[Cryptography] SPHINCS: practical hash-based digital signatures

Ben Laurie benl at google.com
Wed Oct 8 11:03:17 EDT 2014

On Tue Oct 07 2014 at 10:51:21 PM Hanno Böck <hanno at hboeck.de> wrote:

> I like it that the whole area of post-quantum-crypto is getting more
> attention lately.
> However what immediately catched my attention: The webpage says
> "Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB"
> The signature size is a problem. It makes the claim that it's a
> "drop-in replacement" for current signature schemes somewhat
> questionable.
> 41 kb may not seem much, but consider a normal TLS handshake. It
> usually already contains three signatures (2 for the certificate chain
> and one for the handshake itself). That already makes 120 kb.
> It may not seem that much, but it definitely is an obstacle because this
> would significantly impact your loading time.

Definitely a deal breaker for HTTPS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141008/729ff1df/attachment.html>

More information about the cryptography mailing list