RFC Errata
Found 1 record.
Status: Reported (1)
RFC 8554, "Leighton-Micali Hash-Based Signatures", April 2019
Source of RFC: IRTF
Errata ID: 7409
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Peter Campbell
Date Reported: 2023-03-29
Section Section 6.4, Table 3 says:
+---------+------------+---------+-------------+
| ParmSet | KeyGenTime | SigSize | KeyLifetime |
+---------+------------+---------+-------------+
...
| 15/10 | 6 sec | 3172 | 9 hours |
| | | | |
| 15/15 | 6 sec | 3332 | 12 days |
| | | | |
| 20/10 | 3 min | 3332 | 12 days |
| | | | |
| 20/15 | 3 min | 3492 | 1 year |
| | | | |
| 25/10 | 1.5 hour | 3492 | 1 year |
| | | | |
| 25/15 | 1.5 hour | 3652 | 34 years |
+---------+------------+---------+-------------+
It should say:
+---------+------------+---------+-------------+
| ParmSet | KeyGenTime | SigSize | KeyLifetime |
+---------+------------+---------+-------------+
...
| 15/10 | 6 sec | 3124 | 9 hours |
| | | | |
| 15/15 | 6 sec | 3284 | 12 days |
| | | | |
| 20/10 | 3 min | 3284 | 12 days |
| | | | |
| 20/15 | 3 min | 3444 | 1 year |
| | | | |
| 25/10 | 1.5 hour | 3444 | 1 year |
| | | | |
| 25/15 | 1.5 hour | 3604 | 34 years |
+---------+------------+---------+-------------+
Notes:
The signature sizes for the two-level HSS parameters in Table 3 are all 48 bytes larger than they should be. It looks like they were computed assuming a 64-byte identifier I in the level-1 LMS public key pub[1], but the identifier was reduced to 16 bytes in draft -07. The signature sizes for the single-level HSS parameters are all correct because they do not have intermediate LMS public keys.