The Digital Signature Standard (DSS) FIPS 184-4, first published in 2013, expires a few days from now, on February 3, 2024. It is superseded by NIST FIPS 184-5. This new version was published on February 3, 2023, giving everyone a year to adopt the new standard before it became required.

The differences between the two standards are summarized in Appendix E of the new standard. Here I’ll point out three differences, then expand a little on the third difference.

First of all, the Digital Signature Algorithm (DSA) from earlier versions of FIPS 184 is withdrawn.

Second, RSA keys have gotten longer. The previous minimum key length was 1024 bits. Now it is 2048.

Third, elliptic curve cryptography has matured quite a bit since 2013.

The 2013 version of the standard gave users a lot more freedom in choosing elliptic curves and base points on those curves. Now it appears that much of this freedom hasn’t turned out so well.

The binary curves and Koblitz curves that were approved in 2013 are now deprecated. These are the curves whose names begin with *B*– or *K*– as described in this post on elliptic curve naming conventions. But the *P*– curves *P*-224, *P-*256, *P*-384, and *P*-521 are still recommended.

While the binary and Koblitz curves have been removed, Edwards curves were added. Specifically Ed25519 and Ed448 have been added for the Edwards Digital Signature algorithm (EdDSA).

I wonder how far away we are from quantum attack-resistant encryption methods being folded into standards like this. It appears that some of the proposed methods aren’t faring well. https://cybernews.com/editorial/post-quantum-encryption-algorithms-under-rigorous-scrutiny-expect-more-hacks/

Thanks for this summary! Very helpfully expends on the denser language in Appendix E of https://doi.org/10.6028/NIST.FIPS.186-5 .