{"draft":"draft-mcgrew-hash-sigs-15","doc_id":"RFC8554","title":"Leighton-Micali Hash-Based Signatures","authors":["D. McGrew","M. Curcio","S. Fluhrer"],"format":["ASCII","HTML"],"page_count":"61","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Crypto Forum Research Group","abstract":"This note describes a digital-signature system based on cryptographic\r\nhash functions, following the seminal work in this area of Lamport,\r\nDiffie, Winternitz, and Merkle, as adapted by Leighton and Micali in\r\n1995.  It specifies a one-time signature scheme and a general\r\nsignature scheme.  These systems provide asymmetric authentication\r\nwithout using large integer mathematics and can achieve a high\r\nsecurity level.  They are suitable for compact implementations, are\r\nrelatively simple to implement, and are naturally resistant to\r\nside-channel attacks.  Unlike many other signature systems, hash-based\r\nsignatures would still be secure even if it proves feasible for an\r\nattacker to build a quantum computer.\r\n\r\nThis document is a product of the Crypto Forum Research Group (CFRG)\r\nin the IRTF.  This has been reviewed by many researchers, both in the\r\nresearch group and outside of it.  The Acknowledgements section lists\r\nmany of them.","pub_date":"April 2019","keywords":["LMS","HSS","stateful"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8554","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc8554"}