RFC Errata
RFC 8391, "XMSS: eXtended Merkle Signature Scheme", May 2018
Source of RFC: IRTF
Errata ID: 8383
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alex J Malozemoff
Date Reported: 2025-04-16
Section 3.1.5 says:
Input: Message M, WOTS+ private key sk, address ADRS, seed SEED
It should say:
Input: private key sk, Message M, WOTS+ seed SEED, address ADRS
Notes:
When used in Algorithm 11 it is called as `WOTS_sign(getWOTS_SK(SK, idx_sig), M', getSEED(SK), ADRS);` that is, the secret key comes first, then the message, then the seed, then finally the address.