A novel cryptoprocessor architecture for chained Merkle signature scheme

One-time signature schemes rely on hash functions and are, therefore, assumed to be resistant to attacks by quantum computers. These approaches inherently raise a key management problem, as the key pair can be used only for one message. That means, for one-time signature schemes to work, the sender must deliver the verification key together with the message and the signature. Upon reception, the receiver has to verify the authenticity of the verification key before verifying the signature itself. Hash-tree based solutions tackle this problem by basing the authenticity of a large number of verification keys on the authenticity of a root key. This approach, however, causes computation, communication, and storage overhead. Due to hardware acceleration, this paper proposes, for the first time, a processor architecture which boosts the performance of a one-time signature scheme without degrading memory usage and communication properties. This architecture realizes the chained Merkle signature scheme on the basis of Winternitz one-time signature scheme. All operations, i.e., key generation, signing, and verification are implemented on an FPGA platform, which acts as a coprocessor. Timing measurements on the prototype show a performance boost of at least one order of magnitude compared to an identical software solution.