WOTS definition
Examples of WOTS in a sentence
For a WOTS+ signature operation with the parameters described in Sect.
In particular, for a single WOTS+ key pair, the input to the first compression call is com- pletely identical across all 16 67 = 1072 calls of the chaining function.
Rather than providing a narrow API that allows a developer to efficiently make use of the underlying hash function primitive, the parallelism can be made trans- parent to the implementer through a more abstract API: computing WOTS+ chains and authentication paths.
For these parameters, a signature takes roughly 54 s in the best case: every 32nd signature adds an additional WOTS+ signature gener- ation, every 256th signature adds two WOTS+ signatures, et cetera.
While an XMSS signature consists roughly of a WOTS+ signature (i.e. 67 32 bytes) and a number of intermediate nodes (say, 20 32 bytes), an XMSSMT signature consists of mul- tiple WOTS+ signatures.
Rather than interpreting this root as the public key, it is signed using a WOTS+ leaf of a new tree, one layer ‘above’ the current layer.
Without proper state management, however, one would be required to compute d 2h/d WOTS+ leafs to derive the authentication paths.
Varying to d = 5 results in a slightly shorter signing time, coming in at 50 s in the best case (but more frequently requires new WOTS+ signatures).
Similarly, with- out API support, the expanded WOTS+ seeds live plainly in transient memory.
Furthermore, to make it effective for WOTS+ signature generation, it would require specifying the length of each individual chain, as well as a variable number of chains (as an entire WOTS+ signature will likely not fit in RAM on most Java Cards).