JEP draft: Leighton-Micali Hash-Based Signatures

[Wei-Jun Wang]

Hi All,

We haven't gotten enough feedback on the proposed new APIs and decide to drop this JEP from JDK 21. It's still open and we can reconsider it in a future release.

We are still planning on an implementation on signature verification targeting JDK 21. You can read the CSR at https://bugs.openjdk.org/browse/JDK-8305973.

Thanks,
Max

> On Mar 20, 2023, at 5:51 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
> 
> Hi All,
> 
> We propose to add support for HSS/LMS as a Signature algorithm to JCA/JCE.
> 
> All currently widely used digital signature schemes, including DSA, RSA, ECDSA, and EdDSA, have the potential to be broken if large scale quantum computers are ever built. However, the security of HSS/LMS depends only on the security of the underlying hash functions, and it is believed that the security of hash functions will not be broken by the development of large-scale quantum computers.
> 
> We have drafted a JEP for adding this support (see link below). We propose to add a new standard name and some new APIs. We will also provide an implementation of signature verification which would be integrated into an existing JDK security provider.
> 
> We don’t plan to provide implementations of key pair generation and signature generation out-of-box as they should be implemented in hardware. However, we believe third party vendors will be interested in implementing them (in a “hardware cryptographic module”) and exposing the functions through a Java security provider. Thus we are proposing an HSSGenParameterSpec class to initialize the KeyPairGenerator for HSS/LMS. We also are proposing to define new interfaces named HSSLMSPrivateKey and HSSLMSPublicKey where you can read parameters from the keys. There is a keysRemaining() method where you can find out how many LM-OTS keys are left.
> 
> You can read the draft JEP at https://openjdk.org/jeps/8303541.
> 
> Feel free to add any comment here.
> 
> Thanks,
> Max
>