info@kfcipher.net

SPHINCS+ Digital Signature (SLH-DSA)

  1. Home
  2. SPHINCS+ Demo
NIST FIPS 205 Standard (SLH-DSA)  |  Hash-based  |  Quantum-resistant

SPHINCS+ (SLH-DSA) Digital Signature

Generate key pairs, sign messages and verify signatures using SPHINCS+ — the NIST FIPS 205 hash-based post-quantum signature standard. Quantum-resistant.

f = faster signing, larger signature  |  s = smaller signature, slower signing
Verify Signature
Quick Reference
Parameter SetSecurityPublic KeySignatureBest for
SHA2-128f128-bit32 B17,088 BFast signing
SHA2-128s128-bit32 B7,856 BSmall signature
SHA2-192f192-bit48 B35,664 BFast signing
SHA2-256f256-bit64 B49,856 BMaximum security
SHA2-256s256-bit64 B29,792 BSmall + max security

SPHINCS+ (SLH-DSA): NIST Post-Quantum Digital Signature

Hash-based signatures for the quantum era

Introduction

SPHINCS+ — now officially standardized as SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) — is a post-quantum digital signature scheme selected by NIST and published as FIPS 205 in August 2024.

Unlike lattice-based schemes like Dilithium, SPHINCS+ is based entirely on hash functions — one of the most battle-tested primitives in cryptography. Its security relies only on the collision resistance and preimage resistance of hash functions like SHA-2 and SHAKE.

Key advantage: SPHINCS+ has the most conservative security assumptions of any NIST PQC standard — if hash functions remain secure, SPHINCS+ remains secure.

How SPHINCS+ Works

SPHINCS+ is a stateless hash-based signature scheme built from several components:

  • WOTS+ (Winternitz One-Time Signature) — signs a single message using hash chains
  • XMSS trees — aggregate WOTS+ signatures into a tree structure
  • FORS (Forest Of Random Subsets) — a few-time signature scheme used as an inner layer
  • Hypertree — a multi-layer XMSS structure that allows stateless operation

Parameter Sets (FIPS 205)

VariantHashSecurityPublic KeyPrivate KeySignature
SLH-DSA-SHA2-128fSHA-256128-bit32 B64 B17,088 B
SLH-DSA-SHA2-128sSHA-256128-bit32 B64 B7,856 B
SLH-DSA-SHA2-192fSHA-512192-bit48 B96 B35,664 B
SLH-DSA-SHA2-192sSHA-512192-bit48 B96 B16,224 B
SLH-DSA-SHA2-256fSHA-512256-bit64 B128 B49,856 B
SLH-DSA-SHA2-256sSHA-512256-bit64 B128 B29,792 B
SLH-DSA-SHAKE-128fSHAKE-128128-bit32 B64 B17,088 B
SLH-DSA-SHAKE-256sSHAKE-256256-bit64 B128 B29,792 B

SPHINCS+ vs Dilithium

PropertySPHINCS+ (SLH-DSA)Dilithium (ML-DSA)
Security basisHash functions onlyModule-LWE (lattice)
Security conservatismVery highHigh
Signature sizeLarge (8–50 KB)Small (2.4–4.6 KB)
Public key sizeVery small (32–64 B)Medium (1.3–2.6 KB)
Signing speedSlowerFaster
StatelessYesYes
NIST standardFIPS 205FIPS 204
Best use caseCode signing, certificates, long-term securityTLS, general purpose

When to use SPHINCS+

  • Maximum security conservatism — when you need minimal assumptions (only hash function security)
  • Long-term signatures — documents, code signing, firmware updates that must be verifiable for decades
  • Bandwidth is not critical — the large signature size is acceptable for your use case
  • Compliance — when FIPS 205 compliance is required

References

  1. FIPS 205: Stateless Hash-Based Digital Signature Standard (2024) — NIST
  2. Bernstein et al., "SPHINCS+: Stateless Hash-Based Signatures" (2019)
  3. sphincs.org — official SPHINCS+ website
  4. NIST PQC Project
KF-Cipher
Cryptography Tools
Post Quantum Cryptography
Encoding Tools
Security Tools
Domain Tools
Resources