Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions.
In this hierarchical data structure, a hash function and concatenation are used repeatedly to compute tree nodes.
The US National Institute of Standards and Technology (NIST), specified that algorithms in its post-quantum cryptography competition support a minimum of 264 signatures safely.
[4] NIST standardized stateful hash-based cryptography based on the eXtended Merkle Signature Scheme (XMSS) and Leighton–Micali Signatures (LMS),[5] which are applicable in different circumstances, in 2020, but noted that the requirement to maintain state when using them makes them more difficult to implement in a way that avoids misuse.
Large values of the Winternitz parameter yield short signatures and keys, at the price of slower signing and verifying.
The central idea of hash-based signature schemes is to combine a larger number of one-time key pairs into a single structure to obtain a practical way of signing more than once (yet a limited number of times).
The global public key is the single node at the very top of the Merkle tree.
Its value is an output of the selected hash function, so a typical public key size is 32 bytes.
It is stored as part of the signature, and allows a verifier to reconstruct the node path between those two public keys.
The global private key is generally handled using a pseudo-random number generator.
One-time secret keys are derived successively from the seed value using the generator.
Increasingly efficient approaches have been introduced, dramatically speeding up signing time.
As a consequence, each adequate hash function yields a different corresponding hash-based signature scheme.
HORST is an improvement of an older few-time signature scheme, HORS (Hash to Obtain Random Subset).
[5] Practical improvements have been proposed in the literature that alleviate the concerns introduced by stateful schemes.
The XMSS, GMSS and SPHINCS schemes are available in the Java Bouncy Castle cryptographic APIs.