Cryptology ePrint Archive: Report 2021/1072

Streaming SPHINCS+ for Embedded Devices using the Example of TPMs

Ruben Niederhagen and Johannes Roth and Julian Wälde

Abstract: We present an implementation of the hash-based post-quantum signature scheme SPHINCS+ that enables heavily memory-restricted devices to sign messages by streaming-out a signature during its computation and to verify messages by streaming-in a signature. We demonstrate our implementation in the context of Trusted Platform Modules (TPMs) by proposing a SPHINCS+ integration and a streaming extension for the TPM specification. We evaluate the overhead of our signature-streaming approach for a stand-alone SPHINCS+ implementation and for its integration in a proof-of-concept TPM with the proposed streaming extension running on an ARM Cortex-M4 platform. Our streaming interface greatly reduces the memory requirements without introducing a significant performance penalty. This is achieved not only by removing the need to store an entire signature but also by reducing the stack requirements of the key generation, sign, and verify operations. Therefore, our streaming interface enables small embedded devices that do not have sufficient memory to store an entire SPHINCS+ signature or that previously were only able to use a parameter set that results in smaller signatures to sign and verify messages using all SPHINCS+ variants.

Category / Keywords: implementation / SPHINCS+, PQC, Signature Streaming, TPM, ARM Cortex-M

Date: received 18 Aug 2021, last revised 30 Aug 2021

Contact author: ruben at polycephaly org, johannes roth at mtg de, julianwaelde at gmail com

Available format(s): PDF | BibTeX Citation

Note: The source code accompanying this work is available at

Version: 20210830:114547 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]