Key Terms & Concepts — UPSC Mains
SLH-DSA
"NIST's stateless hash-based post-quantum digital signature scheme — published as FIPS 205 in August 2024."
SLH-DSA — Stateless Hash-Based Digital Signature Algorithm, originally proposed as 'SPHINCS+' — is one of the three first post-quantum cryptography (PQC) standards published by the US National Institute of Standards and Technology (NIST) in August 2024, as Federal Information Processing Standard (FIPS) 205. Unlike lattice-based ML-KEM (FIPS 203) and ML-DSA (FIPS 204), SLH-DSA is a hash-based signature scheme — built on the security of cryptographic hash functions like SHA-256. Its key advantage is conservative security: the hardness assumptions rest only on hash function preimage and collision resistance, which are well-understood and considered quantum-resistant via Grover's Algorithm (which only halves effective security, leaving SHA-256 still robust). Its main drawback is larger signature sizes (~8-50 KB) compared to ML-DSA (~2-4 KB). SLH-DSA is recommended as a fallback / belt-and-suspenders option, especially where signature longevity (decades) matters.
GS3 (S&T, cryptography). Prelims: FIPS number, hash-based family, contrasts with lattice-based standards. Mains: PQC migration architecture; defence-in-depth cryptographic strategy.
- 1 Standard: FIPS 205
- 2 Published: August 13, 2024
- 3 Family: Hash-based cryptography (stateless)
- 4 Original name: SPHINCS+
- 5 Hash function basis: SHA-256, SHA-512, or SHAKE
- 6 Quantum security: Grover's Algorithm reduction; SHA-256 still robust
- 7 Signature size: ~8-50 KB (larger than ML-DSA)
- 8 Role: digital signatures with conservative security assumptions
- 9 Recommended as fallback alongside ML-DSA
India's DST PQC Task Force roadmap (May 2026) flags SLH-DSA as the long-term-security signature option for archival defence and Aadhaar records, where signatures must remain valid for 50+ years.
