Implementation of XMSS^MT for the Java Card platform
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Java Card XMSS

This repository contains an implementation of XMSSMT (as described in the Internet Draft "XMSS: Extended Hash-Based Signatures") for the Java Card platform. Check back soon for a reference to the paper describing this implementation and the motivating research.

Note that this is a proof-of-concept implementation. Do NOT simply use this in production environments without thorough review. This implementation is still under construction, and may be subject to change.


This project depends on the xmss-reference and oracle_javacard_sdks repositories. Before all else, be sure to call git submodule update --init.

To use the C code on the host side, we rely on the PCSC library. PCSC is bundled with Windows by default, and is available through the PCSClite project on Linux. A fork comes pre-installed on macOS as well.

To use the Python scripts on the host-side, we rely on pyserial.

To build and install the applets on a Java Card, run ant install-222 or ant install-304 (depending on the version of your Java Card) in the respective subdirectories. This requires ant-javacard.jar in the same directory.

Tests and benchmarks

To test the XMSS applet, simply make and ./test in the xmss/host directory.

To benchmark a specific hash function's runtime, modify the benchmark-hashes/smartcard/ file accordingly, and run the Python script.


See xmss/ for documentation of the APDUs as used in this implementation.