Open zugzwang opened 4 days ago
Hi @zugzwang, we also support the parameter sets from NIST SP.800-208. Unfortunately, these sets look very similar to the instances defined in RFC 8391:
XMSS-SHAKE256_10_256
(SP.800-208) vs XMSS-SHAKE_10_256
(RFC)
Calling keygen with XMSS-SHAKE256_10_256
should work.
After generating a XMSS-SHAKE_10_256 private key and obtaining the public key, the first four bytes are used to identify the parameter set:
I was expecting to see the identifier
0x00000010
from NIST SP 800-208 (see table 14).Instead, it looks like the identifier
0x00000007
is matched against the list in appendix B.1 of RFC8391 or Section 8.10.14 of the Botan handbook.Botan migrated to NIST SP 800-208 (as indicated in the "XMSS Signature Changes", section 6.26 of the handbook), so perhaps the identifiers could also be updated, or else, state in that same section that identifiers will remain as before.