SPHINCS-PLUS
NIST hash-based stateless SLH-DSA signature.
Definition
SPHINCS+ parameter sets: 12 variants total (3 security levels x 2 hash functions x 2 size-speed tradeoffs). Hash functions: SHA-256, SHAKE-256, Haraka. Tradeoffs: Small (signature ~7.8KB but slow signing), Fast (signature ~17KB but fast). Sizes: SPHINCS+-256s Level 5 signature 49856 bytes (vs Dilithium5 4595 bytes). Performance: Sign ~1-1000 ops/sec (very slow vs lattice), Verify ~1000-10000 ops/sec. Use cases: long-term archive signatures, embedded firmware updates, code signing where security conservatism matters more than performance.
Origin
SPHINCS+ submitted to NIST PQC Round 1 November 2017 ; selected NIST PQC standard July 2022 ; standardised FIPS 205 13 August 2024.
Example in context
An OEM hardware secure boot firmware application uses SLH-DSA SHAKE-256s to sign firmware update ; verification at device CPU boot, conservative security for 25+ year long-term archives.
Related terms
- CRYSTALS Dilithium — competing signature.