Expand description
XMSS: eXtended Merkle Signature Scheme combining WOTS+ with a Merkle tree. XMSS: eXtended Merkle Signature Scheme (FIPS 205, Algorithms 9-11).
XMSS combines multiple WOTS+ one-time key pairs into a few-time signature scheme
by organizing them as leaves of a binary Merkle tree of height h'. Each XMSS tree
can sign 2^h' messages (one per WOTS+ leaf).
In the SLH-DSA hierarchy, XMSS trees form the building blocks of the hypertree: each layer of the hypertree consists of XMSS trees, where the leaves of upper-layer trees certify the roots of lower-layer trees.
The Merkle tree uses the tweakable hash H (hash::hash_h) for internal nodes
and WOTS+ public keys (wots::wots_pk_gen) as leaf values.
Functions§
- xmss_
node - Compute the root of an XMSS Merkle subtree.
- xmss_
pk_ from_ sig - Compute an XMSS public key (tree root) from an XMSS signature.
- xmss_
sign - Create an XMSS signature for an
n-byte message. - xmss_
sign_ into - Streaming variant of
xmss_sign— writes the(LEN + H') * Nbyte signature into the start ofout(which must be at least that size) instead of returning a freshly-allocatedVec<u8>.