Is Java Card ready for hash-based signatures?

Ebo van der Laan, Erik Poll, Joost Rijneveld, Joeri de Ruiter, Peter Schwabe and Jan Verschuren

Abstract: The current Java Card platform does not seem to allow for fast implementations of hash-based signature schemes. While the underlying implementation of the cryptographic primitives provided by the API can be fast, thanks to implementations in native code or in hardware, the cumulative overhead of the many separate API calls results in prohibitive performance for many common applications. In this work, we present an implementation of XMSSMT on the current Java Card platform, and make suggestions how to improve this platform in future versions.

Paper: 2018-06-14

Source code: Available on GitHub

Related talks:
Is Java Card ready for hash-based signatures?
2018-09-04 – IWSEC 2018

  author    = {Ebo van der Laan and Erik Poll and Joost Rijneveld
               and Joeri de Ruiter and Peter Schwabe
               and Jan Verschuren},
  title     = {Is Java Card ready for hash-based signatures?},
  booktitle = {Advances in Information and Computer Security
               -- {IWSEC 2018}},
  year      = {2018},
  publisher = {Springer-Verlag Berlin Heidelberg},
  series    = {Lecture Notes in Computer Science},
  volume    = {11049},
  editor    = {Atsuo Inomata and Kan Yasuda},
  pages     = {127--142},
  url       = {},