Advertisement

ARMed SPHINCS

Computing a 41 KB Signature in 16 KB of RAM
  • Andreas Hülsing
  • Joost Rijneveld
  • Peter Schwabe
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9614)

Abstract

This paper shows that it is feasible to implement the stateless hash-based signature scheme SPHINCS-256 on an embedded microprocessor with memory even smaller than a signature and limited computing power. We demonstrate that it is possible to generate and verify the 41 KB signature on an ARM Cortex M3 that only has 16 KB of memory available. We provide benchmarks for our implementation which show that this can be used in practice. To analyze the costs of using the stateless SPHINCS scheme instead of its stateful alternatives, we also implement XMSS\(^{MT}\) on this platform and give a comparison.

Keywords

Post-quantum cryptography Hash-based signature schemes Microcontroller Resource-constrained devices ARM Cortex M3 SPHINCS-256 XMSS\(^{MT}\) 

References

  1. 1.
    Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE. Submission to NIST (2008). https://131002.net/blake/blake.pdf
  2. 2.
    Bellare, M., Rogaway, P.: Collision-resistant hashing: towards making UOWHFs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997). https://cseweb.ucsd.edu/~mihir/papers/tcr-hash.pdf
  3. 3.
    Bernstein, D.J.: ChaCha, a variant of Salsa20. SASC 2008: the state of the art of stream ciphers, Document ID: 4027b5256e17b9796842e6d0f68b0b5e (2008) http://cr.yp.to/papers.html#chacha
  4. 4.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). http://cryptojedi.org/papers/#sphincs Google Scholar
  5. 5.
    Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011). https://huelsing.files.wordpress.com/2013/05/mssgesamt.pdf CrossRefGoogle Scholar
  6. 6.
    Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Buchmann, J., Dahmen, E., Schneider, M.: Merkle tree traversal revisited. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 63–78. Springer, Heidelberg (2008). https://www.cdc.informatik.tu-darmstadt.de/reports/reports/AuthPath.pdf CrossRefGoogle Scholar
  8. 8.
    Hülsing, A., Busold, C., Buchmann, J.: Forward secure signatures on smart cards. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 66–80. Springer, Heidelberg (2013). https://huelsing.files.wordpress.com/2013/05/xmss-smart.pdf CrossRefGoogle Scholar
  9. 9.
    Dahmen, E., Okeya, K., Takagi, T., Vuillaume, C.: Digital signatures out of second-preimage resistant hash functions. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 109–123. Springer, Heidelberg (2008). https://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/DOTV08.pdf
  10. 10.
    Eisenbarth, T., von Maurich, I., Ye, X.: Faster hash-based signatures with bounded leakage. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 223–244. Springer, Heidelberg (2014). http://users.wpi.edu/~teisenbarth/pdf/SignatureswithBoundedLeakageSAC.pdf
  11. 11.
    Goldreich, O.: Two remarks concerning the Goldwasser-Micali-Rivest signature scheme. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 104–110. Springer, Heidelberg (1987). http://theory.csail.mit.edu/ftp-data/pub/people/oded/gmr.ps CrossRefGoogle Scholar
  12. 12.
    Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012). https://www.sha.rub.de/media/sh/veroeffentlichungen/2014/06/12/lattice_signature.pdf CrossRefGoogle Scholar
  13. 13.
    Hülsing, A.: Practical Forward Secure Signatures Using Minimal Security Assumptions. Ph.D. thesis, TU Darmstadt (2013). http://tuprints.ulb.tu-darmstadt.de/3651/
  14. 14.
    Hülsing, A.: W-OTS+ – shorter signatures for hash-based signature schemes. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 173–188. Springer, Heidelberg (2013). https://huelsing.files.wordpress.com/2013/05/wotsspr.pdf CrossRefGoogle Scholar
  15. 15.
    Hülsing, A., Butin, D., Gazdag, S., Mohaisen, A.: XMSS: extended hash-based signatures draft-irtf-cfrg-xmss-hash-based-signatures-01. Crypto Forum Research Group Internet-Draft (2015). https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-01
  16. 16.
    Hülsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSS\(^{\mathit{MT}}\). In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 194–208. Springer, Heidelberg (2013). https://huelsing.files.wordpress.com/2013/04/xmss-optimal.pdf CrossRefGoogle Scholar
  17. 17.
    Lamport, L.: Constructing digital signatures from a one way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (1979)Google Scholar
  18. 18.
    ARM Limited. ARMv6-M Architecture Reference Manual. Document ID: ARM DDI0419C. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0419c/
  19. 19.
    ARM Limited. ARMv7-M Architecture Reference Manual. Document ID: ARM DDI0403E.B. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0403e.b/
  20. 20.
    ARM Limited. Cortex-m0 processor – ARM. http://www.arm.com/products/processors/cortex-m/cortex-m0.php
  21. 21.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990). http://www.merkle.com/papers/Certified1979.pdf Google Scholar
  22. 22.
    Oder, T., Pöppelmann, T., Güneysu, T.: Beyond ECDSA and RSA: lattice-based digital signatures on constrained devices. In: Design Automation Conference – DAC 2014, pp. 1–6. ACM (2014). https://www.sha.rub.de/media/attachments/files/2014/06/bliss_arm.pdf
  23. 23.
    Reyzin, L., Reyzin, N.: Better than BiBa: short one-time signatures with fast signing and verifying. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144–153. Springer, Heidelberg (2002). http://www.cs.bu.edu/~reyzin/papers/one-time-sigs.pdf
  24. 24.
    Rohde, S., Eisenbarth, T., Dahmen, E., Buchmann, J., Paar, C.: Fast hash-based signatures on constrained devices. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 104–117. Springer, Heidelberg (2008). https://www-old.cdc.informatik.tu-darmstadt.de/reports/reports/REDBP08.pdf CrossRefGoogle Scholar
  25. 25.
    Yang, B.-Y., Cheng, C.-M., Chen, B.-R., Chen, J.-M.: Implementing minimized multivariate PKC on low-resource embedded systems. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 73–88. Springer, Heidelberg (2006). http://precision.moscito.org/by-publ/recent/39340073.pdf CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands
  2. 2.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations