LMS (Leighton-Micali Signature)
LMS (Leighton-Micali Signature) is a stateful hash-based signature scheme defined in RFC 8554. Like XMSS, it builds a Merkle tree over many one-time keys (its LM-OTS one-time signatures) and uses the tree root as the public key; each signature spends one leaf and includes the authentication path to the root. The signer must track which leaves are used, so LMS carries the state-management burden common to stateful schemes.
Standardization and use
NIST SP 800-208 approves LMS, its multi-tree variant HSS, XMSS, and XMSS-MT for cases such as firmware and software signing, where signing happens in a controlled environment and the number of signatures is planned in advance. LMS is valued for its simplicity and reliance only on hash function security, which makes it post-quantum secure and straightforward to audit. Its main limitation is state: reusing a one-time leaf can allow forgeries, so deployments must prevent index reuse across backups, clones, and concurrent signers. For applications that cannot manage state safely, the stateless SLH-DSA standard is the alternative.
Sources
Cite this entry
"LMS (Leighton-Micali Signature)." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/lms@misc{pqwiki-lms,
title = {LMS (Leighton-Micali Signature)},
howpublished = {\url{https://postquantum.wiki/lms}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}