Embracing SPHINCS+: A Strategic Shift for QRL Project Zond

Table of Contents

After extensive research into hash-based cryptography for QRL Project Zond, we’ve made the decision to transition from XMSS to SLH-DSA/SPHINCS+ (FIPS 205). This strategic upgrade eliminates operational friction, removes the risks of stateful cryptography, and positions QRL Project Zond as a quantum-resistant standard for enterprise demands.

All without impacting the project’s release timeline.

Why the change?

While XMSS has and continues to provide robust post-quantum security for the past seven years (provably secure with minimal security assumptions), now there’s a better solution that’s been sufficiently peer-reviewed and backed by NIST.

The primary drawback of stateful hash-based signatures (like XMSS) lies in key management, specifically, the need to track and prevent the reuse of One-Time Signatures (OTS). Through the use of a bitfield and functions to automate slave trees, QRL has mitigated a lot of this, rather successfully. However, this adds unnecessary complexity, especially for smart contracts and automated functions.

At the same time, abandoning the bulletproof security that hash-based cryptography gives is not feasible either. This is where SPHINCS+ comes in, a stateless hash-based signature scheme recently standardized by NIST (FIPS 205).

Will This Delay the Release?

No. Accounting for the transition to SPHINCS+ doesn’t change development timelines. The integration benefits from existing cryptographic libraries and NIST’s standardized implementation, ensuring a smooth adoption process.

Additionally, extra tooling and development resources don’t need to be given towards stateful key management techniques, potentially shortening some timelines.

Are there any limitations?

To achieve this level of robust, stateless security, there are calculated tradeoffs.

• Larger signature sizes, which may marginally increase blockchain storage requirements.
• Slightly higher computational overhead compared to XMSS, though optimizations mitigate this impact.

However, we consider these to be minor and manageable trade-offs for the improved architectural simplicity and elimination of state-management risks.

The Advantages of Going Stateless

The shift to SPHINCS+ brings major advantages:

• More resilient security model: No need to track OTS usage, eliminating the risk of accidental reuse. Improved side channel attack resistance compared to XMSS.
• NIST standardization (FIPS 205): Ensuring long-term reliability and peer-review oversight.
• Simplified development at all levels: No OTS tracking logic needed.

By going stateless, QRL Project Zond removes this systemic risk, important for institutional partners like exchanges and custody providers.

This transition is more than a technical upgrade, it’s a statement of our commitment to building a platform that is secure, stable, and ready for the demands of enterprise-grade applications. By integrating NIST-standardized SPHINCS+, we are removing operational friction and systemic risk, important for institutional providers operating everything from centralized and decentralized exchanges (CEX/DEX) to DeFi protocols and NFT platforms.

QRL Project Zond is not just being built for the future of blockchain, but for the future of the enterprise on blockchain.

Want to learn more? Visit our QRL Project Zond landing page or our updated roadmap.

Additional Resources

• NIST FIPS 205/SPHINCS+: https://csrc.nist.gov/pubs/fips/205/final
• XMSS:
  • Original paper: https://eprint.iacr.org/2011/484.pdf
  • NIST 800-208: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf