Skip to main content

Python bindings for SPHINCS+

Project description

PySPX SPHINCS Python Bindings

This repository contains a Python package that provides bindings for SPHINCS+. It provides support for all parameter sets included as part of the SPHINCS+ submission to NIST's Post-Quantum Cryptography Standardization project.

While this package is functionally complete, it may still be subject to small API changes. Currently, the bindings only wrap the reference code. Code optimized for specific platforms (such as machines with AVX2 or AESNI support) is ignored.


The package is available on PyPI and can be installed by simply calling pip install pyspx.

For Linux, binary wheels are available based on the manylinux1 docker image. On other platforms it may take a few moments to compile the SPHINCS+ code. Currently the sphincsplus reference code requires openssl for its SHA256 function. When compiling from source, be sure to install openssl with development files.


After installing the package, import a specific instance of SPHINCS+ as follows (e.g. for shake256-128f):

import pyspx.shake256_128f

This exposes the following straight-forward functions. All parameters are assumed to be bytes objects. Similarly, the returned keys and signatures are bytes. The verify function returns a boolean indicating success or failure.

>>> public_key, secret_key = pyspx.shake256_128f.generate_keypair(seed)
>>> signature = pyspx.shake256_128f.sign(message, secret_key)
>>> pyspx.shake256_128f.verify(message, signature, public_key)

Additionally, the following attributes expose the expected sizes, as a consequence of the selected parameter set:

>>> pyspx.shake256_128f.crypto_sign_BYTES
>>> pyspx.shake256_128f.crypto_sign_PUBLICKEYBYTES
>>> pyspx.shake256_128f.crypto_sign_SECRETKEYBYTES
>>> pyspx.shake256_128f.crypto_sign_SEEDBYTES

Custom SPHINCS+ parameters

It is fairly easy to compile with additional SPHINCS+ parameters. To do this, clone the repository, initialize the src/sphincsplus submodule, and add a new parameter set to src/sphincsplus/ref/params. Make sure to follow the params-sphincs-[parameters-shorthand].h naming convention. Installing the Python package from this modified source will expose the parameter set using the API described above.

Project details

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page