wolfBoot: support for post-quantum secure-boot with XMSS/XMSS^MT signatures

Designed by Freepik: www.freepik.com

wolfBoot v2.0 is here, and with it a number of new features and enhancements. Rounding out our post-quantum support, in addition to LMS/HSS, wolfBoot now supports the XMSS/XMSS^MT post-quantum stateful hash-based signature (HBS) scheme. XMSS is the eXtended Merkle Signature Scheme, while XMSS^MT is its multi-tree generalization that allows it to scale efficiently into a large number of signatures by constructing a hypertree from layers of XMSS subtrees.

Like our previous LMS support, XMSS wolfBoot support includes keygen, signing, verifying, and importing externally generated public keys. Furthermore, XMSS wolfBoot support builds on our previous XMSS wolfCrypt integration, and thus supports all SHA256 parameter sets from tables 10 and 11 of NIST SP 800-208, while also allowing for hardware acceleration of hash operations when computing the hash-chains needed for XMSS signatures.

Thus wolfBoot now supports both post-quantum stateful HBS schemes recommended by NIST SP 800-208 and the NSA’s CNSA 2.0 suite. Do you have a post-quantum secure-boot requirement from the CNSA 2.0 timeline? Are you curious about integrating post-quantum support into your secure-boot process? If so, please contact us at facts@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now