wolfCrypt: support for post-quantum XMSS/XMSS^MT signatures

If you follow us at wolfSSL, you’ll know we’re excited about post-quantum cryptography. For example, our recent DTLS 1.3 implementation supports post-quantum KEMs and signatures, and we just added support for post-quantum LMS/HSS signatures to wolfCrypt and wolfBoot. The latter was motivated particularly by the NSA’s CNSA 2.0 suite timeline, which specifies that adoption of stateful hash-based signature schemes (the kind recommended in NIST SP 800-208) should begin immediately. These signature schemes are valuable because they combine small public keys with relatively fast signing and verifying, and their signature sizes and key generation times are tunable via their different parameters.

You probably also know that both XMSS/XMSS^MT and LMS/HSS were recommended in NIST SP 800-208 and the NSA’s CNSA 2.0 suite. Hence, we are pleased to announce we are adding support for XMSS/XMSS^MT signatures to wolfCrypt, which will be accomplished by experimental integration with the xmss-reference implementation for RFC8391, similar to our previous post-quantum integrations with libOQS and hash-sigs LMS/HSS. You can read more about it in these XMSS pull request links:

Our XMSS integration relies on a patch to xmss-reference that allows it to offload SHA operations to wolfCrypt, and thus allows it to leverage the same cryptographic hardware acceleration as wolfCrypt. The speedups improve performance for key generation, signing, and verifying. Another detail you might have noticed in our patch is that it includes wolfBoot XMSS support – for more information on that, please stay tuned!

If you are curious to learn more, or have questions about any of the above, please email us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now