Cryptology ePrint Archive: Report 2019/122

Lightweight Post-Quantum-Secure Digital Signature Approach for IoT Motes

Santosh Ghosh and Rafael Misoczki and Manoj R. Sastry

Abstract: Internet-of-Things (IoT) applications often require constrained devices to be deployed in the field for several years, even decades. Protection of these tiny motes is crucial for end-to-end IoT security. Secure boot and attestation techniques are critical requirements in such devices which rely on public key Sign/Verify operations. In a not-so-distant future, quantum computers are expected to break traditional public key Sign/Verify functions (e.g. RSA and ECC signatures). Hash Based Signatures (HBS) schemes, on the other hand, are promising quantum-resistant alternatives. Their security is based on the security of cryptographic hash function which is known to be secure against quantum computers. The XMSS signature scheme is a modern HBS construction with several advantages but it requires thousands of hash operations per Sign/Verify operation, which could be challenging in resource constrained IoT motes. In this work, we investigated the use of the XMSS scheme targeting IoT constrained. We propose a latency-area optimized XMSS Sign or Verify scheme with 128-bit post-quantum security. An appropriate HW-SW architecture has been designed and implemented in FPGA and Silicon where it spans out to 1521 ALMs and 13.5k gates respectively. In total, each XMSS Sign/Verify operation takes 4.8 million clock cycles in our proposed HW-SW hybrid design approach which is 5.35 times faster than its pure SW execution latency on a 32-bit microcontroller.

Category / Keywords: implementation / Hash-Based Signature (HBS), XMSS, WOTS+, Keccak, SHA-3, Post-Quantum Cryptography, Security, IoT, Public-Key Cryptography

Date: received 6 Feb 2019

Contact author: rafael misoczki at intel com

Available format(s): PDF | BibTeX Citation

Version: 20190213:033538 (All versions of this report)

Short URL: ia.cr/2019/122


[ Cryptology ePrint archive ]