Should we cover stateful hash based signatures

[mprorock]

See NIST SP 800-208

specifically HSS/LMS, XMSS and XMSS^mt

[OR13]

I am tracking possible implementations that might be used to generate test vectors here: transmute-industries/verifiable-data#180

[mprorock]

good reference from Panos

[OR13]

LMS

• https://datatracker.ietf.org/doc/html/rfc8554
• https://github.com/gbanegas/sphss
• https://github.com/cisco/hash-sigs

XMSS

• https://datatracker.ietf.org/doc/html/rfc8391
• https://github.com/OR13/xmss.js

[OR13]

We should just translate the test vectors to JWK.

[OR13]

I tried with LMS again, and again, no luck... I suggest we not consider registrations for LMS at this time.

[OR13]

I was able to get XMSS to sorta work, and build as an npm package... https://github.com/transmute-industries/xmss

The GoLang side of this is very rough, and I am not sure how correct it is since the original source only covers a single sign and verify cycle.

I suggest we close this issue out unless we can get 2 implementations and test vectors for both XMSS and LMS.

[OR13]

I have put out a plea for help to COSE and CCG mailing lists: https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0007.html

If we don't hear back in 2 weeks, I suggest we move LMS / XMSS out of scope, and refocus on the other schemes.

I don't think we should attempt any further work until multiple implementations and interoperable test vectors can be confirmed

[OR13]

answer to issue title is no.