From a268a8e591f016db42a2e304bc68470c732f2b64 Mon Sep 17 00:00:00 2001
From: davidsarah <>
Date: Sun, 12 Feb 2012 23:49:17 +0000
Subject: [PATCH] Julian's GMSS implementation is not stateful

[Imported from Trac: page OneHundredYearCryptography, version 20]
---
 OneHundredYearCryptography.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OneHundredYearCryptography.md b/OneHundredYearCryptography.md
index 68fe51c..ca13f88 100644
--- a/OneHundredYearCryptography.md
+++ b/OneHundredYearCryptography.md
@@ -31,7 +31,7 @@ David-Sarah has proposed to use hash-based digital signatures.
 
 Zooko posted ["back of the envelope" performance constraints](https://tahoe-lafs.org/pipermail/tahoe-dev/2011-February/006133.html). Bottom-line: you get 30 million ARM instructions to implement one complete digital signature verification.
 
-Julian Wälde has [posted an actual implementation](http://tahoe-lafs.org/pipermail/tahoe-dev/2011-March/006237.html) of (stateful) hash-based digital signatures! Exciting fact: his implementation [*pipermail/tahoe-dev/2011-July/006554.html meets] Zooko's [*pipermail/tahoe-dev/2011-February/006133.html performance criteria]!
+Julian Wälde has [posted an actual implementation](http://tahoe-lafs.org/pipermail/tahoe-dev/2011-March/006237.html) of hash-based digital signatures! Exciting fact: his implementation [*pipermail/tahoe-dev/2011-July/006554.html meets] Zooko's [*pipermail/tahoe-dev/2011-February/006133.html performance criteria]!
 
 Brian and David-Sarah wrote [a simulator]source:trunk/misc/simulators/hashbasedsig.py or two to explore performance trade-offs in (stateless) hash-based signature parameters. The output of one run with the following parameters is this (note that the signing times include regeneration of per-message signing keys from a small long-term private key):
 ```