RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

RFC 8554, "Leighton-Micali Hash-Based Signatures", April 2019

Source of RFC: IRTF

Errata ID: 7994
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: David Cooper
Date Reported: 2024-06-17

Section 3.3 says: 

   /* leighton-micali signatures (lms) */

   union lms_path switch (lms_algorithm_type type) {
    case lms_sha256_n32_h5:
      bytestring32 path_n32_h5[5];
    case lms_sha256_n32_h10:
      bytestring32 path_n32_h10[10];
    case lms_sha256_n32_h15:
      bytestring32 path_n32_h15[15];
    case lms_sha256_n32_h20:
      bytestring32 path_n32_h20[20];
    case lms_sha256_n32_h25:
      bytestring32 path_n32_h25[25];
    default:
      void;     /* error condition */
   };

   struct lms_signature {
     unsigned int q;
     lmots_signature lmots_sig;
     lms_path nodes;
   };

   struct lms_key_n32 {
     lmots_algorithm_type ots_alg_type;
     opaque I[16];
     opaque K[32];
   };

   union lms_public_key switch (lms_algorithm_type type) {
    case lms_sha256_n32_h5:
    case lms_sha256_n32_h10:
    case lms_sha256_n32_h15:
    case lms_sha256_n32_h20:
    case lms_sha256_n32_h25:
         lms_key_n32 z_n32;

It should say:

   /* leighton-micali signatures (lms) */

   union lms_path switch (lms_algorithm_type type) {
    case lms_sha256_m32_h5:
      bytestring32 path_m32_h5[5];
    case lms_sha256_m32_h10:
      bytestring32 path_m32_h10[10];
    case lms_sha256_m32_h15:
      bytestring32 path_m32_h15[15];
    case lms_sha256_m32_h20:
      bytestring32 path_m32_h20[20];
    case lms_sha256_m32_h25:
      bytestring32 path_m32_h25[25];
    default:
      void;     /* error condition */
   };

   struct lms_signature {
     unsigned int q;
     lmots_signature lmots_sig;
     lms_path nodes;
   };

   struct lms_key_m32 {
     lmots_algorithm_type ots_alg_type;
     opaque I[16];
     opaque K[32];
   };

   union lms_public_key switch (lms_algorithm_type type) {
    case lms_sha256_m32_h5:
    case lms_sha256_m32_h10:
    case lms_sha256_m32_h15:
    case lms_sha256_m32_h20:
    case lms_sha256_m32_h25:
         lms_key_m32 z_m32;

Notes:

While "n" is the parameter used in LMOTS, "m" is the parameter used in LMS. In order to be consistent with the other parts of RFC 8554 and with the IANA registry, the LMS parameter set names need to be changed from "_n32_" to "_m32_". For consistency, all other references to the number of bytes in each node should changed from "n32" to "m32".

Report New Errata



Advanced Search