RFC Errata
RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018
Source of RFC: IRTFSee Also: RFC 8391 w/ inline errata
Errata ID: 7900
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Çağdaş Çalık
Date Reported: 2024-04-18
Verifier Name: Colin Perkins
Date Verified: 2024-04-22
Section 4.1. says:
An XMSS private key SK contains 2^h WOTS+ private keys, the leaf index idx of the next WOTS+ private key that has not yet been used, SK_PRF (an n-byte key to generate pseudorandom values for randomized message hashing), the n-byte value root (which is the root node of the tree and SEED), and the n-byte public seed used to pseudorandomly generate bitmasks and hash function keys.
It should say:
An XMSS private key SK contains 2^h WOTS+ private keys, the leaf index idx of the next WOTS+ private key that has not yet been used, SK_PRF (an n-byte key to generate pseudorandom values for randomized message hashing), the n-byte value root (which is the root node of the tree), and SEED (the n-byte public seed used to pseudorandomly generate bitmasks and hash function keys).
Notes:
SEED appearing in the parenthesis explaining the root value is confusing. It has to be paired with the explanation of it that follows.
Errata verified by Andreas Hülsing, 2024-04-22