Package zeroecho.core.alg.sphincsplus

Class SphincsPlusKeyGenSpec

java.lang.Object
zeroecho.core.alg.sphincsplus.SphincsPlusKeyGenSpec
All Implemented Interfaces:
AlgorithmKeySpec
public final class SphincsPlusKeyGenSpec extends Object implements AlgorithmKeySpec
Specification for generating SPHINCS+ key pairs.

SphincsPlusKeyGenSpec selects the hash family, security strength, signature variant, and mode for the SPHINCS+ post-quantum signature scheme. It also carries an optional provider name and explicit Bouncy Castle parameter constant for direct mapping.

Parameters

  • SphincsPlusKeyGenSpec.Hash: underlying hash/XOF function (SHA2, SHAKE, or HARAKA).
  • SphincsPlusKeyGenSpec.Security: NIST security level, expressed as 128, 192, or 256 bits.
  • SphincsPlusKeyGenSpec.Variant: tradeoff between FAST (smaller signatures, higher signing speed) and SMALL (shorter signatures, slower signing). Security is unaffected.
  • SphincsPlusKeyGenSpec.Mode: ROBUST (conservative construction) or SIMPLE (more efficient, narrower assumptions).
  • providerName: JCA provider name (e.g., "BCPQC" for Bouncy Castle PQC).
  • explicitParamConstant: optional override; the exact field name of a SPHINCSPlusParameterSpec constant in the Bouncy Castle API. If non-null, it bypasses the automatic mapping.

Defaults

The defaultSpec() uses:

Example


 // Conservative, NIST Level 3 security, SHA-2 based
 SphincsPlusKeyGenSpec spec = SphincsPlusKeyGenSpec.of(
     "BCPQC", 
     SphincsPlusKeyGenSpec.Hash.SHA2,
     SphincsPlusKeyGenSpec.Security.L3_192,
     SphincsPlusKeyGenSpec.Variant.FAST,
     SphincsPlusKeyGenSpec.Mode.ROBUST);

 KeyPair kp = new SphincsPlusKeyGenBuilder().generateKeyPair(spec);
Since:
1.0

  • Method Details

    • defaultSpec

      public static SphincsPlusKeyGenSpec defaultSpec()
      Returns the default SPHINCS+ key generation spec.
      Returns:
      a singleton default specification (SHAKE, L5, SMALL, ROBUST)

    • of

      public static SphincsPlusKeyGenSpec of(String providerName, SphincsPlusKeyGenSpec.Hash hash, SphincsPlusKeyGenSpec.Security sec, SphincsPlusKeyGenSpec.Variant var, SphincsPlusKeyGenSpec.Mode mode)
      Creates a new specification with explicit algorithm parameters.
      Parameters:
      providerName - JCA provider name (e.g., "BCPQC")
      hash - hash function family
      sec - security level
      var - signature variant (FAST vs SMALL)
      mode - construction mode (ROBUST vs SIMPLE)
      Returns:
      a new SphincsPlusKeyGenSpec

    • withExplicitParamConstant

      public SphincsPlusKeyGenSpec withExplicitParamConstant(String name)
      Returns a copy of this specification with an explicit Bouncy Castle parameter constant override.

      This bypasses automatic mapping of hash family, security, variant, and mode. It is useful to test new or provider-specific constants.

      Parameters:
      name - the name of the static field in SPHINCSPlusParameterSpec
      Returns:
      a new SphincsPlusKeyGenSpec with the override

    • providerName

      public String providerName()
      Returns the provider name used for key generation.
      Returns:
      provider name (never null)

    • hash

      public SphincsPlusKeyGenSpec.Hash hash()
      Returns the hash family of this specification.
      Returns:
      hash family

    • security

      public SphincsPlusKeyGenSpec.Security security()
      Returns the security level of this specification.
      Returns:
      security level

    • variant

      public SphincsPlusKeyGenSpec.Variant variant()
      Returns the variant of this specification.
      Returns:
      signature variant

    • mode

      public SphincsPlusKeyGenSpec.Mode mode()
      Returns the construction mode of this specification.
      Returns:
      construction mode

    • explicitParamConstant

      public String explicitParamConstant()
      Returns the explicit parameter constant override, if set.
      Returns:
      constant name, or null if automatic mapping is used