Paper 2020/470

LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4

Fabio Campos, Tim Kohlstadt, Steffen Reith, and Marc Stoettinger


Stateful hash-based signature schemes are among the most efficient approaches for post-quantum signature schemes. Although not suitable for general use, they may be suitable for some use cases on constrained devices. LMS and XMSS are hash-based signature schemes that are conjectured to be quantum secure. In this work, we compared multiple instantiations of both schemes on an ARM Cortex-M4. More precisely, we compared performance, stack consumption, and other figures for key generation, signing and verifying. To achieve this, we evaluated LMS and XMSS using optimised implementations of SHA-256, SHAKE256, Gimli-Hash, and different variants of Keccak. Furthermore, we present slightly optimised implementations of XMSS achieving speedups of up to 3.11x for key generation, 3.11x for signing, and 4.32x for verifying.

Available format(s)
Publication info
Preprint. MINOR revision.
LMSXMSSimplementationhash-based signaturesdigital signaturepost-quantum cryptography
Contact author(s)
campos @ sopmac de
2020-04-24: received
Short URL
Creative Commons Attribution


      author = {Fabio Campos and Tim Kohlstadt and Steffen Reith and Marc Stoettinger},
      title = {LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4},
      howpublished = {Cryptology ePrint Archive, Paper 2020/470},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.