecated for signature generation (per SP 800-131A Rev. 1).

    • The security of SHA-2—defined in FIPS 180-4—is better understood.

    • SHA-3 is defined in FIPS 202.  

  • Are there any existing or new use cases that depend on SP 800-106?  

The public comment period is open through March 16, 2022. Comments may address the concerns raised in this announcement or other issues around security, implementations, clarity, risk, or relevance to current applications.  

Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-106” in the Subject. 

For more information about the review process, visit the Crypto Publication Review Project page

Related Topics

Security and Privacy: digital signatures, secure hashing

Created January 10, 2022, Updated January 13, 2022