Paper 2019/122

Lightweight Post-Quantum-Secure Digital Signature Approach for IoT Motes

Santosh Ghosh, Rafael Misoczki, and Manoj R. Sastry


Internet-of-Things (IoT) applications often require constrained devices to be deployed in the field for several years, even decades. Protection of these tiny motes is crucial for end-to-end IoT security. Secure boot and attestation techniques are critical requirements in such devices which rely on public key Sign/Verify operations. In a not-so-distant future, quantum computers are expected to break traditional public key Sign/Verify functions (e.g. RSA and ECC signatures). Hash Based Signatures (HBS) schemes, on the other hand, are promising quantum-resistant alternatives. Their security is based on the security of cryptographic hash function which is known to be secure against quantum computers. The XMSS signature scheme is a modern HBS construction with several advantages but it requires thousands of hash operations per Sign/Verify operation, which could be challenging in resource constrained IoT motes. In this work, we investigated the use of the XMSS scheme targeting IoT constrained. We propose a latency-area optimized XMSS Sign or Verify scheme with 128-bit post-quantum security. An appropriate HW-SW architecture has been designed and implemented in FPGA and Silicon where it spans out to 1521 ALMs and 13.5k gates respectively. In total, each XMSS Sign/Verify operation takes 4.8 million clock cycles in our proposed HW-SW hybrid design approach which is 5.35 times faster than its pure SW execution latency on a 32-bit microcontroller.

Available format(s)
Publication info
Preprint. Minor revision.
Hash-Based Signature (HBS)XMSSWOTS+KeccakSHA-3Post-Quantum CryptographySecurityIoTPublic-Key Cryptography
Contact author(s)
rafael misoczki @ intel com
2019-02-13: received
Short URL
Creative Commons Attribution


      author = {Santosh Ghosh and Rafael Misoczki and Manoj R.  Sastry},
      title = {Lightweight Post-Quantum-Secure Digital Signature Approach for IoT Motes},
      howpublished = {Cryptology ePrint Archive, Paper 2019/122},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.