eXtended Merkle Signature Scheme is a post-quantum safe signature algorithm (RFC).
This project contains a pure C99 implementation of the XMSS algorithm, developed by Fox Crypto.
The XMSS C library is production ready and is being maintained on premise to support evaluation at the highest possible levels (e.g. Common Criteria). Please contact Fox Crypto for details on how we can help getting your product certified.
The library was developed under the Dutch "National Crypto Strategy" (NCS), aiming to speed up the development of first class information security products, stimulating R&D in the crypto field, and strengthening collaboration between government, companies and academia.
The library supports the 256-bits parameter sets recommended by NIST SP 800-208:
XMSS-SHA2_10_256XMSS-SHA2_16_256XMSS-SHA2_20_256XMSS-SHAKE256_10_256XMSS-SHAKE256_16_256XMSS-SHAKE256_20_256
Multi-tree XMSS (XMSS-MT) is not supported.
The library consists of two parts with slightly different, but complementary objectives.
The signing part of the library delivers an API which includes not only the common signature operations, but also provides solutions for availability, load balancing, and signature count hiding. It is optimized for use on modern PC or server hardware.
The verification library consists of a single C function which allows the caller to verify a signature against a payload and a public key. It is optimized for resource-constrained hardware, including micro-controllers.
The XMSS C library is split over several repositories. This allows users to monitor the source code repository for changes without having to deal with the more frequent updates to the documentation.
- Source code: https://github.com/FoxCryptoNL/xmss-library
- Documentation: https://github.com/FoxCryptoNL/xmss-documentation