Search RFCs
RFC 8554
Leighton-Micali Hash-Based Signatures,April 2019
- File formats:
- Status:
- INFORMATIONAL
- Authors:
- D. McGrew
M. Curcio
S. Fluhrer - Stream:
- IRTF
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8554
Discuss this RFC: Send questions or comments to the mailing listcfrg@irtf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8554
Abstract
This note describes a digital-signature system based on cryptographichash functions, following the seminal work in this area of Lamport,Diffie, Winternitz, and Merkle, as adapted by Leighton and Micali in1995. It specifies a one-time signature scheme and a generalsignature scheme. These systems provide asymmetric authenticationwithout using large integer mathematics and can achieve a highsecurity level. They are suitable for compact implementations, arerelatively simple to implement, and are naturally resistant toside-channel attacks. Unlike many other signature systems, hash-basedsignatures would still be secure even if it proves feasible for anattacker to build a quantum computer.
This document is a product of the Crypto Forum Research Group (CFRG)in the IRTF. This has been reviewed by many researchers, both in theresearch group and outside of it. The Acknowledgements section listsmany of them.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.