Agile Acceleration of Stateful Hash-Based Signatures in Hardware

With the development of large scale quantum computers, the current landscape of asymmetric cryptographic algorithms will change dramatically. Today’s standards like RSA, DSA and ElGamal will no longer provide sufficient security against quantum attackers and need to be replaced with novel algorithms. In face of these developments, NIST has already started a standardization process for new Key Encapsulation Mechanisms (KEMs) and Digital Signature (DS). Moreover, NIST has recommended the two stateful Hash-Based Signature (HBS) schemes XMSS and LMS for use in devices with long expected lifetime and limited capabilities for maintenance. Both schemes are also standardized by the IETF. In this work, we present the first agile hardware implementation that supports both LMS and XMSS. Our design can instantiate either LMS, XMSS or both schemes using a simple configuration setting. Leveraging the vast similarities of the two schemes, the hardware utilization of the agile design increases by 20% in LUTs and only 3% in Flip Flops (FFs) over a standalone XMSS implementation. Furthermore, our approach can easily be configured with an arbitrary number of hash cores and accelerators for the one-time signatures for different application scenarios. We evaluate our implementation on the Xilinx Artix-7 FPGA platform which is the recommended target for PQC implementations by NIST. We explore potential trade-offs in the design space and compare our results to previous work in this field.