Paper 2021/662

Verifying Post-Quantum Signatures in 8 kB of RAM

Ruben Gonzalez, Andreas Hülsing, Matthias J. Kannwischer, Juliane Krämer, Tanja Lange, Marc Stöttinger, Elisabeth Waitz, Thom Wiggers, and Bo-Yin Yang


In this paper, we study implementations of post-quantum signature schemes on resource-constrained devices. We focus on verification of signatures and cover NIST PQC round-3 candidates Dilithium, Falcon, Rainbow, GeMSS, and SPHINCS+. We assume an ARM CortexM3 with 8 kB of memory and 8 kB of flash for code; a practical and widely deployed setup in, for example, the automotive sector. This amount of memory is insufficient for most schemes. Rainbow and GeMSS public keys are too big; SPHINCS+ signatures do not fit in this memory. To make signature verification work for these schemes, we stream in public keys and signatures. Due to the memory requirements for efficient Dilithium implementations, we stream in the public key to cache more intermediate results. We discuss the suitability of the signature schemes for streaming, adapt existing implementations, and compare performance.

Available format(s)
Publication info
Published elsewhere. PQCrypto 2021
NISTPQCCortex-M3Signature VerificationStreamingPost-Quantum SignaturesMemory-Constrained Devices
Contact author(s)
streaming-pq-sigs @ kannwischer eu
2021-05-25: received
Short URL
Creative Commons Attribution


      author = {Ruben Gonzalez and Andreas Hülsing and Matthias J.  Kannwischer and Juliane Krämer and Tanja Lange and Marc Stöttinger and Elisabeth Waitz and Thom Wiggers and Bo-Yin Yang},
      title = {Verifying Post-Quantum Signatures in 8 {kB} of {RAM}},
      howpublished = {Cryptology ePrint Archive, Paper 2021/662},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.