sphincs/sphincsplus

The SPHINCS+ project is a cornerstone of the future secure internet. As the reference implementation for NIST's SLH-DSA standard (FIPS 205), it possesses a 'defensibility of authority.' While the code is open-source, the moat is created by the global standardization process; this repository serves as the definitive source of truth for implementers worldwide. With 219 stars and 71 forks over 8 years, the ratio of forks to stars is exceptionally high (~32%), indicating that this is a technical dependency for other library authors rather than a casual project. Competitive Landscape: Its primary competitors are lattice-based schemes like ML-DSA (Dilithium) and Falcon. However, SPHINCS+ is uniquely defensible because it relies solely on the security of hash functions (SHA-2/3), making it a 'conservative' fallback if lattice-based assumptions are ever compromised. Frontier labs (OpenAI, Google) are not threats but consumers; they will integrate this into their identity and transit layers (e.g., Chrome, Android, internal TLS). Platform domination risk is low because this is a public protocol; while AWS or Cloudflare will provide managed implementations, they cannot 'own' the standard. The primary risk is long-term displacement by a more efficient PQC signature scheme, but given the 10-20 year lifecycle of NIST standards, this is unlikely in the medium term.