This implementation was developed as part of my bachelor's thesis. The implementation includes quantum-secure signature algorithms for digital identities, specifically for the EUDI Wallet infrastructure of the eIDAS 2.0 context. Parameters, properties, and partially also test vectors were taken from the following drafts:
The implementation includes the following quantum-secure signature algorithms:
- ML-DSA: Variants for NIST security levels 2, 3, and 5
- SLH-DSA: Variants for NIST security levels 1, 3, and 5
- Hybrid Signatures (ML-DSA + ECDSA): Combinations of ML-DSA and classical ECDSA signatures
These algorithms have been implemented in Java using the Nimbus JOSE+JWT library for JSON Web Signatures (JWS) and utilize Bouncy Castle as the cryptographic provider.
- Java OpenJDK 23
- Maven 3.9.9
- Kotlin 2.1.0
Performance tests were conducted using the Java JMH Performance Library. The following metrics were evaluated:
- Key generation time
- Signature time
- Verification time
Measurements were performed for input size 3 KB (typical size for eIDAS payload). The Payload ist adjustable in BenchmarkRunner
To execute the performance measurements, a mvn clean install must be performed beforehand. The benchmarking class BenchmarkRunner is then executed to perform the tests.
The functionality of MLDSASigner and MLDSAVerifier can be validated in MLDSASpecTest using test vectors from draft-ietf-cose-dilithium-03. For the other implementations, no complete test vectors were available in the draft.
The integration in the EUDI-Wallet context ist tested in EudiWalletTest