NIST plans to approve one or more schemes for stateful hash-based signatures (HBS) as part of the post-quantum cryptography development effort. NIST is actively considering two such schemes developed through the Internet Engineering Task Force: 1) XMSS, specified in Request for Comments (RFC) 8391 in May 2018, and 2) LMS, currently specified in RFC 8554.
HBS schemes were the topic for a session of talks during the first public workshop on post-quantum security, as well as the panel discussion that followed it. Participants expressed significant interest in the standardization of such schemes at that time, because the underlying technology was well understood. In particular, the security of an HBS scheme, when implemented properly, relies only on the preimage resistance of its component cryptographic hash function. This property is already the basis for the security of many NIST-approved cryptographic algorithms and protocols, and no quantum computing algorithms are known that would pose a practical threat in the foreseeable future.
Therefore, HBS schemes are good candidates for early standardization. The stateful versions of HBS schemes offer better performance than the stateless versions but are vulnerable to misuse if they are not implemented properly. NIST established a sub-project for approving stateful HBS schemes because they don’t meet the API requested for signatures and require state management.
December 11, 2019: NIST invites comments on Draft NIST Special Publication (SP) 800-208, Recommendation for Stateful Hash-Based Signature Schemes. All of the digital signature schemes specified in Federal Information Processing Standards Publication (FIPS) 186-4 will be broken if large-scale quantum computers are ever built. NIST is in the process of developing standards for post-quantum secure digital signature schemes that can be used as replacements for the schemes that are specified in FIPS 186-4. However, this standardization process will not be complete for several years.
- The public comment period for this document is open through February 28, 2020. Email comments to email@example.com.
On February 4, 2019, NIST issued a request for public input on how to mitigate the potential misuse of stateful HBS schemes.
On June 21, 2018, NIST issued a request for public input on XMSS and LMS.