NIST SP 800-208: Stateful Hash-Based Signature Schemes

ActiveUS FederalStandard

Issuer: National Institute of Standards and Technology(NIST)
Effective date: Oct 29, 2020
Published date: Oct 29, 2020
Full text: View full text →

Summary

NIST Special Publication 800-208 approves XMSS (RFC 8391) and LMS/HSS (RFC 8554) as stateful hash-based digital signature schemes for use in US federal information systems. These algorithms provide quantum-resistant signatures based solely on the security of cryptographic hash functions, with no reliance on structured algebraic hardness assumptions. Approved specifically for firmware and software signing use cases where signing volume is low and state can be managed carefully.

PKI impact

Medium riskCode Signingfirmware Signing

SP 800-208 addresses a narrow but operationally critical use case: firmware and software signing in federal systems. The stateful nature of XMSS and LMS/HSS requires key management infrastructure fundamentally different from classical signing workflows, creating implementation risk if deployed without careful design.

Migration hints

Use LMS/HSS or XMSS only for low-volume signing use cases — firmware images, bootloaders, software packages — and not for high-frequency certificate signing or TLS/SSL.
Design stateful key management infrastructure before deployment: these algorithms require persistent, crash-consistent counters; key reuse caused by counter reset is catastrophic and unrecoverable.
Verify HSM vendor support for LMS/HSS specifically; not all HSMs that support ML-DSA also support stateful hash-based schemes, and key state persistence requirements differ significantly.
NSA CNSA 2.0 recommends LMS as the preferred stateful option for NSS firmware signing — align with this preference if operating in or adjacent to National Security Systems.

Milestones (0)

No milestones recorded.

Algorithm references (2)

XMSSSP 800-208Recommended
Replaces: RSA, ECDSA
XMSS approved for federal use per SP 800-208. Recommended for firmware and software signing in federal systems.
LMS / HSSSP 800-208Recommended
Replaces: RSA, ECDSA
LMS/HSS approved for federal use per SP 800-208. Recommended for firmware and software signing applications in federal systems.

Changelog (1)

Date	Type	Description
Oct 29, 2020	New	NIST SP 800-208 published, approving XMSS and LMS/HSS stateful hash-based signature schemes for use in US federal information systems.

Issuer

National Institute of Standards and TechnologyNIST

Type: STANDARDS BODY

Region: US

Visit website →