A simple way to learn and practice SLH-DSA post quantum digital signature encryptions for any person with access to internet

A simple way to learn and practice SLH-DSA post quantum digital signature encryptions for any person with access to internet


SLH-DSA is a stateless hash-based digital signature algorithm, based on the FIPS 205 standard, approved and recommended by NIST for post-quantum cryptography. SLH-DSA lets users sign and verify data (like documents, files, code, certificates, etc.) in a way that should stay secure even when large scale fault tolerant quantum computers (LSFTQC) become practical and accessible. SLH-DSA is reserved for situations that demand the absolute highest level of long-term security.

The problem with the current digital signature algorithms, like RSA or ECDSA, is that they rely on math problems that quantum computers can solve quickly. In other words, LSFTQC can break current digital signature algorithms, like RSA or ECDSA (on which most of the current blockchains and cryptos are based), very fast.

In the previous post (see [3]) we considered ML-DSA post-quantum algorithm for digital signing of messages. In this post we consider the same example, but with SLH-DSA digital signing algorithm.

As a rule, we encrypt messages when we do not want that unauthorized parties would be able to read them. SLH-DSA and other digital signature algorithms do not encrypt messages, the messages are sent not encrypted. Because, these messages are not encrypted, hackers can modify them. To prevent such scenario, senders send with the messages their digital signatures and public keys, which allow to verify, by recipients, that the messages were not modified by unauthorized parties. Let us consider an example.

John, who is the CEO of a private company, wants to invite Helen, who is a financial director in the company, to a very important meeting. There is no any secret information in the message (therefore, there is no a need to encrypt the message), but there is a risk that unauthorized parties can change the message and mislead Helen. To prevent such scenario John must sign the message with his private cryptographic key and sent to Helen the message, the signature and the public cryptographic key (to verify that the message was not modified).

John goes to this URL: https://www.dynpass.online/demo/pq/slh-dsa/genr.html (for other options, see [4-7]) and creates private/public cryptographic keys, by clicking on the button “Get the keys”.

p1

p2

Then, John goes to this URL: https://www.dynpass.online/demo/pq/slh-dsa/sign.html

enters the message and the private key into the input text fields, and creates a digital signature of the message, by clicking on the button “Sign”.

p3

p4

Then, John sends the message, the signature, and the public key to Helen.

To verify that the message was not modified by unauthorized paries, Helen goes to this URL: https://www.dynpass.online/demo/pq/slh-dsa/verf.html, enters the message, the signature, and the public key into the corresponding fields and clicks on the button “Validate!”.

p5

p6

The result is true/valid, so the message is authentic.

Let us change the message by adding the letter “K” to the line with the word “John” and click on the button “Validate!”.

p7

p8

The result is false, so the message is not authentic, but was modified.

Even so, that the theoretical concept is solid (quantum resistant), real implementations into hardware/software may be vulnerable to hackers. As the known example of the successful attack on SLH-DSA implementation in OpenSSL v3.5.1, see https://arxiv.org/html/2509.13048v1.

 

P.S. 1. If there is a need to keep messages secret then users must encrypt the messages. If there is no a need to keep messages secret then these messages must be digitally signed to prevent modifications of these messages by unauthorized parties.

2. Hybrid or post quantum encryptions require two ways communications/interactions between a sender and a receiver, before the encryptions and transmissions of the encrypted messages. Digitally signed messages do not require two way communications/interactions between a sender and a receiver.

3. Digital signatures on digital data/files/documents are analogous to hand-written signatures on paper documents and have the same purpose: to provide integrity, authentication and non-repudiation of the signed documents/data.

4. SLH-DSA can be used for digital signing of encapsulation keys and cipertexts in ML-KEM (see [1-2]).

5. In our old analogy (see [2]), the main difference between SLH-DSA and classical digital signature algorithms is in the foundation (complex mathematical problem).

p9

References:

  1. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-learn-and-practice-hybrid-encryptions-for-an-xzrnnyy
  2. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-understand-ml-kem-post-quantum-encryptions-xxrwmxg
  3. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-learn-and-practice-ml-dsa-post-quantum-digit-xnjxjnw
  4. https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.slhdsa
  5. https://pypi.org/project/SLH-DSA/
  6. https://github.com/trailofbits/go-slh-dsa
  7. https://openquantumsafe.org/liboqs/algorithms/sig/slh-dsa.html

 

 

 

 

How do you rate this article?

8


I_g_o_r
I_g_o_r

I am curious about science, technologies and their applications to solving real problems.


Simple solutions to complex problems
Simple solutions to complex problems

Each post is devoted to a simple solution to a complex problem.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.