|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.bouncycastle.pqc.crypto.sqisign.SQIsignSigner
SQIsign signer. Wired for all three NIST parameter sets (lvl1/lvl3/lvl5) via the polymorphic GfField-based dispatch in the EC/HD/theta layer.
Side-channel note: signing is not constant-time. SQIsign's
arithmetic is implemented over BigInteger throughout — the
GF(p) / GF(p²) base-field and elliptic-curve layer as well as the
secret-key-dependent quaternion / ideal / lattice layer (commitment,
challenge ideal, response sampling and the auxiliary isogeny). BigInteger
operations are inherently variable-time, and the signing path additionally
contains secret-dependent rejection loops and variable-iteration Euclidean /
lattice-reduction (LLL, HNF, Cornacchia) steps. This matches the SQIsign
reference implementation, whose KLPT / Clapotis layer is likewise
variable-time. No constant-time guarantee can be made for signing or key
generation; verification operates only on public values.
Deployment guidance: the long-term private key participates in the variable-time response / ideal-to-isogeny computation, so per-signature timing depends on secret material and can in principle accumulate toward the static key over many signatures. SQIsign signing therefore should not be exposed in settings where an adversary can measure the timing of signing operations performed under the same key — e.g. a remote timing oracle that signs attacker-influenced messages on demand, or a co-located / shared-host environment open to micro-architectural timing observation. This is an algorithmic property of SQIsign (the reference implementation shares it), not a limitation specific to this port, and there is no known practical constant-time formulation of the KLPT / lattice steps; treat it as a usage constraint until constant-time SQIsign techniques mature.
| Constructor Summary | |
SQIsignSigner()
|
|
| Method Summary | |
byte[] |
generateSignature(byte[] message)
sign the passed in message (usually the output of a hash function). |
void |
init(boolean forSigning,
CipherParameters param)
initialise the signer for signature generation or signature verification. |
boolean |
verifySignature(byte[] message,
byte[] signature)
verify the message message against the signature value. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public SQIsignSigner()
| Method Detail |
public void init(boolean forSigning,
CipherParameters param)
MessageSigner
init in interface MessageSignerforSigning - true if we are generating a signature, false
otherwise.param - key parameters for signature generation.public byte[] generateSignature(byte[] message)
MessageSigner
generateSignature in interface MessageSignermessage - the message to be signed.
public boolean verifySignature(byte[] message,
byte[] signature)
MessageSigner
verifySignature in interface MessageSignermessage - the message that was supposed to have been signed.signature - the signature of the message
|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||