Post-Quantum
Signature Size Explorer

Discover how massive post-quantum cryptography signatures really are. Interactive visual comparison of Dilithium, Falcon, SPHINCS+, and classical algorithms.

NIST standardized
Real-world impact
Interactive visualization

Select algorithms

Quick comparisons:

0 selected
Classical

Ed25519

Modern elliptic curve signature scheme. Fast, secure, and compact.

Signature:64 bytes
Public Key:32 bytes
ECC NIST
Classical

ECDSA P-256

NIST standardized elliptic curve signature.

Signature:64 bytes
Public Key:65 bytes
ECC NIST
Classical

RSA-2048

Traditional RSA signatures. Widely deployed but larger than ECC.

Signature:256 bytes
Public Key:294 bytes
RSA NIST
PQ

Dilithium2

NIST Level 2

NIST standardized PQ signature. Security level II (comparable to AES-128).

Signature:2.36 KB
Public Key:1.28 KB
Lattice NIST
PQ

Dilithium3

NIST Level 3

NIST standardized PQ signature. Security level III (comparable to AES-192).

Signature:3.22 KB
Public Key:1.91 KB
Lattice NIST
PQ

Dilithium5

NIST Level 5

NIST standardized PQ signature. Security level V (comparable to AES-256).

Signature:4.49 KB
Public Key:2.53 KB
Lattice NIST
PQ

Falcon-512

NIST Level 1

NIST-selected PQ signature. Compact but more complex to implement.

Signature:690 bytes
Public Key:897 bytes
Lattice
PQ

Falcon-1024

NIST Level 5

NIST-selected PQ signature. Higher security, still relatively compact.

Signature:1.30 KB
Public Key:1.75 KB
Lattice
PQ

SPHINCS+-128s

NIST Level 1

NIST standardized PQ signature. Hash-based, conservative security. Small keys, huge signatures.

Signature:7.67 KB
Public Key:32 bytes
Hash NIST
PQ

SPHINCS+-128f

NIST Level 1

Fast variant. Larger signatures but faster signing.

Signature:16.69 KB
Public Key:32 bytes
Hash NIST
PQ

SPHINCS+-256s

NIST Level 5

Maximum security. Very large signatures (~29 KB).

Signature:29.09 KB
Public Key:64 bytes
Hash NIST

Visual comparison

Select algorithms to compare

Why does this matter?

Post-quantum cryptography is coming. Understanding the tradeoffs is critical for developers and organizations.

Network bandwidth

Larger signatures mean more data transmitted. A SPHINCS+ signature can be tens of KB versus a 64-byte Ed25519 signature, which has major implications for network protocols, APIs, and mobile applications.

Storage costs

Blockchain and distributed systems store signatures permanently. Millions of transactions with multi-KB signatures add up fast. This can increase storage requirements by an order of magnitude or more.

Performance impact

TLS handshakes, certificate chains, and authentication protocols all use signatures. Larger signatures mean more parsing, validation, and transmission time.

The post-quantum transition

In 2024, NIST published the first post-quantum FIPS standards. While large-scale quantum computers are likely still a decade or more away, organizations need to begin planning migration now because of "harvest now, decrypt later" risks and the lengthy transition process.

Dilithium is widely viewed as a strong balance of security and signature size for many applications. Falcon offers smaller signatures but with more complex implementation considerations. SPHINCS+ provides conservative, hash-based security with much larger signatures.

The choice isn't just about security. It's about infrastructure, bandwidth, storage, and cost. This tool helps you visualize the real-world tradeoffs.

Sources and references

All signature and key sizes are sourced from official NIST PQC standardization documents and reference implementations. Data is accurate as of January 2026.

Sizing notes: signature sizes are raw bytes (some schemes are variable-length). Public key sizes are representative values, and real-world formats can add encoding overhead.

NIST standards

  • • FIPS 204: Module-Lattice-Based Digital Signature Standard (ML-DSA / Dilithium)
  • • FIPS 205: Stateless Hash-Based Digital Signature Standard (SLH-DSA / SPHINCS+)

Reference implementations

Algorithm-specific references

Dilithium (ML-DSA): Signature sizes verified from NIST FIPS 204 standard. Level 2: 2,420 bytes, Level 3: 3,293 bytes, Level 5: 4,595 bytes.

Falcon (FN-DSA): Signature sizes from official Falcon specification. Falcon-512: ~690 bytes (variable), Falcon-1024: ~1,330 bytes. FN-DSA is selected by NIST; standardization is in progress.

SPHINCS+ (SLH-DSA): Sizes from NIST FIPS 205. SPHINCS+-128s: 7,856 bytes, SPHINCS+-128f: 17,088 bytes, SPHINCS+-256s: 29,792 bytes.

Ed25519: 64-byte signatures, 32-byte public keys from RFC 8032.

ECDSA P-256: 64-byte raw signatures (DER encoding is larger).

RSA-2048: 256-byte signatures from PKCS#1 standard.