Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce pursuant to Section 111(d) of the Federal Property and Administrative Services Act of 1949, as amended by the Computer Security Act of 1987, Public Law 100-235.

Figure 1: Using the SHA with the DSA

a. Federal Information Resources Management Regulations (FIRMR) subpart 201.20.303, Standards, and subpart 201.39.1002, Federal Standards.

b. FIPS PUB 46-2, Data Encryption Standard.

c. FIPS PUB 73, Guidelines for Security of Computer Applications.

d. FIPS PUB 140-1, Security Requirements for Cryptographic Modules.

e. FIPS PUB 171, Key Management Using ANSI X9.17.

f. FIPS PUB 180, Secure Hash Standard.

a. Compliance with a standard would adversely affect the accomplishment of the mission of an operator of a Federal computer system; or

b. Compliance with a standard would cause a major adverse financial impact on the operator which is not offset by Government-wide savings.

1. p = a prime modulus, where 2^L-1 < p < 2^L for 512 = < L = <1024 and L a multiple of 64

2. q = a prime divisor of p - 1, where 2¹⁵⁹ < q < 2¹⁶⁰

3. g = h^(p-1)/q mod p, where h is any integer with 1 < h < p - 1 such that h^(p-1)/q mod p > 1
(g has order q mod p)

4. x = a randomly or pseudorandomly generated integer with 0 < x < q

5. y = g^x mod p

6. k = a randomly or pseudorandomly generated integer with 0 < k < q

r = (g^k mod p) mod q and

s = (k^-1(SHA(M) + xr)) mod q.

w = (s')^-1 mod q

u1 = ((SHA(M')w) mod q

u2 = ((r')w) mod q

v = (((g)^ul (y)^u2) mod p) mod q. 

= h^(p-1) mod p

= 1

= (gⁿ g^kq) mod p

= ((gⁿ mod p) (g^q mod p)^k) mod p

= gⁿ mod p

w = (s')-1 mod q = s^-1 mod q

u1 = ((SHA(M'))w) mod q = ((SHA(M))w) mod q

u2 = ((r')w) mod q = (rw) mod q.

v = ((g^u1 y^u2) mod p) mod q

= ((g^SHA(M)w y^rw) mod p) mod q

= ((g^SHA(M)w g^xrw) mod p) mod q

= ((g^(SHA(M)+xr)w) mod p) mod q.

s = (k^-1(SHA(M) + xr)) mod q.

w = (k(SHA(M) + xr)^-1) mod q

(SHA(M) + xr)w mod q = k mod q.

v = (g^k mod p) mod q

= r

= r'.

Step 1. Set i = 1 and n > or = to 50.

Step 2. Set w = the integer to be tested, w = 1 + 2^am, where m is odd and 2^a is the largest power of 2 dividing w - 1.

Step 3. Generate a random integer b in the range 1 < b < w.

Step 4. Set j = 0 and z = b^m mod w.

Step 5. If j = 0 and z = 1, or if z = w - 1, go to step 9.

Step 6. If j > 0 and z = 1, go to step 8.

Step 7. j = j + 1. If j < a, set z = z² mod w and go to step 5.

Step 8. w is not prime. Stop.

Step 9. If i < n, set i = i + 1 and go to step 3. Otherwise, w is probably prime.

a. 2¹⁵⁹ < q < 2¹⁶⁰

b. 2^L-1 < p < 2^L for a specified L, where L = 512 + 64j for some 0 < or = to j < or = to 8

c. q divides p - 1.

x = x₁*2^g-1 + x₂*2^g-2 + ... + x_g-1*2 + x_g -> { x₁,...,x_g }.

{ x₁,...,x_g } -> x₁*2^g-1 + x₂*2^g-2 + ... + x_g-1*2 + x_g.

Step 1. Choose an arbitrary sequence of at least 160 bits and call it SEED. Let g be the length of SEED in bits.

Step 2. Compute

Step 3. Form q from U by setting the most significant bit (the 2¹⁵⁹ bit) and the least significant bit to 1. In terms of boolean operations, q = U OR 2¹⁵⁹ OR 1. Note that 2¹⁵⁹ < q < 2¹⁶⁰.

Step 4. Use a robust primality testing algorithm to test whether q is prime¹²(1).

Step 5. If q is not prime, go to step 1.

Step 6. Let counter = 0 and offset = 2.

Step 7. For k = 0,...,n let

Step 8. Let W be the integer