0

我想知道 Java 密码体系结构 (JCA) 中是否已经有提供者用于后量子签名方案,尤其是 XMSS^MT?

4

1 回答 1

0

这是一个从 Bouncycastle 源代码中逐字记录的示例org.bouncycastle.pqc.jcajce.provider.test.XMSSMTTest。此代码在 Java 8 上运行。

import org.bouncycastle.pqc.jcajce.interfaces.StateAwareSignature;
import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
import org.bouncycastle.pqc.jcajce.spec.XMSSMTParameterSpec;
import org.bouncycastle.util.Strings;

import java.security.*;

public class Main {

    private static void fail(boolean condition, String msg) {
        if (condition) {
            throw new RuntimeException(msg);
        }
    }

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastlePQCProvider());
        byte[] msg = Strings.toByteArray("Cthulhu Fthagn --What a wonderful phrase!Cthulhu Fthagn --Say it and you're crazed!");
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("XMSSMT", "BCPQC");

        kpg.initialize(new XMSSMTParameterSpec(20, 10, XMSSMTParameterSpec.SHA256), new SecureRandom());

        KeyPair kp = kpg.generateKeyPair();

        Signature sig = Signature.getInstance("SHA256withXMSSMT", "BCPQC");

        fail(!(sig instanceof StateAwareSignature), "wrong signature instance");

        StateAwareSignature xmssSig = (StateAwareSignature) sig;

        xmssSig.initSign(kp.getPrivate());

        fail(!xmssSig.isSigningCapable(), "signature object is not signing-capable");

        xmssSig.update(msg, 0, msg.length);

        byte[] s = sig.sign();

        PrivateKey nKey = xmssSig.getUpdatedPrivateKey();

        fail(kp.getPrivate().equals(nKey), "");
        fail(xmssSig.isSigningCapable(), "signature object is signing-capable");

        xmssSig.update(msg, 0, msg.length);

        try {
            sig.sign();
            fail(true, "no exception after key extraction");
        } catch (SignatureException e) {
            fail(!"signing key no longer usable".equals(e.getMessage()), "wrong exception");
        }

        try {
            xmssSig.getUpdatedPrivateKey();
            fail(true, "no exception after key extraction");
        } catch (IllegalStateException e) {
            fail(!"signature object not in a signing state".equals(e.getMessage()), "wrong exception");
        }

        xmssSig.initSign(nKey);

        xmssSig.update(msg, 0, msg.length);

        s = sig.sign();

        xmssSig.initVerify(kp.getPublic());

        xmssSig.update(msg, 0, msg.length);

        fail(!xmssSig.verify(s), "verification failure");
    }
}

该文件中还有其他示例。源代码可在此处获得。

于 2018-11-22T20:15:09.907 回答