You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
• Two new address types were defned, WOTS_PRF and FORS_PRF, which are used for WOTS+
and FORS secret key value generation.
• PK.seed was added as an input to PRF in order to mitigate multi-key attacks.
• For the category 3 and 5 parameter sets that use SHA-2, SHA-256 was replaced with
SHA-512 in Hmsg, PRFmsg, H, and Tl based on weaknesses that were discovered when
using SHA-256 to obtain category 5 security [6, 7, 8].
• R and PK.seed were added as inputs to MGF1 when computing Hmsg for the SHA-2
parameter sets in order to mitigate against multi-target long-message second preimage
attacks.
The text was updated successfully, but these errors were encountered:
As per NIST publication, following changes are proposed to SPHINCS+ in SLH-DSA
Would be nice if these changes can be incorporated. Thanks in advance!
https://csrc.nist.gov/pubs/fips/205/ipd
• Two new address types were defned, WOTS_PRF and FORS_PRF, which are used for WOTS+
and FORS secret key value generation.
• PK.seed was added as an input to PRF in order to mitigate multi-key attacks.
• For the category 3 and 5 parameter sets that use SHA-2, SHA-256 was replaced with
SHA-512 in Hmsg, PRFmsg, H, and Tl based on weaknesses that were discovered when
using SHA-256 to obtain category 5 security [6, 7, 8].
• R and PK.seed were added as inputs to MGF1 when computing Hmsg for the SHA-2
parameter sets in order to mitigate against multi-target long-message second preimage
attacks.
The text was updated successfully, but these errors were encountered: