Paper 2025/298

Stateless Hash-Based Signatures for Post-Quantum Security Keys

Ruben Gonzalez, Neodyme AG
Abstract

The U.S. National Institute of Standards and Technology recently standardized the first set of post-quantum cryptography algo- rithms. These algorithms address the quantum threat, but also present new challenges due to their larger memory and computational footprint. Three of the four standardized algorithms are lattice based, offering good performance but posing challenges due to complex implementation and intricate security assumptions. A more conservative choice for quantum- safe authentication are hash-based signature systems. However, due to large signature sizes and low signing speeds, hash-based systems have only found use in niche applications. The first NIST standardized, state- less hash-based signature system is the SPHINCS+-based SLH-DSA. In this work we combine different approaches to show that SPHINCS+ can be optimized in its parameters and implementation, to be high per- forming, even when signing in an embedded setting. We demonstrate this in the context of user authentication using hardware security keys within FIDO. Our SPHINCS+-based implementation can even outper- form lattice-based solutions while remaining highly portable. Due to con- servative security assumptions, our solution does not require a hybrid construction and can perform authentication on current security keys. For reproducibility and to encourage further research we publish our Cortex M4-based implementation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
PQCSPHINCS+HashLWCFIDOCortex-M4
Contact author(s)
mail @ ruben-gonzalez de
History
2025-02-21: approved
2025-02-20: received
See all versions
Short URL
https://ia.cr/2025/298
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/298,
      author = {Ruben Gonzalez},
      title = {Stateless Hash-Based Signatures for Post-Quantum Security Keys},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/298},
      year = {2025},
      url = {https://eprint.iacr.org/2025/298}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.