Paper 2017/349

LMS vs XMSS: Comparion of two Hash-Based Signature Standards

Panos Kampanakis and Scott Fluhrer

Abstract

Quantum computing poses challenges to public key signatures as we know them today. LMS and XMSS are two hash based signature schemes that have been proposed in the IETF as quantum secure. Both schemes are based on well-studied hash trees, but their similarities and differences have not yet been discussed. In this work, we attempt to compare the two standards. We compare their security assumptions and quantify their signature and public key sizes. We also address the computation overhead they introduce. Our goal is to provide a clear understanding of the schemes’ similarities and differences for implementers and protocol designers to be able to make a decision as to which standard to chose.

Note: Some updates to the paper content after recent developments with the two IETF drafts.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
post-quantum cryptographyhash based signatureshbs
Contact author(s)
panosk @ cisco com
sfluhrer @ cisco com
History
2017-11-23: last of 2 revisions
2017-04-26: received
See all versions
Short URL
https://ia.cr/2017/349
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/349,
      author = {Panos Kampanakis and Scott Fluhrer},
      title = {LMS vs XMSS: Comparion of two Hash-Based Signature Standards},
      howpublished = {Cryptology ePrint Archive, Paper 2017/349},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/349}},
      url = {https://eprint.iacr.org/2017/349}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.