The Internet Engineering Task Force (IETF) has announced that the XMSS stateful hash-based signature scheme has been published as Request for Comments (RFC) 8391. Our understanding is that the LMS stateful hash-based signature scheme will likely be published as an RFC in the coming months.
NIST plans to coordinate with other standards organizations, such as the IETF, to develop standards for stateful hash-based signatures. As stateful hash-based signatures do not meet the API requested for signatures, this standardization effort will be a separate process from the one outlined in the December 2016 Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms. It is expected that NIST will only approve a stateful hash-based signature standard for use in a limited range of signature applications, such as code signing, where most implementations will be able to securely deal with the requirement to keep state.
We—NIST's Computer Security Division—would like your feedback:
Send us a message at pqc-comments@nist.gov.
Thank you.
NIST Computer Security Division
Security and Privacy: digital signatures, post-quantum cryptography, secure hashing
Activities and Products: standards development