Cryptology ePrint Archive: Report 2017/966

Optimal Parameters for XMSS^MT

Andreas Hülsing and Lea Rausch and Johannes Buchmann

Abstract: We introduce Multi Tree XMSS (XMSS^MT), a hash-based signature scheme that can be used to sign a virtually unlimited number of messages. It is provably forward and hence EU-CMA secure in the standard model and improves key and signature generation times compared to previous schemes. XMSS^MT has --- like all practical hash-based signature schemes --- a lot of parameters that control different trade-offs between security, runtimes and sizes. Using linear optimization, we show how to select provably optimal parameter sets for different use cases.

Category / Keywords: public-key cryptography / hash-based signatures, parameter selection, linear optimization, forward secure signatures, implementation

Original Publication (with minor differences): MoCrySEn 2013

Date: received 28 Sep 2017

Contact author: andreas at huelsing net

Available format(s): PDF | BibTeX Citation

Version: 20171003:172016 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]