Aptos has filed a proposal (AIP-137) to implement SLH-DSA-SHA2-128s as an optional quantum-resistant signature scheme. This NIST-standardized stateless hash-based signature would allow users to opt in voluntarily, protecting accounts against future quantum computing threats while maintaining backward compatibility with existing systems.
AIP-137 proposes adding SLH-DSA-SHA2-128s (formerly SPHINCS+) as an account-level signature option. This signature scheme has been standardized under FIPS 205 and relies on the hardness of hash preimage problems rather than number-theory assumptions that could be vulnerable to quantum algorithms.
Aptos emphasizes conservative cryptographic principles and interoperability, with implementations already available in major libraries like OpenSSL 3.5 and Bouncy Castle. An important operational detail highlighted in the proposal: the correct SLH-DSA secret key requires 48 bytes and includes a public-key seed needed for recovery—using a truncated 32-byte backup could result in permanent access loss.
Performance Trade-offs and Network Implications
While offering quantum resistance, SLH-DSA introduces significant performance costs. The signature size is approximately 7,856 bytes—about 82 times larger than Ed25519 signatures. Signing latency is substantially higher at around 285 milliseconds, and verification runs at approximately 294 microseconds, roughly 4.8 times slower than Ed25519 verification.
Despite these costs, the proposal frames these trade-offs as acceptable for long-term security, particularly given uncertainties around the timeline for cryptographically relevant quantum computers.
By pursuing quantum-resistant signatures, Aptos positions itself among the early blockchain adopters of post-quantum cryptography. Similar efforts exist across other layer-1 blockchains, with some testing quantum-resistant transactions and others integrating alternative PQC schemes like Falcon.
The proposal argues that proactive alignment with global cryptographic standards—including NIST recommendations and the EU’s roadmap toward PQC by 2030—enhances institutional credibility and reduces jurisdictional fragmentation. The document advocates for “crypto-agility” as a necessary design principle, allowing the network to adapt as cryptographic standards evolve.
