## Cryptology ePrint Archive: Report 2018/924

Forward Secure Signatures on Smart Cards

Andreas Hülsing and Christoph Busold and Johannes Buchmann

Abstract: We introduce the forward secure signature scheme XMSS$^{+}$ and present an implementation for smart cards. It is based on the hash-based signature scheme XMSS. In contrast to the only previous implementation of a hash-based signature scheme on smart cards by Rohde et al., we solve the problem of on-card key generation. Compared to XMSS, we reduce the key generation time from $\mathcal{O}(n)$ to $\mathcal{O}(\sqrt{n})$, where $n$ is the number of signatures that can be created with one key pair. To the best of our knowledge this is the first implementation of a forward secure signature scheme and the first full implementation of a hash-based signature scheme on smart cards. The resulting runtimes are comparable to those of RSA and ECDSA on the same device. This shows the practicality of forward secure signature schemes, even on constrained devices.

Category / Keywords: public-key cryptography / hash-based signatures, forward secure signatures, smart cards, implementation

Original Publication (in the same form): SAC 2012
DOI:
10.1007/978-3-642-35999-6