FIPS 186-4 Digital Signature Standard defers to ANSI X9.62-2005 for the specification of ECDSA, with additional requirements set out in Chapter 6 and Appendix D. However, X9.62-2005 has since been withdrawn and replaced by ANSI X9.142-2020. The FIPS 186-5 draft noted the withdrawal of X9.62-2005 and that X9.142 was under development (Appendix E, p. 78), and instead gives its own specification of ECDSA in Chapter 6 (with recommended curve parameters moved to SP 800-186).
I haven't scaled the ANSI paywall to read X9.142-2020 but the freely-available preview (PDF, p. xv) notes a number of technical changes from X9.62-2005:
- New examples of elliptic curve domain parameters and signatures.
- Provision for new hash functions.
- New recommendations and requirements for elliptic curve domain parameters.
- New specifications for assurance of domain parameter validity, assurance of public key validity, and assurance of private key possession.
- New random number generation method.
- New syntax.
It also notes that FIPS 186-4 "contains much in common with both this Standard and the previous ANSI X9.62-2005 version, particularly in regard to elliptic curve domain parameters and the elliptic curve digital signature algorithm", but is silent on FIPS 186-5.
My question is, how consistent are the FIPS 186-5 and X9.142-2020 specifications of ECDSA? Specifically, in a contractual or regulatory setting where detailed conformance matters (and pretending FIPS 186-5 has been approved as-is), is it true given an appropriate choice of parameters that:
- Conformance with the FIPS 186-5 specification of ECDSA implies conformance with X9.142-2020?
- Conformance with X9.142-2020 implies conformance with the FIPS 186-5 specification?
Or are the two specifications inconsistent no matter what parameters are chosen, meaning implementations need to choose between them?
