Paper 2020/470

LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4

Fabio Campos, Tim Kohlstadt, Steffen Reith, and Marc Stoettinger

Abstract

Stateful hash-based signature schemes are among the most efficient approaches for post-quantum signature schemes. Although not suitable for general use, they may be suitable for some use cases on constrained devices. LMS and XMSS are hash-based signature schemes that are conjectured to be quantum secure. In this work, we compared multiple instantiations of both schemes on an ARM Cortex-M4. More precisely, we compared performance, stack consumption, and other figures for key generation, signing and verifying. To achieve this, we evaluated LMS and XMSS using optimised implementations of SHA-256, SHAKE256, Gimli-Hash, and different variants of Keccak. Furthermore, we present slightly optimised implementations of XMSS achieving speedups of up to 3.11x for key generation, 3.11x for signing, and 4.32x for verifying.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
LMSXMSSimplementationhash-based signaturesdigital signaturepost-quantum cryptography
Contact author(s)
campos @ sopmac de
History
2020-04-24: received
Short URL
https://ia.cr/2020/470
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/470,
      author = {Fabio Campos and Tim Kohlstadt and Steffen Reith and Marc Stoettinger},
      title = {LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4},
      howpublished = {Cryptology ePrint Archive, Paper 2020/470},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/470}},
      url = {https://eprint.iacr.org/2020/470}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.