Control-flow authentication (CFA) in embedded systems suffers from high storage and transmission overheads of control-flow logs (CFlogs). Existing speculative compression approaches overlook the impact of address representation on path prediction, limiting achievable compression ratios. This paper proposes RESPEC-CFA, the first CFA architecture to jointly exploit the locality of control-flow addresses and Huffman coding within CFlog speculation. It introduces path-level address prediction, locality-aware symbol substitution, and co-designed encoding to achieve efficient CFlog compression. Experimental results show that RESPEC-CFA achieves a 90.1% CFlog compression ratio when deployed standalone, and up to 99.7% when integrated with existing methods—significantly enhancing CFA’s practicality in resource-constrained environments. The core contribution lies in the unified modeling of address representation locality and compression coding characteristics, thereby overcoming the fundamental compression bottleneck inherent in conventional speculative CFA schemes.

Control Flow Attestation (CFA) allows remote verification of run-time software integrity in embedded systems. However, CFA is limited by the storage/transmission costs of generated control flow logs (CFlog). Recent work has proposed application-specific optimizations by speculating on likely sub-paths in CFlog and replacing them with reserved symbols at runtime. Albeit effective, prior approaches do not consider the representation of addresses in a control flow path for speculation. This work proposes RESPEC-CFA, an architectural extension for CFA allowing for speculation on (1) the locality of control flows and (2) their Huffman encoding. Alone, RESPEC-CFA reduces CFlog sizes by up to 90.1%. Combined with prior methods, RESPEC-CFA yields reductions of up to 99.7%, representing a significant step toward practical CFA.