Efficient Hash-Based Signatures on Embedded Devices

Authentication and message integrity are essential building blocks for protocols of many security related verification processes like data origin authentication for valid software updates or device authentication. Critical embedded devices like a brake control unit in a car must only accept updates from valid issuers. At the same time it is essential for security and commercial reasons to prove the authenticity of the device to other integrated systems to prevent product counterfeiting. The most widely used algorithms for digital signatures, RSA and ECDSA, depend on finite field engines. Many embedded devices are powered by 8-bit microprocessors. On this platform the finite field engines either require costly coprocessors, or the implementations become very large and very slow. Hence the need for better methods is highly visible. One alternative to RSA and ECDSA is the Merkle signature scheme which provides digital signatures using hash functions only, without relying on any number theoretic assumptions. In this paper, we present an implementation of the Merkle signature scheme on an 8-bit microprocessor. Our results prove that the Merkle signature scheme can provide very good timings and a higher degree of security compared to previous implementations of RSA and ECDSA, while maintaining a smaller code size.

[1]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[2]  A. K. Lenstra,et al.  Key Lengths Contribution to The Handbook of Information Security , 2010 .

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  Avishai Wool,et al.  One-Time Signatures Revisited: Have They Become Practical? , 2005, IACR Cryptol. ePrint Arch..

[5]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[6]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  John P. Steinberger,et al.  The Collision Intractability of MDC-2 in the Ideal Cipher Model , 2007, IACR Cryptol. ePrint Arch..

[9]  Christof Paar,et al.  Comparison of innovative signature algorithms for WSNs , 2008, WiSec '08.

[10]  Adrian Perrig,et al.  Seven cardinal properties of sensor network broadcast authentication , 2006, SASN '06.

[11]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[12]  Carlos Coronado On the security and the efficiency of the Merkle signature scheme , 2005, IACR Cryptol. ePrint Arch..

[13]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[14]  Ma Jian-feng,et al.  An Access Control Scheme in Wireless Sensor Networks , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[15]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[16]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[17]  Frank Mueller,et al.  Analyzing and modeling encryption overhead for sensor network nodes , 2003, WSNA '03.

[18]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .

[19]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.