An Efficient Software Implementation of the Hash-Based Signature Scheme MSS and Its Variants

Abstract

In this work, we describe an optimized software implementation of the Merkle digital signature scheme MSS and its variants GMSS, XMSS and $$\mathrm{XMSS}^\mathrm{MT}$$XMSSMT using the vector instruction set AVX2 on Intel's Haswell processor. Our implementation uses the multi-buffer approach for speeding up key generation, signing and verification on these schemes. We selected a set of parameters to maintain a balance among security level, key sizes and signature size. We aligned these parameters with the ones used in the hash-based signature schemes LDWM and XMSS. We report the performance results of our implementation on a modern Intel Core i7 3.4 GHz. In particular, a signing operation in the XMSS scheme can be computed in 2,001,479 cycles 1,694 signatures per second at the 128-bit security level against quantum attacks using the SHA2-256 hash function, a tree of height 60 and 6 layers. Our results indicate that the post-quantum hash-based signature scheme $$\mathrm{XMSS}^\mathrm{MT}$$XMSSMT offers high security and performance for several parameters on modern processors.