International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Rapidly Verifiable XMSS Signatures

Authors:
Joppe W. Bos , NXP Semiconductors
Andreas Hülsing , Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, NL
Joost Renes , NXP Semiconductors
Christine van Vredendaal , NXP Semiconductors
Download:
DOI: 10.46586/tches.v2021.i1.137-168
URL: https://tches.iacr.org/index.php/TCHES/article/view/8730
Search ePrint
Search Google
Abstract: This work presents new speed records for XMSS (RFC 8391) signature verification on embedded devices. For this we make use of a probabilistic method recently proposed by Perin, Zambonin, Martins, Custódio, and Martina (PZMCM) at ISCC 2018, that changes the XMSS signing algorithm to search for rapidly verifiable signatures. We improve the method, ensuring that the added signing cost for the search is independent of the message length. We provide a statistical analysis of the resulting verification speed and support it by experiments. We present a record setting RFC compatible implementation of XMSS verification on the ARM Cortex-M4. At a signing time of about one minute on a general purpose CPU, we create signatures that are verified about 1.44 times faster than traditionally generated signatures. Adding further well-known implementation optimizations to the verification algorithm we reduce verification time by over a factor two from 13.85 million to 6.56 million cycles. In contrast to previous works, we provide a detailed security analysis of the resulting signature scheme under classical and quantum attacks that justifies our selection of parameters. On the way, we fill a gap in the security analysis of XMSS as described in RFC 8391 proving that the modified message hashing in the RFC does indeed mitigate multi-target attacks. This was not shown before and might be of independent interest.
Video from TCHES 2020
BibTeX
@article{tches-2020-30763,
  title={Rapidly Verifiable XMSS Signatures},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 1},
  pages={137-168},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8730},
  doi={10.46586/tches.v2021.i1.137-168},
  author={Joppe W. Bos and Andreas Hülsing and Joost Renes and Christine van Vredendaal},
  year=2020
}