XMSS

Notes

Stateful hash-based signature scheme standardized in RFC 8391 and recommended by NIST SP 800-208. Quantum-safe with minimal security assumptions (relies only on hash function security). Requires careful state management to avoid one-time key reuse.