[Cryptography] SPHINCS: practical hash-based digital signatures

Hanno Böck hanno at hboeck.de
Tue Oct 7 17:30:41 EDT 2014

I like it that the whole area of post-quantum-crypto is getting more
attention lately.

However what immediately catched my attention: The webpage says
"Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB"

The signature size is a problem. It makes the claim that it's a
"drop-in replacement" for current signature schemes somewhat

41 kb may not seem much, but consider a normal TLS handshake. It
usually already contains three signatures (2 for the certificate chain
and one for the handshake itself). That already makes 120 kb.

It may not seem that much, but it definitely is an obstacle because this
would significantly impact your loading time.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141007/f0a25d97/attachment.sig>

More information about the cryptography mailing list