oberstet · January 24, 2026 19:26
diff --git a/wamp-cryposign-sigscheme.md b/wamp-cryposign-sigscheme.md
diff --git a/wamp-cryptosign-sigscheme.yaml b/wamp-cryptosign-sigscheme.yaml
 # WAMP-Cryptosign Signature Schemes
 #
 # All lengths in bytes.
 # For hybrid schemes, lengths are the sum of component lengths.
 #
 # References:
 #   - RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)
 #   - FIPS 186-5: Digital Signature Standard (DSS)
 #   - FIPS 204: Module-Lattice-Based Digital Signature Standard (ML-DSA)
 #   - FIPS 205: Stateless Hash-Based Digital Signature Standard (SLH-DSA)
 #   - RFC 9814: Stateless Hash-Based Digital Signatures (SPHINCS+)
 #   - NSA CNSA 2.0: Commercial National Security Algorithm Suite 2.0

 sigschemes:

  # ==========================================================================
  # Edwards-Curve ("classic")
  # ==========================================================================

  - sigfamily: classic
    sigscheme: ed25519
    private_key_length: 32
    public_key_length: 32
    signature_length: 64
    notes: "Edwards-Curve 25519: RFC 8032 / FIPS 186-5, ~128-bit security"

  - sigfamily: classic
    sigscheme: ed448
    private_key_length: 57
    public_key_length: 57
    signature_length: 114
    notes: "Edwards-Curve 448: RFC 8032 / FIPS 186-5, ~224-bit security"

  # ==========================================================================
  # ML-DSA / CRYSTALS-Dilithium ("post-quantum", lattice-based)
  # ==========================================================================

  - sigfamily: mldsa
    sigscheme: mldsa44
    private_key_length: 2560
    public_key_length: 1312
    signature_length: 2420
    notes: "CRYSTALS-Dilithium 2: FIPS 204, NIST Category 2 (~128-bit)"

  - sigfamily: mldsa
    sigscheme: mldsa65
    private_key_length: 4032
    public_key_length: 1952
    signature_length: 3293
    notes: "CRYSTALS-Dilithium 3: FIPS 204, NIST Category 3 (~192-bit)"

  - sigfamily: mldsa
    sigscheme: mldsa87
    private_key_length: 4896
    public_key_length: 2592
    signature_length: 4627
    notes: "CRYSTALS-Dilithium 5: FIPS 204, NIST Category 5 (~256-bit)"

  # ==========================================================================
  # SLH-DSA / SPHINCS+ ("post-quantum", hash-based) - SHA2 variants
  # ==========================================================================

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-128s
    private_key_length: 64
    public_key_length: 32
    signature_length: 7856
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), small"

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-128f
    private_key_length: 64
    public_key_length: 32
    signature_length: 17088
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), fast"

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-192s
    private_key_length: 96
    public_key_length: 48
    signature_length: 16224
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), small"

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-192f
    private_key_length: 96
    public_key_length: 48
    signature_length: 35664
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), fast"

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-256s
    private_key_length: 128
    public_key_length: 64
    signature_length: 29792
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), small"

  - sigfamily: slh-dsa-sha2
    sigscheme: slh-dsa-sha2-256f
    private_key_length: 128
    public_key_length: 64
    signature_length: 49856
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), fast"

  # ==========================================================================
  # SLH-DSA / SPHINCS+ ("post-quantum", hash-based) - SHAKE variants
  # ==========================================================================

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-128s
    private_key_length: 64
    public_key_length: 32
    signature_length: 7856
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), small"

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-128f
    private_key_length: 64
    public_key_length: 32
    signature_length: 17088
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), fast"

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-192s
    private_key_length: 96
    public_key_length: 48
    signature_length: 16224
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), small"

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-192f
    private_key_length: 96
    public_key_length: 48
    signature_length: 35664
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), fast"

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-256s
    private_key_length: 128
    public_key_length: 64
    signature_length: 29792
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), small"

  - sigfamily: slh-dsa-shake
    sigscheme: slh-dsa-shake-256f
    private_key_length: 128
    public_key_length: 64
    signature_length: 49856
    notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), fast"

  # ==========================================================================
  # Hybrid: Classic + ML-DSA (recommended for most use cases)
  # Format: classic_signature(data) || mldsa_signature(data)
  # ==========================================================================

  - sigfamily: hybrid-mldsa
    sigscheme: ed25519-mldsa44
    private_key_length: 2592
    public_key_length: 1344
    signature_length: 2484
    notes: "Hybrid: 128-bit classical + NIST Category 2"

  - sigfamily: hybrid-mldsa
    sigscheme: ed25519-mldsa65
    private_key_length: 4064
    public_key_length: 1984
    signature_length: 3357
    notes: "Hybrid: 128-bit classical + NIST Category 3 (recommended general use)"

  - sigfamily: hybrid-mldsa
    sigscheme: ed25519-mldsa87
    private_key_length: 4928
    public_key_length: 2624
    signature_length: 4691
    notes: "Hybrid: 128-bit classical + NIST Category 5"

  - sigfamily: hybrid-mldsa
    sigscheme: ed448-mldsa44
    private_key_length: 2617
    public_key_length: 1369
    signature_length: 2534
    notes: "Hybrid: 224-bit classical + NIST Category 2"

  - sigfamily: hybrid-mldsa
    sigscheme: ed448-mldsa65
    private_key_length: 4089
    public_key_length: 2009
    signature_length: 3407
    notes: "Hybrid: 224-bit classical + NIST Category 3"

  - sigfamily: hybrid-mldsa
    sigscheme: ed448-mldsa87
    private_key_length: 4953
    public_key_length: 2649
    signature_length: 4741
    notes: "Hybrid: 224-bit classical + NIST Category 5 (CNSA 2.0 aligned)"

  # ==========================================================================
  # Hybrid: Classic + SLH-DSA (maximum conservatism, very large signatures)
  # Format: classic_signature(data) || slh_dsa_signature(data)
  # ==========================================================================

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-128s
    private_key_length: 96
    public_key_length: 64
    signature_length: 7920
    notes: "Hybrid: 128-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-128f
    private_key_length: 96
    public_key_length: 64
    signature_length: 17152
    notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-192s
    private_key_length: 128
    public_key_length: 80
    signature_length: 16288
    notes: "Hybrid: 128-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-192f
    private_key_length: 128
    public_key_length: 80
    signature_length: 35728
    notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-256s
    private_key_length: 160
    public_key_length: 96
    signature_length: 29856
    notes: "Hybrid: 128-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed25519-slh-dsa-shake-256f
    private_key_length: 160
    public_key_length: 96
    signature_length: 49920
    notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-128s
    private_key_length: 121
    public_key_length: 89
    signature_length: 7970
    notes: "Hybrid: 224-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-128f
    private_key_length: 121
    public_key_length: 89
    signature_length: 17202
    notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-192s
    private_key_length: 153
    public_key_length: 105
    signature_length: 16338
    notes: "Hybrid: 224-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-192f
    private_key_length: 153
    public_key_length: 105
    signature_length: 35778
    notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-256s
    private_key_length: 185
    public_key_length: 121
    signature_length: 29906
    notes: "Hybrid: 224-bit classical + hash-based PQC, small"

  - sigfamily: hybrid-slh-dsa
    sigscheme: ed448-slh-dsa-shake-256f
    private_key_length: 185
    public_key_length: 121
    signature_length: 49970
    notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

 # ==========================================================================
 # Practical Recommendations
 # ==========================================================================

 recommendations:
  - use_case: "General use, good security"
    sigscheme: ed25519-mldsa65
    rationale: "Good balance of security and size"

  - use_case: "DoD / CNSA 2.0 / GCC High compliance"
    sigscheme: ed448-mldsa87
    rationale: "NIST Category 5, maximum classical security"

  - use_case: "Maximum conservatism (no lattice assumptions)"
    sigscheme: ed448-slh-dsa-shake-256s
    rationale: "Hash-based PQC, no lattice assumptions"

  - use_case: "Legacy / backwards compatibility"
    sigscheme: ed25519
    rationale: "Current WAMP-Cryptosign default"
sigscheme	private key length	public key length	signature length	notes
ed25519	32	32	64	aka "Edwards-Curve 25519": RFC 8032 / FIPS 186-5, comparable to 128-bit security
ed448	57	57	114	aka "Edwards-Curve 448": RFC 8032 / FIPS 186-5, comparable to 224-bit security
sigscheme	private key length	public key length	signature length	notes
mldsa44	2560	1312	2420	aka "Crystals Dilithium 2": FIPS 204, NIST Category 2 (comparable to 128-bit)
mldsa65	4032	1952	3293	aka "Crystals Dilithium 3": FIPS 204, NIST Category 3 (comparable to 192-bit)
mldsa87	4896	2592	4627	aka "Crystals Dilithium 5": FIPS 204, NIST Category 5 (comparable to 256-bit)
sigscheme	private key length	public key length	signature length	notes
slh-dsa-sha2-128s	64	32	7856	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (128-bit)
slh-dsa-sha2-128f	64	32	17088	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (128-bit)
slh-dsa-sha2-192s	96	48	16224	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (192-bit)
slh-dsa-sha2-192f	96	48	35664	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (192-bit)
slh-dsa-sha2-256s	128	64	29792	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (256-bit)
slh-dsa-sha2-256f	128	64	49856	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (256-bit)
sigscheme	private key length	public key length	signature length	notes
slh-dsa-shake-128s	64	32	7856	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (128-bit)
slh-dsa-shake-128f	64	32	17088	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (128-bit)
slh-dsa-shake-192s	96	48	16224	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (192-bit)
slh-dsa-shake-192f	96	48	35664	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (192-bit)
slh-dsa-shake-256s	128	64	29792	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (256-bit)
slh-dsa-shake-256f	128	64	49856	SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (256-bit)
sigscheme	private key length	public key length	signature length	notes
ed25519-mldsa44	2592	1344	2484	128-bit classical + NIST Category 2
ed25519-mldsa65	4064	1984	3357	128-bit classical + NIST Category 3
ed25519-mldsa87	4928	2624	4691	128-bit classical + NIST Category 5
ed448-mldsa44	2617	1369	2534	224-bit classical + NIST Category 2
ed448-mldsa65	4089	2009	3407	224-bit classical + NIST Category 3
ed448-mldsa87	4953	2649	4741	224-bit classical + NIST Category 5, CNSA 2.0 aligned
sigscheme	private key length	public key length	signature length	notes
ed25519-slh-dsa-shake-128s	96	64	7920	128-bit classical + hash-based PQC
ed25519-slh-dsa-shake-128f	96	64	17152	128-bit classical + hash-based PQC
ed448-slh-dsa-shake-256s	185	121	29906	224-bit classical + hash-based PQC
ed448-slh-dsa-shake-256f	185	121	49970	224-bit classical + hash-based PQC
Use Case	Recommended sigscheme	Rationale
General use, good security	`ed25519-mldsa65`	Good balance of security and size
DoD / CNSA 2.0 compliance	`ed448-mldsa87`	NIST Category 5, maximum classical security
Maximum conservatism (no lattice)	`ed448-slh-dsa-shake-256s`	Hash-based PQC, no lattice assumptions
Legacy / backwards compat	`ed25519`	Current WAMP-Cryptosign default
	# WAMP-Cryptosign Signature Schemes
	#
	# All lengths in bytes.
	# For hybrid schemes, lengths are the sum of component lengths.
	#
	# References:
	# - RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)
	# - FIPS 186-5: Digital Signature Standard (DSS)
	# - FIPS 204: Module-Lattice-Based Digital Signature Standard (ML-DSA)
	# - FIPS 205: Stateless Hash-Based Digital Signature Standard (SLH-DSA)
	# - RFC 9814: Stateless Hash-Based Digital Signatures (SPHINCS+)
	# - NSA CNSA 2.0: Commercial National Security Algorithm Suite 2.0

	sigschemes:

	# ==========================================================================
	# Edwards-Curve ("classic")
	# ==========================================================================

	- sigfamily: classic
	sigscheme: ed25519
	private_key_length: 32
	public_key_length: 32
	signature_length: 64
	notes: "Edwards-Curve 25519: RFC 8032 / FIPS 186-5, ~128-bit security"

	- sigfamily: classic
	sigscheme: ed448
	private_key_length: 57
	public_key_length: 57
	signature_length: 114
	notes: "Edwards-Curve 448: RFC 8032 / FIPS 186-5, ~224-bit security"

	# ==========================================================================
	# ML-DSA / CRYSTALS-Dilithium ("post-quantum", lattice-based)
	# ==========================================================================

	- sigfamily: mldsa
	sigscheme: mldsa44
	private_key_length: 2560
	public_key_length: 1312
	signature_length: 2420
	notes: "CRYSTALS-Dilithium 2: FIPS 204, NIST Category 2 (~128-bit)"

	- sigfamily: mldsa
	sigscheme: mldsa65
	private_key_length: 4032
	public_key_length: 1952
	signature_length: 3293
	notes: "CRYSTALS-Dilithium 3: FIPS 204, NIST Category 3 (~192-bit)"

	- sigfamily: mldsa
	sigscheme: mldsa87
	private_key_length: 4896
	public_key_length: 2592
	signature_length: 4627
	notes: "CRYSTALS-Dilithium 5: FIPS 204, NIST Category 5 (~256-bit)"

	# ==========================================================================
	# SLH-DSA / SPHINCS+ ("post-quantum", hash-based) - SHA2 variants
	# ==========================================================================

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-128s
	private_key_length: 64
	public_key_length: 32
	signature_length: 7856
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), small"

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-128f
	private_key_length: 64
	public_key_length: 32
	signature_length: 17088
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), fast"

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-192s
	private_key_length: 96
	public_key_length: 48
	signature_length: 16224
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), small"

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-192f
	private_key_length: 96
	public_key_length: 48
	signature_length: 35664
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), fast"

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-256s
	private_key_length: 128
	public_key_length: 64
	signature_length: 29792
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), small"

	- sigfamily: slh-dsa-sha2
	sigscheme: slh-dsa-sha2-256f
	private_key_length: 128
	public_key_length: 64
	signature_length: 49856
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), fast"

	# ==========================================================================
	# SLH-DSA / SPHINCS+ ("post-quantum", hash-based) - SHAKE variants
	# ==========================================================================

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-128s
	private_key_length: 64
	public_key_length: 32
	signature_length: 7856
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), small"

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-128f
	private_key_length: 64
	public_key_length: 32
	signature_length: 17088
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 1 (~128-bit), fast"

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-192s
	private_key_length: 96
	public_key_length: 48
	signature_length: 16224
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), small"

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-192f
	private_key_length: 96
	public_key_length: 48
	signature_length: 35664
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 3 (~192-bit), fast"

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-256s
	private_key_length: 128
	public_key_length: 64
	signature_length: 29792
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), small"

	- sigfamily: slh-dsa-shake
	sigscheme: slh-dsa-shake-256f
	private_key_length: 128
	public_key_length: 64
	signature_length: 49856
	notes: "SPHINCS+: FIPS 205 / RFC 9814, NIST Category 5 (~256-bit), fast"

	# ==========================================================================
	# Hybrid: Classic + ML-DSA (recommended for most use cases)
	# Format: classic_signature(data) \|\| mldsa_signature(data)
	# ==========================================================================

	- sigfamily: hybrid-mldsa
	sigscheme: ed25519-mldsa44
	private_key_length: 2592
	public_key_length: 1344
	signature_length: 2484
	notes: "Hybrid: 128-bit classical + NIST Category 2"

	- sigfamily: hybrid-mldsa
	sigscheme: ed25519-mldsa65
	private_key_length: 4064
	public_key_length: 1984
	signature_length: 3357
	notes: "Hybrid: 128-bit classical + NIST Category 3 (recommended general use)"

	- sigfamily: hybrid-mldsa
	sigscheme: ed25519-mldsa87
	private_key_length: 4928
	public_key_length: 2624
	signature_length: 4691
	notes: "Hybrid: 128-bit classical + NIST Category 5"

	- sigfamily: hybrid-mldsa
	sigscheme: ed448-mldsa44
	private_key_length: 2617
	public_key_length: 1369
	signature_length: 2534
	notes: "Hybrid: 224-bit classical + NIST Category 2"

	- sigfamily: hybrid-mldsa
	sigscheme: ed448-mldsa65
	private_key_length: 4089
	public_key_length: 2009
	signature_length: 3407
	notes: "Hybrid: 224-bit classical + NIST Category 3"

	- sigfamily: hybrid-mldsa
	sigscheme: ed448-mldsa87
	private_key_length: 4953
	public_key_length: 2649
	signature_length: 4741
	notes: "Hybrid: 224-bit classical + NIST Category 5 (CNSA 2.0 aligned)"

	# ==========================================================================
	# Hybrid: Classic + SLH-DSA (maximum conservatism, very large signatures)
	# Format: classic_signature(data) \|\| slh_dsa_signature(data)
	# ==========================================================================

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-128s
	private_key_length: 96
	public_key_length: 64
	signature_length: 7920
	notes: "Hybrid: 128-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-128f
	private_key_length: 96
	public_key_length: 64
	signature_length: 17152
	notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-192s
	private_key_length: 128
	public_key_length: 80
	signature_length: 16288
	notes: "Hybrid: 128-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-192f
	private_key_length: 128
	public_key_length: 80
	signature_length: 35728
	notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-256s
	private_key_length: 160
	public_key_length: 96
	signature_length: 29856
	notes: "Hybrid: 128-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed25519-slh-dsa-shake-256f
	private_key_length: 160
	public_key_length: 96
	signature_length: 49920
	notes: "Hybrid: 128-bit classical + hash-based PQC, fast"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-128s
	private_key_length: 121
	public_key_length: 89
	signature_length: 7970
	notes: "Hybrid: 224-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-128f
	private_key_length: 121
	public_key_length: 89
	signature_length: 17202
	notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-192s
	private_key_length: 153
	public_key_length: 105
	signature_length: 16338
	notes: "Hybrid: 224-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-192f
	private_key_length: 153
	public_key_length: 105
	signature_length: 35778
	notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-256s
	private_key_length: 185
	public_key_length: 121
	signature_length: 29906
	notes: "Hybrid: 224-bit classical + hash-based PQC, small"

	- sigfamily: hybrid-slh-dsa
	sigscheme: ed448-slh-dsa-shake-256f
	private_key_length: 185
	public_key_length: 121
	signature_length: 49970
	notes: "Hybrid: 224-bit classical + hash-based PQC, fast"

	# ==========================================================================
	# Practical Recommendations
	# ==========================================================================

	recommendations:
	- use_case: "General use, good security"
	sigscheme: ed25519-mldsa65
	rationale: "Good balance of security and size"

	- use_case: "DoD / CNSA 2.0 / GCC High compliance"
	sigscheme: ed448-mldsa87
	rationale: "NIST Category 5, maximum classical security"

	- use_case: "Maximum conservatism (no lattice assumptions)"
	sigscheme: ed448-slh-dsa-shake-256s
	rationale: "Hash-based PQC, no lattice assumptions"

	- use_case: "Legacy / backwards compatibility"
	sigscheme: ed25519
	rationale: "Current WAMP-Cryptosign default"