Why do we need to hide the iteration of a signature? Is not it visible on the chain anyways?
Is not it possible to distinguish the unbalanced version from XMSS from balanced through the authentication path length?
Why do we need to hide the iteration of a signature? Is not it visible on the chain anyways?
Is not it possible to distinguish the unbalanced version from XMSS from balanced through the authentication path length?