Cryptology ePrint Archive: Report 2018/1225

XMSS and Embedded Systems - XMSS Hardware Accelerators for RISC-V

Wen Wang and Bernhard Jungk and Julian Wälde and Shuwen Deng and Naina Gupta and Jakub Szefer and Ruben Niederhagen

Abstract: We describe a software-hardware co-design for the hash-based post-quantum signature scheme XMSS on a RISC-V embedded processor. We provide software optimizations for the XMSS reference implementation for SHA-256 parameter sets and several hardware accelerators that allow to balance area usage and performance based on individual needs. By integrating our hardware accelerators into the RISC-V processor, the version with the best time-area product generates a key pair (that can be used to generate 2^10 signatures) in 3.44s achieving an over 54x speedup in wall-clock time compared to the pure software version. For such a key pair, signature generation takes less than 10 ms and verification takes less than 6 ms, bringing speedups of over 42x and 17x respectively. This shows that embedded systems equipped with scheme-specific hardware accelerators are able to practically use XMSS. We tested and measured the cycle count of our implementation on an Intel Cyclone V SoC FPGA. The integration of our XMSS accelerators into an embedded RISC-V processor shows that it is possible to use hash-based post-quantum signatures for a large variety of embedded applications.

Category / Keywords: implementation / XMSS, hash-based signatures, post-quantum cryptography, hardware accelerator, FPGA, RISC-V

Original Publication (with minor differences): Selected Areas in Cryptography - SAC 2019

Date: received 21 Dec 2018, last revised 8 Mar 2020

Contact author: wen wang ww349 at yale edu,ruben@polycephaly org,jakub szefer@yale edu

Available format(s): PDF | BibTeX Citation

Version: 20200308:223625 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]