%% You should probably cite draft-ietf-pquip-hbs-state-02 instead of this revision.
@techreport{ietf-pquip-hbs-state-00,
    number =    {draft-ietf-pquip-hbs-state-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-pquip-hbs-state/00/},
    author =    {Thom Wiggers and Kaveh Bashiri and Stefan Kölbl and Jim Goodman and Stavros Kousidis},
    title =     {{Hash-based Signatures: State and Backup Management}},
    pagetotal = 21,
    year =      2025,
    month =     jun,
    day =       17,
    abstract =  {Stateful Hash-Based Signature Schemes (S-HBS) such as LMS, HSS, XMSS and XMSS\textasciicircum{}MT combine Merkle trees with One-Time Signatures (OTS) to provide signatures that are resistant against attacks using large- scale quantum computers. Unlike conventional stateless digital signature schemes, S-HBS have a state to keep track of which OTS keys have been used, as double-signing with the same OTS key allows forgeries. This document provides guidance and documents security considerations for the operational and technical aspects of deploying systems that rely on S-HBS. Management of the state of the S-HBS, including any handling of redundant key material, is a sensitive topic, and we discuss some approaches to handle the associated challenges. We also describe the challenges that need to be resolved before certain approaches should be considered.},
}