Cryptology ePrint Archive: Report 2015/1042

ARMed SPHINCS -- Computing a 41KB signature in 16KB of RAM

Andreas Hülsing and Joost Rijneveld and Peter Schwabe

Abstract: This paper shows that it is feasible to implement the stateless hash-based signature scheme SPHINCS-256 on an embedded microprocessor with memory even smaller than a signature and limited computing power. We demonstrate that it is possible to generate and verify the 41\,KB signature on an ARM Cortex M3 that only has 16\,KB of memory available. We provide benchmarks for our implementation which show that this can be used in practice. To analyze the costs of using the stateless SPHINCS scheme instead of its stateful alternatives, we also implement XMSS$^{MT}$ on this platform and give a comparison.

Category / Keywords: implementation / post-quantum cryptography, hash-based signature schemes, microcontroller, resource-constrained devices, ARM Cortex M3, SPHINCS-256, XMSS^{MT}

Date: received 27 Oct 2015, last revised 3 Feb 2016

Contact author: armedsphincs at cryptojedi org

Available format(s): PDF | BibTeX Citation

Note: After further optimizations, we were able to reduce the cycle counts reported in this work.

Version: 20160203:150047 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]