Search RFCs

RFC Editor

File formats:

Status:

INFORMATIONAL

Authors:

A. Huelsing
D. Butin
S. Gazdag
J. Rijneveld
A. Mohaisen

Stream:

IRTF

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC8391

Discuss this RFC: Send questions or comments to the mailing listcfrg@irtf.org

Other actions:View Errata  | Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 8391

Abstract

This note describes the eXtended Merkle Signature Scheme (XMSS), ahash-based digital signature system that is based on existingdescriptions in scientific literature. This note specifiesWinternitz One-Time Signature Plus (WOTS+), a one-time signaturescheme; XMSS, a single-tree scheme; and XMSS^MT, a multi-tree variantof XMSS. Both XMSS and XMSS^MT use WOTS+ as a main building block.XMSS provides cryptographic digital signatures without relying on theconjectured hardness of mathematical problems. Instead, it is proventhat it only relies on the properties of cryptographic hashfunctions. XMSS provides strong security guarantees and is evensecure when the collision resistance of the underlying hash functionis broken. It is suitable for compact implementations, is relativelysimple to implement, and naturally resists side-channel attacks.Unlike most other signature systems, hash-based signatures can so farwithstand known attacks using quantum computers.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.