DI Management Home > Cryptography > SLH-DSA

SLH-DSA: A stateless hash-based signature scheme

In this series of pages we take an in-depth look at the Post Quantum Cryptography (PQC) signature scheme SLH-DSA: A StateLess Hash-based Digital Signature Algorithm.

SLH-DSA was chosen by NIST in 2024 as a recommended PQC signature scheme and specified in FIPS.205. It is based on the SPHINCS+ algorithm.

SLH-DSA is a stateless hash-based signature scheme that should still be secure even if it proves feasible for an attacker to build a Cryptographically Relevant Quantum Computer (CRQC). Its security against both classical and post-quantum attacks depends solely on the properties of a cryptographic hash function.

As background, we look at the building blocks of hash-based signature schemes, based on the seminal works of Lamport, Diffie, Winternitz, and Merkle.

We look in detail at a real example of an SLH-DSA signature, taken from test vectors published by NIST. We show the calculations to compute the various values that make up the signature, and provide some basic python code snippets to demonstrate the results.

In our opinion, the best way to understand a complicated procedure is to examine a concrete example. That is what we provide here. You will need to dig into the details!

Plus we also provide complete code to compute FIPS.205 SLH-DSA signatures for all the 12 approved parameters.

This page is an updated version of our original page SPHINCS+ A stateless hash-based signature scheme written in March 2023. Apologies if the word “SPHINCS+” remains in any of the following pages or Python code, but it can be replaced with “SLH-DSA” without any change in meaning.

Contents

Part A. Basics of hash-based signature schemes

Properties of a cryptographic hash function
Lamport one-time signature (OTS)
Winternitz improvement (WOTS)
Merkle Tree
Authentication Path for a Merkle Tree
Few Time Signature (FTS)

Part B. Analysis of example SLH-DSA signature

SLH-DSA Introduction
SLH-DSA Example
Computing the FORS signature
The Hyper Tree Signature (SIG_HT)
Generating and Verifying the Public Key Root

Python Code
SLH-DSA/SPHINCS+ References

next: Properties of a cryptographic hash function >>

Contact us

To comment on this page or to contact us, please send us a message.

This page first published 17 March 2023. Last updated 16 February 2026.