A Window on the Post-Quantum World: Using Merkle-Based Signature Schemes (Q40a)
Two of the most “production ready” post-quantum signature algorithms are the eXtended Merkle Signature Scheme (XMSS) and Leighton-Micali Hash-Based Signatures (LMS). Both schemes have RFCs issued for them, with other standardization efforts are under way. Both schemes also have Open Source implementations from projects like Bouncy Castle and Botan. Where they do diverge from previous widely used signature algorithms is that they are stateful, as in the private keys change with each signature generated, and the penalty for ignoring this property is quite severe. This talk looks at the effect of this divergence, both on API design in Bouncy Castle as well the usage and deployment experience of our users in dealing with the different security profile these algorithms come with.