DSig: Breaking the Barrier of Signatures in Data Centers

TL;DR

DSig tackles the latency barrier of digital signatures in data-center workflows by marrying hash-based signatures with traditional signatures in a two-plane hybrid architecture. It leverages common-case knowledge of verifiers to precompute work in a background process, while the foreground plane handles fast signing and verification, aided by a canVerifyFast mechanism. Empirical results show substantial end-to-end latency reductions and higher throughputs for signing and verification compared with EdDSA-based schemes, enabling auditability in auditable key-value stores, financial trading systems, and BFT protocols with only modest signature-related overhead. The approach, including careful HBSS selection, batching, and bandwidth optimizations, demonstrates DSig as a practical, open-source building block for microsecond-scale security in modern data centers.

Abstract

Data centers increasingly host mutually distrustful users on shared infrastructure. A powerful tool to safeguard such users are digital signatures. Digital signatures have revolutionized Internet-scale applications, but current signatures are too slow for the growing genre of microsecond-scale systems in modern data centers. We propose DSig, the first digital signature system to achieve single-digit microsecond latency to sign, transmit, and verify signatures in data center systems. DSig is based on the observation that, in many data center applications, the signer of a message knows most of the time who will verify its signature. We introduce a new hybrid signature scheme that combines cheap single-use hash-based signatures verified in the foreground with traditional signatures pre-verified in the background. Compared to prior state-of-the-art signatures, DSig reduces signing time from 18.9 to 0.7 us and verification time from 35.6 to 5.1 us, while keeping signature transmission time below 2.5 us. Moreover, DSig achieves 2.5x higher signing throughput and 6.9x higher verification throughput than the state of the art. We use DSig to (a) bring auditability to two key-value stores (HERD and Redis) and a financial trading system (based on Liquibook) for 86% lower added latency than the state of the art, and (b) replace signatures in BFT broadcast and BFT replication, reducing their latency by 73% and 69%, respectively

Figures (13)

• Figure 1: Median latency breakdown of an auditable key-value store (based on HERD kalia2014using, §\ref{['sec:apps']}), a BFT broadcast primitive (CTB ubft, §\ref{['sec:apps']}), and a BFT replication system (uBFT ubft, §\ref{['sec:apps']}) when processing small requests using either EdDSA eddsa-rfc (state of the art) or DSig. DSig reduces the cryptographic overhead by 86%, 82%, and 87%, respectively, and reduces the overall latency by 83%, 73%, and 69%, respectively.
• Figure 2: The HORS hash-based signature scheme. Solid lines convey the path taken to sign a message, while dashed lines convey the path to verify a signature. Hollow arrows indicate cryptographic hashes.
• Figure 3: Architecture of DSig.
• Figure 4: DSig signatures when using HORS with either factorized or merklified public keys. For illustration purposes, we depict a toy configuration of HORS with 2-secret signatures and 16-element keys.
• Figure 5: Layout of DSig signatures when using W-OTS$^+$.