SPHINCS: Practical Stateless Hash-based Signatures

Daniel J. Bernstein*, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, Zooko Wilcox-O’hearn

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB. The signature scheme is designed to provide long-term 2128 security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsMarc Fischlin, Elisabeth Oswald
PublisherSpringer
Publication date2015
Pages368-397
ISBN (Print)9783662467992
DOIs
Publication statusPublished - 2015
Externally publishedYes
Event34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015 - Sofia, Bulgaria
Duration: 26. Apr 201530. Apr 2015

Conference

Conference34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015
Country/TerritoryBulgaria
CitySofia
Period26/04/201530/04/2015
SponsorInternationalAssociation for Cryptologic Research
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9056
ISSN0302-9743

Keywords

  • Fewtime signatures
  • Hypertrees
  • One-time signatures
  • Post-quantum cryptography
  • Vectorized implementation

Fingerprint

Dive into the research topics of 'SPHINCS: Practical Stateless Hash-based Signatures'. Together they form a unique fingerprint.

Cite this