FORS (Forest of Random Subsets)

Definition

FORS is a few-time signature scheme used in SPHINCS+ to sign message digests before WOTS+ authentication. FORS can securely sign a limited number of messages (more than one-time signatures) with smaller signatures than pure one-time approaches, improving SPHINCS+ efficiency.

Technical Explanation

FORS uses k trees of t leaves each, forming a "forest." Signing reveals k randomly selected leaves (determined by the message hash). Security comes from the birthday bound—revealing many leaves eventually allows forgery, limiting reuse. Parameters balance signature size and allowed signatures.

In SPHINCS+, FORS signs the message, then WOTS+ signs the FORS public key, with Merkle trees authenticating everything. This layered structure enables stateless signing while limiting FORS exposure through the hypertree organization.

SynX Relevance

SPHINCS+ signatures in SynX use FORS internally for efficient message signing. Each transaction's message digest passes through FORS before WOTS+ and Merkle authentication. Users don't interact with FORS directly—it's an implementation detail providing smaller signatures.

Frequently Asked Questions

Why use FORS instead of more WOTS+?: FORS produces smaller signatures for the message-signing step, reducing overall signature size.
Is FORS quantum-resistant?: Yes—security relies on hash function properties, resistant to quantum attacks.
What does "few-time" mean?: More than one signing allowed, but limited; SPHINCS+ ensures each FORS instance isn't overused.

Optimized hash-based signatures. Efficient security with SynX