From 500bdb53656bfedb7663ce03487848d9680ad234b6c6791c016605482039eece Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Thu, 17 Apr 2025 11:21:09 +0300
Subject: [PATCH] Use simple SPHINCS+ parameters

Simple ones are more than enough good for security and highly simplifier
verification code.
---
 go/cm/sign/spx/kp.go | 2 +-
 spec/cm/prv.texi     | 6 +++---
 spec/cm/pub.texi     | 6 +++---
 spec/cm/signed.texi  | 6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/go/cm/sign/spx/kp.go b/go/cm/sign/spx/kp.go
index 0a9c0b8..5359c61 100644
--- a/go/cm/sign/spx/kp.go
+++ b/go/cm/sign/spx/kp.go
@@ -26,7 +26,7 @@ const (
 	SPHINCSPlusSHAKE256sMerkle = "sphincs+-shake-256s-merkle"
 )
 
-var Params = spxParams.MakeSphincsPlusSHAKE256256sRobust(true)
+var Params = spxParams.MakeSphincsPlusSHAKE256256sSimple(true)
 
 func NewKeypair(algo string) (prv, pub []byte, err error) {
 	sk, pk := spx.Spx_keygen(Params)
diff --git a/spec/cm/prv.texi b/spec/cm/prv.texi
index d00294a..cc191a4 100644
--- a/spec/cm/prv.texi
+++ b/spec/cm/prv.texi
@@ -53,12 +53,12 @@ Stored in a file, it should begin with "cm/prv" @ref{MAGIC, magic}.
 
 @node cm-prv-sphincs+-shake-256s
 @cindex cm-prv-sphincs+-shake-256s
-@nodedescription cm/prv with SPHINCS+-SHAKE256-256s-robust
-@subsection cm/prv with SPHINCS+-SHAKE256-256s-robust
+@nodedescription cm/prv with SPHINCS+-SHAKE256-256s
+@subsection cm/prv with SPHINCS+-SHAKE256-256s
 
     @url{https://sphincs.org/, SPHINCS+} with
     @url{https://keccak.team/, SHAKE256} hash,
-    255-bit security level, small signatures and robust parameters.
+    255-bit security level, small signatures and simple parameters.
     Value is concatenation of private and public keys (128+64 bytes).
 
     Algorithm identifier for the public key: @code{sphincs+-shake-256s}.
diff --git a/spec/cm/pub.texi b/spec/cm/pub.texi
index f922522..7a4819b 100644
--- a/spec/cm/pub.texi
+++ b/spec/cm/pub.texi
@@ -193,12 +193,12 @@ MAP {
 
 @node cm-pub-sphincs+-shake-256s
 @cindex cm-pub-sphincs+-shake-256s
-@nodedescription cm/pub with SPHINCS+-SHAKE256-256s-robust
-@subsection cm/pub with SPHINCS+-SHAKE256-256s-robust
+@nodedescription cm/pub with SPHINCS+-SHAKE256-256s
+@subsection cm/pub with SPHINCS+-SHAKE256-256s
 
     @url{https://sphincs.org/, SPHINCS+} with
     @url{https://keccak.team/, SHAKE256} hash,
-    255-bit security level, small signatures and robust parameters.
+    255-bit security level, small signatures and simple parameters.
 
     @code{sphincs+-shake-256s} algorithm identifier is used.
 
diff --git a/spec/cm/signed.texi b/spec/cm/signed.texi
index 1bf94e5..1015332 100644
--- a/spec/cm/signed.texi
+++ b/spec/cm/signed.texi
@@ -119,13 +119,13 @@ recipient's public key fingerprint(s).
 @node cm-signed-sphincs+-shake-256s
 @cindex cm-signed-sphincs+-shake-256s
 @cindex cm-signed-sphincs+-shake-256s-ph
-@nodedescription cm/signed with SPHINCS+-SHAKE256-256s-robust
-@subsection cm/signed with SPHINCS+-SHAKE256-256s-robust
+@nodedescription cm/signed with SPHINCS+-SHAKE256-256s
+@subsection cm/signed with SPHINCS+-SHAKE256-256s
 
     @url{https://sphincs.org/, SPHINCS+} with
     @url{https://keccak.team/, SHAKE256} hash,
     255-bit security level, small signatures,
-    robust parameters and deterministic signatures.
+    simple parameters and deterministic signatures.
 
     @code{sphincs+-shake-256s} algorithm identifier
     must be used for the signature in pure signing mode.
-- 
2.48.1