A note on SPHINCS+ parameter sets

Apr 11, 2024·
Stefan Kölbl
Stefan Kölbl
· 0 min read
Abstract
In this note, we explore parameter sets for SPHINCS+ which support a smaller number of signatures than 2^64, but are otherwise compatible with the SLH-DSA specification. In practice, use cases for which a low number of signatures per key pair suffice are common, and as we will show this allows a significant reduction in signature size and verification speed for SPHINCS+. For this we carry out a larger search through the SPHINCS+ parameter space, comparing it with the current parameter sets and further showing that for carefully chosen parameter the security degrades slowly if one exceeds the limits. Finally, we provide a case study for firmware signing on OpenTitan to demonstrate the efficiency of these alternative parameters.
Date
Apr 11, 2024
Location

Rockville, MD

events
SPHINCS+ PQC SLH-DSA Parameter Sets Firmware Signing OpenTitan
Stefan Kölbl
Authors
Stefan Kölbl
Staff Engineer, Tech Lead Manager

I am a Staff Engineer and Tech Lead Manager at Google, where I work in the Security Engineering team. My focus is on post-quantum cryptography and enabling developers at Google and across the internet to use cryptography safely and correctly.

I have a PhD in cryptography and an extensive background in the design and analysis of symmetric-key algorithms, post-quantum cryptography, and lightweight cryptography. I have contributed to several cryptographic standardization efforts, including the SKINNY cipher, which is part of the ISO/IEC 29192-2 standard. I also contributed to the SPHINCS+ signature scheme, which was standardized by NIST as FIPS 205. I currently represent Switzerland in the ISO/IEC JTC 1/SC 27/WG 2 committee for cryptography and security mechanisms.

Before joining Google, I was a Senior Technology Manager at Cybercrypt and a postdoctoral researcher at the Technical University of Denmark, working on the H2020 PQCRYPTO project.

%!s() %!s()