Ethereum researchers proposed SPHINCS-, a stateless post-quantum signature verification scheme optimized for the Ethereum Virtual Machine, in a post published on Ethereum Research on June 12. The proposal, authored by nicocsgy with acknowledgment to Vitalik Buterin and other contributors, introduces a design that replaces standard SHAKE256 hash functions with EVM-native KECCAK256 to enable Solidity implementation without requiring protocol changes or new precompiles. The scheme addresses the potential future threat that sufficiently powerful quantum computers could pose to current blockchain wallet cryptographic assumptions, offering a research-stage approach to quantum-resistant wallet verification using existing EVM infrastructure.
SPHINCS- Replaces SHAKE256 With KECCAK256 for EVM Compatibility
The proposal replaces standard SLH-DSA hash functions such as SHAKE256 with KECCAK256, which is native to Ethereum. This design choice allows the verification logic to be implemented in Solidity without requiring new precompiles or protocol-level changes to the Ethereum base layer. The post states that SPHINCS- (pronounced "SPHINCS minus") is designed around the practical constraint of working inside the EVM as it exists today.
C13 Variant Verifies at 127,000 Gas With 3,704-Byte Signature
The C13 variant of SPHINCS- is described as verifying at approximately 127,000 gas with a 3,704-byte signature. The post compares this with standard SLH-DSA-SHA2-128-24, which costs 142,000 gas with a 3,856-byte signature and requires about 1.07 billion hash calls for signing. The proposal reports these metrics as part of its technical performance analysis.
Proposal Targets Reduced Signature Budget for Wallet Use Cases
SPHINCS- scales down the signature budget to a range between 2^14 and 2^20 signatures per key, instead of targeting the standard 2^64 signatures per key. The post states that the average annual 99.9th percentile of Ethereum transactions is around 431 per address since the Merge, suggesting wallet-specific parameters can be more efficient than broad general-purpose standards. The proposal argues that normal Ethereum addresses do not need an astronomical number of signatures.
Hardware Wallet Signing Times Listed for C11 and C12 Variants
The post states that C11 and C12 variants are compatible with hardware wallets, with signing times on an ST33K1M5 secure element listed at 390 seconds and 47.5 seconds respectively. These figures are presented as part of the practical wallet constraints discussion in the proposal.
Non-Standard Design Noted as Research-Stage Work
The proposal notes that SPHINCS- is non-standard and does not strictly match FIPS 205 parameters because it uses Keccak and limited signing budgets. The post states that it should be treated as research rather than a finished Ethereum account standard. The proposal is described as adding to Ethereum's growing post-quantum security conversation.
FAQ
What did Ethereum researchers propose on June 12?
Ethereum researchers proposed SPHINCS-, a stateless post-quantum signature verification scheme optimized for the Ethereum Virtual Machine, in a post published on Ethereum Research on June 12. The proposal was authored by nicocsgy with acknowledgment to Vitalik Buterin and other contributors.
How does SPHINCS- achieve EVM compatibility?
SPHINCS- replaces standard SLH-DSA hash functions such as SHAKE256 with KECCAK256, which is native to Ethereum. This design allows the verification logic to be implemented in Solidity without requiring new precompiles or protocol-level changes to the Ethereum base layer.
What are the reported performance metrics for the C13 variant?
The C13 variant of SPHINCS- is described as verifying at approximately 127,000 gas with a 3,704-byte signature. The post compares this with standard SLH-DSA-SHA2-128-24, which costs 142,000 gas with a 3,856-byte signature.
