Feature Request: SLH-DSA (Stateless Hash-Based Signatures)

Goal
Implement SLH-DSA (formerly SPHINCS+) as defined in the draft-ietf-cose-sphincs-plus to provide a stateless PQC signing option. This removes the "state management" risk of XMSS/LMS while maintaining the high security of hash-based signatures.

Proposed Implementation

- [ ] Define SLH-DSA algorithm identifiers (e.g., SLH-DSA-SHA2-128s: -51) in wolfcose/cose_types.h.
- [ ] Map wolfCOSE key types to wolfCrypt’s SLH-DSA implementation.
- [ ] Implement the AKP (Algorithm Key Pair) type for flexible PQC key representation.
- [ ] Expose public API: wc_CoseKey_SetSLHDSA().
- [ ] Add unit tests for both "small" (s) and "fast" (f) parameter sets.
- [ ] Update tools/wolfcose_tool.c to support SLH-DSA signing/verification.

Optimization Target

- [ ] Guard with #ifdef WOLFCOSE_SLHDSA to manage the significantly larger signature sizes in memory.
- [ ] Optimize verification path to utilize wolfCrypt’s hardware-accelerated SHA-256 where available.

References

Link to RFC: [Draft - SLH-DSA for JOSE and COSE](https://datatracker.ietf.org/doc/draft-ietf-cose-sphincs-plus/)

Competitor status: No known C-based COSE implementation currently supports this.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature Request: SLH-DSA (Stateless Hash-Based Signatures) #9

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Feature Request: SLH-DSA (Stateless Hash-Based Signatures) #9

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions