wolfCrypt Support for LMS and HSS Signatures

wolfSSL is excited to announce we are adding support for the LMS and HSS post-quantum stateful hash-based signature schemes to our wolfCrypt embedded crypto engine. This will be achieved by experimental integration with the hash-sigs LMS/HSS library, similar to our previous libOQS integration.

Leighton-Micali Signatures (LMS), and its multi-tree variant, the Hierarchical Signature System (HSS), is a post-quantum, stateful hash-based signature scheme. It is noted for having small public and private keys, and fast signing and verifying. Its signature sizes are larger, but are tunable via its Winternitz parameter. Furthermore, stateful hash-based signature schemes are founded on the security of their underlying hash functions and Merkle trees (typically implemented with SHA-256), which are not expected to be broken by the advent of cryptographically-relevant quantum computers. For these reasons they have been recommended by NIST SP 800-208 and the NSA’s CNSA 2.0 suite.

Because of their unique strengths and characteristics, and NIST and NSA backing, LMS and HSS are of particular interest for offline firmware authentication and signature verification, especially on embedded or constrained systems that are expected to have a long operational lifetime and thus need to be resilient against a quantum-enabled future. Furthermore, the CNSA 2.0 timeline has specified that stateful hash-based signature schemes should be used exclusively by 2030, and adoption should begin immediately. In fact, adoption of LMS is the earliest requirement in the CNSA 2.0 suite timeline.

If you’re curious and want to learn more, see the following pull request links:

If the podcast sparks some further questions that you have, you can reach out to facts@wolfssl.com, or call us at +1 425 245 8247 to continue the conversation with us here at wolfSSL!