Area, Time and Energy Efficient Multicore Hardware Accelerators for Extended Merkle Signature Scheme

This paper addresses a barrier that prevents the timely adoption of post-quantum signature algorithms, such as the eXtended Merkle Signature Scheme (XMSS), due to its lack of fast, cost-effective and energy-efficient hardware accelerators. Two new architectures that use more than one hash core are proposed for the first time to significantly reduce the latency of two bottleneck XMSS operations, namely key generation and signature generation, for which the speed of existing hardware accelerators is still apparently inadequate. The first proposed multi-core design uses block RAM and a simplified data flow to maximize the use of $p$ hash cores concurrently in three major sequential stages of computation, i.e., Winternitz One-time Signature (WOTS), L-tree and Merkle tree. The second proposed multi-core design adds a dedicated hash core for tree hashing in the L-tree and Merkle tree while keeping the $p$ hash cores solely for chain hashing in WOTS. The dedicated hash core leapfrogs between the L-tree and Merkle tree and computes concurrently with the $p$ hash cores to keep the $p+1$ hash cores active most of the time while minimizing the storage requirement and energy consumption. Both designs are implemented on a 28 nm ATRIX-7 FPGA chip. Experimental results show that both proposed accelerators with $p=8$ operate at a much faster speed and consume significantly less hardware resources and energy than all existing XMSS accelerators. Specifically, they are $\sim$ 8 $\times$ and $\sim$ 6 $\times$ faster than the fastest reported design in key generation and signature generation operations, respectively.