signature_algorithm_class Enum

namespace keychain → enum class signature_algorithm_class

Overview

The signature_algorithm_class enumeration categorizes digital signature algorithms by their mathematical foundations and cryptographic families.

Syntax

namespace keychain {
    enum class signature_algorithm_class {
        ECDSA,      // Elliptic Curve Digital Signature Algorithm
        ECGDSA,     // Elliptic Curve German Digital Signature Algorithm
        RSASS,      // RSA Signature Schemes
        DSA,        // Digital Signature Algorithm
        EDDSA       // Edwards-curve Digital Signature Algorithm
    };
}

Members

ECDSA

Value: signature_algorithm_class::ECDSA

Elliptic Curve Digital Signature Algorithm family.

Characteristics: * Based on elliptic curve cryptography * NIST standardized curves (P-256, P-384, P-521) * Efficient key sizes * Strong security properties * Wide industry adoption

ECGDSA

Value: signature_algorithm_class::ECGDSA

Elliptic Curve German Digital Signature Algorithm family.

Characteristics: * German cryptographic standard * Similar to ECDSA but different message processing * Brainpool curves support * European cryptographic compliance * Deterministic signatures

RSASS

Value: signature_algorithm_class::RSASS

RSA Signature Schemes family.

Characteristics: * Based on RSA public key cryptography * PKCS#1 and PSS padding schemes * Large key sizes required for security * Well-established and widely supported * Quantum-vulnerable

DSA

Value: signature_algorithm_class::DSA

Digital Signature Algorithm family.

Characteristics: * Based on discrete logarithm problem * FIPS 186-4 standard * Fixed parameter sets * Government and enterprise use * Legacy algorithm status

EDDSA

Value: signature_algorithm_class::EDDSA

Edwards-curve Digital Signature Algorithm family.

Characteristics: * Modern elliptic curve signatures * Ed25519 and Ed448 curves * High performance and security * Deterministic signatures * Resistance to side-channel attacks

Usage

#include <keychain/keychain.h>

// Check algorithm class
keychain::signature_scheme scheme = keychain::signature_scheme::ECDSA_P256_SHA256;
keychain::signature_algorithm_class alg_class = scheme.get_algorithm_class();

switch (alg_class) {
    case keychain::signature_algorithm_class::ECDSA:
        std::cout << "Using ECDSA signatures" << std::endl;
        break;
    case keychain::signature_algorithm_class::EDDSA:
        std::cout << "Using EdDSA signatures" << std::endl;
        break;
    case keychain::signature_algorithm_class::RSASS:
        std::cout << "Using RSA signatures" << std::endl;
        break;
    default:
        std::cout << "Other signature algorithm" << std::endl;
        break;
}

// Algorithm class capabilities
bool supports_deterministic_signatures(keychain::signature_algorithm_class alg_class) {
    return alg_class == keychain::signature_algorithm_class::EDDSA ||
           alg_class == keychain::signature_algorithm_class::ECGDSA;
}

bool is_quantum_resistant(keychain::signature_algorithm_class alg_class) {
    // Current algorithms are not quantum-resistant
    // This would change with post-quantum algorithms
    return false;
}

Algorithm Comparison

Algorithm Class	Key Size	Security Level	Performance	Standardization	Quantum Resistance
ECDSA	256-521 bits	High	Excellent	NIST FIPS 186-4	No
ECGDSA	256-512 bits	High	Excellent	German BSI	No
RSASS	2048-4096 bits	High	Good	PKCS#1, PSS	No
DSA	2048-3072 bits	Moderate	Good	FIPS 186-4	No
EdDSA	255-448 bits	High	Excellent	RFC 8032	No

Algorithm Class

Key Size

Security Level

Performance

Standardization

Quantum Resistance

ECDSA

256-521 bits

High

Excellent

NIST FIPS 186-4

ECGDSA

256-512 bits

High

Excellent

German BSI

RSASS

2048-4096 bits

High

Good

PKCS#1, PSS

DSA

2048-3072 bits

Moderate

Good

FIPS 186-4

EdDSA

255-448 bits

High

Excellent

RFC 8032

Security Considerations

ECDSA

Requires high-quality random number generation
Vulnerable to nonce reuse attacks
Side-channel attack considerations
Strong when properly implemented

ECGDSA

Deterministic signatures reduce nonce risks
Less common than ECDSA
Good for European compliance
Limited library support

RSASS

Quantum computer vulnerability (Shor’s algorithm)
Requires large key sizes for equivalent security
Well-understood security properties
Timing attack considerations

DSA

Legacy status in many applications
Fixed parameter limitations
Nonce reuse vulnerabilities
Being phased out in favor of ECDSA

EdDSA

Deterministic signatures (no nonce issues)
Excellent side-channel resistance
Modern design with security focus
Fast verification performance

Performance Characteristics

// Performance comparison example
void benchmark_signature_classes() {
    std::vector<keychain::signature_scheme> schemes = {
        keychain::signature_scheme::ECDSA_P256_SHA256,
        keychain::signature_scheme::EDDSA_ED25519,
        keychain::signature_scheme::RSASS_2048_PSS_SHA256
    };

    std::string test_data = "Performance test message";

    for (auto scheme : schemes) {
        auto alg_class = scheme.get_algorithm_class();

        // Benchmark signing
        auto start = std::chrono::high_resolution_clock::now();
        for (int i = 0; i < 1000; ++i) {
            // Sign test data with scheme
        }
        auto end = std::chrono::high_resolution_clock::now();
        auto sign_duration = std::chrono::duration_cast<std::chrono::microseconds>(end - start);

        // Benchmark verification
        start = std::chrono::high_resolution_clock::now();
        for (int i = 0; i < 1000; ++i) {
            // Verify signature with scheme
        }
        end = std::chrono::high_resolution_clock::now();
        auto verify_duration = std::chrono::duration_cast<std::chrono::microseconds>(end - start);

        std::cout << "Algorithm class: " << to_string(alg_class) << std::endl;
        std::cout << "  Sign: " << sign_duration.count() << "μs" << std::endl;
        std::cout << "  Verify: " << verify_duration.count() << "μs" << std::endl;
    }
}

Algorithm Selection Guidelines

For New Applications

ECDSA - Industry standard with excellent tool support
EdDSA - Modern algorithm with superior security properties
RSASS - When RSA is required by regulations

For High-Security Applications

EdDSA - Best overall security properties
ECDSA with P-384 - Conservative elliptic curve choice
RSASS with 4096-bit keys - When RSA is mandated

For Performance-Critical Applications

EdDSA - Fast verification and deterministic signatures
ECDSA - Good balance of security and performance
ECGDSA - When deterministic signatures are required

For Regulatory Compliance

FIPS 140-2: ECDSA, RSASS, DSA
Common Criteria: ECDSA, RSASS
German BSI: ECGDSA, ECDSA
NIST Post-Quantum: Currently evaluating new algorithms

Future Considerations

// Prepare for post-quantum algorithms
namespace keychain {
    // Future post-quantum signature classes might include:
    // enum class signature_algorithm_class {
    //     // ... existing algorithms ...
    //     DILITHIUM,     // CRYSTALS-Dilithium
    //     FALCON,        // FALCON
    //     SPHINCS_PLUS   // SPHINCS+
    // };
}

// Migration planning
void plan_post_quantum_migration() {
    // Hybrid signatures during transition period
    // Algorithm agility in protocol design
    // Key size and performance impact assessment
}

signature_scheme - Specific signature algorithms
encryption_algorithm_class - Encryption algorithm families
security_level - Security level configuration

signature_algorithm_class Enum

Overview

Syntax

Members

ECDSA

ECGDSA

RSASS

DSA

EDDSA

Usage

Algorithm Comparison

Security Considerations

ECDSA

ECGDSA

RSASS

DSA

EdDSA

Performance Characteristics

Algorithm Selection Guidelines

For New Applications

For High-Security Applications

For Performance-Critical Applications

For Regulatory Compliance

Future Considerations

Related Types

See Also