Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit

Tutkimustuotos: KonferenssiartikkeliTieteellinenvertaisarvioitu

Abstrakti

We report on efficient and secure hardware implementation techniques for the FIPS 205 SLH-DSA Hash-Based Signature Standard. We demonstrate that very significant overall performance gains can be obtained from hardware that optimizes the padding formats and iterative hashing processes specific to SLH-DSA. A prototype implementation, SLotH, contains Keccak/SHAKE, SHA2-256, and SHA2-512 cores and supports all 12 parameter sets of SLH-DSA. SLotH also supports side-channel secure PRF computation and Winternitz chains. SLotH drivers run on a small RISC-V control core, as is common in current Root-of-Trust (RoT) systems.

The new features make SLH-DSA on SLotH many times faster compared to similarly-sized general-purpose hash accelerators. Compared to unaccelerated microcontroller implementations, the performance of SLotH ’s SHAKE variants is up to 300x faster; signature generation with 128f parameter set is 4,903,978 cycles, while signature verification with 128 s parameter set is only 179,603 cycles. The SHA2 parameter sets have approximately half of the speed of SHAKE parameter sets. We observe that the signature verification performance of SLH-DSA’s “s” parameter sets is generally better than that of accelerated ECDSA or Dilithium on similarly-sized RoT targets. The area of the full SLotH system is small, from 63 kGE (SHA2, Cat 1 only) to 155 kGe (all parameter sets). Keccak Threshold Implementation adds another 130 kGE.

We provide sensitivity analysis of SLH-DSA in relation to side-channel leakage. We show experimentally that an SLH-DSA implementation with CPU hashing will rapidly leak the master key. We perform a 100,000-trace TVLA leakage assessment with a protected SLotH unit.
AlkuperäiskieliEnglanti
OtsikkoAdvances in Cryptology – CRYPTO 2024
Alaotsikko44th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2024, Proceedings, Part I
KustantajaSpringer
Sivut276-304
Sivumäärä29
ISBN (elektroninen)978-3-031-68376-3
ISBN (painettu)978-3-031-68375-6
DOI - pysyväislinkit
TilaJulkaistu - 16 elok. 2024
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaInternational cryptology conference - Santa Barbara, Yhdysvallat
Kesto: 18 elok. 202422 elok. 2024

Julkaisusarja

NimiLecture Notes in Computer Science
Vuosikerta14920
ISSN (elektroninen)1611-3349

Conference

ConferenceInternational cryptology conference
Maa/AlueYhdysvallat
KaupunkiSanta Barbara
Ajanjakso18/08/2422/08/24

Julkaisufoorumi-taso

  • Jufo-taso 3

Sormenjälki

Sukella tutkimusaiheisiin 'Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä