Ethereum (ETH) researchers have proposed SPHINCS-, a post-quantum signature design that could let wallets verify quantum-resistant signatures inside the EVM.
Key Points:
- SPHINCS- is a research-stage signature verification scheme built for Ethereum wallet security.
- The proposal uses KECCAK256 instead of standard SHAKE256 to work inside the existing EVM.
- Its C13 variant is listed at about 127,000 gas with a 3,704-byte signature.
Ethereum Wallets
The proposal was published on Ethereum Research on Jun. 12 and credits nicocsgy as the author, with special thanks to Vitalik Buterin and other contributors.
It introduces SPHINCS-, pronounced “SPHINCS minus,” as a stateless post-quantum signature verification scheme optimized for the Ethereum Virtual Machine.
The problem is long term but direct.
Today’s blockchain wallets rely on cryptographic assumptions that powerful quantum computers could eventually weaken, which is why Ethereum researchers are testing migration paths before such attacks become practical.
SPHINCS- is built around the EVM as it exists now, so the design does not ask Ethereum to add precompiles or change the base protocol.
The proposal replaces standard SLH-DSA hash functions, including SHAKE256, with KECCAK256, which is already native to Ethereum and can be used in Solidity verification logic.
Also Read: Anthropic Shuts Claude Fable 5 And Mythos 5 After US Government Order
Quantum Security
The post also narrows the signature budget to fit ordinary blockchain wallets, rather than keeping the broader standard target of 2^64 signatures per key.
SPHINCS- focuses on a range between 2^14 and 2^20 signatures per key, arguing that normal Ethereum addresses do not need an unlimited signing budget.
The post says the average annual 99.9th percentile of Ethereum transactions has been about 431 per address since the Merge, which supports more wallet-specific parameters.
For the C13 variant, the proposal lists verification costs near 127,000 gas and a signature size of 3,704 bytes.
It compares that with SLH-DSA-SHA2-128-24, which the post says costs 142,000 gas, uses a 3,856-byte signature and requires about 1.07 billion hash calls for signing.
The design is not a standard.
The post says SPHINCS- does not strictly follow FIPS 205 because it uses Keccak and limited signing budgets, while hardware-wallet signing remains a practical obstacle.
C11 and C12 variants are described as compatible with hardware wallets, but signing times on an ST33K1M5 secure element are listed at 390 seconds and 47.5 seconds, showing that verification efficiency alone does not solve user experience.
Ethereum’s post-quantum work has been moving through several tracks, including new signature schemes, account abstraction, migration planning and wallet design, because account security changes can take years to coordinate across users and infrastructure.
Read Next: ChatGPT Hits One Billion Monthly App Users As Public AI Sentiment Turns Mixed