Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Abstract

We report on efficient and secure hardware implementation techniques for the FIPS 205 SLH-DSA Hash-Based Signature Standard. We demonstrate that very significant overall performance gains can be obtained from hardware that optimizes the padding formats and iterative hashing processes specific to SLH-DSA. A prototype implementation, SLotH, contains Keccak/SHAKE, SHA2-256, and SHA2-512 cores and supports all 12 parameter sets of SLH-DSA. SLotH also supports side-channel secure PRF computation and Winternitz chains. SLotH drivers run on a small RISC-V control core, as is common in current Root-of-Trust (RoT) systems.

The new features make SLH-DSA on SLotH many times faster compared to similarly-sized general-purpose hash accelerators. Compared to unaccelerated microcontroller implementations, the performance of SLotH ’s SHAKE variants is up to 300x faster; signature generation with 128f parameter set is 4,903,978 cycles, while signature verification with 128 s parameter set is only 179,603 cycles. The SHA2 parameter sets have approximately half of the speed of SHAKE parameter sets. We observe that the signature verification performance of SLH-DSA’s “s” parameter sets is generally better than that of accelerated ECDSA or Dilithium on similarly-sized RoT targets. The area of the full SLotH system is small, from 63 kGE (SHA2, Cat 1 only) to 155 kGe (all parameter sets). Keccak Threshold Implementation adds another 130 kGE.

We provide sensitivity analysis of SLH-DSA in relation to side-channel leakage. We show experimentally that an SLH-DSA implementation with CPU hashing will rapidly leak the master key. We perform a 100,000-trace TVLA leakage assessment with a protected SLotH unit.
Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2024
Subtitle of host publication44th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2024, Proceedings, Part I
PublisherSpringer
Pages276-304
Number of pages29
ISBN (Electronic)978-3-031-68376-3
ISBN (Print)978-3-031-68375-6
DOIs
Publication statusPublished - 16 Aug 2024
Publication typeA4 Article in conference proceedings
EventInternational cryptology conference - Santa Barbara, United States
Duration: 18 Aug 202422 Aug 2024

Publication series

NameLecture Notes in Computer Science
Volume14920
ISSN (Electronic)1611-3349

Conference

ConferenceInternational cryptology conference
Country/TerritoryUnited States
CitySanta Barbara
Period18/08/2422/08/24

Keywords

  • FIPS 205
  • SLH-DSA
  • SPHINCS+
  • Root-of-Trust
  • Side-Channel Security

Publication forum classification

  • Publication forum level 3

Fingerprint

Dive into the research topics of 'Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit'. Together they form a unique fingerprint.

Cite this