Paper 2024/018

Smaller Sphincs+

Scott Fluhrer, Cisco Systems
Quynh Dang, National Institute of Standards and Technology
Abstract

NIST has released the draft specification of SLH-DSA (also known as Sphincs+). When NIST released its original call for proposals for the Postquantum Process, they specified that signature systems would need to be usable at full security for $2^{64}$ signatures per private key. Hence, the parameter sets specified in SLH-DSA is tuned to have full security after that many signatures. However, it has been noted that in many cases, we don't have need for that many signatures, and that parameter sets tuned for fewer signatures would be shorter and more efficient to process. This paper examines such possible alternative parameter sets.

Note: Updated due to feedback we received; added appendices that covered signatures with 2^10 hash limit and level 5 security. Also added justification for not considering more drastic changes to the Sphincs+ architecture.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
hash based signaturessphincspostquantum
Contact author(s)
sfluhrer @ cisco com
quynh dang @ nist gov
History
2024-01-12: revised
2024-01-05: received
See all versions
Short URL
https://ia.cr/2024/018
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2024/018,
      author = {Scott Fluhrer and Quynh Dang},
      title = {Smaller Sphincs+},
      howpublished = {Cryptology ePrint Archive, Paper 2024/018},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/018}},
      url = {https://eprint.iacr.org/2024/018}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.