public class SQIsignSigner extends java.lang.Object implements MessageSigner
Side-channel note: signing is not constant-time. SQIsign's
arithmetic is implemented over BigInteger throughout — the
GF(p) / GF(p²) base-field and elliptic-curve layer as well as the
secret-key-dependent quaternion / ideal / lattice layer (commitment,
challenge ideal, response sampling and the auxiliary isogeny). BigInteger
operations are inherently variable-time, and the signing path additionally
contains secret-dependent rejection loops and variable-iteration Euclidean /
lattice-reduction (LLL, HNF, Cornacchia) steps. This matches the SQIsign
reference implementation, whose KLPT / Clapotis layer is likewise
variable-time. No constant-time guarantee can be made for signing or key
generation; verification operates only on public values.
Deployment guidance: the long-term private key participates in the variable-time response / ideal-to-isogeny computation, so per-signature timing depends on secret material and can in principle accumulate toward the static key over many signatures. SQIsign signing therefore should not be exposed in settings where an adversary can measure the timing of signing operations performed under the same key — e.g. a remote timing oracle that signs attacker-influenced messages on demand, or a co-located / shared-host environment open to micro-architectural timing observation. This is an algorithmic property of SQIsign (the reference implementation shares it), not a limitation specific to this port, and there is no known practical constant-time formulation of the KLPT / lattice steps; treat it as a usage constraint until constant-time SQIsign techniques mature.
| Constructor and Description |
|---|
SQIsignSigner() |
| Modifier and Type | Method and Description |
|---|---|
byte[] |
generateSignature(byte[] message)
sign the passed in message (usually the output of a hash function).
|
void |
init(boolean forSigning,
CipherParameters param)
initialise the signer for signature generation or signature
verification.
|
boolean |
verifySignature(byte[] message,
byte[] signature)
verify the message message against the signature value.
|
public void init(boolean forSigning,
CipherParameters param)
MessageSignerinit in interface MessageSignerforSigning - true if we are generating a signature, false
otherwise.param - key parameters for signature generation.public byte[] generateSignature(byte[] message)
MessageSignergenerateSignature in interface MessageSignermessage - the message to be signed.public boolean verifySignature(byte[] message,
byte[] signature)
MessageSignerverifySignature in interface MessageSignermessage - the message that was supposed to have been signed.signature - the signature of the message