Extended version - to be, or not to be stateful: post-quantum secure boot using hash-based signatures

While research in PQC has gained significant momentum, its adoption in real-world products is slow. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one scenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for HBS schemes which enables the transition to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. Unlike previous work, we exploit the performance intensive similarities of the stateful LMS and XMSS schemes as well as the stateless SPHINCS+ scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To demonstrate the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we outline the use of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration.