Paper 2021/352

A Configurable Hardware Implementation of XMSS

Jan Philipp Thoma and Tim Güneysu


Quantum computers are about to herald a new age of cryptography. As a fundamental building block in today’s digitalized world, Digital Signature Schemes (DSS) provide the ability to authenticate messages exchanged over untrusted channels. Unfortunately, virtually all currently used DSS are built upon mathematical problems that can efficiently be solved using quantum computers, thus rendering schemes such as RSA and ECC insecure. Due to its conservative security properties, the eXtended Merkle Signature Scheme (XMSS) is an outstanding candidate for a quantum-secure DSS which has already been standardized by NIST and IETF. In this paper we present the first full hardware accelerator for XMSS whose generic design approach allows matching the requirements of several projected use-cases. In particular, we provide a full design exploration regarding the choice of parameters and hash functions to identify configurations for optimal performance and area utilization.

Available format(s)
Publication info
Preprint. Minor revision.
quantum cryptographysignaturesXMSShardware implementationcryptoagility
Contact author(s)
jan thoma @ rub de
2021-03-18: received
Short URL
Creative Commons Attribution


      author = {Jan Philipp Thoma and Tim Güneysu},
      title = {A Configurable Hardware Implementation of XMSS},
      howpublished = {Cryptology ePrint Archive, Paper 2021/352},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.