Here at wolfSSL we always stay on top of our customer’s requirements. By now you’ve heard us talk about the NSA’s (National Security Agency) CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) ad nauseum. Well, let’s focus in on it again and zero in on that first line:
It states that for Software and Firmware signing you should have already been using CNSA 2.0 approved algorithms as the default and preferred algorithm in 2025. It just so happens that at the time of writing of this post, we are now in 2026. Moreover, you should no longer be using anything else by 2030.
So, LMS, XMSS and SLH-DSA are all good right? Well, no. The CNSA Guidance specifically states that LMS and XMSS are permitted but does not say the same for SLH-DSA. And no, this is not accidental because they did make an update to allow for ML-DSA-87 for firmware signing in a later update to their FAQ. No such guidance was given for SLH-DSA.
Note that SLH-DSA has much larger signature sizes than LMS and XMSS. From a performance perspective, all of them are relatively slow during keygen and signing. But where it matters is verification and in that case, LMS is the best followed by XMSS and then SLH-DSA. We’ll have more to say about performance in a later post. Finally, it does have the advantage of lack of state, but ML-DSA has that along with smaller signature sizes than SLH-DSA so really there is no good reason to allow SLH-DSA. This is why you’ll find a lack of support for SLH-DSA in our wolfBoot product.
That leaves LMS or XMSS. Generally speaking, if you don’t know which to pick, just use LMS. NIST has a slight preference for it due to advantages in signature size and performance. That said, if your HSM that you use to sign your firmware only has XMSS support, then use that. Or, if your customer has a preference for XMSS due to its academic lineage, then that is another good reason to use it.
We mentioned performance in a few places. Stay tuned for an upcoming blog post where we compare benchmarking numbers for LMS, XMSS and SLH-DSA.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now