Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Spinel: A Post-Quantum Signature Scheme Based on SLn(Fp) Hashing

Asmaa Cherkaoui, Faraz Heravi, Delaram Kahrobaei, Siamak F. Shahandashti

TL;DR

Spinel delivers a post-quantum signature by substituting SPHINCS+'s hash with a Tillich--Zémor-based $\,\mathrm{SL}_4(\mathbb{F}_p)$ hash, embedding a non-backtracking Cayley-walk digest into the existing SPHINCS+ framework. It provides both theoretical grounding and extensive empirical validation: empirical security evidence via the NIST STS supports the hash’s randomness properties, and a Poisson-model analysis assesses FORS-exposure-driven security degradation to guide parameter selection. The work reports concrete 512-bit digest instantiations with $p=2^{31}-1$ and a 64-byte matrix encoding, plus a thorough performance evaluation showing the usual trade-offs of algebraic-hash-based designs: larger signatures and higher signing costs but feasible practicality for low-frequency signing tasks. Overall, Spinel broadens the cryptographic toolkit for post-quantum signatures by integrating algebraic hash functions into a proven SPHINCS+-based architecture, with concrete guidance for parameter selection and promising avenues for optimization.

Abstract

The advent of quantum computation compels the cryptographic community to design digital signature schemes whose security extends beyond the classical hardness assumptions. In this work, we introduce Spinel, a post-quantum digital signature scheme that combines the proven security of SPHINCS+ (CCS 2019) with a new family of algebraic hash functions (Adv. Math. Commun. 2025) derived from the Tillich-Zemor paradigm (Eurocrypt 2008) with security rooted in the hardness of navigating expander graphs over SL_n(F_p), a problem believed to be hard even for quantum adversaries. We first provide empirical evidence of the security of this hash function, complementing the original theoretical analysis. We then show how the hash function can be integrated within the SPHINCS+ framework to give a secure signature scheme. We then model and analyze the security degradation of the proposed scheme, which informs the parameter selection we discuss next. Finally, we provide an implementation of the hash function and the proposed signature scheme Spinel as well as detailed empirical results for the performance of Spinel showing its feasibility in practice. Our approach lays the foundations for the design of algebraic hash-based signature schemes, expanding the toolkit of post-quantum cryptography.

Spinel: A Post-Quantum Signature Scheme Based on SLn(Fp) Hashing

TL;DR

Spinel delivers a post-quantum signature by substituting SPHINCS+'s hash with a Tillich--Zémor-based hash, embedding a non-backtracking Cayley-walk digest into the existing SPHINCS+ framework. It provides both theoretical grounding and extensive empirical validation: empirical security evidence via the NIST STS supports the hash’s randomness properties, and a Poisson-model analysis assesses FORS-exposure-driven security degradation to guide parameter selection. The work reports concrete 512-bit digest instantiations with and a 64-byte matrix encoding, plus a thorough performance evaluation showing the usual trade-offs of algebraic-hash-based designs: larger signatures and higher signing costs but feasible practicality for low-frequency signing tasks. Overall, Spinel broadens the cryptographic toolkit for post-quantum signatures by integrating algebraic hash functions into a proven SPHINCS+-based architecture, with concrete guidance for parameter selection and promising avenues for optimization.

Abstract

The advent of quantum computation compels the cryptographic community to design digital signature schemes whose security extends beyond the classical hardness assumptions. In this work, we introduce Spinel, a post-quantum digital signature scheme that combines the proven security of SPHINCS+ (CCS 2019) with a new family of algebraic hash functions (Adv. Math. Commun. 2025) derived from the Tillich-Zemor paradigm (Eurocrypt 2008) with security rooted in the hardness of navigating expander graphs over SL_n(F_p), a problem believed to be hard even for quantum adversaries. We first provide empirical evidence of the security of this hash function, complementing the original theoretical analysis. We then show how the hash function can be integrated within the SPHINCS+ framework to give a secure signature scheme. We then model and analyze the security degradation of the proposed scheme, which informs the parameter selection we discuss next. Finally, we provide an implementation of the hash function and the proposed signature scheme Spinel as well as detailed empirical results for the performance of Spinel showing its feasibility in practice. Our approach lays the foundations for the design of algebraic hash-based signature schemes, expanding the toolkit of post-quantum cryptography.
Paper Structure (24 sections, 11 equations, 4 figures, 5 tables)

This paper contains 24 sections, 11 equations, 4 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Overview of SPHINCS+ and Its Variants
  3. WOTS+: Winternitz One Time Signature Scheme
  4. MSS: Merkle Signature Scheme
  5. FORS: Forest of Random Subsets
  6. SPHINCS+
  7. Adapting The Hash Function
  8. Output length and parameterization of the $\mathrm{SL}_4(\mathbb{F}_p)$ hash.
  9. Our default 512-bit instantiation.
  10. Other output sizes.
  11. Input encoding: binary to ternary.
  12. Non-backtracking walk.
  13. Statistical Evaluation of The Spinel Hash Function
  14. Experimental Setup.
  15. Results and Interpretation.
  16. ...and 9 more sections

Figures (4)

  • Figure 1: FORS signing with $k=6$ trees, $t=2^a=8$ leaves per tree, and message digest parsed as $100\;011\;111\;101\;001\;010$. For each tree, one leaf (in red) is revealed along with its authentication path (in blue).
  • Figure 2: Overview of the Spinel Hash Function Pipeline
  • Figure 3: FORS-based effective security degradation versus the signature budget $2^m$ for parameter sets selected by low signing cost.
  • Figure 4: FORS-based effective security degradation versus the signature budget $2^m$ for parameter sets selected by minimal signature size.