Cryptology ePrint Archive: Report 2020/470

LMS vs XMSS: Comparison of Stateful Hash-Based Signature Schemes on ARM Cortex-M4

Fabio Campos and Tim Kohlstadt and Steffen Reith and Marc Stoettinger

Abstract: Stateful hash-based signature schemes are among the most efficient approaches for post-quantum signature schemes. Although not suitable for general use, they may be suitable for some use cases on constrained devices. LMS and XMSS are hash-based signature schemes that are conjectured to be quantum secure. In this work, we compared multiple instantiations of both schemes on an ARM Cortex-M4. More precisely, we compared performance, stack consumption, and other figures for key generation, signing and verifying. To achieve this, we evaluated LMS and XMSS using optimised implementations of SHA-256, SHAKE256, Gimli-Hash, and different variants of Keccak. Furthermore, we present slightly optimised implementations of XMSS achieving speedups of up to 3.11x for key generation, 3.11x for signing, and 4.32x for verifying.

Category / Keywords: implementation / LMS, XMSS, implementation, hash-based signatures, digital signature, post-quantum cryptography

Date: received 22 Apr 2020

Contact author: campos at sopmac de

Available format(s): PDF | BibTeX Citation

Version: 20200424:110916 (All versions of this report)

Short URL: ia.cr/2020/470


[ Cryptology ePrint archive ]