Skip to main content

Table 4 Required security required security of underlying function in hash tree and pseudorandom key selection

From: Hash-based signature revisited

Scheme

Merkle tree

XMSS

XMSS in RFC 8391

LMS

GMSS

XMSSMT

HSS

SPHINCS

SPHINCS + 

Required security of underlying function in hash tree and pseudorandom key selection

CR

SPR

PRF of G(n);

multi-function multi-target SPR of H

SPR

CR

SPR

SPR

PRF of F;

Subset-resilience of Hdgt;

SPR of H

PQ-MM-SPR of H and tweakable hash;

PQ-PRF of F;

PQ-target subset resilience of Hdgt

Model

Standard

Standard

RO

RO

Standard

Standard

RO

Standard

RO