| < draft-housley-cms-mts-hash-sig-03.txt | draft-housley-cms-mts-hash-sig-04.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. Housley | INTERNET-DRAFT R. Housley | |||
| Intended Status: Proposed Standard Vigil Security | Intended Status: Proposed Standard Vigil Security | |||
| Expires: 20 April 2016 18 October 2015 | Expires: 21 September 2016 21 March 2016 | |||
| Use of the Hash-based Merkle Tree Signature (MTS) Algorithm | Use of the Hash-based Merkle Tree Signature (MTS) Algorithm | |||
| in the Cryptographic Message Syntax (CMS) | in the Cryptographic Message Syntax (CMS) | |||
| <draft-housley-cms-mts-hash-sig-03> | <draft-housley-cms-mts-hash-sig-04> | |||
| Abstract | Abstract | |||
| This document specifies the conventions for using the Merkle Tree | This document specifies the conventions for using the Merkle Tree | |||
| Signatures (MTS) digital signature algorithm with the Cryptographic | Signatures (MTS) digital signature algorithm with the Cryptographic | |||
| Message Syntax (CMS). The MTS algorithm is one form of hash-based | Message Syntax (CMS). The MTS algorithm is one form of hash-based | |||
| digital signature. | digital signature. | |||
| Status of this Memo | Status of this Memo | |||
| skipping to change at page 4, line 26 ¶ | skipping to change at page 4, line 26 ¶ | |||
| associated with the LM-OTS signature to the root. The array of | associated with the LM-OTS signature to the root. The array of | |||
| values contains the siblings of the nodes on the path from the leaf | values contains the siblings of the nodes on the path from the leaf | |||
| to the root but does not contain the nodes on the path itself. The | to the root but does not contain the nodes on the path itself. The | |||
| array for a tree with height h will have h values. The first value | array for a tree with height h will have h values. The first value | |||
| is the sibling of the leaf, the next value is the sibling of the | is the sibling of the leaf, the next value is the sibling of the | |||
| parent of the leaf, and so on up the path to the root. | parent of the leaf, and so on up the path to the root. | |||
| 1.2. LM-OTS One-time Signature Algorithm | 1.2. LM-OTS One-time Signature Algorithm | |||
| Merkle Tree Signatures (MTS) depend on a LM-OTS one-time signature | Merkle Tree Signatures (MTS) depend on a LM-OTS one-time signature | |||
| method. An LM-OTS has four parameters. The number of bytes | method. An LM-OTS has four parameters. | |||
| associated with the has function, n, which is the same as the LMS | ||||
| parameter. Again, the [HASHSIG] specification supports two hash | n - The number of bytes associated with the hash function, which | |||
| functions: SHA-256 [SHS], with n=32; and SHA-256-16, with n=16. The | is the same as the LMS parameter. The [HASHSIG] | |||
| the Winternitz parameter, w. The [HASHSIG] specification supports | specification supports two hash functions: SHA-256 [SHS], | |||
| four values for this parameter: w=1; w=2; w=4; and w=8. The number | with n=32; and SHA-256-16, with n=16. | |||
| of n-byte string elements that make up the LM-OTS signature, p. The | ||||
| number of left-shift bits used in the checksum function, ls. The | w - The the Winternitz parameter. The [HASHSIG] specification | |||
| values of p and ls are dependent on the choices of the parameters n | supports four values for this parameter: w=1; w=2; w=4; and | |||
| and w, as described in Appendix A of [HASHSIG]. | w=8. | |||
| p - The number of n-byte string elements that make up the LM-OTS | ||||
| signature. | ||||
| ls - The number of left-shift bits used in the checksum function. | ||||
| The values of p and ls are dependent on the choices of the parameters | ||||
| n and w, as described in Appendix A of [HASHSIG]. | ||||
| Eight LM-OTS variants are defined in [HASHSIG]: | Eight LM-OTS variants are defined in [HASHSIG]: | |||
| LMOTS_SHA256_N32_W1; | LMOTS_SHA256_N32_W1; | |||
| LMOTS_SHA256_N32_W2; | LMOTS_SHA256_N32_W2; | |||
| LMOTS_SHA256_N32_W4; | LMOTS_SHA256_N32_W4; | |||
| LMOTS_SHA256_N32_W8; | LMOTS_SHA256_N32_W8; | |||
| LMOTS_SHA256_N16_W1; | LMOTS_SHA256_N16_W1; | |||
| LMOTS_SHA256_N16_W2; | LMOTS_SHA256_N16_W2; | |||
| LMOTS_SHA256_N16_W4; and | LMOTS_SHA256_N16_W4; and | |||
| LMOTS_SHA256_N16_W8. | LMOTS_SHA256_N16_W8. | |||
| End of changes. 3 change blocks. | ||||
| 12 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||