Falcon: BC ver 1.72, unable to verify signature generated by Falcon reference code at falcon-sign.info #1339

orkvozku · 2023-02-28T21:12:22Z

orkvozku
Feb 28, 2023

Hello. Apologies if this is the wrong place to post; feel free to delete if so. I am unable to get BouncyCastle version 1.72 to verify digital signatures generated with the Falcon reference code at falcon-sign.info. I assume I am using the BouncyCastle Falcon code wrong in some way. Any help appreciated.

I can generate key pairs and signatures using the falcon-sign reference code, and verify them with that same code.
I can generate key pairs and signatures using BouncyCastle, and verify them with that same code.
I CANNOT verify digital signatures using BouncyCastle that (key pair and signature) were generated by the Falcon reference code. The problem is that FalconSigner.verifySignature returns false instead of true.
Interestingly, the public keys generated by BouncyCastle appear to be 1 byte smaller than for the Falcon reference code.
The same problem occurs for both Falcon-512 and Falcon-1024, and for signatures generated in the compact form (FALCON_SIG_COMPRESSED) and fixed-size form (FALCON_SIG_PADDED), however, the attached sample code only demonstrates with Falcon-512.

The following code is a JUnit test in Kotlin (should be able to drop into any Android app and then step through with debugger to see results).

// This code is sample code released to the public domain.
// Test keys and signatures generated using reference code at falcon-sign.info.
package // TODO: put your package name here

import org.junit.Test
import org.bouncycastle.pqc.crypto.falcon.*
import java.security.SecureRandom

class FalconTest {
    @Test
    fun falconTest() {
        // try to verify our test signatures: sigf and sigv:
        val fpk = FalconPublicKeyParameters(FalconParameters.falcon_512, pk)
        val fs = FalconSigner()
        fs.init(false, fpk)
        // vr1 is verification result for fixed-size signature, sigf (FALCON_SIG_PADDED)
        val vr1 = fs.verifySignature(msgHello, sigf)
        fs.init(false, fpk)
        // vr2 is verification result for variable-size signature, sigv (FALCON_SIG_COMPRESSED)
        val vr2 = fs.verifySignature(msgHello, sigv)
        // try generating a local key pair
        val kpg = FalconKeyPairGenerator()
        kpg.init(FalconKeyGenerationParameters(SecureRandom(), FalconParameters.falcon_512))
        val kp = kpg.generateKeyPair()
        // tpk is locally-generated public key (896 bytes not 897 as expected)
        val tpk = (kp.public as FalconPublicKeyParameters).h
    }
    /** Falcon-512 public key */
    val pk = byteArrayOf(
        9,-123,8,-111,83,8,-113,123,86,-38,-36,-93,2,-126,29,-79,45,-39,43,-122,13,34,71,
        -34,92,66,-16,9,-89,52,6,22,-21,-69,7,10,41,121,-42,81,77,-24,26,-87,-106,5,-48,
        -4,14,-121,83,37,-78,-105,20,-82,8,71,21,82,103,44,-57,117,-124,113,95,-128,49,35,
        -13,46,52,78,-42,-53,-105,-82,93,-10,11,-92,79,-124,-47,-105,69,-22,-64,73,31,-8,
        -76,-15,105,-80,64,3,2,-87,-56,-3,120,-124,-62,-51,86,-104,41,19,121,40,-60,8,108,
        -54,-48,51,-40,-108,44,-42,-65,50,95,84,25,-79,38,10,115,65,-86,-91,106,54,-58,
        -90,11,31,47,8,-14,-97,86,45,93,111,-73,6,-57,-7,-7,22,24,19,-60,109,-105,-51,-82,
        -67,93,-14,97,-60,-105,6,-87,44,-6,-68,64,84,27,-103,-121,9,22,-118,97,0,60,-87,
        77,36,72,97,42,46,-98,84,-93,98,-62,-46,49,28,72,73,75,-20,89,28,73,-2,-27,-96,
        -67,102,-128,49,102,82,10,51,-42,-12,-80,-56,126,91,112,-23,-13,26,100,39,-89,53,
        86,-81,104,4,93,-57,3,78,-97,88,-99,-60,-26,-84,64,9,-125,105,81,-121,-3,-85,67,
        15,-7,-12,-28,-90,98,-76,6,-122,-105,-85,60,-128,-39,-122,-119,29,54,86,-25,100,5,
        85,2,-104,-110,13,-39,53,-116,115,11,76,-124,96,29,90,-85,3,-27,24,-107,31,0,117,
        -92,-105,-52,7,-96,-6,8,122,-122,106,-32,-104,-42,-15,67,68,-36,64,21,-55,-58,105,
        98,87,-115,7,100,45,36,34,-105,-78,-112,-126,-32,-73,-11,15,123,92,108,-24,49,121,
        41,47,-83,125,-125,-59,-29,37,-57,66,62,36,36,-87,105,-37,100,-123,-60,-77,-84,36,
        97,84,-86,-54,-107,83,-94,74,1,-110,99,26,-59,-126,26,49,-98,74,-120,-94,27,-127,
        112,-4,-69,-71,118,-25,-52,116,70,-17,107,96,73,127,-96,121,-46,-118,-113,-112,31,
        -65,-74,-84,59,-109,24,-43,117,74,58,-104,-45,-99,103,-68,45,-72,88,76,-111,-86,
        121,-83,-72,-117,1,11,-39,-110,40,51,-27,-24,-104,13,-119,36,83,83,68,95,106,60,
        66,63,83,33,13,-122,118,57,-106,37,39,-102,16,-81,-43,-48,34,-19,-90,-90,121,-59,
        31,-126,-15,-60,69,-79,-28,-59,-57,30,28,-58,-126,24,-119,112,-49,2,54,-67,25,-47,
        23,31,-33,-88,63,57,-74,-86,58,-110,-81,35,66,120,-28,-58,39,94,101,-94,41,-119,
        91,33,-92,14,42,39,-127,-28,-114,-5,24,117,-16,-56,125,99,-34,-117,-108,-62,-110,
        121,-28,41,-108,-95,50,27,-66,-38,16,30,104,49,-120,-85,18,42,97,-30,-50,-117,-45,
        -97,-24,121,96,94,-9,92,-98,-89,-86,-34,-106,-6,-43,-24,-41,49,-34,-63,39,21,-64,
        -48,45,25,-77,-28,32,-119,97,26,24,-100,98,47,72,-55,-105,14,-72,-5,-36,93,-114,
        61,77,13,-57,108,71,-53,50,90,-55,-76,-89,-89,-23,78,-72,-101,98,110,-25,-89,94,
        40,75,103,-50,-112,-89,-100,-26,82,120,-69,83,95,4,-48,-65,-40,6,12,-16,7,10,84,
        -110,-82,3,-9,32,-126,-75,-79,37,65,-75,-78,26,-89,67,48,-39,36,-113,-58,-108,
        -108,121,-109,-4,86,-11,-58,-14,46,-93,-48,45,45,-116,-125,-117,-95,48,71,114,50,
        -37,43,11,12,-110,-62,71,-124,125,-60,-71,61,-100,36,22,-5,-36,-35,19,112,48,116,
        93,-111,-54,-107,73,-97,68,-34,47,-15,50,-70,-97,-32,122,-34,29,50,6,31,-11,20,68,
        44,53,-86,31,-93,54,76,-103,21,30,106,7,19,18,14,27,-62,50,-88,7,83,64,-96,-8,125,
        98,36,84,-92,101,114,121,1,41,93,69,121,58,35,72,21,-109,-121,119,105,78,96,-75,
        29,110,117,-126,67,-127,105,25,43,97,-24,-61,-76,-106,-102,73,2,88,-8,43,-127,85,
        -85,-91,29,-91,-43,6,-60,-46,-70,-70,-97,11,-32,-49,90,12,16,97,74,-127,-38,57,57,
        125,-20,-44,99,-105,46,-93,116,123,51,-67,-108,31,23,-31,102,-86,61,4,-80,-92,-43,
        102,-54,120,36,-27,100,30,11,-39,-1,21,78,109,57,75,37,34,-34,55,-90,81,-8,70,49,
        64,29,72,-80,12,114,23,16,-87,38,-14,67,-32,94,97,66,92,-103,40,-72,-119,-106,-19
    )
    /** message for test "Hello" */
    val msgHello = byteArrayOf(
        72,101,108,108,111
    )
    /** Falcon-512 signature using FALCON_SIG_PADDED (666 bytes for Falcon-512) */
    val sigf = byteArrayOf(
        57,58,47,-127,-98,-29,73,-92,-55,95,95,59,48,51,7,52,1,93,-107,30,21,-122,119,
        -114,-112,99,11,-57,-57,-25,-6,-123,-52,108,108,-52,111,33,-47,118,106,54,118,-18,
        -102,-3,-82,-125,98,-59,38,101,-111,-99,-75,-76,-24,-71,18,98,-9,84,45,95,67,111,
        37,113,99,-121,-123,-15,112,-18,-118,-9,5,121,120,83,8,10,117,88,-73,66,-53,-49,
        18,-20,-44,101,-102,-84,-93,66,94,-1,61,-51,26,-6,-101,85,-14,114,-103,-66,31,10,
        69,57,-40,-102,36,-57,-105,-92,102,-95,-11,78,52,-51,-126,-110,93,84,3,117,-102,
        -97,-13,84,-69,-108,7,19,102,-124,-14,41,-23,-75,-63,-92,83,-1,-23,76,-54,106,-73,
        -68,-10,-118,92,-9,-68,-5,-109,107,-21,-88,-102,-86,104,-54,-83,119,-86,74,92,29,
        -108,-109,-18,-84,-105,-111,-109,-117,-75,-4,25,30,82,-123,5,44,48,110,-93,-17,
        -109,97,98,78,-62,74,-32,-58,-92,-58,-98,-33,-45,100,-84,13,111,47,-15,-122,-51,
        64,-84,-75,-62,6,114,-91,-116,-37,45,54,-47,71,14,-126,73,-121,-29,-94,36,-116,
        -13,49,-23,114,91,12,116,-48,-122,93,27,78,-107,76,-101,2,-108,-47,88,99,-95,-24,
        -127,65,-110,53,86,-85,31,-120,-52,-106,38,-127,-64,-60,-95,-66,-14,85,-116,-20,
        89,-12,-16,-71,125,43,106,-44,50,-99,-69,-15,54,101,108,-103,122,2,-3,-92,29,-106,
        82,113,-25,35,-14,-49,15,126,-41,81,88,-42,124,13,-127,85,99,81,100,-127,-62,-89,
        -53,-24,-72,-124,67,101,-83,116,-99,-70,-110,-59,-94,-36,-119,-119,44,40,-22,6,
        -73,47,-76,-59,61,27,-92,-83,-116,48,-24,115,-99,82,98,23,42,20,8,109,104,-66,1,
        17,115,-103,9,-122,26,-13,-67,-119,50,24,-126,29,62,40,55,19,73,106,91,55,37,98,
        -46,-19,32,-121,-77,2,-71,-106,-40,78,97,4,69,-115,-21,-40,-107,-32,123,-100,-82,
        -12,60,115,-87,48,4,-85,-60,-103,-107,31,85,14,36,-67,65,32,39,-10,-123,-13,-6,39,
        -114,-93,-76,70,111,-69,8,60,-61,-27,-68,97,61,25,51,6,36,-52,-67,-37,-107,14,
        -125,85,87,-126,-47,20,97,-99,-52,99,122,113,26,73,20,92,-78,71,-10,78,-123,-86,8,
        84,19,101,-98,-96,-53,-48,124,13,-119,53,89,-76,57,-62,-29,-75,119,9,49,22,107,
        -85,-95,-101,-85,69,107,-20,-81,-1,15,-121,-93,111,-110,105,28,77,0,-20,-110,-91,
        19,-17,25,-30,64,10,-85,-16,100,80,61,68,42,-60,-93,99,60,58,38,-123,13,58,11,58,
        -108,105,-124,41,-31,89,122,85,38,-43,92,-71,44,-119,4,31,-99,41,-39,36,-35,68,
        -115,65,-73,20,-86,-43,-37,68,123,117,-36,61,-14,67,86,-127,-68,-79,-58,-49,52,-6,
        99,-109,-68,59,57,93,-4,-11,50,-54,-62,81,-6,64,20,-99,-28,22,45,-122,49,-26,-5,
        -40,-6,-71,-76,-120,-7,-115,64,50,76,69,117,-40,82,-31,30,119,-74,-76,-66,-13,122,
        116,23,116,-55,-63,-112,-95,5,-98,89,-3,100,-35,6,-25,-63,118,70,89,-30,-51,31,98,
        0,0,0,0,0,0,0,0,0,0
    )
    /** Falcon-512 signature using FALCON_SIG_COMPRESSED (variable, in this case, 648 bytes) */
    val sigv = byteArrayOf(
        57,32,27,69,-20,4,-95,-84,-76,-89,26,97,117,-84,-123,16,126,-66,44,126,-123,73,
        -74,30,124,-55,-3,105,42,31,44,120,3,-90,-119,-58,-75,127,51,6,-4,-110,-62,-21,90,
        98,-29,-124,112,-30,8,33,72,-28,101,-6,115,-3,-51,31,-83,-8,-14,-4,104,118,-6,-81,
        -101,52,-105,29,-44,85,-16,124,9,-108,-101,75,-37,-5,80,-37,-20,42,79,86,-51,41,
        -76,78,55,-115,115,53,116,-21,9,-70,111,96,22,51,57,76,-39,66,-43,-121,-63,-58,
        -99,12,31,-105,91,78,-115,-3,100,-84,-73,-90,-9,56,-33,-76,5,51,123,-40,-32,56,82,
        78,-37,83,120,-92,-38,-4,93,122,71,123,-50,-70,-71,-107,-57,38,65,125,87,-41,-66,
        74,-16,119,86,-123,-13,6,105,-45,-58,-63,-34,-102,-14,-56,20,61,57,-117,-114,-5,
        27,82,-121,35,80,-116,-38,-119,72,-87,44,-109,-120,-44,-86,125,-91,-98,56,13,69,
        59,-66,-112,-86,-108,-99,78,112,121,-72,76,3,114,-51,66,-3,114,13,-75,46,127,-68,
        -78,-73,-23,-45,-28,-113,-62,-72,57,-7,-37,-53,-34,101,-55,-50,-1,41,-91,-1,-61,
        80,84,-118,73,-7,-15,-4,50,-27,6,-84,-12,-31,61,-78,57,127,-57,-93,99,-40,57,117,
        -52,103,47,-91,-89,-50,-75,75,59,-52,-29,110,86,8,112,-66,104,-47,-73,95,9,-17,
        -93,114,-75,15,-10,117,44,-114,101,88,-18,76,-125,-97,49,-59,103,93,-34,20,5,117,
        52,41,2,17,115,-62,57,42,-45,-71,63,88,-26,73,13,-126,-39,-112,109,-74,21,25,20,
        -102,11,-31,-57,49,-109,51,47,-26,-121,31,-71,-51,114,103,87,-57,-90,20,28,-94,
        -121,-88,-88,110,-52,-110,110,-51,112,113,-82,-43,46,47,-75,-72,47,49,21,-33,82,
        66,7,109,-97,75,-79,-53,19,127,61,53,77,78,-113,-17,-17,121,57,125,-119,-33,40,
        -48,-22,-120,41,106,-95,37,-3,-83,-105,47,22,-94,78,17,-51,-57,-126,-45,91,-51,
        -33,-7,122,52,6,-77,-89,-126,59,-124,48,-93,9,-19,25,-125,79,122,-20,-102,67,-103,
        -74,-94,45,89,-105,107,-33,29,55,19,41,-127,-51,-61,-19,-25,39,113,-114,54,-7,-55,
        116,-122,125,-108,-36,-34,88,74,-114,-78,-36,-91,-79,63,60,-37,-37,33,72,72,82,
        -111,-123,55,51,79,31,57,-30,-127,52,-21,36,7,-51,-83,-28,-96,-91,51,-28,68,-13,
        -38,-103,11,4,103,9,-76,-29,-107,29,121,103,-42,111,36,-119,-60,-2,-9,-96,70,19,
        -21,-63,-33,-111,12,75,-21,94,97,61,56,-42,9,-51,-115,-56,25,-25,0,-54,-26,-65,
        -113,-5,-94,-71,113,115,-44,-34,-53,95,-103,-59,72,-78,-58,25,36,-116,-4,19,93,35,
        -61,-75,-55,-115,-77,-123,-125,-31,-61,-109,93,-30,-68,-16,-25,-66,-69,68,-11,36,
        -111,-26,53,-2,68,98,55,120,-83,-84,-47,-122,-103,21,105,102,73,-106,117,-5,-19,
        71,-71,-66,-110,99,66,-59,-29,88,-100,-2,102,28,-112,-110,-55,12,107,105,73,-59,
        -78,-94,-101,-74,64,-32,104,3,-45,31,-13,-12,38,-84,-91,-74
    )
    /*** C language versions of test key pair and sigs:
    // Falcon-512 public key
    const unsigned char pk[] = {
        9,133,8,145,83,8,143,123,86,218,220,163,2,130,29,177,45,217,43,134,13,34,71,222,
        92,66,240,9,167,52,6,22,235,187,7,10,41,121,214,81,77,232,26,169,150,5,208,252,14,
        135,83,37,178,151,20,174,8,71,21,82,103,44,199,117,132,113,95,128,49,35,243,46,52,
        78,214,203,151,174,93,246,11,164,79,132,209,151,69,234,192,73,31,248,180,241,105,
        176,64,3,2,169,200,253,120,132,194,205,86,152,41,19,121,40,196,8,108,202,208,51,
        216,148,44,214,191,50,95,84,25,177,38,10,115,65,170,165,106,54,198,166,11,31,47,8,
        242,159,86,45,93,111,183,6,199,249,249,22,24,19,196,109,151,205,174,189,93,242,97,
        196,151,6,169,44,250,188,64,84,27,153,135,9,22,138,97,0,60,169,77,36,72,97,42,46,
        158,84,163,98,194,210,49,28,72,73,75,236,89,28,73,254,229,160,189,102,128,49,102,
        82,10,51,214,244,176,200,126,91,112,233,243,26,100,39,167,53,86,175,104,4,93,199,
        3,78,159,88,157,196,230,172,64,9,131,105,81,135,253,171,67,15,249,244,228,166,98,
        180,6,134,151,171,60,128,217,134,137,29,54,86,231,100,5,85,2,152,146,13,217,53,
        140,115,11,76,132,96,29,90,171,3,229,24,149,31,0,117,164,151,204,7,160,250,8,122,
        134,106,224,152,214,241,67,68,220,64,21,201,198,105,98,87,141,7,100,45,36,34,151,
        178,144,130,224,183,245,15,123,92,108,232,49,121,41,47,173,125,131,197,227,37,199,
        66,62,36,36,169,105,219,100,133,196,179,172,36,97,84,170,202,149,83,162,74,1,146,
        99,26,197,130,26,49,158,74,136,162,27,129,112,252,187,185,118,231,204,116,70,239,
        107,96,73,127,160,121,210,138,143,144,31,191,182,172,59,147,24,213,117,74,58,152,
        211,157,103,188,45,184,88,76,145,170,121,173,184,139,1,11,217,146,40,51,229,232,
        152,13,137,36,83,83,68,95,106,60,66,63,83,33,13,134,118,57,150,37,39,154,16,175,
        213,208,34,237,166,166,121,197,31,130,241,196,69,177,228,197,199,30,28,198,130,24,
        137,112,207,2,54,189,25,209,23,31,223,168,63,57,182,170,58,146,175,35,66,120,228,
        198,39,94,101,162,41,137,91,33,164,14,42,39,129,228,142,251,24,117,240,200,125,99,
        222,139,148,194,146,121,228,41,148,161,50,27,190,218,16,30,104,49,136,171,18,42,
        97,226,206,139,211,159,232,121,96,94,247,92,158,167,170,222,150,250,213,232,215,
        49,222,193,39,21,192,208,45,25,179,228,32,137,97,26,24,156,98,47,72,201,151,14,
        184,251,220,93,142,61,77,13,199,108,71,203,50,90,201,180,167,167,233,78,184,155,
        98,110,231,167,94,40,75,103,206,144,167,156,230,82,120,187,83,95,4,208,191,216,6,
        12,240,7,10,84,146,174,3,247,32,130,181,177,37,65,181,178,26,167,67,48,217,36,143,
        198,148,148,121,147,252,86,245,198,242,46,163,208,45,45,140,131,139,161,48,71,114,
        50,219,43,11,12,146,194,71,132,125,196,185,61,156,36,22,251,220,221,19,112,48,116,
        93,145,202,149,73,159,68,222,47,241,50,186,159,224,122,222,29,50,6,31,245,20,68,
        44,53,170,31,163,54,76,153,21,30,106,7,19,18,14,27,194,50,168,7,83,64,160,248,125,
        98,36,84,164,101,114,121,1,41,93,69,121,58,35,72,21,147,135,119,105,78,96,181,29,
        110,117,130,67,129,105,25,43,97,232,195,180,150,154,73,2,88,248,43,129,85,171,165,
        29,165,213,6,196,210,186,186,159,11,224,207,90,12,16,97,74,129,218,57,57,125,236,
        212,99,151,46,163,116,123,51,189,148,31,23,225,102,170,61,4,176,164,213,102,202,
        120,36,229,100,30,11,217,255,21,78,109,57,75,37,34,222,55,166,81,248,70,49,64,29,
        72,176,12,114,23,16,169,38,242,67,224,94,97,66,92,153,40,184,137,150,237
    };
    // Falcon-512 private key
    const unsigned char sk[] = {
        89,252,143,185,232,0,185,0,31,3,32,15,124,0,15,255,239,190,124,23,174,188,243,112,
        124,11,209,253,252,14,122,244,65,60,28,16,64,243,240,62,0,95,124,252,63,132,236,
        159,196,235,223,191,239,176,193,252,14,192,19,255,250,32,142,191,243,192,126,248,
        32,130,248,81,126,7,207,72,4,80,193,16,17,63,240,159,193,7,239,193,16,80,191,0,48,
        70,243,193,132,0,15,187,23,223,60,23,206,125,24,80,2,255,224,252,8,15,190,248,15,
        192,4,31,195,16,48,4,0,33,65,12,30,123,4,126,194,4,65,122,244,47,193,239,224,64,7,
        127,132,248,2,69,244,46,250,4,94,197,23,240,131,7,191,254,244,129,123,252,79,253,
        240,48,189,11,193,70,19,239,67,4,63,126,243,161,65,23,225,67,255,224,8,248,95,194,
        11,240,125,31,206,65,3,255,192,255,208,192,243,254,73,251,192,2,8,15,130,35,240,
        191,24,17,6,239,207,130,19,191,255,236,79,59,19,194,65,252,63,2,244,32,191,236,16,
        126,236,1,61,4,95,195,0,31,70,8,0,60,8,80,130,236,1,131,235,222,69,244,81,183,23,
        239,255,240,33,125,236,78,73,23,192,190,20,78,251,7,240,130,3,223,194,252,48,62,
        236,96,197,19,144,68,252,0,56,8,95,190,247,94,196,255,176,131,251,238,255,7,192,
        187,224,31,6,4,32,193,231,225,128,232,14,132,252,48,126,16,144,192,8,18,59,24,47,
        130,232,128,195,3,224,1,0,79,126,248,48,250,243,127,196,28,31,62,11,206,197,232,
        46,191,252,16,130,248,16,127,4,80,195,11,192,0,240,29,128,240,0,254,27,223,254,0,
        49,119,12,79,200,23,193,124,15,224,125,3,239,130,244,46,249,232,64,5,15,175,254,0,
        80,65,8,63,7,0,48,193,255,161,5,11,160,253,243,192,4,232,15,134,0,78,189,3,224,
        255,4,1,4,247,112,64,12,48,67,244,96,59,44,33,183,8,16,185,12,16,189,7,162,4,12,
        79,119,28,112,56,247,143,194,239,238,132,3,210,194,255,175,66,12,15,200,251,209,
        253,244,16,64,3,176,130,16,79,253,255,224,64,244,95,0,255,192,2,35,224,188,39,240,
        4,252,66,185,244,31,125,31,126,196,252,50,5,236,0,62,240,80,67,8,128,133,252,32,
        132,11,255,115,236,48,125,248,14,251,8,64,120,252,94,191,27,224,123,252,142,194,
        248,16,138,244,47,68,0,77,188,3,208,4,16,48,4,8,80,123,36,126,195,252,64,129,239,
        209,58,248,48,254,0,31,2,240,63,121,16,113,64,0,94,187,228,96,3,36,0,76,247,222,
        197,240,47,62,243,206,192,16,16,130,251,192,252,27,144,130,223,208,131,240,30,255,
        15,222,247,12,32,189,7,223,131,236,30,136,248,96,2,240,62,192,244,46,70,19,223,
        127,236,47,129,243,192,59,220,31,129,3,192,60,243,174,251,255,222,63,244,160,65,
        24,32,131,247,240,129,31,128,191,252,81,1,4,33,2,239,255,62,247,193,60,252,60,196,
        0,127,190,248,47,61,24,47,252,19,239,183,39,177,70,7,220,255,244,1,8,244,80,130,
        251,207,65,244,30,128,19,209,1,8,14,253,248,17,132,243,176,63,12,31,253,247,224,
        193,244,79,191,239,160,67,251,160,0,236,1,125,4,16,253,23,177,56,31,176,3,240,15,
        4,7,240,129,248,111,59,240,2,7,16,22,40,12,196,9,229,36,239,211,250,10,13,214,5,
        241,212,251,236,230,38,29,24,20,4,34,7,52,251,236,27,40,23,251,34,239,5,241,23,
        253,2,243,10,251,14,20,242,247,208,16,4,22,254,231,8,33,19,0,233,2,255,254,8,215,
        207,25,14,6,237,17,193,250,29,255,249,8,254,40,254,17,6,249,47,28,13,32,239,252,
        244,249,251,18,7,21,241,246,225,229,253,28,47,230,12,4,9,7,7,32,244,249,240,235,
        30,8,249,237,238,251,4,16,222,9,14,12,251,14,50,12,237,244,43,10,50,33,240,14,252,
        25,52,29,5,231,1,26,238,9,232,216,49,247,3,1,20,12,14,16,237,17,0,244,201,217,8,5,
        231,38,219,199,24,248,210,249,247,253,9,222,224,252,4,21,216,31,5,55,245,23,230,
        247,16,247,5,232,252,29,3,228,252,228,3,214,246,254,220,22,32,240,16,230,22,255,
        248,35,9,26,232,225,37,226,28,44,246,225,22,0,5,241,19,8,248,32,252,249,27,29,237,
        242,32,36,6,0,231,239,4,3,218,11,219,2,231,199,2,5,232,15,246,228,250,15,250,10,
        248,25,25,19,4,24,236,14,46,253,255,245,248,71,190,8,253,11,13,202,217,22,247,17,
        25,231,243,227,5,13,228,13,231,32,24,1,3,211,255,55,246,10,233,2,30,252,9,245,242,
        33,243,15,21,10,250,37,43,34,224,29,230,200,246,230,0,52,226,231,219,243,243,7,
        245,254,252,18,36,245,234,7,246,243,234,8,30,23,240,3,1,7,246,240,224,215,28,12,8,
        50,7,24,32,225,247,252,24,15,232,34,211,14,220,0,23,4,30,237,6,42,248,233,253,248,
        231,209,24,28,231,15,242,28,231,1,9,251,252,24,255,9,21,4,209,235,73,228,232,7,
        234,11,247,12,231,250,3,237,28,65,251,249,21,242,0,19,52,231,32,56,235,238,18,251,
        13,7,35,224,228,8,22,17,245,253,241,51,35,21,232,11,13,248,33,250,253,252,7,240,
        225,51,238,42,241,11,247,56,240,30,22,213,60,226,2,9,28,27,247,227,17,30,73,39,
        225,24,17,9,24,243,253,25,13,4,204,8,15,224,36,230,254,37,24,12,210,4,41,5,247,
        217,212,65,245,27,19,252,33,241
    };
    // message for test "Hello"
    const unsigned char msgHello[] = {
        72,101,108,108,111
    };
    // Falcon-512 signature using FALCON_SIG_PADDED (666 bytes for Falcon-512)
    const unsigned char sigf[] = {
        57,58,47,129,158,227,73,164,201,95,95,59,48,51,7,52,1,93,149,30,21,134,119,142,
        144,99,11,199,199,231,250,133,204,108,108,204,111,33,209,118,106,54,118,238,154,
        253,174,131,98,197,38,101,145,157,181,180,232,185,18,98,247,84,45,95,67,111,37,
        113,99,135,133,241,112,238,138,247,5,121,120,83,8,10,117,88,183,66,203,207,18,236,
        212,101,154,172,163,66,94,255,61,205,26,250,155,85,242,114,153,190,31,10,69,57,
        216,154,36,199,151,164,102,161,245,78,52,205,130,146,93,84,3,117,154,159,243,84,
        187,148,7,19,102,132,242,41,233,181,193,164,83,255,233,76,202,106,183,188,246,138,
        92,247,188,251,147,107,235,168,154,170,104,202,173,119,170,74,92,29,148,147,238,
        172,151,145,147,139,181,252,25,30,82,133,5,44,48,110,163,239,147,97,98,78,194,74,
        224,198,164,198,158,223,211,100,172,13,111,47,241,134,205,64,172,181,194,6,114,
        165,140,219,45,54,209,71,14,130,73,135,227,162,36,140,243,49,233,114,91,12,116,
        208,134,93,27,78,149,76,155,2,148,209,88,99,161,232,129,65,146,53,86,171,31,136,
        204,150,38,129,192,196,161,190,242,85,140,236,89,244,240,185,125,43,106,212,50,
        157,187,241,54,101,108,153,122,2,253,164,29,150,82,113,231,35,242,207,15,126,215,
        81,88,214,124,13,129,85,99,81,100,129,194,167,203,232,184,132,67,101,173,116,157,
        186,146,197,162,220,137,137,44,40,234,6,183,47,180,197,61,27,164,173,140,48,232,
        115,157,82,98,23,42,20,8,109,104,190,1,17,115,153,9,134,26,243,189,137,50,24,130,
        29,62,40,55,19,73,106,91,55,37,98,210,237,32,135,179,2,185,150,216,78,97,4,69,141,
        235,216,149,224,123,156,174,244,60,115,169,48,4,171,196,153,149,31,85,14,36,189,
        65,32,39,246,133,243,250,39,142,163,180,70,111,187,8,60,195,229,188,97,61,25,51,6,
        36,204,189,219,149,14,131,85,87,130,209,20,97,157,204,99,122,113,26,73,20,92,178,
        71,246,78,133,170,8,84,19,101,158,160,203,208,124,13,137,53,89,180,57,194,227,181,
        119,9,49,22,107,171,161,155,171,69,107,236,175,255,15,135,163,111,146,105,28,77,0,
        236,146,165,19,239,25,226,64,10,171,240,100,80,61,68,42,196,163,99,60,58,38,133,
        13,58,11,58,148,105,132,41,225,89,122,85,38,213,92,185,44,137,4,31,157,41,217,36,
        221,68,141,65,183,20,170,213,219,68,123,117,220,61,242,67,86,129,188,177,198,207,
        52,250,99,147,188,59,57,93,252,245,50,202,194,81,250,64,20,157,228,22,45,134,49,
        230,251,216,250,185,180,136,249,141,64,50,76,69,117,216,82,225,30,119,182,180,190,
        243,122,116,23,116,201,193,144,161,5,158,89,253,100,221,6,231,193,118,70,89,226,
        205,31,98,0,0,0,0,0,0,0,0,0,0
    };
    // Falcon-512 signature using FALCON_SIG_COMPRESSED (variable, in this case, 648 bytes)
    const unsigned char sigv[] = {
        57,32,27,69,236,4,161,172,180,167,26,97,117,172,133,16,126,190,44,126,133,73,182,
        30,124,201,253,105,42,31,44,120,3,166,137,198,181,127,51,6,252,146,194,235,90,98,
        227,132,112,226,8,33,72,228,101,250,115,253,205,31,173,248,242,252,104,118,250,
        175,155,52,151,29,212,85,240,124,9,148,155,75,219,251,80,219,236,42,79,86,205,41,
        180,78,55,141,115,53,116,235,9,186,111,96,22,51,57,76,217,66,213,135,193,198,157,
        12,31,151,91,78,141,253,100,172,183,166,247,56,223,180,5,51,123,216,224,56,82,78,
        219,83,120,164,218,252,93,122,71,123,206,186,185,149,199,38,65,125,87,215,190,74,
        240,119,86,133,243,6,105,211,198,193,222,154,242,200,20,61,57,139,142,251,27,82,
        135,35,80,140,218,137,72,169,44,147,136,212,170,125,165,158,56,13,69,59,190,144,
        170,148,157,78,112,121,184,76,3,114,205,66,253,114,13,181,46,127,188,178,183,233,
        211,228,143,194,184,57,249,219,203,222,101,201,206,255,41,165,255,195,80,84,138,
        73,249,241,252,50,229,6,172,244,225,61,178,57,127,199,163,99,216,57,117,204,103,
        47,165,167,206,181,75,59,204,227,110,86,8,112,190,104,209,183,95,9,239,163,114,
        181,15,246,117,44,142,101,88,238,76,131,159,49,197,103,93,222,20,5,117,52,41,2,17,
        115,194,57,42,211,185,63,88,230,73,13,130,217,144,109,182,21,25,20,154,11,225,199,
        49,147,51,47,230,135,31,185,205,114,103,87,199,166,20,28,162,135,168,168,110,204,
        146,110,205,112,113,174,213,46,47,181,184,47,49,21,223,82,66,7,109,159,75,177,203,
        19,127,61,53,77,78,143,239,239,121,57,125,137,223,40,208,234,136,41,106,161,37,
        253,173,151,47,22,162,78,17,205,199,130,211,91,205,223,249,122,52,6,179,167,130,
        59,132,48,163,9,237,25,131,79,122,236,154,67,153,182,162,45,89,151,107,223,29,55,
        19,41,129,205,195,237,231,39,113,142,54,249,201,116,134,125,148,220,222,88,74,142,
        178,220,165,177,63,60,219,219,33,72,72,82,145,133,55,51,79,31,57,226,129,52,235,
        36,7,205,173,228,160,165,51,228,68,243,218,153,11,4,103,9,180,227,149,29,121,103,
        214,111,36,137,196,254,247,160,70,19,235,193,223,145,12,75,235,94,97,61,56,214,9,
        205,141,200,25,231,0,202,230,191,143,251,162,185,113,115,212,222,203,95,153,197,
        72,178,198,25,36,140,252,19,93,35,195,181,201,141,179,133,131,225,195,147,93,226,
        188,240,231,190,187,68,245,36,145,230,53,254,68,98,55,120,173,172,209,134,153,21,
        105,102,73,150,117,251,237,71,185,190,146,99,66,197,227,88,156,254,102,28,144,146,
        201,12,107,105,73,197,178,162,155,182,64,224,104,3,211,31,243,244,38,172,165,182
    };
     ***/
}

Answered by dghgit

Mar 13, 2023

It looks like we're probably both looking at the same vectors. but I think there may be an issue with the byte[] conversion. I think you'd find this a lot easier if you left the data in Hex. It would be obvious that the first "026833" is actually "2907658" so the signature data is clearly incorrect.

https://github.com/bcgit/bc-java/blob/master/core/src/test/java/org/bouncycastle/pqc/crypto/test/FalconTest.java shows how we convert a detached signature into the format used in NIST files.

View full answer

dghgit · 2023-03-06T10:18:59Z

dghgit
Mar 6, 2023
Maintainer

Before we do anything what reference implementation are you using? Does it produce the same output as the KAT files provided in the BC distribution for Falcon. Falcon's a bit of a weird one as the have a specific type byte for detached signatures, so that's usually one source of change, however there has been additional work on the algorithm since it was selected and I believe some of this was directed at the encoding formats.

1 reply

orkvozku Mar 7, 2023
Author

The reference implementation is https://falcon-sign.info/Falcon-impl-20211101.zip. The link to this can be found on the front page, falcon-sign.info, under "Resources" -> "Falcon reference implementation". This version, 20211101, is the one I used. I do not know if it produces the same output as the KAT files because I don't know where to find them.

Thanks for the background info. Given that the reference implementation produces public keys that are one byte larger than bouncycastle, they must not be in sync on the latest encoding formats yet.

dghgit · 2023-03-09T00:15:18Z

dghgit
Mar 9, 2023
Maintainer

I'm pretty sure that's the one we used. You'll find everything including the builder for the test vectors in https://falcon-sign.info/falcon-round3.zip - the submission package. It's dated the same though.

2 replies

orkvozku Mar 13, 2023
Author

Thanks for that info. I have looked at it and, unfortunately, it is just a lot more confusing.

The falcon-sign.info code has a stand-alone api for signing and verifying, which is different than used for the KAT files.
- The stand-alone api is defined in falcon.h and implemented in falcon.c.
- For the KAT files, it uses api.h and the functions are implemented in nist.c
- Both of these use the same lower-level functions for signing and verifying, but the signature is packaged differently. Specifically, in the case of Falcon-512, the stand-alone api encodes the first byte of the signature as 0x39 while the nist.c encodes it as 0x29. They will not verify each other's signatures because of this byte.
- For the KAT files, they format the field, "sm" where it packs the message and signature together, even though the message is duplicated in the "msg" field. You have to pull the signature out of there to get the stand-alone signature.

It appears BouncyCastle won't verify the signature from either of these. The following code sample is another JUnit test that can be added to the previous file. I take the first case for Falcon-512 KAT data, extract the signature, message, and public key, and try to verify it with BouncyCastle and it comes back false.

Incidentally, there is a small difference between the reference code on the falcon-sign.info web page and the NIST round3 submission, but that is related to usage of the pseudorandom generator so it shouldn't impact verification. I didn't see any difference in the verification behavior between them.

    @Test
    fun falconKatTest() {
        // try to verify our test signature
        val fpk = FalconPublicKeyParameters(FalconParameters.falcon_512, pkKat)
        val fs = FalconSigner()
        fs.init(false, fpk)
        // vr is verification result
        val vr = fs.verifySignature(msgKat, sigKat)
        assert(vr) // FAILS TO VERIFY HERE
    }
    // data extracted from Falcon NIST round3 files: falcon-round3/KAT/falcon512-KAT.rsp
    // first test case:
    //   count = 0
    //   seed = 061550234D158C5E...D08541DBD2E1FFA1
    //   mlen = 33
    //   msg = D81C4D8D734FCBFB...2E75BF57BB556AC8
    //   pk = 096BA86CB658A8F4...D454688E294C8C3E
    //   sk = 59044102F3CFBE1B...DA06E7CED500031E
    //   smlen = 691
    //   sm = 026833B3C07507E4...2BD08C3ABE124E80
    //       2 bytes: signature length: 0x0268 = 616
    //       40 bytes: random: 33B3C07507E42017...04C6D17842951309
    //       33 bytes: msg: D81C4D8D734FCBFB...2E75BF57BB556AC8
    //       616 bytes: signature: 290765843D1E460D...2BD08C3ABE124E80
    val pkKat = byteArrayOf(
        9,107,-88,108,-74,88,-88,-12,69,-55,-91,-28,-62,-125,116,-66,-56,121,-56,101,95,
        104,82,105,35,36,9,24,7,77,1,71,-64,49,98,-28,-92,-110,0,100,-116,101,40,3,-58,-3,
        117,9,-82,-102,-89,-103,-42,49,13,11,-44,39,36,-32,99,89,32,24,98,7,0,7,103,-54,
        90,-123,70,-79,117,83,8,-61,4,-72,79,-55,59,6,-98,38,89,-123,-77,-104,-42,-72,52,
        105,-126,-121,-1,-126,-102,-88,32,-15,122,127,66,38,-85,33,-10,1,-21,-41,23,82,38,
        -70,-78,86,-40,-120,-113,0,-112,50,86,109,99,-125,-42,-124,87,-22,21,90,-108,48,
        24,112,-43,-119,-58,120,-19,48,66,89,-23,-45,123,25,59,-62,-89,-52,-68,-66,-59,29,
        105,21,-116,68,7,58,-20,-105,-110,99,2,83,49,-117,-55,84,-37,-11,13,21,2,-126,
        -112,-36,45,48,-100,123,123,2,-90,-126,55,68,-44,99,-38,23,116,-107,-107,-53,119,
        -26,-47,109,32,-47,-76,-61,-86,-40,-99,50,14,-66,90,103,43,-71,109,108,-43,-63,
        -17,-20,-117,-127,18,0,-53,-80,98,-28,115,53,37,64,-19,-34,-8,-81,-108,-103,-8,
        -51,-47,-36,124,104,115,-16,-57,-90,-68,-73,9,117,96,39,31,-108,104,73,-73,-13,
        115,100,11,-74,-100,-87,-75,24,-86,56,10,110,-80,-89,39,94,-24,78,-100,34,26,-19,
        -120,-11,-65,-70,-12,58,62,-34,-114,106,-92,37,88,16,79,-81,-128,14,1,-124,65,
        -109,3,118,-58,-10,-25,81,86,-103,113,-12,122,-37,-54,92,-96,12,-128,25,-120,-13,
        23,-95,-121,34,-94,-110,-104,-110,94,-95,84,-37,-55,2,78,18,5,36,-94,-44,29,-64,
        -15,-113,-40,-39,9,-10,-59,9,119,64,78,32,23,103,7,-117,-87,-95,-7,-28,10,-117,43,
        -87,-64,27,125,-93,-96,-73,58,76,42,107,79,81,-117,-66,-29,69,93,10,-14,32,77,-36,
        3,28,-128,92,114,-52,-74,71,-108,11,30,103,-108,-40,89,-86,-21,-50,-96,-34,-75,
        -127,-42,27,-110,72,-67,-106,-105,-75,-53,-105,74,-127,118,-24,-7,16,70,-100,-82,
        10,-76,-19,-110,-46,-82,-23,-9,-21,80,41,109,-81,-128,87,71,99,5,-63,24,-99,29,
        -104,64,-96,-108,79,4,71,-5,-127,-27,17,66,14,103,-119,27,-104,-6,108,37,112,52,
        -43,-96,99,67,125,55,-111,119,-50,-115,63,-90,-22,-15,46,45,-69,126,-72,-28,-104,
        72,22,18,-79,-110,-106,23,-38,95,-76,94,76,-33,-119,57,39,-40,-70,-124,42,-88,97,
        -39,-59,4,113,-58,-48,-58,-33,126,43,-78,100,101,-96,-21,106,58,112,-99,-25,-110,
        -86,-6,-81,-110,42,-87,93,-43,-110,11,114,-76,-72,-123,108,110,99,40,96,-79,15,92,
        -64,-124,80,0,54,113,-81,56,-119,97,-121,43,70,100,0,-83,-72,21,-70,-127,-22,121,
        73,69,-47,-102,16,6,34,-90,-54,13,65,-60,-22,98,12,33,-36,18,81,25,-29,114,65,
        -113,4,64,45,-97,-89,24,15,123,-56,-102,-6,84,-8,8,34,68,-92,47,70,-27,-75,-85,
        -50,-121,-75,10,125,111,-21,-24,-41,-69,-70,-55,38,87,-53,-38,29,-73,-62,85,114,
        -92,-63,-48,-70,-22,48,68,122,-122,90,43,16,54,-72,-128,3,126,47,77,38,-44,83,-23,
        -23,19,37,-105,121,-23,22,-101,40,-90,46,-72,9,-91,-57,68,-32,78,38,14,31,43,-67,
        -88,116,-15,-84,103,72,57,-35,-76,123,49,72,-59,-108,109,-32,24,1,72,-73,-105,61,
        99,-59,-127,-109,-79,124,-48,93,22,-24,12,-41,-110,-116,42,51,-125,99,-94,58,-127,
        -64,96,-116,-121,80,85,-119,-71,-38,28,97,126,123,112,120,107,103,84,-5,-77,10,88,
        22,-127,11,-98,18,108,-4,-59,-86,73,50,110,-99,-124,41,115,-121,75,99,89,-75,-37,
        117,97,11,-90,-118,-104,-57,-75,-24,63,18,90,-126,82,46,19,-72,63,-72,-8,100,-30,
        -87,123,115,-75,-43,68,-89,65,91,101,4,-95,57,57,-22,-79,89,93,100,-6,-12,31,-85,
        37,-88,100,-91,116,-34,82,68,5,-24,120,51,-104,119,-120,109,47,-64,127,-96,49,21,
        8,37,36,19,-19,-6,17,88,70,102,103,-81,-9,-125,-122,-38,-9,-53,76,-101,-123,9,
        -110,-7,110,32,82,83,48,89,-102,-74,1,-44,84,104,-114,41,76,-116,62
    )
    val msgKat = byteArrayOf(
        -40,28,77,-115,115,79,-53,-5,-22,-34,61,63,-118,3,-97,-86,42,44,-103,87,-24,53,
        -83,85,-78,46,117,-65,87,-69,85,106,-56
    )
    val sigKat = byteArrayOf(
        41,7,101,-124,61,30,70,13,23,-91,39,-46,-68,-92,5,-67,85,-69,-57,-38,9,-88,-58,32,
        -66,10,-12,-89,103,-39,-37,-106,-72,15,85,-28,102,103,103,81,-22,-85,-89,-71,59,
        -122,-41,17,50,-38,-96,-21,55,103,-126,-71,-18,-29,117,25,-50,16,-3,-45,63,-23,
        -14,-109,18,-61,29,-121,54,32,109,22,92,-12,-59,40,-86,61,-36,1,120,69,-31,-16,
        -35,91,10,68,-1,-106,28,66,-40,116,-87,85,51,-27,-76,56,-104,47,82,76,-87,84,-40,
        117,51,-65,-66,66,-58,63,-14,-85,-57,122,52,-57,-99,-75,90,-103,23,27,-68,-73,44,
        -124,42,101,48,-81,47,117,63,12,52,-84,99,47,-97,30,121,73,-16,-65,108,103,102,91,
        39,114,42,-120,87,-42,38,-74,-1,26,19,109,-110,58,57,-12,6,-101,116,119,-1,-108,
        110,82,71,-90,98,119,-111,-44,-101,89,-19,-55,-30,82,90,-122,14,110,-104,40,-47,
        -113,100,-87,-15,114,34,-24,22,106,2,69,56,89,-69,-38,11,-127,-122,-40,-55,-110,
        -117,-75,113,-28,20,100,1,-41,67,14,34,89,4,103,58,-46,28,-54,-59,76,20,108,36,
        -118,29,-42,-102,-74,73,30,-112,29,109,113,-79,82,21,91,-23,125,-32,87,-13,-111,
        106,63,27,66,115,48,-116,41,-78,-12,-39,105,113,103,-71,6,-127,-79,88,62,-39,48,
        -89,30,-103,4,103,-34,-93,104,19,75,-20,-18,-67,89,127,-101,-20,-110,46,-127,111,
        27,5,112,-41,40,-12,-82,4,100,-63,-9,-105,101,127,-121,-92,-27,45,-51,-54,-21,
        -110,114,102,46,-90,109,124,108,-40,120,27,49,-81,85,90,-39,63,95,101,-25,88,22,
        -53,-115,-61,6,-69,103,-27,-110,-75,38,27,-84,-89,-59,9,98,-98,-94,-81,-118,-69,
        -128,-53,-88,-98,-27,53,-73,109,-3,-100,-53,-66,59,-12,-113,43,-56,-86,52,-78,110,
        17,3,41,16,83,-11,-53,-115,-29,-92,90,-6,90,118,-33,-117,33,34,-19,44,-126,-5,-49,
        34,89,41,13,65,-95,79,-122,-79,47,53,-11,-44,-105,98,-77,76,-1,19,-18,126,66,-19,
        -20,112,32,29,127,55,-61,51,22,40,-113,-93,7,-114,54,-27,-127,8,-122,92,60,-2,38,
        61,86,54,-110,4,61,-20,-58,47,52,38,-8,96,97,40,91,123,27,51,111,86,-1,65,-69,101,
        -23,-51,109,-101,-110,-3,-112,-8,100,-86,28,-110,60,-72,-57,85,-11,-51,-31,119,13,
        -122,37,-107,66,113,73,-41,114,26,-86,-75,-47,-108,-82,-87,-84,-34,-54,21,-66,67,
        -53,-90,-90,43,90,51,-112,-98,-97,-60,-38,28,88,20,-5,-41,-51,106,47,-91,114,-29,
        24,-76,44,108,49,-111,64,-72,110,102,57,37,-128,-95,26,43,67,31,68,-63,-7,39,14,
        79,123,36,-112,-13,-77,37,-87,-105,122,113,-91,117,-111,86,54,99,91,-103,105,-37,
        -42,-46,32,-78,76,61,-103,-50,-69,-67,-125,75,-120,34,43,-48,-116,58,-66,18,78,
        -128
    )

dghgit Mar 13, 2023
Maintainer

It looks like we're probably both looking at the same vectors. but I think there may be an issue with the byte[] conversion. I think you'd find this a lot easier if you left the data in Hex. It would be obvious that the first "026833" is actually "2907658" so the signature data is clearly incorrect.

https://github.com/bcgit/bc-java/blob/master/core/src/test/java/org/bouncycastle/pqc/crypto/test/FalconTest.java shows how we convert a detached signature into the format used in NIST files.

Answer selected by dghgit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Falcon: BC ver 1.72, unable to verify signature generated by Falcon reference code at falcon-sign.info #1339

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Falcon: BC ver 1.72, unable to verify signature generated by Falcon reference code at falcon-sign.info #1339

Uh oh!

orkvozku Feb 28, 2023

Replies: 2 comments · 3 replies

Uh oh!

dghgit Mar 6, 2023 Maintainer

Uh oh!

orkvozku Mar 7, 2023 Author

Uh oh!

dghgit Mar 9, 2023 Maintainer

Uh oh!

orkvozku Mar 13, 2023 Author

Uh oh!

dghgit Mar 13, 2023 Maintainer

orkvozku
Feb 28, 2023

Replies: 2 comments 3 replies

dghgit
Mar 6, 2023
Maintainer

orkvozku Mar 7, 2023
Author

dghgit
Mar 9, 2023
Maintainer

orkvozku Mar 13, 2023
Author

dghgit Mar 13, 2023
Maintainer