One thing about Sphincs+ is that it is sensitive to fault attacks; if an intermediate Merkle tree is miscomputed, the next-higher tree will sign the wrong message (leading to a two-time use of a one-time signature).
To address this, one possibility would be to allow an option to compute each non-top Merkle tree and each FORS tree twice, and see if the roots are the same value. This will obviously take about twice as long.
Ideally, we'd want to ensure that the redundant computations happen on different cores (however within tweaking thread affinities, we can't ensure that); on the other hand, if the redundant computations are in adjecent tasks (as inserted onto the queue), that'd mostly happen anyways.
One thing about Sphincs+ is that it is sensitive to fault attacks; if an intermediate Merkle tree is miscomputed, the next-higher tree will sign the wrong message (leading to a two-time use of a one-time signature).
To address this, one possibility would be to allow an option to compute each non-top Merkle tree and each FORS tree twice, and see if the roots are the same value. This will obviously take about twice as long.
Ideally, we'd want to ensure that the redundant computations happen on different cores (however within tweaking thread affinities, we can't ensure that); on the other hand, if the redundant computations are in adjecent tasks (as inserted onto the queue), that'd mostly happen anyways.