Author Archives: Andreas

Quantum security of sponges paper @PQCrypto18

Our paper on the quantum security of the sponge construction will be presented at PQCrypto 2018. We prove collision resistance and collapsing for the sponge construction under the assumption that the internal block function is a random one-way permutation or a random function. Sadly, this does not cover SHA3 as the block function in SHA3 […]

Several flaws in RaCoSS

Hunting season is open (for submissions to the NIST post-quantum project). After our PhD student Lorenz Panny already broke “Guess Again” within three hours, the next hit took a moment. Actually, it didn’t. We (Lorenz, Tanja Lange, Daniel J. Bernstein and me) already found three vulnerabilities in RaCoSS within one hour. Only problem: One of […]

SPHINCS+ website online

It took a moment (not to say virtually forever) but we launched the SPHINCS+ website at You can now find the full submission package as well as code and specification separately. In addition, we started to collect the most relevant papers to for our design and plan to collect all results related to SPHINCS+ […]

Two papers at PKC 2018

The year seems to end well, two of my papers got accepted for PKC 2018! The first paper presents rounded Gaussians as an alternative to discrete Gaussians in rejection sampling based lattice-based signature schemes (like BLISS). The advantage is that sampling from a rounded Gaussian can be easily done in constant time. The second paper […]

SPHINCS+ – The smaller SPHINCS

After quite some time without writing any news (too busy) I want to take a moment to announce our submission to the NIST “not-a-competition”. While I am involved in three submissions, I took lead for the hash-based signature submission which I will talk about here. Over the two years since we published SPHINCS, we collected […]

Two papers at PKC 2016

We got two papers (on hash-based signatures!) into this years PKC! One is on an implementation of SPHINCS on an ARM Cortex M3. While the result is surely no practical implementation (the signatures are simply too big) it shows that it is in general doable. Besides, we give a comparison with XMSS on the same […]

PALPAS – PAsswordLess PAssword Synchronization

I recently helped Moritz Horsch to develope a nice password tool called PALPAS. It is a password-store-like tool but the nice thing about this tool is that it synchronizes passwords between several devices without storing the passwords in any form on a central server. The tool only stores  some information that alone is completely independent […]