Paper 2014/795

SPHINCS: practical stateless hash-based signatures

Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O'Hearn


This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB. The signature scheme is designed to provide long-term $2^{128}$ security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in Eurocrypt 2015
post-quantum cryptographyone-time signaturesfew-time signatureshypertreesvectorized implementation
Contact author(s)
authorcontact-sphincs @ box cr yp to
2015-02-02: revised
2014-10-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel J.  Bernstein and Daira Hopwood and Andreas Hülsing and Tanja Lange and Ruben Niederhagen and Louiza Papachristodoulou and Michael Schneider and Peter Schwabe and Zooko Wilcox-O'Hearn},
      title = {SPHINCS: practical stateless hash-based signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2014/795},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.