Skip to main content
Executive Digital Notary
SPHINCS+ Stateless Signatures for Sovereign Legal Records

SPHINCS+ Stateless Signatures for Sovereign Legal Records

May 14, 2026
4 min read
EDN Security Team

Why Signature Scheme Selection Matters for Long-Term Records

Not all Post-Quantum Cryptography algorithms are equal for long-duration legal records. Lattice-based schemes like CRYSTALS-Dilithium (FIPS 204) are excellent for high-frequency applications like TLS handshakes. But for sovereign records that must remain verifiable for 50+ years, the stateless architecture of SPHINCS+ (SLH-DSA, FIPS 205) is the correct engineering choice.

What Makes SPHINCS+ 'Stateless'?

Traditional hash-based signature schemes like XMSS and LMS are stateful. Each signature consumes a key index, and the signer must track which indices have been used. If state is lost — through hardware failure, software corruption, or operational error — key reuse can compromise the entire signature history.

SPHINCS+ eliminates state entirely. Each signature is generated from a unique, randomly selected one-time key derived from a hyper-tree of hash functions. There is no index to track, no state to manage, and no failure mode from state loss.

For a notarization infrastructure that may need to verify documents across organizational lifespans, operational transitions, and infrastructure migrations, statelessness is not a convenience — it is a security requirement.

EDN's Implementation Architecture

Each SPHINCS+ key pair in the EDN platform is:

  1. Generated inside a Google Cloud HSM (FIPS 140-2 Level 3)
  2. Never exported in plaintext under any condition
  3. Bound to a single document session
  4. Used to sign the SHA-256 hash of the notarized document package, not the document itself

The resulting signature and the document hash are then anchored to the Ethereum Mainnet, creating a permanent, publicly verifiable record that links the document's cryptographic fingerprint to a specific block height and timestamp.

Verification Without the Original Platform

A document anchored via EDN can be verified by any party — even one with no prior relationship with EDN — by:

  1. Recomputing the SHA-256 hash of the document
  2. Retrieving the SPHINCS+ signature from the anchor record
  3. Verifying the signature against the known public key in the blockchain anchor
  4. Confirming the block timestamp on Ethereum Mainnet

No proprietary platform access is required. No EDN server needs to be online. The proof is sovereign.

Ready to Get Started?

Experience the future of real estate closings with Executive Digital Notary. Schedule your consultation today and discover how RON can transform your business.