ARMed SPHINCS - Computing a 41KB signature in 16KB of RAM

This paper shows that it is feasible to implement the stateless hash-based signature scheme SPHINCS-256 on an embedded microprocessor with memory even smaller than a signature and limited computing power. We demonstrate that it is possible to generate and verify the 41KB signature on an ARM Cortex M3 that only has 16KB of memory available. We provide benchmarks for our implementation which show that this can be used in practice. To analyze the costs of using the stateless SPHINCS scheme instead of its stateful alternatives, we also implement XMSSMT on this platform and give a comparison.

[1]  Denis Butin,et al.  XMSS: Extended Hash-Based Signatures , 2015 .

[2]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[3]  Christof Paar,et al.  Fast Hash-Based Signatures on Constrained Devices , 2008, CARDIS.

[4]  Tim Güneysu,et al.  Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems , 2012, CHES.

[5]  Chen-Mou Cheng,et al.  Implementing Minimized Multivariate PKC on Low-Resource Embedded Systems , 2006, SPC.

[6]  Andreas Hülsing,et al.  Forward Secure Signatures on Smart Cards , 2012, Selected Areas in Cryptography.

[7]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[8]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[9]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[10]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[11]  Oded Goldreich,et al.  Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme , 1986, CRYPTO.

[12]  Willi Meier,et al.  SHA-3 proposal BLAKE , 2009 .

[13]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[14]  Andreas Hülsing,et al.  Practical forward secure signatures using minimal security assumptions , 2013 .

[15]  Tsuyoshi Takagi,et al.  Digital Signatures Out of Second-Preimage Resistant Hash Functions , 2008, PQCrypto.

[16]  Mihir Bellare,et al.  Collision-Resistant Hashing: Towards Making UOWHFs Practical , 1997, CRYPTO.

[17]  Tim Güneysu,et al.  Beyond ECDSA and RSA: Lattice-based digital signatures on constrained devices , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[18]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[19]  Thomas Eisenbarth,et al.  Faster Hash-Based Signatures with Bounded Leakage , 2013, Selected Areas in Cryptography.

[20]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[21]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..