Skip to main content

Python bindings for SPHINCS+

Project description

PySPX Build Status Coverage Status

This repository contains a Python package that provides bindings for SPHINCS+. It provides support for all parameter sets included as part of the SPHINCS+ submission to NIST's Post-Quantum Cryptography Standardization project.

While this package is functionally complete, it may still be subject to small API changes. Currently, the bindings only wrap the reference code. Code optimized for specific platforms (such as machines with AVX2 or AESNI support) is ignored.


The package is available on PyPI and can be installed by simply calling pip install pyspx.

For Linux, binary wheels are available based on the manylinux1 docker image. On other platforms it may take a few moments to compile the SPHINCS+ code. Currently the sphincsplus reference code requires openssl for its SHA256 function. When compiling from source, be sure to install openssl with development files.


After installing the package, import a specific instance of SPHINCS+ as follows (e.g. for shake256-128f):

import pyspx.shake256_128f

This exposes the following straight-forward functions. All parameters are assumed to be bytes objects. Similarly, the returned keys and signatures are bytes. The verify function returns a boolean indicating success or failure.

>>> public_key, secret_key = pyspx.shake256_128f.generate_keypair(seed)
>>> signature = pyspx.shake256_128f.sign(message, secret_key)
>>> pyspx.shake256_128f.verify(message, signature, public_key)

Additionally, the following attributes expose the expected sizes, as a consequence of the selected parameter set:

>>> pyspx.shake256_128f.crypto_sign_BYTES
>>> pyspx.shake256_128f.crypto_sign_PUBLICKEYBYTES
>>> pyspx.shake256_128f.crypto_sign_SECRETKEYBYTES
>>> pyspx.shake256_128f.crypto_sign_SEEDBYTES

Custom SPHINCS+ parameters

It is fairly easy to compile with additional SPHINCS+ parameters. To do this, clone the repository, initialize the src/sphincsplus submodule, and add a new parameter set to src/sphincsplus/ref/params. Make sure to follow the params-sphincs-[parameters-shorthand].h naming convention. Installing the Python package from this modified source will expose the parameter set using the API described above.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
PySPX-0.4.0-cp27-cp27m-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp27
PySPX-0.4.0-cp27-cp27mu-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp27
PySPX-0.4.0-cp34-cp34m-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp34
PySPX-0.4.0-cp35-cp35m-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp35
PySPX-0.4.0-cp36-cp36m-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp36
PySPX-0.4.0-cp37-cp37m-manylinux1_x86_64.whl (4.5 MB) Copy SHA256 hash SHA256 Wheel cp37
PySPX-0.4.0.tar.gz (338.6 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page