Fast Hash-Based Signatures on Constrained Devices

  • Sebastian Rohde
  • Thomas Eisenbarth
  • Erik Dahmen
  • Johannes Buchmann
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5189)


Digital signatures are one of the most important applications of microprocessor smart cards. The most widely used algorithms for digital signatures, RSA and ECDSA, depend on finite field engines. On 8-bit microprocessors these engines either require costly coprocessors, or the implementations become very large and very slow. Hence the need for better methods is highly visible. One alternative to RSA and ECDSA is the Merkle signature scheme which provides digital signatures using hash functions only, without relying on any number theoretic assumptions. In this paper, we present an implementation of the Merkle signature scheme on an 8-bit smart card microprocessor. Our results show that the Merkle signature scheme provides comparable timings compared to state of the art implementations of RSA and ECDSA, while maintaining a smaller code size.


Embedded security hash based cryptography Merkle signature scheme digital signatures 


  1. 1.
    Rijndaelfurious implementation (January 2008),
  2. 2.
    Atmel. Overview of secure avr microcontrollers 8-/16-bit risc cpu (2007),
  3. 3.
    Atmel. Specifications of the atmega128 microcontroller (2007),
  4. 4.
    Buchmann, J., Coronado, C., Dahmen, E., Döring, M., Klintsevich, E.: CMSS - an improved merkle signature scheme. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 349–363. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Buchmann, J., Dahmen, E., Schneider, M.: Merkle tree traversal revisited (manuscript, 2008),
  7. 7.
    Cheng, X., Li, W., Znati, T. (eds.): WASA 2006. LNCS, vol. 4138. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Coronado, C.: On the security and the efficiency of the merkle signature scheme. Cryptology ePrint Archive, Report 2005/192 (2005),
  9. 9.
    Dods, C., Smart, N.P., Stam, M.: Hash based digital signature schemes. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 96–115. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Driessen, B., Poschmann, A., Paar, C.: Comparison of Innovative Signature Algorithms for WSNs. In: Proceedings of the First ACM Conference on Wireless Network Security (to appear) Google Scholar
  11. 11. Belgian electronic ID card officially launched (April 2003),
  12. 12.
    Digital signature standard (DSS). FIPS PUB 186-2 (2007),
  13. 13.
    Ganesan, P., Venugopalan, R., Peddabachagari, P., Dean, A., Mueller, F., Sichitiu, M.: Analyzing and modeling encryption overhead for sensor network nodes. In: WSNA 2003: Proceedings of the 2nd ACM international conference on Wireless sensor networks and applications, pp. 151–159. ACM Press, New York (2003)CrossRefGoogle Scholar
  14. 14.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and rsa on 8-bit cpus. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Labor, D.: Crypto-avr-lib (January 2008),
  16. 16.
    Lenstra, A.K.: Key lengths. Contribution to The Handbook of Information Security (2004),
  17. 17.
    Liu, A., Ning, P.: TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks. Technical Report TR-2007-36, North Carolina State University, Department of Computer Science (November 2007)Google Scholar
  18. 18.
    Luk, M., Perrig, A., Whillock, B.: Seven cardinal properties of sensor network broadcast authentication. In: Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, pp. 147–156 (2006)Google Scholar
  19. 19.
    Menezes, A.J., Vanstone, S.A., van Oorschot, P.C.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  20. 20.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  21. 21.
    Naor, D., Shenhav, A., Wool, A.: One-time signatures revisited: Have they become practical. Cryptology ePrint Archive, Report 2005/442 (2005),
  22. 22.
    Steinberger, J.P.: The collision intractability of mdc-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 34–51. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Viega, J.: The AHASH Mode of Operation (manuscript, 2004),
  24. 24.
    Yu-long, S., Jian-feng, M., Qing-qi, P.: An Access Control Scheme in Wireless Sensor Networks. In: IFIP International Conference on Network and Parallel Computing Workshops, 2007, pp. 362–367 (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Sebastian Rohde
    • 1
  • Thomas Eisenbarth
    • 1
  • Erik Dahmen
    • 2
  • Johannes Buchmann
    • 2
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumBochumGermany
  2. 2.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations