Digital signing scheme for Post-Quantum Cryptography
What is SPHINCS?

What is SPHINCS+?

SPHINCS+ is stateless, hash-based signature scheme that protects data against quantum computing attacks. As a Post-Quantum Cryptography solution, its primary advantage is a small signature size with fast signing and security that's stronger than other schemes and previous versions of SPHINCS. The scheme was proposed to the NIST Post-Quantum Cryptography project in 2017, and it was adopted as one of the first four NIST-recommended PQC standards in 2022.

SPHINCS+ is based on SPHINCS

SPHINCS was first presented in 2015. Designed to sign hundreds of messages per second, the scheme has a total signature size of 41 KB, with public and private keys at 1 KB each. It was developed to fill a gap in signing security, based on these shortcomings with current signing schemes when facing quantum computing:

RSA and ECC are small and fast but can be broken by quantum using Shor's algorithm.

The quantitative security levels of lattice-based signing is unclear, and vulnerable to quantum.

Multivariate-quadratic signing is short and fast, but long-term security is uncertain.

Code-based signing contains large keys, and those keys would need to be even larger to protect data against quantum attacks.

Hashed signing is fast with small keys, and it can protect against quantum, but it is stateful.

To solve deficiencies in size, quantum protection, and state, the contributors behind the design of SPHINCS+ proposed a stateless hash-based signing scheme that could "provide long-term 2128 security against [quantum] attackers."

Improving on SPHINCS for stronger Post-Quantum Cryptography

In an effort to improve on SPHINCS, its designers worked with experts in the field to generate a new version that decreases the signature size while increasing the speed of signing. This improved version, known as SPHINCS+ was presented in three forms:

SPHINCS+ -SHA3 (using SHAKE 256)

SPHINCS+ -SHA2 (using SHA2)

SPHINCS+ -Haraka (using Haraka short-input hash function)

Improving SPHINCS for stronger PQC

Improvements include:


Multi-target attack protection


Tree-less WOTS+ public key compression


Replacing few-time signature scheme HORST with FORS


Verifiable index selection

These changes allow SPHINCS+ to operate quickly with signature sizes between 8kb for NIST security level 1 and 30kb for NIST security level 5.

NIST approval

In 2016, the United States National Institute of Standards and Technology put out a call for proposals, requesting submissions of post-quantum cryptographic schemes. Round 1 submissions closed on November 30, 2017. Several dozen schemes were presented and considered.

SPHINCS+ was one of four schemes recommended by NIST as an accepted standard for PQC, and one of only three recommended for digital signing.