Hardware Security for eXtended Merkle Signature Scheme Using SRAM-based PUFs and TRNGs

Due to the expansion of the Internet of Things (IoT), there is an increasing number of interconnected devices around us. Integrity, authentication and non-repudiation of data exchanged between them is becoming a must. This can be achieved by means of digital signatures. In recent years, the eXtended Merkle Signature Scheme (XMSS) has gained popularity in embedded systems because of its simple implementation, post-quantum security, and minimal security assumptions. From a hardware point of view, the security of digital signatures strongly depends on how the private keys are generated and stored. In this work, we propose the use of SRAMs as True Random Generators (TRNGs) and Physically Unclonable Functions (PUFs) to generate and reconstruct XMSS keys in a trusted way. We achieve a low-cost solution that only adds lightweight operations to the signature itself, such as repetition decoding and XORing, and does not require additional hardware (like secure non-volatile memories) since the manufacturing variations of the SRAM inside the IoT device are exploited. As a proof of concept, the solution was implemented in an IoT board based on the ESP32 microcontroller.