[Cryptech Tech] hash-based signatures
Russ Housley
housley at vigilsec.com
Thu Jun 14 15:13:03 UTC 2018
Panos Kampanakis just posted this on a mail list hosted by NIST. I thought it would be of interest to people on this list...
> LDWM (the earlier version of the LMS draft) signatures are used in some Cisco chips for FPGA firmware signing. We also have heard interest in software package signing with stateful schemes.
>
> We would like to see LMS and XMSS approved by NIST for some usecases. We tried to compare the two schemes for potential adopters in https://eprint.iacr.org/2017/349 <https://eprint.iacr.org/2017/349> Personally, I would prefer for NIST to evaluate them together after they are both IETF RFCs. FWIW, there might be usecases of stateful schemes that have not been realized yet. For example in PKI, smaller size trees could be used as the Offline Root CA signing scheme given that the Root CA is offline and does not sign live. Such a usecase would assume different stateless schemes are used at the leaves of the cert chain of course.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20180614/17a95878/attachment.html>
More information about the Tech
mailing list