Bouncy Castle Cryptography Library 1.85

org.bouncycastle.pqc.crypto.sqisign
Class SQIsignSigner

java.lang.Object
  extended byorg.bouncycastle.pqc.crypto.sqisign.SQIsignSigner
All Implemented Interfaces:
MessageSigner

public class SQIsignSigner
extends java.lang.Object
implements MessageSigner

SQIsign signer. Wired for all three NIST parameter sets (lvl1/lvl3/lvl5) via the polymorphic GfField-based dispatch in the EC/HD/theta layer.

Side-channel note: signing is not constant-time. SQIsign's arithmetic is implemented over BigInteger throughout — the GF(p) / GF(p²) base-field and elliptic-curve layer as well as the secret-key-dependent quaternion / ideal / lattice layer (commitment, challenge ideal, response sampling and the auxiliary isogeny). BigInteger operations are inherently variable-time, and the signing path additionally contains secret-dependent rejection loops and variable-iteration Euclidean / lattice-reduction (LLL, HNF, Cornacchia) steps. This matches the SQIsign reference implementation, whose KLPT / Clapotis layer is likewise variable-time. No constant-time guarantee can be made for signing or key generation; verification operates only on public values.

Deployment guidance: the long-term private key participates in the variable-time response / ideal-to-isogeny computation, so per-signature timing depends on secret material and can in principle accumulate toward the static key over many signatures. SQIsign signing therefore should not be exposed in settings where an adversary can measure the timing of signing operations performed under the same key — e.g. a remote timing oracle that signs attacker-influenced messages on demand, or a co-located / shared-host environment open to micro-architectural timing observation. This is an algorithmic property of SQIsign (the reference implementation shares it), not a limitation specific to this port, and there is no known practical constant-time formulation of the KLPT / lattice steps; treat it as a usage constraint until constant-time SQIsign techniques mature.


Constructor Summary
SQIsignSigner()
           
 
Method Summary
 byte[] generateSignature(byte[] message)
          sign the passed in message (usually the output of a hash function).
 void init(boolean forSigning, CipherParameters param)
          initialise the signer for signature generation or signature verification.
 boolean verifySignature(byte[] message, byte[] signature)
          verify the message message against the signature value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SQIsignSigner

public SQIsignSigner()
Method Detail

init

public void init(boolean forSigning,
                 CipherParameters param)
Description copied from interface: MessageSigner
initialise the signer for signature generation or signature verification.

Specified by:
init in interface MessageSigner
Parameters:
forSigning - true if we are generating a signature, false otherwise.
param - key parameters for signature generation.

generateSignature

public byte[] generateSignature(byte[] message)
Description copied from interface: MessageSigner
sign the passed in message (usually the output of a hash function).

Specified by:
generateSignature in interface MessageSigner
Parameters:
message - the message to be signed.
Returns:
the signature of the message

verifySignature

public boolean verifySignature(byte[] message,
                               byte[] signature)
Description copied from interface: MessageSigner
verify the message message against the signature value.

Specified by:
verifySignature in interface MessageSigner
Parameters:
message - the message that was supposed to have been signed.
signature - the signature of the message

Bouncy Castle Cryptography Library 1.85