XMSS (eXtended Merkle Signature Scheme) for Rust
XMSS provides post-quantum digital signatures using hash-based cryptography, offering 128-bit post-quantum security with forward security properties.
Core Architecture:
pub struct XMSSPrivateKey {
pub idx: u32, // Current signature index
pub wots_keys: Vec<(WOTSPlusPrivateKey, WOTSPlusPublicKey)>,
pub sk_seed: Vec<u8>, // Seed for key generation
pub sk_prf: Vec<u8>, // Seed for PRF
pub seed: Vec<u8>, // Public seed
pub root: Vec<u8>, // Merkle tree root
}WOTS+ One-Time Signatures:
- Winternitz parameter w=16 for optimal size/security tradeoff
- Hash chains with randomized hashing using bitmasks
- Base-w conversion for message encoding
Merkle Tree Construction:
- Binary hash tree combining 2ʰ WOTS+ public keys
- Authentication paths enable signature verification
- BDS algorithm for logarithmic space complexity
Stateful Management:
pub trait PersistentStorage: Send + Sync {
fn save_state(&mut self, state: &[u8]) -> Result<(), XMSSError>;
fn load_state(&self) -> Result<Vec<u8>, XMSSError>;
}Security Features:
- Constant-time operations using
subtlecrate - Memory zeroization with
zeroizecrate - Forward security through key evolution
- RFC 8391 compliance with test vectors
Performance Optimizations:
- BDS algorithm reduces space from O(2ʰ) to O(h²)
- Parallel hash computations for tree construction
- Memory-efficient authentication path updates
- Hardware security module integration support