RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018

Errata ID: 7900
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Çağdaş Çalık
Date Reported: 2024-04-18
Verifier Name: Colin Perkins
Date Verified: 2024-04-22

Section 4.1. says:

An XMSS private key SK contains 2^h WOTS+ private keys, the leaf
index idx of the next WOTS+ private key that has not yet been used,
SK_PRF (an n-byte key to generate pseudorandom values for randomized
message hashing), the n-byte value root (which is the root node of
the tree and SEED), and the n-byte public seed used to pseudorandomly
generate bitmasks and hash function keys.

It should say:

An XMSS private key SK contains 2^h WOTS+ private keys, the leaf
index idx of the next WOTS+ private key that has not yet been used,
SK_PRF (an n-byte key to generate pseudorandom values for randomized
message hashing), the n-byte value root (which is the root node of
the tree), and SEED (the n-byte public seed used to pseudorandomly
generate bitmasks and hash function keys).

Notes:

SEED appearing in the parenthesis explaining the root value is confusing. It has to be paired with the explanation of it that follows.

Errata verified by Andreas Hülsing, 2024-04-22

Report New Errata