Hash-based Signatures: State and Backup Management
draft-wiggers-hbs-state-02
| Document | Type |
Replaced Internet-Draft
(pquip WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Thom Wiggers , Kaveh Bashiri , Stefan Kölbl , Jim Goodman , Stavros Kousidis | ||
| Last updated | 2025-06-30 (Latest revision 2025-04-01) | ||
| Replaced by | draft-ietf-pquip-hbs-state | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources |
GitHub Repository
Mailing list discussion |
||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-pquip-hbs-state | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Stateful Hash-Based Signature Schemes (S-HBS) such as LMS, HSS, XMSS and XMSS^MT combine Merkle trees with One-Time Signatures (OTS) to provide signatures that are resistant against attacks using large- scale quantum computers. Unlike conventional stateless digital signature schemes, S-HBS have a state to keep track of which OTS keys have been used, as double-signing with the same OTS key allows forgeries. This document provides guidance and documents security considerations for the operational and technical aspects of deploying systems that rely on S-HBS. Management of the state of the S-HBS, including any handling of redundant key material, is a sensitive topic, and we discuss some approaches to handle the associated challenges. We also describe the challenges that need to be resolved before certain approaches should be considered.
Authors
Thom Wiggers
Kaveh Bashiri
Stefan Kölbl
Jim Goodman
Stavros Kousidis
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)