RFC Errata

Errata Search
RFC Number:		Errata ID:

Source of RFC		Status:
Area Acronym:		Type:
WG Acronym:		Submitter Name:
Other:		Date Submitted:
Summary Table Full Records

RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018

Source of RFC: IRTF

Errata ID: 7420
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Rafael Misoczki
Date Reported: 2023-04-11

Section 4.2.2 says:

// Generate reduced XMSS private keys
     ADRS = toByte(0, 32);
     for ( layer = 0; layer < d; layer++ ) {
        ADRS.setLayerAddress(layer);
        for ( tree = 0; tree <
              (1 << ((d - 1 - layer) * (h / d)));
              tree++ ) {
           ADRS.setTreeAddress(tree);
           for ( i = 0; i < 2^(h / d); i++ ) {
             wots_sk[i] = WOTS_genSK();
           }
           setXMSS_SK(SK_MT, wots_sk, tree, layer);
        }
     }

It should say:

// Generate reduced XMSS private keys
     ADRS = toByte(0, 32);
     for ( layer = 0; layer < d; layer++ ) {
        ADRS.setLayerAddress(layer);
        for ( tree = 0; tree <
              (1 << ((d - 1 - layer) * (h / d)));
              tree++ ) {
           ADRS.setTreeAddress(tree);
           for ( i = 0; i < 2^(h / d); i++ ) {
             wots_sk[i] = WOTS_genSK();
           }
           setXMSS_SK(SK_MT, wots_sk, tree, layer, ADRS);
        }
     }

Notes:

The ADRS variable is created and configured (layer address and tree address fields set) but it is not used anywhere in the for-loop.

It would be more precise if the setXMSS_SK function receives the ADRS variable so that implementers understand that both layer address and tree address fields must be set as defined in this for-loop in order to generate the correct XMSS private key in each iteration of this loop.

Report New Errata

Search RFCs

RFC Editor

The Series

For Authors

Sponsor

RFC Errata

Errata Search

RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018