From 385d36f69b24e6714c5893981afdf56f876a77cd Mon Sep 17 00:00:00 2001
From: daira <>
Date: Wed, 25 Mar 2015 09:33:16 +0000
Subject: [PATCH] not that XMSS is stateful

[Imported from Trac: page Bibliography, version 81]
---
 Bibliography.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Bibliography.md b/Bibliography.md
index 076c54f..bd29353 100644
--- a/Bibliography.md
+++ b/Bibliography.md
@@ -44,7 +44,7 @@ Here are some papers that are potentially of interest.
 #### Hash-Based Digital Signatures
 
 * [SPHINCS: practical stateless hash-based signatures](http://sphincs.cr.yp.to/papers.html) by Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O'Hearn; "introduces the HORST few-time signature scheme, the SPHINCS many-time signature scheme, and SPHINCS-256". This is the current state-of-the-art in stateless hash-based signatures (but I may be biased --Daira).
-* [XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions](http://eprint.iacr.org/2011/484) by Buchmann, Dahmen, Hülsing; “the first provably forward secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure hash based signature scheme.”
+* [XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions](http://eprint.iacr.org/2011/484) by Buchmann, Dahmen, Hülsing; “the first provably forward secure and practical stateful signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure stateful hash based signature scheme.”
 * [Digital Signatures out of Second-Preimage Resistant Hash Functions](http://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/DOTV08.pdf) by Dahmen, Okeya, Takagi, Vuillame; This scheme is secure as long as the underlying hash function has *second-preimage resistance*, which real hash functions are a lot more likely to have than to have a stronger property like *collision-resistance*.
 * [Hash-based Digital Signature Schemes](http://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/hashbasedcrypto.pdf) by Buchmann, Dahmen, and Szydlo; A survey of why it might be a good idea.
 #### Elliptic Curve Cryptography