eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2018/1225

XMSS and Embedded Systems - XMSS Hardware Accelerators for RISC-V

Wen Wang, Bernhard Jungk, Julian Wälde, Shuwen Deng, Naina Gupta, Jakub Szefer, and Ruben Niederhagen


We describe a software-hardware co-design for the hash-based post-quantum signature scheme XMSS on a RISC-V embedded processor. We provide software optimizations for the XMSS reference implementation for SHA-256 parameter sets and several hardware accelerators that allow to balance area usage and performance based on individual needs. By integrating our hardware accelerators into the RISC-V processor, the version with the best time-area product generates a key pair (that can be used to generate 2^10 signatures) in 3.44s achieving an over 54x speedup in wall-clock time compared to the pure software version. For such a key pair, signature generation takes less than 10 ms and verification takes less than 6 ms, bringing speedups of over 42x and 17x respectively. This shows that embedded systems equipped with scheme-specific hardware accelerators are able to practically use XMSS. We tested and measured the cycle count of our implementation on an Intel Cyclone V SoC FPGA. The integration of our XMSS accelerators into an embedded RISC-V processor shows that it is possible to use hash-based post-quantum signatures for a large variety of embedded applications.

Available format(s)
Publication info
Published elsewhere. Minor revision. Selected Areas in Cryptography - SAC 2019
XMSShash-based signaturespost-quantum cryptographyhardware acceleratorFPGARISC-V
Contact author(s)
wen wang ww349 @ yale edu
ruben @ polycephaly org
jakub szefer @ yale edu
2020-03-08: last of 3 revisions
2018-12-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Wen Wang and Bernhard Jungk and Julian Wälde and Shuwen Deng and Naina Gupta and Jakub Szefer and Ruben Niederhagen},
      title = {XMSS and Embedded Systems - XMSS Hardware Accelerators for RISC-V},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1225},
      year = {2018},
      doi = {10.1007/978-3-030-38471-5_21},
      note = {\url{https://eprint.iacr.org/2018/1225}},
      url = {https://eprint.iacr.org/2018/1225}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.