Check if a NEXT-tree exists before updating it

xmss_fast.c

@@ -844,6 +844,7 @@ int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs,
   unsigned int n = params->n;
   unsigned int m = params->m;
   unsigned int tree_h = params->xmss_par.h;
+  unsigned int h = params->h;
   unsigned int k = params->xmss_par.k;
   unsigned int idx_len = params->index_len;
   unsigned long long idx_tree;
@@ -951,11 +952,15 @@ int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs,
 
   SET_LAYER_ADDRESS(ots_addr, 0);
   SET_TREE_ADDRESS(ots_addr, (idx_tree + 1));
-  // mandatory update for NEXT_0 (does not count towards h-k)
-  bds_state_update(&states[params->d], sk_seed, &(params->xmss_par), pub_seed, ots_addr);
 
   updates = tree_h - k;
 
+  // if a NEXT-tree exists within the hypertree
+  if ((1 + idx_tree) * (1 << tree_h) + idx_leaf < (1 << h)) {
+    // mandatory update for NEXT_0 (does not count towards h-k)
+    bds_state_update(&states[params->d], sk_seed, &(params->xmss_par), pub_seed, ots_addr);
+
+    // check if we're at the end of a tree
     for (i = 0; i < params->d; i++) {
       if (((idx + 1) & ((1 << ((i+1)*tree_h)) - 1)) == 0) {
         memcpy(&tmp, states+params->d + i, sizeof(bds_state));
@@ -982,6 +987,7 @@ int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs,
         }
       }
     }
+  }
 
   SET_LAYER_ADDRESS(ots_addr, 0);
   SET_TREE_ADDRESS(ots_addr, idx_tree);
@@ -1005,10 +1011,13 @@ int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs,
       updates--;
     }
     SET_TREE_ADDRESS(ots_addr, (idx_tree + 1));
+    // if a NEXT-tree exists for this level;
+    if ((1 + idx_tree) * (1 << tree_h) + idx_leaf < (1 << (h - tree_h * i))) {
       while (updates > 0 && !bds_state_update(&states[params->d + i], sk_seed, &(params->xmss_par), pub_seed, ots_addr)) {
         updates--;
       }
     }
+  }
   
   //Whipe secret elements?  
   //zerobytes(tsk, CRYPTO_SECRETKEYBYTES);