The SPHINCS+ reference code, accompanying the submission to NIST's Post-Quantum Cryptography project
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

SPHINCS+ Build Status

This repository contains the software that accompanies the SPHINCS+ submission to NIST's Post-Quantum Cryptography project.

Parameters

The SPHINCS+ specification proposed a set of 18 named instances, specifying hash functions and concrete parameters for the security level, tree dimensions, WOTS+ and FORS. This reference implementation allows for more flexibility, as parameters can be specified in a params.h file. The proposed parameter sets have been predefined in ref/params/params-*.h, and the hash function can be varied by linking with the different implementations of hash.h, i.e. hash_haraka.c, hash_sha256.c and hash_shake256.c. See the table below for a summary of the parameter sets. These parameters target the NIST security categories 1, 3 and 5; for each category, there is a parameter set geared towards either small signatures or fast signature generation.

n h d log(t) k w bit security pk bytes sk bytes sig bytes
SPHINCS+-128s 16 64 8 15 10 16 133 32 64 8,080
SPHINCS+-128f 16 60 20 9 30 16 128 32 64 16,976
SPHINCS+-192s 24 64 8 16 14 16 196 48 96 17,064
SPHINCS+-192f 24 66 22 8 33 16 194 48 96 35,664
SPHINCS+-256s 32 64 8 14 22 16 255 64 128 29,792
SPHINCS+-256f 32 68 17 10 30 16 254 64 128 49,216

Dependencies

For the instances that use SHA-256, we rely on OpenSSL. If you want to use hash_sha256.c, make sure to install the OpenSSL development headers. On Debian-based systems, this is achieved by installing the OpenSSL development package libssl-dev.

License

All included code is available under the CC0 1.0 Universal Public Domain Dedication, with the exception of rng.c, rng.h and PQCgenKAT_sign.c, which were provided by NIST.