TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8ff6df538c506bfcd83d9e4ab8bfaf2f4e671d11^! / . / ChangeLog.d
commit8ff6df538c506bfcd83d9e4ab8bfaf2f4e671d11[log] [tgz]
authorRaef Coles <raef.coles@arm.com>Wed Jul 21 12:42:15 2021 +0100
committerRaef Coles <raef.coles@arm.com>Thu Oct 13 14:28:15 2022 +0100
tree97fc9ee03f541ecff9d3be43fbd4fc5ac16cef29
parent0fe6631486db70178b380f8ef6e5d89063ae39a3 [diff]
Add LMS implementation

Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>

diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt
new file mode 100644
index 0000000..0f09f01
--- /dev/null
+++ b/ChangeLog.d/LMS.txt

@@ -0,0 +1,12 @@
+Features
+    * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme
+      as defined in RFC8554 and NIST.SP.200-208. This currently only supports
+      one parameter set (LMS_SHA256_M32_H10), meaning that each private key can
+      be used to sign 1024 messages. As such, it is not intended for use in TLS,
+      but instead for verification of assets transmitted over an insecure
+      channel, particularly firmware images. This is one of the signature
+      schemes recommended by the IETF draft SUIT standard for IOT firmware
+      upgrades (RFC9019).
+    * Add the LM-OTS post-quantum-safe one-time signature scheme, which is
+      required for LMS. This can be used independently, but each key can only be
+      used to sign one message so is impractical for most circumstances.