SPHINCS+ (FIPS 205, Stateless Hash-Based Signatures)

SPHINCS+ is NIST's third post-quantum signature standard (FIPS 205), and it's the conservative backup plan. While Kyber and Dilithium are based on lattice problems, SPHINCS+ uses only hash functions — cryptographic operations we understand extremely well and trust completely. The name is Greek-inspired (SPHINCS is the Greek sphinx). It's "stateless" meaning you can generate signatures independently without tracking state — important for distributed systems where state synchronization is hard.  

The tradeoff: SPHINCS+ signatures are large (7-17 KB depending on security level) compared to Dilithium (2-4 KB). Signing is also slower. But the security confidence is maximum because it's based on SHA-256 or SHA-512, which have been battle-tested for decades. If somehow lattice cryptography turns out to have weaknesses, SPHINCS+ remains secure. QNu Labs' Hodos includes SPHINCS+ for scenarios where you want the ultimate conservative choice.

NIST chose SPHINCS+ as a hedge — if lattice cryptography has undiscovered weaknesses, the world needs a backup. Hash functions are the most understood, most analyzed primitives in cryptography. Basing signatures on nothing but hashing gives maximum confidence.  

For ultra-high-security applications where you can tolerate larger signatures, SPHINCS+ is the choice.

Financial institutions signing ultra-high-value transactions, government agencies signing classified documents, blockchain systems wanting maximum signature security, code signing for critical infrastructure, firmware signing for long-lived systems - these scenarios justify SPHINCS+ larger signatures for the security confidence it provides.