[Resource Topic] 2017/349: LMS vs XMSS: Comparion of two Hash-Based Signature Standards

Welcome to the resource topic for 2017/349

LMS vs XMSS: Comparion of two Hash-Based Signature Standards

Authors: Panos Kampanakis, Scott Fluhrer


Quantum computing poses challenges to public key signatures as we know them today. LMS and XMSS are two hash based signature schemes that have been proposed in the IETF as quantum secure. Both schemes are based on well-studied hash trees, but their similarities and differences have not yet been discussed. In this work, we attempt to compare the two standards. We compare their security assumptions and quantify their signature and public key sizes. We also address the computation overhead they introduce. Our goal is to provide a clear understanding of the schemes’ similarities and differences for implementers and protocol designers to be able to make a decision as to which standard to chose.

ePrint: https://eprint.iacr.org/2017/349

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .