SPHINCS+ is a signature scheme included in the first NIST
post-quantum standard, that bases its security on the underlying hash
primitive. As most of the runtime of SPHINCS+ is caused by the evaluation
of several hash- and pseudo-random functions, instantiated via the
hash primitive, offloading this computation to dedicated hardware accelerators
is a natural step. In this work, we evaluate different architectures
for hardware acceleration of such a hash primitive with respect to its usecase
and evaluate them in the context of SPHINCS+. We attach hardware
accelerators for different hash primitives (SHAKE256 and Ascon-
Xof for both, full and round-reduced versions) to CPU interfaces having
different transfer speeds. We show, that for most use-cases, data transfer
determines the overall performance if accelerators are equipped with
FIFOs and that reducing the number of rounds in the permutation does
not necessarily lead to significant performance improvements when using
hardware acceleration.
«
SPHINCS+ is a signature scheme included in the first NIST
post-quantum standard, that bases its security on the underlying hash
primitive. As most of the runtime of SPHINCS+ is caused by the evaluation
of several hash- and pseudo-random functions, instantiated via the
hash primitive, offloading this computation to dedicated hardware accelerators
is a natural step. In this work, we evaluate different architectures
for hardware acceleration of such a hash primitive with respect to its usecas...
»