What is SPHINCS+ (SLH-DSA, FIPS 205)?
SPHINCS+ — standardized by NIST in 2024 as SLH-DSA (FIPS 205) — is a stateless hash-based post-quantum signature scheme. It is the conservative alternative to lattice-based Dilithium: its security depends only on the strength of its underlying hash function, an assumption cryptographers understand extremely well, at the cost of much larger signatures.
Security from hashing alone
Most post-quantum schemes rely on relatively new mathematical problems (lattices, codes, isogenies). SPHINCS+ instead builds a signature entirely from hash functions, whose security is among the best-studied in all of cryptography and is not threatened by quantum computers beyond a manageable square-root speedup. If you want a signature whose security assumption is as conservative as possible — no new math to gamble on — SPHINCS+ is the deliberate choice.
The cost: large signatures
That conservatism is not free. SPHINCS+ signatures are large — on the order of 8 to 50 KB depending on parameters — and signing is slower than Dilithium. Public keys, by contrast, are tiny (around 32 bytes). "Stateless" is a key advantage over earlier hash-based schemes: you do not have to track which one-time keys you have used, which removes a dangerous failure mode where reuse breaks security.
When to choose it
Reach for SPHINCS+ when the signing is infrequent, longevity is paramount, and the security assumption must be maximally conservative — root-of-trust keys, firmware signing for very long-lived devices, and certificate authorities. For high-volume signing where size matters, ML-DSA (Dilithium) is usually the better fit. SPHINCS+ is resistant to known classical and quantum attacks per NIST, not unbreakable, but it rests on the most battle-tested assumption available.
Try it yourself — live, free, verifiable in 30 seconds:
Sign with post-quantum crypto →