NIST invites
comments on Draft NIST
Special Publication (SP) 800-208, Recommendation for Stateful Hash-Based
Signature Schemes. All of the digital signature schemes
specified in Federal Information Processing Standards Publication (FIPS) 186-4
will be broken if large-scale quantum computers are ever built. NIST is in the
process of developing standards
for post-quantum secure digital signature schemes that can be used as
replacements for the schemes that are specified in FIPS 186-4. However, this
standardization process will not be complete for several years.
In this draft recommendation,
NIST is proposing to supplement FIPS
186 by approving the use of two stateful hash-based signature schemes: the
eXtended Merkle Signature Scheme (XMSS) and the Leighton-Micali Signature
system (LMS) as specified in Requests for Comments (RFC) 8391 and 8554,
respectively. Stateful hash-based signature schemes are not suitable for
general use since they require careful state management in order to ensure
their security. However, their use may be appropriate for applications in which
use of the private key may be carefully controlled and where there is a need to
transition to a post-quantum secure digital signature scheme before the
post-quantum cryptography standardization process has completed.
Draft SP 800-208 profiles LMS,
XMSS, and their multi-tree variants. This profile approves the use of some but
not all of the parameter sets defined in RFCs 8391 and 8554. The approved
parameter sets use either SHA-256 or SHAKE256 with 192- or 256-bit outputs.
This profile also requires that key and signature generation be performed in
hardware cryptographic modules that do not allow secret keying material to be
exported.
The public comment period for this document is open through February 28,
2020. See
the publication details for a copy of the draft and instructions for
submitting comments.
NOTE: A call for patent claims is included on page iv of this draft. For
additional information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications.