The most conservative post-quantum signature scheme, with security based solely on hash function properties. Stateless, minimal assumptions, and maximum long-term confidence for systems that must endure decades.
No state management required between signing operations. Eliminates the risk of catastrophic key reuse from synchronization failures — ideal for distributed and redundant systems.
Security rests entirely on hash function properties. No lattice assumptions, no algebraic structure to exploit — the most conservative quantum-safe signature available today.
Six parameter sets enable fine-grained trade-offs between signature size and signing speed. Choose compact signatures for bandwidth-limited systems or fast variants for throughput-critical applications.
The SLH-DSA Hash-Based Signature Engine implements the NIST FIPS 205 Stateless Hash-Based Digital Signature Algorithm. It provides quantum-safe digital signatures whose security is based entirely on the collision resistance and preimage resistance of its underlying hash function — making it the most conservative choice for systems requiring the highest confidence in long-term security.
The engine features dedicated tree computation pipelines and one-time signature chain processors, all working under a top-level controller to compute the multi-layer tree-based signature structure. This pure hardware design requires no embedded processor — eliminating software attack surfaces and enabling deployment in the most sensitive environments.
With security that does not depend on the hardness of any algebraic problem, SLH-DSA provides essential insurance against mathematical breakthroughs that might weaken lattice-based schemes in the future. It is the signature of choice for root certificates, critical infrastructure, and any system with a 30+ year operational lifecycle.
| Parameter | Value |
|---|---|
| Algorithm | SLH-DSA (FIPS 205) |
| Security Levels | Category 1 / 3 / 5 |
| Parameter Sets | 6 (128s/f, 192s/f, 256s/f) |
| Public Key | 32 – 64 bytes |
| Signature Size | 7,856 – 49,856 bytes |
| Hash Core | SHA-256 or SHAKE-256 |
| Interface | Standard bus interface |
| Parameter | 128s | 128f | 192s | 192f | 256s | 256f |
|---|---|---|---|---|---|---|
| Security Level | Cat 1 | Cat 1 | Cat 3 | Cat 3 | Cat 5 | Cat 5 |
| Public Key (bytes) | 32 | 32 | 48 | 48 | 64 | 64 |
| Secret Key (bytes) | 64 | 64 | 96 | 96 | 128 | 128 |
| Signature (bytes) | 7,856 | 17,088 | 16,224 | 35,664 | 29,792 | 49,856 |
| Optimized For | Size | Speed | Size | Speed | Size | Speed |
| Parameter | Value |
|---|---|
| Interface | Standard register-mapped bus interface |
| Hash Core Options | SHA-256 (default) or SHAKE-256 |
| Target Clock Frequency | 80 MHz |
| Signing Latency (128f) | ~15 ms @ 80 MHz |
| Signing Latency (128s) | ~200 ms @ 80 MHz |
| Verification Latency (128f) | ~2 ms @ 80 MHz |
| Verification | NIST Known Answer Test vectors |
| Use Case | Recommended |
|---|---|
| Bandwidth-limited systems | SLH-DSA-128s (7,856 B signature) |
| Fast signing required | SLH-DSA-128f (17,088 B signature) |
| Government / CNSA 2.0 | SLH-DSA-256s (29,792 B signature) |
| High-throughput verification | SLH-DSA-128f or 192f |
| Maximum security margin | SLH-DSA-256s or 256f |
SLH-DSA is the signature of choice for systems where the cost of failure is catastrophic and the operational lifecycle extends decades into the future. Root certificate authorities, nuclear facility control systems, satellite firmware, and government archives all benefit from hash-based signatures that make the absolute minimum cryptographic assumptions.
Choose the integration level that matches your design requirements.
Complete source with verification suite, driver library, and documentation. Configurable for SHA-256 or SHAKE-256 hash core at build time. Maximum portability across target technologies.
Optimized for target technology with timing models and physical abstractions. Pre-characterized for 80 MHz with both SHA-256 and SHAKE-256 variants available.
Fully validated physical implementation with complete signoff documentation. Available in both SHA-256 and SHAKE-256 configurations.
Signature and security cores for comprehensive quantum-safe deployments.
Contact our team for evaluation access, product documentation, or custom integration support for your long-lifecycle security requirements.