SPHINCS-PLUS
Signature hash-based stateless SLH-DSA NIST.
Définition
SPHINCS+ parameter sets : 12 variants total (3 security levels x 2 hash functions x 2 size-speed tradeoffs). Hash functions : SHA-256, SHAKE-256, Haraka. Tradeoffs : Small (signature ~7.8KB but slow signing), Fast (signature ~17KB but fast). Tailles : SPHINCS+-256s Level 5 signature 49856 bytes (vs Dilithium5 4595 bytes). Performance : Sign ~1-1000 ops/sec (very slow vs lattice), Verify ~1000-10000 ops/sec. Use cases : long-term archive signatures, embedded firmware updates, code signing where security conservatism matters plus performance.
Origine
SPHINCS+ submitted to NIST PQC Round 1 novembre 2017 ; selected NIST PQC standard juillet 2022 ; standardise FIPS 205 13 aout 2024.
Exemple en contexte
Une application firmware secure boot OEM hardware utilise SLH-DSA SHAKE-256s pour signer firmware update ; verification au boot device CPU, security conservative pour 25+ ans long-term archives.
Termes liés
- CRYSTALS Dilithium — concurrent signature.