SLH-DSA (FIPS 205)
What is SLH-DSA (FIPS 205)?
SLH-DSA (FIPS 205)NIST's standardized stateless hash-based post-quantum signature scheme, derived from SPHINCS+ and published as FIPS 205 in August 2024 — the conservative PQ signature option, relying only on hash-function security.
SLH-DSA (Stateless Hash-Based Digital Signature Algorithm), published as FIPS 205 on 13 August 2024, is NIST's conservative post-quantum signature standard, derived from SPHINCS+ . Unlike ML-DSA, which rests on lattice-problem assumptions, SLH-DSA's security depends solely on the properties of its underlying hash function (SHA-256 or SHAKE-256), giving it the strongest theoretical conservatism in the NIST PQC portfolio. The price is size and speed: SLH-DSA signatures range from about 8 KB to 50 KB depending on parameter set (small, fast, robust variants in 128, 192, and 256-bit categories), and signing is markedly slower than ML-DSA. That makes SLH-DSA well suited to use cases where signature size and signing throughput are secondary to long-term resilience and minimal assumption count — root-of-trust signatures, long-lived firmware keys, and certificates that may need to remain trustworthy decades from now. SLH-DSA is 'stateless', a major operational improvement over the stateful XMSS and LMS hash-based signatures, since the signer doesn't need to track which one-time keys have been used.
● Examples
- 01
A nation-state root CA issues its top-level signing certificate with SLH-DSA-SHA2-256s to maximise resilience across the certificate's planned 30-year lifetime.
- 02
A secure-boot ROM key uses SLH-DSA so that even if every lattice and elliptic-curve assumption breaks, the signature still verifies.
● Frequently asked questions
What is SLH-DSA (FIPS 205)?
NIST's standardized stateless hash-based post-quantum signature scheme, derived from SPHINCS+ and published as FIPS 205 in August 2024 — the conservative PQ signature option, relying only on hash-function security. It belongs to the Cryptography category of cybersecurity.
What does SLH-DSA (FIPS 205) mean?
NIST's standardized stateless hash-based post-quantum signature scheme, derived from SPHINCS+ and published as FIPS 205 in August 2024 — the conservative PQ signature option, relying only on hash-function security.
How does SLH-DSA (FIPS 205) work?
SLH-DSA (Stateless Hash-Based Digital Signature Algorithm), published as FIPS 205 on 13 August 2024, is NIST's conservative post-quantum signature standard, derived from SPHINCS+ . Unlike ML-DSA, which rests on lattice-problem assumptions, SLH-DSA's security depends solely on the properties of its underlying hash function (SHA-256 or SHAKE-256), giving it the strongest theoretical conservatism in the NIST PQC portfolio. The price is size and speed: SLH-DSA signatures range from about 8 KB to 50 KB depending on parameter set (small, fast, robust variants in 128, 192, and 256-bit categories), and signing is markedly slower than ML-DSA. That makes SLH-DSA well suited to use cases where signature size and signing throughput are secondary to long-term resilience and minimal assumption count — root-of-trust signatures, long-lived firmware keys, and certificates that may need to remain trustworthy decades from now. SLH-DSA is 'stateless', a major operational improvement over the stateful XMSS and LMS hash-based signatures, since the signer doesn't need to track which one-time keys have been used.
How do you defend against SLH-DSA (FIPS 205)?
Defences for SLH-DSA (FIPS 205) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SLH-DSA (FIPS 205)?
Common alternative names include: FIPS 205, SPHINCS+ (standardized), Stateless hash-based DSA.
● Related terms
- cryptography№ 1195
SPHINCS+
A stateless hash-based digital-signature scheme standardized by NIST as FIPS 205 (SLH-DSA) in August 2024, offering conservative post-quantum security with no structured-math assumptions.
- cryptography№ 947
Post-Quantum Cryptography
Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.
- cryptography№ 767
ML-DSA (FIPS 204)
NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.
- cryptography№ 768
ML-KEM (FIPS 203)
NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange.
- cryptography№ 355
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
- cryptography№ 820
NIST PQC Standardization
The multi-year NIST process that selects and standardizes post-quantum cryptographic algorithms; its first three standards, FIPS 203, 204, and 205, were published in August 2024.