{"draft":"draft-irtf-cfrg-xmss-hash-based-signatures-12","doc_id":"RFC8391","title":"XMSS: eXtended Merkle Signature Scheme","authors":["A. Huelsing","D. Butin","S. Gazdag","J. Rijneveld","A. Mohaisen"],"format":["ASCII","HTML"],"page_count":"74","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Crypto Forum Research Group","abstract":"This note describes the eXtended Merkle Signature Scheme (XMSS), a\r\nhash-based digital signature system that is based on existing\r\ndescriptions in scientific literature.  This note specifies\r\nWinternitz One-Time Signature Plus (WOTS+), a one-time signature\r\nscheme; XMSS, a single-tree scheme; and XMSS^MT, a multi-tree variant\r\nof XMSS.  Both XMSS and XMSS^MT use WOTS+ as a main building block.\r\nXMSS provides cryptographic digital signatures without relying on the\r\nconjectured hardness of mathematical problems.  Instead, it is proven\r\nthat it only relies on the properties of cryptographic hash\r\nfunctions.  XMSS provides strong security guarantees and is even\r\nsecure when the collision resistance of the underlying hash function\r\nis broken.  It is suitable for compact implementations, is relatively\r\nsimple to implement, and naturally resists side-channel attacks.\r\nUnlike most other signature systems, hash-based signatures can so far\r\nwithstand known attacks using quantum computers.","pub_date":"May 2018","keywords":["Digital signature","cryptography","post-quantum cryptography","Hash-based signatures","Merkle signatures","Merkle tree","hash function","Winternitz","Winternitz one-time signature scheme","WOTS","W-OTS","WOTS+","W-OTS+","XMSS-MT","multi-tree XMSS"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8391","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc8391"}