dstebila
commented
2 weeks ago Thanks for bringing this to our attention and for starting a PR to make the changes! We would definitely want to update to match the eventually NIST standard.
Because it's a compatibility-breaking change, we would include this in a release incrementing the second version number (0.x.y to 0.x+1.0).
But there's a second consideration around compatibility-breaking changes. For Kyber / ML-KEM, because Kyber Round 3 had already seen significant deployment within TLS, we have both Kyber Round 3 and ML-KEM (FIPS-203-ipd) available in the library, at least for now. Is SPHINCS+ deployment sufficiently widespread that we would need to keep SPHINCS+ and this tweaked version both available in the library for some period of time? I hope not, but wanted to raise the possibility.
Can we add coming changes to SPHINCS+ implementation to liboqs? Could be as a temporary branch as done in https://github.com/sphincs/sphincsplus/pull/51.
This change breaks forward/backward compatibility between old/new signatures.