Paper 2021/1072

Streaming SPHINCS+ for Embedded Devices using the Example of TPMs

Ruben Niederhagen, Johannes Roth, and Julian Wälde


We present an implementation of the hash-based post-quantum signature scheme SPHINCS+ that enables heavily memory-restricted devices to sign messages by streaming-out a signature during its computation and to verify messages by streaming-in a signature. We demonstrate our implementation in the context of Trusted Platform Modules (TPMs) by proposing a SPHINCS+ integration and a streaming extension for the TPM specification. We evaluate the overhead of our signature-streaming approach for a stand-alone SPHINCS+ implementation and for its integration in a proof-of-concept TPM with the proposed streaming extension running on an ARM Cortex-M4 platform. Our streaming interface greatly reduces the memory requirements without introducing a significant performance penalty. This is achieved not only by removing the need to store an entire signature but also by reducing the stack requirements of the key generation, sign, and verify operations. Therefore, our streaming interface enables small embedded devices that do not have sufficient memory to store an entire SPHINCS+ signature or that previously were only able to use a parameter set that results in smaller signatures to sign and verify messages using all SPHINCS+ variants.

Note: The source code accompanying this work is available at

Available format(s)
Publication info
Preprint. MINOR revision.
SPHINCS+PQCSignature StreamingTPMARM Cortex-M
Contact author(s)
ruben @ polycephaly org
johannes roth @ mtg de
julianwaelde @ gmail com
2021-08-30: revised
2021-08-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ruben Niederhagen and Johannes Roth and Julian Wälde},
      title = {Streaming SPHINCS+ for Embedded Devices using the Example of TPMs},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1072},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.