{"id":17717300,"url":"https://github.com/bwesterb/xmssmt","last_synced_at":"2025-04-01T16:30:44.477Z","repository":{"id":57548855,"uuid":"121226903","full_name":"bwesterb/xmssmt","owner":"bwesterb","description":"XMSS[MT] commandline tool","archived":false,"fork":false,"pushed_at":"2023-12-18T22:45:22.000Z","size":60,"stargazers_count":13,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-06-19T05:43:18.846Z","etag":null,"topics":["cli-utilities","hash-based-signatures","post-quantum","rfc8391","xmss","xmssmt"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bwesterb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-12T09:33:21.000Z","updated_at":"2024-06-06T15:17:37.000Z","dependencies_parsed_at":"2024-10-25T17:12:33.253Z","dependency_job_id":"64638eb7-e8d4-4070-b7e5-706bc8fd1f74","html_url":"https://github.com/bwesterb/xmssmt","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fxmssmt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fxmssmt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fxmssmt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwesterb%2Fxmssmt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bwesterb","download_url":"https://codeload.github.com/bwesterb/xmssmt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246620344,"owners_count":20806756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli-utilities","hash-based-signatures","post-quantum","rfc8391","xmss","xmssmt"],"created_at":"2024-10-25T14:19:46.123Z","updated_at":"2025-04-01T16:30:44.239Z","avatar_url":"https://github.com/bwesterb.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"XMSSMT commandline tool\n=======================\n\nThis is a commandline tool to sign and verify messages using the\npost-quantum stateful hash-based signature-scheme XMSSMT described in\n[rfc8391](https://tools.ietf.org/html/rfc8391).\n\nInstalling\n----------\n\nTo install `xmssmt`, get [Go](https://golang.org/) and run\n\n    GO111MODULE=on go get github.com/bwesterb/xmssmt\n\nUsage\n-----\n\n#### Generating a keypair\n\nTo generate an XMSSMT keypair, run\n\n    xmssmt generate\n\nThis will generate a random `XMSSMT-SHAKE_40/4_256` keypair.  The secret key is\nstored in two files: `xmssmt.key` and `xmssmt.key.cache`.  You should keep\nboth files secret, never copy them and never restore them from a backup.\n(See below.) The public key is stores in `xmssmt.pub`.\n\nYou can specify a different instance of XMSSMT with `-a`, for instance\n\n    xmssmt generate -a XMSSMT-SHA2_20/2_512\n\nRun `xmssmt algs` to list the named instances.  (See below for the considerations\nwhen choosing an XMSSMT instance.)\n\n#### Signing\n\nTo create an XMSSMT signature on `some-file`, run\n\n    xmssmt sign -f some-file\n\nThis will create an XMSSMT signature `some-file.xmssmt-signature` using the\nsecret key `xmssmt.key`.\n\nA different secret key and signature output file can be specified with flags:\n\n    xmssmt sign -f some-file -s path/to/secret-key -o path/to/write/signature/to\n\n#### Verifying\n\nTo verify the XMSSMT signature `some-file.xmsssmt-signature` on `some-file`, run\n\n    xmssmt verify -f some-file\n\nIt will look for the public key in the file `xmssmt.pub`.\n\nWith flags one can specify the files to read the signature and public key from.  Eg:\n\n    xmssmt verify -f some-file -S the-signature -p path-to-public-key\n\nConsiderations\n--------------\n\n### State\n\nXMSSMT (in contrast to its sibling [SPHINCS+](https://sphincs.org/)) is stateful:\nevery signature has a sequence number and a sequence number\n[should](https://eprint.iacr.org/2016/1042.pdf) not be reused.\nThere is also a maximum signature sequence number (dependant on the exact\nXMSSMT instance).\nThe first free signature sequence number is stored in the secret key\nfile `xmssmt.key`, which is incremented on every signature issued.  Thus\n\n * You should **not copy** the secret key file, for otherwise signature\n   sequence numbers might be reused.\n * You should **never restore** a secret key file from a backup, for again,\n   otherwise signature sequence numbers might be reused.\n\n### Cache\n\nWithout cache, creating a XMSSMT signature is about as expensive as generating\na keypair.  Almost all computations between two signatures (which are close in\nsequence number) can be reused.  To this end `xmssmt` stores these values\nin the `.key.cache` file.  This makes creating a signature even significantly\nfaster than verifying one (if cached).\n\nWith the default XMSSMT instance, signatures are cached in batches\n(\"subtrees\") of 1024.  So, the first 1024 signatures are quick to create.\nThe 1025th signature takes (with the default instance) a fourth of the\nkey generation time and the next 1023 signatures are again very fast to create.\n\n### Instance \u0026 parameters\n\nAn XMSSMT instance has five main parameters\n\n * The **hash function** used.  Either SHAKE or SHA2.  The XMSSMT authors prefer\n   SHAKE and it's significantly faster than SHA2 (except for n=512.)\n * **n** is the main security parameter and is either 128, 256 or 512 bits.\n   512 bit signatures are at least twice as large (see `xmssmt algs`),\n   and are approximately tree times as slow to create and verify.\n   If you're unsure, use 256 bit.  Use 512 bit if\n   \n    1. you want your signatures to be trustworthy for at least a 100 years *and*\n    2. you believe that performance per watt will keep increasing exponentially.\n\n * **tree height** determines the maximum number of signatures that can be created\n   with a keypair.  With tree height t, one can create 2^t signatures.  So with the\n   default tree height 40, we have about a trillion signatures.  With the other\n   parameters fixed, a higher tree height will exponentially increase key\n   generation time and secret key (cache) size.  In contrast, signature size\n   and signing/verifying-times will not change by much.\n * **d** is, in effect, a trade-off between\n\n     1. signature size and signature verification times and\n     2. secret key (cache) size and keypair generation time.\n   \n   If unsure, pick `d = (tree height) / 10`. Then the keypair will only take a\n   few seconds to generate; the secret key (cache) is less than a megabyte;\n   signatures are cached in batches of 1024 and still have an acceptable\n   size (for the tree height).\n   \n   If long key generation time, ~250MB secret key cache and slow signing\n   every millionth of a signature is not a problem, consider `d = (tree height) / 20`.\n * **w** is a trade-off between\n\n    1. signature size\n    2. signing/verification/key generation time.\n\n   The default is `w=16`.  The RFC only lists instances with `w=16`.\n\nThe parameters (for `w=16`) are formatted as follows in the name\n\n    XMSSMT-(hash func)_(tree height)/(d)_(n in bits)\n\nThe special case `d=1` is formatted as\n\n    XMSS-(hash func)_(tree height)_(n in bits)\n\nThe parameter `w` can be specified by suffixing `_w(value of w)`, i.e.:\n\n    XMSSMT-SHAKE_60/12_512_w256\n\nSee also\n--------\n\n * [atumd](https://github.com/bwesterb/atumd), a timestamping server that uses XMSSMT\n * [go-xmssmt](https://github.com/bwesterb/go-xmssmt), a Go package that implements XMSSMT.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwesterb%2Fxmssmt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbwesterb%2Fxmssmt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwesterb%2Fxmssmt/lists"}