About SLH-DSA
SLH-DSA (previously known as SPHINCS+) is a hash-based digital signature algorithm standardized by NIST as FIPS 205. Unlike lattice-based algorithms, SLH-DSA's security is based on the properties of cryptographic hash functions, which are believed to be resistant to both classical and quantum attacks.
SLH-DSA offers multiple parameter sets with different tradeoffs between speed, signature size, and security level. The "f" variants prioritize speed, while the "s" variants produce smaller signatures at the cost of performance.
Note: SLH-DSA operations are significantly slower than ML-KEM and ML-DSA, especially at higher security levels. This is a characteristic of hash-based signature schemes. In production environments, this would be optimized with native code implementations.
Security Levels
SLH-DSA-128
128-bit security level
SLH-DSA-192
192-bit security level
SLH-DSA-256
256-bit security level
Fast
Optimized for speed
Small
Optimized for signature size
SHA-2
Standard NIST hash function
SHAKE
SHA-3 derived function
How SLH-DSA Works
1. Key Generation
The signer generates a key pair using a combination of cryptographic hash functions. This process creates a public key that will be published and a secret key kept confidential.
2. Signing
Using their secret key, the signer creates a digital signature for a message through a complex combination of WOTS+ one-time signatures, FORS trees, and hypertree structures.
Output: Digital Signature
3. Verification
Anyone can verify the signature's authenticity using the signer's public key and hash functions, confirming the message hasn't been altered and was signed by the holder of the secret key.
Output: Valid or Invalid
Try SLH-DSA Operations
SLH-DSA Operations
Explore SLH-DSA's key generation, signing, and verification operations with different variants.
Parameters
Result
Select parameters and execute an operation to see results
SLH-DSA Technical Details
Components
WOTS+ (Winternitz One-Time Signature)
A one-time signature scheme that forms the building block for SLH-DSA.
FORS (Forest of Random Subsets)
A few-time signature scheme that adds security against multi-target attacks.
Hypertree
A multi-layered Merkle tree structure that enables multiple signatures with one key pair.
Key Benefits
Minimal Security Assumptions
Relies solely on the security of cryptographic hash functions, without additional mathematical assumptions.
Parameter Flexibility
Multiple parameterizations allowing trade-offs between signature size, key size, and generation/verification time.
Hash Function Choices
Support for both traditional hash functions (SHA-2) and XOF (SHAKE), providing implementation flexibility.
Interactive SLH-DSA Demo
Try SLH-DSA Signing & Verification
Experience the full SLH-DSA workflow with our interactive implementation. Generate keys, sign data, and verify signatures with various security levels and algorithm variants.
Interactive SLH-DSA DemoReal-World Applications
SLH-DSA is particularly well-suited for applications where long-term security and minimal assumptions are critical, even at the cost of larger signatures or slower processing.
Critical Infrastructure
Securing infrastructure control systems and firmware updates with conservatively secure long-term signatures.
Archival Signing
Document preservation and archival systems that need verifiable signatures over extremely long time periods.
Legal Documents
Legally binding documents and contracts requiring high-assurance signatures with conservative security assumptions.