Paper 2017/645

SPHINCS-Simpira: Fast Stateless Hash-based Signatures with Post-quantum Security

Shay Gueron and Nicky Mouha


We introduce SPHINCS-Simpira, which is a variant of the SPHINCS signature scheme with Simpira as a building block. SPHINCS was proposed by Bernstein et al. at EUROCRYPT 2015 as a hash-based signature scheme with post-quantum security. At ASIACRYPT 2016, Gueron and Mouha introduced the Simpira family of cryptographic permutations, which delivers high throughput on modern 64-bit processors by using only one building block: the AES round function. The Simpira family claims security against structural distinguishers with a complexity up to 2^128 using classical computers. In this document, we explain why the same claim can be made against quantum computers as well. Although Simpira follows a very conservative design strategy, our benchmarks show that SPHINCS-Simpira provides a 1.5x speed-up for key generation, a 1.4x speed-up for signing 59-byte messages, and a 2.0x speed-up for verifying 59-byte messages compared to the originally proposed SPHINCS-256.

Available format(s)
Publication info
Preprint. MINOR revision.
SimpiraSPHINCSpost-quantum securityhash-based signatureAES-NI
Contact author(s)
nicky @ mouha be
2017-07-05: received
Short URL
Creative Commons Attribution


      author = {Shay Gueron and Nicky Mouha},
      title = {SPHINCS-Simpira: Fast Stateless Hash-based Signatures with Post-quantum Security},
      howpublished = {Cryptology ePrint Archive, Paper 2017/645},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.