qDSA: Small and Secure Digital Signatures with Curve-based Diffie--Hellman Key Pairs
This provides a more efficient and secure solution for embedded systems and IoT devices, though it is incremental as it builds on existing Diffie-Hellman and EdDSA concepts.
The paper tackles the problem of implementing secure digital signatures on memory-constrained embedded systems and IoT devices by introducing qDSA, a signature scheme that uses the same public keys as Diffie-Hellman schemes based on Montgomery curves or Kummer surfaces, resulting in significantly smaller stack usage and code size compared to state-of-the-art implementations.
qDSA is a high-speed, high-security signature scheme that facilitates implementations with a very small memory footprint, a crucial requirement for embedded systems and IoT devices, and that uses the same public keys as modern Diffie--Hellman schemes based on Montgomery curves (such as Curve25519) or Kummer surfaces. qDSA resembles an adaptation of EdDSA to the world of Kummer varieties, which are quotients of algebraic groups by $\pm$1. Interestingly, qDSA does not require any full group operations or point recovery: all computations, including signature verification, occur on the quotient where there is no group law. We include details on four implementations of qDSA, using Montgomery and fast Kummer surface arithmetic on the 8-bit AVR ATmega and 32-bit ARM Cortex M0 platforms. We find that qDSA significantly outperforms state-of-the-art signature implementations in terms of stack usage and code size. We also include an efficient compression algorithm for points on fast Kummer surfaces, reducing them to the same size as compressed elliptic curve points for the same security level.