bcprov/src/main/java/org/bouncycastle/pqc/crypto/xmss/XMSS.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.pqc.crypto.xmss;

 import java.io.IOException;
 import java.security.SecureRandom;
 import java.text.ParseException;

 /**
  * XMSS.
  *
  */
 public class XMSS {

 	/**
 	 * XMSS parameters.
 	 */
 	private XMSSParameters params;
 	/**
 	 * WOTS+ instance.
 	 */
 	private WOTSPlus wotsPlus;
 	/**
 	 * PRNG.
 	 */
 	private SecureRandom prng;
 	/**
 	 * Randomization functions.
 	 */
 	private KeyedHashFunctions khf;
 	/**
 	 * XMSS private key.
 	 */
 	private XMSSPrivateKeyParameters privateKey;
 	/**
 	 * XMSS public key.
 	 */
 	private XMSSPublicKeyParameters publicKey;

 	/**
 	 * XMSS constructor...
 	 *
 	 * @param params
 	 *            XMSSParameters.
 	 */
 	public XMSS(XMSSParameters params) {
 		super();
 		if (params == null) {
 			throw new NullPointerException("params == null");
 		}
 		this.params = params;
 		wotsPlus = params.getWOTSPlus();
 		prng = params.getPRNG();
 		khf = wotsPlus.getKhf();
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withBDSState(new BDS(this)).build();
 			publicKey = new XMSSPublicKeyParameters.Builder(params).build();
 		} catch (ParseException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 	}

 	/**
 	 * Generate a new XMSS private key / public key pair.
 	 *
 	 */
 	public void generateKeys() {
 		/* generate private key */
 		privateKey = generatePrivateKey();
 		XMSSNode root = getBDSState().initialize((OTSHashAddress) new OTSHashAddress.Builder().build());
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
 					.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
 					.withPublicSeed(privateKey.getPublicSeed()).withRoot(root.getValue())
 					.withBDSState(privateKey.getBDSState()).build();
 			publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(root.getValue())
 					.withPublicSeed(getPublicSeed()).build();
 		} catch (ParseException ex) {
 			/* should not be possible */
 			ex.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 	}

 	/**
 	 * Generate an XMSS private key.
 	 *
 	 * @return XMSS private key.
 	 */
 	private XMSSPrivateKeyParameters generatePrivateKey() {
 		int n = params.getDigestSize();
 		byte[] secretKeySeed = new byte[n];
 		prng.nextBytes(secretKeySeed);
 		byte[] secretKeyPRF = new byte[n];
 		prng.nextBytes(secretKeyPRF);
 		byte[] publicSeed = new byte[n];
 		prng.nextBytes(publicSeed);

 		XMSSPrivateKeyParameters privateKey = null;
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withSecretKeySeed(secretKeySeed)
 					.withSecretKeyPRF(secretKeyPRF).withPublicSeed(publicSeed)
 					.withBDSState(this.privateKey.getBDSState()).build();
 		} catch (ParseException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 		return privateKey;
 	}

 	/**
 	 * Import XMSS private key / public key pair.
 	 *
 	 * @param privateKey
 	 *            XMSS private key.
 	 * @param publicKey
 	 *            XMSS public key.
 	 * @throws ParseException
 	 * @throws ClassNotFoundException
 	 * @throws IOException
 	 */
 	public void importState(byte[] privateKey, byte[] publicKey)
 			throws ParseException, ClassNotFoundException, IOException {
 		if (privateKey == null) {
 			throw new NullPointerException("privateKey == null");
 		}
 		if (publicKey == null) {
 			throw new NullPointerException("publicKey == null");
 		}
 		/* import keys */
 		XMSSPrivateKeyParameters tmpPrivateKey = new XMSSPrivateKeyParameters.Builder(params)
 				.withPrivateKey(privateKey, this).build();
 		XMSSPublicKeyParameters tmpPublicKey = new XMSSPublicKeyParameters.Builder(params).withPublicKey(publicKey)
 				.build();
 		if (!XMSSUtil.compareByteArray(tmpPrivateKey.getRoot(), tmpPublicKey.getRoot())) {
 			throw new IllegalStateException("root of private key and public key do not match");
 		}
 		if (!XMSSUtil.compareByteArray(tmpPrivateKey.getPublicSeed(), tmpPublicKey.getPublicSeed())) {
 			throw new IllegalStateException("public seed of private key and public key do not match");
 		}
 		/* import */
 		this.privateKey = tmpPrivateKey;
 		this.publicKey = tmpPublicKey;
 		wotsPlus.importKeys(new byte[params.getDigestSize()], this.privateKey.getPublicSeed());
 	}

 	/**
 	 * Sign message.
 	 *
 	 * @param message
 	 *            Message to sign.
 	 * @return XMSS signature on digest of message.
 	 */
 	public byte[] sign(byte[] message) {
 		if (message == null) {
 			throw new NullPointerException("message == null");
 		}
 		if (getBDSState().getAuthenticationPath().isEmpty()) {
 			throw new IllegalStateException("not initialized");
 		}
 		int index = privateKey.getIndex();
 		if (!XMSSUtil.isIndexValid(getParams().getHeight(), index)) {
 			throw new IllegalArgumentException("index out of bounds");
 		}

 		/* create (randomized keyed) messageDigest of message */
 		byte[] random = khf.PRF(privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(index, 32));
 		byte[] concatenated = XMSSUtil.concat(random, privateKey.getRoot(),
 				XMSSUtil.toBytesBigEndian(index, params.getDigestSize()));
 		byte[] messageDigest = khf.HMsg(concatenated, message);

 		/* create signature for messageDigest */
 		OTSHashAddress otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder().withOTSAddress(index).build();
 		WOTSPlusSignature wotsPlusSignature = wotsSign(messageDigest, otsHashAddress);
 		XMSSSignature signature = null;
 		try {
 			signature = (XMSSSignature) new XMSSSignature.Builder(params).withIndex(index).withRandom(random)
 					.withWOTSPlusSignature(wotsPlusSignature).withAuthPath(getBDSState().getAuthenticationPath())
 					.build();
 		} catch (ParseException ex) {
 			/* should not happen */
 			ex.printStackTrace();
 		}

 		/* prepare authentication path for next leaf */
 		int treeHeight = this.getParams().getHeight();
 		if (index < ((1 << treeHeight) - 1)) {
 			getBDSState().nextAuthenticationPath((OTSHashAddress) new OTSHashAddress.Builder().build());
 		}

 		/* update index */
 		setIndex(index + 1);

 		return signature.toByteArray();
 	}

 	/**
 	 * Verify an XMSS signature.
 	 *
 	 * @param message
 	 *            Message.
 	 * @param signature
 	 *            XMSS signature.
 	 * @param publicKey
 	 *            XMSS public key.
 	 * @return true if signature is valid false else.
 	 * @throws ParseException
 	 */
 	public boolean verifySignature(byte[] message, byte[] signature, byte[] publicKey) throws ParseException {
 		if (message == null) {
 			throw new NullPointerException("message == null");
 		}
 		if (signature == null) {
 			throw new NullPointerException("signature == null");
 		}
 		if (publicKey == null) {
 			throw new NullPointerException("publicKey == null");
 		}
 		/* parse signature and public key */
 		XMSSSignature sig = new XMSSSignature.Builder(params).withSignature(signature).build();
 		/* generate public key */
 		XMSSPublicKeyParameters pubKey = new XMSSPublicKeyParameters.Builder(params).withPublicKey(publicKey).build();

 		/* save state */
 		int savedIndex = privateKey.getIndex();
 		byte[] savedPublicSeed = privateKey.getPublicSeed();

 		/* set index / public seed */
 		int index = sig.getIndex();
 		setIndex(index);
 		setPublicSeed(pubKey.getPublicSeed());

 		/* reinitialize WOTS+ object */
 		wotsPlus.importKeys(new byte[params.getDigestSize()], getPublicSeed());

 		/* create message digest */
 		byte[] concatenated = XMSSUtil.concat(sig.getRandom(), pubKey.getRoot(),
 				XMSSUtil.toBytesBigEndian(index, params.getDigestSize()));
 		byte[] messageDigest = khf.HMsg(concatenated, message);

 		/* get root from signature */
 		OTSHashAddress otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder().withOTSAddress(index).build();
 		XMSSNode rootNodeFromSignature = getRootNodeFromSignature(messageDigest, sig, otsHashAddress);

 		/* reset state */
 		setIndex(savedIndex);
 		setPublicSeed(savedPublicSeed);
 		return XMSSUtil.compareByteArray(rootNodeFromSignature.getValue(), pubKey.getRoot());
 	}

 	/**
 	 * Export XMSS private key.
 	 *
 	 * @return XMSS private key.
 	 */
 	public byte[] exportPrivateKey() {
 		return privateKey.toByteArray();
 	}

 	/**
 	 * Export XMSS public key.
 	 *
 	 * @return XMSS public key.
 	 */
 	public byte[] exportPublicKey() {
 		return publicKey.toByteArray();
 	}

 	/**
 	 * Randomization of nodes in binary tree.
 	 *
 	 * @param left
 	 *            Left node.
 	 * @param right
 	 *            Right node.
 	 * @param address
 	 *            Address.
 	 * @return Randomized hash of parent of left / right node.
 	 */
 	protected XMSSNode randomizeHash(XMSSNode left, XMSSNode right, XMSSAddress address) {
 		if (left == null) {
 			throw new NullPointerException("left == null");
 		}
 		if (right == null) {
 			throw new NullPointerException("right == null");
 		}
 		if (left.getHeight() != right.getHeight()) {
 			throw new IllegalStateException("height of both nodes must be equal");
 		}
 		if (address == null) {
 			throw new NullPointerException("address == null");
 		}
 		byte[] publicSeed = getPublicSeed();

 		if (address instanceof LTreeAddress) {
 			LTreeAddress tmpAddress = (LTreeAddress) address;
 			address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
 					.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
 					.withKeyAndMask(0).build();
 		} else if (address instanceof HashTreeAddress) {
 			HashTreeAddress tmpAddress = (HashTreeAddress) address;
 			address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
 					.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(0).build();
 		}

 		byte[] key = khf.PRF(publicSeed, address.toByteArray());

 		if (address instanceof LTreeAddress) {
 			LTreeAddress tmpAddress = (LTreeAddress) address;
 			address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
 					.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
 					.withKeyAndMask(1).build();
 		} else if (address instanceof HashTreeAddress) {
 			HashTreeAddress tmpAddress = (HashTreeAddress) address;
 			address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
 					.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(1).build();
 		}

 		byte[] bitmask0 = khf.PRF(publicSeed, address.toByteArray());

 		if (address instanceof LTreeAddress) {
 			LTreeAddress tmpAddress = (LTreeAddress) address;
 			address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
 					.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
 					.withKeyAndMask(2).build();
 		} else if (address instanceof HashTreeAddress) {
 			HashTreeAddress tmpAddress = (HashTreeAddress) address;
 			address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
 					.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
 					.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(2).build();
 		}

 		byte[] bitmask1 = khf.PRF(publicSeed, address.toByteArray());
 		int n = params.getDigestSize();
 		byte[] tmpMask = new byte[2 * n];
 		for (int i = 0; i < n; i++) {
 			tmpMask[i] = (byte) (left.getValue()[i] ^ bitmask0[i]);
 		}
 		for (int i = 0; i < n; i++) {
 			tmpMask[i + n] = (byte) (right.getValue()[i] ^ bitmask1[i]);
 		}
 		byte[] out = khf.H(key, tmpMask);
 		return new XMSSNode(left.getHeight(), out);
 	}

 	/**
 	 * Compresses a WOTS+ public key to a single n-byte string.
 	 *
 	 * @param publicKey
 	 *            WOTS+ public key to compress.
 	 * @param address
 	 *            Address.
 	 * @return Compressed n-byte string of public key.
 	 */
 	protected XMSSNode lTree(WOTSPlusPublicKeyParameters publicKey, LTreeAddress address) {
 		if (publicKey == null) {
 			throw new NullPointerException("publicKey == null");
 		}
 		if (address == null) {
 			throw new NullPointerException("address == null");
 		}
 		int len = wotsPlus.getParams().getLen();
 		/* duplicate public key to XMSSNode Array */
 		byte[][] publicKeyBytes = publicKey.toByteArray();
 		XMSSNode[] publicKeyNodes = new XMSSNode[publicKeyBytes.length];
 		for (int i = 0; i < publicKeyBytes.length; i++) {
 			publicKeyNodes[i] = new XMSSNode(0, publicKeyBytes[i]);
 		}
 		address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
 				.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress()).withTreeHeight(0)
 				.withTreeIndex(address.getTreeIndex()).withKeyAndMask(address.getKeyAndMask()).build();
 		while (len > 1) {
 			for (int i = 0; i < (int) Math.floor(len / 2); i++) {
 				address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
 						.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress())
 						.withTreeHeight(address.getTreeHeight()).withTreeIndex(i)
 						.withKeyAndMask(address.getKeyAndMask()).build();
 				publicKeyNodes[i] = randomizeHash(publicKeyNodes[2 * i], publicKeyNodes[(2 * i) + 1], address);
 			}
 			if (len % 2 == 1) {
 				publicKeyNodes[(int) Math.floor(len / 2)] = publicKeyNodes[len - 1];
 			}
 			len = (int) Math.ceil((double) len / 2);
 			address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
 					.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress())
 					.withTreeHeight(address.getTreeHeight() + 1).withTreeIndex(address.getTreeIndex())
 					.withKeyAndMask(address.getKeyAndMask()).build();
 		}
 		return publicKeyNodes[0];
 	}

 	/**
 	 * Generate a WOTS+ signature on a message without the corresponding
 	 * authentication path
 	 *
 	 * @param messageDigest
 	 *            Message digest of length n.
 	 * @param otsHashAddress
 	 *            OTS hash address.
 	 * @return XMSS signature.
 	 */
 	protected WOTSPlusSignature wotsSign(byte[] messageDigest, OTSHashAddress otsHashAddress) {
 		if (messageDigest.length != params.getDigestSize()) {
 			throw new IllegalArgumentException("size of messageDigest needs to be equal to size of digest");
 		}
 		if (otsHashAddress == null) {
 			throw new NullPointerException("otsHashAddress == null");
 		}
 		/* (re)initialize WOTS+ instance */
 		wotsPlus.importKeys(getWOTSPlusSecretKey(otsHashAddress), getPublicSeed());
 		/* create WOTS+ signature */
 		return wotsPlus.sign(messageDigest, otsHashAddress);
 	}

 	/**
 	 * Compute a root node from a tree signature.
 	 *
 	 * @param messageDigest
 	 *            Message digest.
 	 * @param signature
 	 *            XMSS signature.
 	 * @return Root node calculated from signature.
 	 */
 	protected XMSSNode getRootNodeFromSignature(byte[] messageDigest, XMSSReducedSignature signature,
 			OTSHashAddress otsHashAddress) {
 		if (messageDigest.length != params.getDigestSize()) {
 			throw new IllegalArgumentException("size of messageDigest needs to be equal to size of digest");
 		}
 		if (signature == null) {
 			throw new NullPointerException("signature == null");
 		}
 		if (otsHashAddress == null) {
 			throw new NullPointerException("otsHashAddress == null");
 		}

 		/* prepare adresses */
 		LTreeAddress lTreeAddress = (LTreeAddress) new LTreeAddress.Builder()
 				.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
 				.withLTreeAddress(otsHashAddress.getOTSAddress()).build();
 		HashTreeAddress hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
 				.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
 				.withTreeIndex(otsHashAddress.getOTSAddress()).build();
 		/*
 		 * calculate WOTS+ public key and compress to obtain original leaf hash
 		 */
 		WOTSPlusPublicKeyParameters wotsPlusPK = wotsPlus.getPublicKeyFromSignature(messageDigest,
 				signature.getWOTSPlusSignature(), otsHashAddress);
 		XMSSNode[] node = new XMSSNode[2];
 		node[0] = lTree(wotsPlusPK, lTreeAddress);

 		for (int k = 0; k < params.getHeight(); k++) {
 			hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
 					.withLayerAddress(hashTreeAddress.getLayerAddress())
 					.withTreeAddress(hashTreeAddress.getTreeAddress()).withTreeHeight(k)
 					.withTreeIndex(hashTreeAddress.getTreeIndex()).withKeyAndMask(hashTreeAddress.getKeyAndMask())
 					.build();
 			if (Math.floor(privateKey.getIndex() / (1 << k)) % 2 == 0) {
 				hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
 						.withLayerAddress(hashTreeAddress.getLayerAddress())
 						.withTreeAddress(hashTreeAddress.getTreeAddress())
 						.withTreeHeight(hashTreeAddress.getTreeHeight())
 						.withTreeIndex(hashTreeAddress.getTreeIndex() / 2)
 						.withKeyAndMask(hashTreeAddress.getKeyAndMask()).build();
 				node[1] = randomizeHash(node[0], signature.getAuthPath().get(k), hashTreeAddress);
 				node[1] = new XMSSNode(node[1].getHeight() + 1, node[1].getValue());
 			} else {
 				hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
 						.withLayerAddress(hashTreeAddress.getLayerAddress())
 						.withTreeAddress(hashTreeAddress.getTreeAddress())
 						.withTreeHeight(hashTreeAddress.getTreeHeight())
 						.withTreeIndex((hashTreeAddress.getTreeIndex() - 1) / 2)
 						.withKeyAndMask(hashTreeAddress.getKeyAndMask()).build();
 				node[1] = randomizeHash(signature.getAuthPath().get(k), node[0], hashTreeAddress);
 				node[1] = new XMSSNode(node[1].getHeight() + 1, node[1].getValue());
 			}
 			node[0] = node[1];
 		}
 		return node[0];
 	}

 	/**
 	 * Derive WOTS+ secret key for specific index as in XMSS ref impl Andreas
 	 * Huelsing.
 	 *
 	 * @param otsHashAddress
 	 * @return WOTS+ secret key at index.
 	 */
 	protected byte[] getWOTSPlusSecretKey(OTSHashAddress otsHashAddress) {
 		otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder()
 				.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
 				.withOTSAddress(otsHashAddress.getOTSAddress()).build();
 		return khf.PRF(privateKey.getSecretKeySeed(), otsHashAddress.toByteArray());
 	}

 	/**
 	 * Getter XMSS params.
 	 *
 	 * @return XMSS params.
 	 */
 	public XMSSParameters getParams() {
 		return params;
 	}

 	/**
 	 * Getter WOTS+.
 	 *
 	 * @return WOTS+ instance.
 	 */
 	protected WOTSPlus getWOTSPlus() {
 		return wotsPlus;
 	}

 	protected KeyedHashFunctions getKhf() {
 		return khf;
 	}

 	/**
 	 * Getter XMSS root.
 	 *
 	 * @return Root of binary tree.
 	 */
 	public byte[] getRoot() {
 		return privateKey.getRoot();
 	}

 	protected void setRoot(byte[] root) {
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
 					.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
 					.withPublicSeed(getPublicSeed()).withRoot(root).withBDSState(privateKey.getBDSState()).build();
 			publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(root).withPublicSeed(getPublicSeed())
 					.build();
 		} catch (ParseException ex) {
 			/* should not be possible */
 			ex.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 	}

 	/**
 	 * Getter XMSS index.
 	 *
 	 * @return Index.
 	 */
 	public int getIndex() {
 		return privateKey.getIndex();
 	}

 	protected void setIndex(int index) {
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(index)
 					.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
 					.withPublicSeed(privateKey.getPublicSeed()).withRoot(privateKey.getRoot())
 					.withBDSState(privateKey.getBDSState()).build();
 		} catch (ParseException ex) {
 			/* should not happen */
 			ex.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 	}

 	/**
 	 * Getter XMSS public seed.
 	 *
 	 * @return Public seed.
 	 */
 	public byte[] getPublicSeed() {
 		return privateKey.getPublicSeed();
 	}

 	protected void setPublicSeed(byte[] publicSeed) {
 		try {
 			privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
 					.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
 					.withPublicSeed(publicSeed).withRoot(getRoot()).withBDSState(privateKey.getBDSState()).build();
 			publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(getRoot()).withPublicSeed(publicSeed)
 					.build();
 		} catch (ParseException ex) {
 			/* should not happen */
 			ex.printStackTrace();
 		} catch (ClassNotFoundException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		} catch (IOException e) {
 			/* should not be possible */
 			e.printStackTrace();
 		}
 		wotsPlus.importKeys(new byte[params.getDigestSize()], publicSeed);
 	}

 	protected BDS getBDSState() {
 		return privateKey.getBDSState();
 	}
 }
	package org.bouncycastle.pqc.crypto.xmss;

	import java.io.IOException;
	import java.security.SecureRandom;
	import java.text.ParseException;

	/**
	* XMSS.
	*
	*/
	public class XMSS {

	/**
	* XMSS parameters.
	*/
	private XMSSParameters params;
	/**
	* WOTS+ instance.
	*/
	private WOTSPlus wotsPlus;
	/**
	* PRNG.
	*/
	private SecureRandom prng;
	/**
	* Randomization functions.
	*/
	private KeyedHashFunctions khf;
	/**
	* XMSS private key.
	*/
	private XMSSPrivateKeyParameters privateKey;
	/**
	* XMSS public key.
	*/
	private XMSSPublicKeyParameters publicKey;

	/**
	* XMSS constructor...
	*
	* @param params
	* XMSSParameters.
	*/
	public XMSS(XMSSParameters params) {
	super();
	if (params == null) {
	throw new NullPointerException("params == null");
	}
	this.params = params;
	wotsPlus = params.getWOTSPlus();
	prng = params.getPRNG();
	khf = wotsPlus.getKhf();
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withBDSState(new BDS(this)).build();
	publicKey = new XMSSPublicKeyParameters.Builder(params).build();
	} catch (ParseException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	}

	/**
	* Generate a new XMSS private key / public key pair.
	*
	*/
	public void generateKeys() {
	/* generate private key */
	privateKey = generatePrivateKey();
	XMSSNode root = getBDSState().initialize((OTSHashAddress) new OTSHashAddress.Builder().build());
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
	.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
	.withPublicSeed(privateKey.getPublicSeed()).withRoot(root.getValue())
	.withBDSState(privateKey.getBDSState()).build();
	publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(root.getValue())
	.withPublicSeed(getPublicSeed()).build();
	} catch (ParseException ex) {
	/* should not be possible */
	ex.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	}

	/**
	* Generate an XMSS private key.
	*
	* @return XMSS private key.
	*/
	private XMSSPrivateKeyParameters generatePrivateKey() {
	int n = params.getDigestSize();
	byte[] secretKeySeed = new byte[n];
	prng.nextBytes(secretKeySeed);
	byte[] secretKeyPRF = new byte[n];
	prng.nextBytes(secretKeyPRF);
	byte[] publicSeed = new byte[n];
	prng.nextBytes(publicSeed);

	XMSSPrivateKeyParameters privateKey = null;
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withSecretKeySeed(secretKeySeed)
	.withSecretKeyPRF(secretKeyPRF).withPublicSeed(publicSeed)
	.withBDSState(this.privateKey.getBDSState()).build();
	} catch (ParseException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	return privateKey;
	}

	/**
	* Import XMSS private key / public key pair.
	*
	* @param privateKey
	* XMSS private key.
	* @param publicKey
	* XMSS public key.
	* @throws ParseException
	* @throws ClassNotFoundException
	* @throws IOException
	*/
	public void importState(byte[] privateKey, byte[] publicKey)
	throws ParseException, ClassNotFoundException, IOException {
	if (privateKey == null) {
	throw new NullPointerException("privateKey == null");
	}
	if (publicKey == null) {
	throw new NullPointerException("publicKey == null");
	}
	/* import keys */
	XMSSPrivateKeyParameters tmpPrivateKey = new XMSSPrivateKeyParameters.Builder(params)
	.withPrivateKey(privateKey, this).build();
	XMSSPublicKeyParameters tmpPublicKey = new XMSSPublicKeyParameters.Builder(params).withPublicKey(publicKey)
	.build();
	if (!XMSSUtil.compareByteArray(tmpPrivateKey.getRoot(), tmpPublicKey.getRoot())) {
	throw new IllegalStateException("root of private key and public key do not match");
	}
	if (!XMSSUtil.compareByteArray(tmpPrivateKey.getPublicSeed(), tmpPublicKey.getPublicSeed())) {
	throw new IllegalStateException("public seed of private key and public key do not match");
	}
	/* import */
	this.privateKey = tmpPrivateKey;
	this.publicKey = tmpPublicKey;
	wotsPlus.importKeys(new byte[params.getDigestSize()], this.privateKey.getPublicSeed());
	}

	/**
	* Sign message.
	*
	* @param message
	* Message to sign.
	* @return XMSS signature on digest of message.
	*/
	public byte[] sign(byte[] message) {
	if (message == null) {
	throw new NullPointerException("message == null");
	}
	if (getBDSState().getAuthenticationPath().isEmpty()) {
	throw new IllegalStateException("not initialized");
	}
	int index = privateKey.getIndex();
	if (!XMSSUtil.isIndexValid(getParams().getHeight(), index)) {
	throw new IllegalArgumentException("index out of bounds");
	}

	/* create (randomized keyed) messageDigest of message */
	byte[] random = khf.PRF(privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(index, 32));
	byte[] concatenated = XMSSUtil.concat(random, privateKey.getRoot(),
	XMSSUtil.toBytesBigEndian(index, params.getDigestSize()));
	byte[] messageDigest = khf.HMsg(concatenated, message);

	/* create signature for messageDigest */
	OTSHashAddress otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder().withOTSAddress(index).build();
	WOTSPlusSignature wotsPlusSignature = wotsSign(messageDigest, otsHashAddress);
	XMSSSignature signature = null;
	try {
	signature = (XMSSSignature) new XMSSSignature.Builder(params).withIndex(index).withRandom(random)
	.withWOTSPlusSignature(wotsPlusSignature).withAuthPath(getBDSState().getAuthenticationPath())
	.build();
	} catch (ParseException ex) {
	/* should not happen */
	ex.printStackTrace();
	}

	/* prepare authentication path for next leaf */
	int treeHeight = this.getParams().getHeight();
	if (index < ((1 << treeHeight) - 1)) {
	getBDSState().nextAuthenticationPath((OTSHashAddress) new OTSHashAddress.Builder().build());
	}

	/* update index */
	setIndex(index + 1);

	return signature.toByteArray();
	}

	/**
	* Verify an XMSS signature.
	*
	* @param message
	* Message.
	* @param signature
	* XMSS signature.
	* @param publicKey
	* XMSS public key.
	* @return true if signature is valid false else.
	* @throws ParseException
	*/
	public boolean verifySignature(byte[] message, byte[] signature, byte[] publicKey) throws ParseException {
	if (message == null) {
	throw new NullPointerException("message == null");
	}
	if (signature == null) {
	throw new NullPointerException("signature == null");
	}
	if (publicKey == null) {
	throw new NullPointerException("publicKey == null");
	}
	/* parse signature and public key */
	XMSSSignature sig = new XMSSSignature.Builder(params).withSignature(signature).build();
	/* generate public key */
	XMSSPublicKeyParameters pubKey = new XMSSPublicKeyParameters.Builder(params).withPublicKey(publicKey).build();

	/* save state */
	int savedIndex = privateKey.getIndex();
	byte[] savedPublicSeed = privateKey.getPublicSeed();

	/* set index / public seed */
	int index = sig.getIndex();
	setIndex(index);
	setPublicSeed(pubKey.getPublicSeed());

	/* reinitialize WOTS+ object */
	wotsPlus.importKeys(new byte[params.getDigestSize()], getPublicSeed());

	/* create message digest */
	byte[] concatenated = XMSSUtil.concat(sig.getRandom(), pubKey.getRoot(),
	XMSSUtil.toBytesBigEndian(index, params.getDigestSize()));
	byte[] messageDigest = khf.HMsg(concatenated, message);

	/* get root from signature */
	OTSHashAddress otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder().withOTSAddress(index).build();
	XMSSNode rootNodeFromSignature = getRootNodeFromSignature(messageDigest, sig, otsHashAddress);

	/* reset state */
	setIndex(savedIndex);
	setPublicSeed(savedPublicSeed);
	return XMSSUtil.compareByteArray(rootNodeFromSignature.getValue(), pubKey.getRoot());
	}

	/**
	* Export XMSS private key.
	*
	* @return XMSS private key.
	*/
	public byte[] exportPrivateKey() {
	return privateKey.toByteArray();
	}

	/**
	* Export XMSS public key.
	*
	* @return XMSS public key.
	*/
	public byte[] exportPublicKey() {
	return publicKey.toByteArray();
	}

	/**
	* Randomization of nodes in binary tree.
	*
	* @param left
	* Left node.
	* @param right
	* Right node.
	* @param address
	* Address.
	* @return Randomized hash of parent of left / right node.
	*/
	protected XMSSNode randomizeHash(XMSSNode left, XMSSNode right, XMSSAddress address) {
	if (left == null) {
	throw new NullPointerException("left == null");
	}
	if (right == null) {
	throw new NullPointerException("right == null");
	}
	if (left.getHeight() != right.getHeight()) {
	throw new IllegalStateException("height of both nodes must be equal");
	}
	if (address == null) {
	throw new NullPointerException("address == null");
	}
	byte[] publicSeed = getPublicSeed();

	if (address instanceof LTreeAddress) {
	LTreeAddress tmpAddress = (LTreeAddress) address;
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
	.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
	.withKeyAndMask(0).build();
	} else if (address instanceof HashTreeAddress) {
	HashTreeAddress tmpAddress = (HashTreeAddress) address;
	address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
	.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(0).build();
	}

	byte[] key = khf.PRF(publicSeed, address.toByteArray());

	if (address instanceof LTreeAddress) {
	LTreeAddress tmpAddress = (LTreeAddress) address;
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
	.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
	.withKeyAndMask(1).build();
	} else if (address instanceof HashTreeAddress) {
	HashTreeAddress tmpAddress = (HashTreeAddress) address;
	address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
	.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(1).build();
	}

	byte[] bitmask0 = khf.PRF(publicSeed, address.toByteArray());

	if (address instanceof LTreeAddress) {
	LTreeAddress tmpAddress = (LTreeAddress) address;
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withLTreeAddress(tmpAddress.getLTreeAddress())
	.withTreeHeight(tmpAddress.getTreeHeight()).withTreeIndex(tmpAddress.getTreeIndex())
	.withKeyAndMask(2).build();
	} else if (address instanceof HashTreeAddress) {
	HashTreeAddress tmpAddress = (HashTreeAddress) address;
	address = (HashTreeAddress) new HashTreeAddress.Builder().withLayerAddress(tmpAddress.getLayerAddress())
	.withTreeAddress(tmpAddress.getTreeAddress()).withTreeHeight(tmpAddress.getTreeHeight())
	.withTreeIndex(tmpAddress.getTreeIndex()).withKeyAndMask(2).build();
	}

	byte[] bitmask1 = khf.PRF(publicSeed, address.toByteArray());
	int n = params.getDigestSize();
	byte[] tmpMask = new byte[2 * n];
	for (int i = 0; i < n; i++) {
	tmpMask[i] = (byte) (left.getValue()[i] ^ bitmask0[i]);
	}
	for (int i = 0; i < n; i++) {
	tmpMask[i + n] = (byte) (right.getValue()[i] ^ bitmask1[i]);
	}
	byte[] out = khf.H(key, tmpMask);
	return new XMSSNode(left.getHeight(), out);
	}

	/**
	* Compresses a WOTS+ public key to a single n-byte string.
	*
	* @param publicKey
	* WOTS+ public key to compress.
	* @param address
	* Address.
	* @return Compressed n-byte string of public key.
	*/
	protected XMSSNode lTree(WOTSPlusPublicKeyParameters publicKey, LTreeAddress address) {
	if (publicKey == null) {
	throw new NullPointerException("publicKey == null");
	}
	if (address == null) {
	throw new NullPointerException("address == null");
	}
	int len = wotsPlus.getParams().getLen();
	/* duplicate public key to XMSSNode Array */
	byte[][] publicKeyBytes = publicKey.toByteArray();
	XMSSNode[] publicKeyNodes = new XMSSNode[publicKeyBytes.length];
	for (int i = 0; i < publicKeyBytes.length; i++) {
	publicKeyNodes[i] = new XMSSNode(0, publicKeyBytes[i]);
	}
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
	.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress()).withTreeHeight(0)
	.withTreeIndex(address.getTreeIndex()).withKeyAndMask(address.getKeyAndMask()).build();
	while (len > 1) {
	for (int i = 0; i < (int) Math.floor(len / 2); i++) {
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
	.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress())
	.withTreeHeight(address.getTreeHeight()).withTreeIndex(i)
	.withKeyAndMask(address.getKeyAndMask()).build();
	publicKeyNodes[i] = randomizeHash(publicKeyNodes[2 * i], publicKeyNodes[(2 * i) + 1], address);
	}
	if (len % 2 == 1) {
	publicKeyNodes[(int) Math.floor(len / 2)] = publicKeyNodes[len - 1];
	}
	len = (int) Math.ceil((double) len / 2);
	address = (LTreeAddress) new LTreeAddress.Builder().withLayerAddress(address.getLayerAddress())
	.withTreeAddress(address.getTreeAddress()).withLTreeAddress(address.getLTreeAddress())
	.withTreeHeight(address.getTreeHeight() + 1).withTreeIndex(address.getTreeIndex())
	.withKeyAndMask(address.getKeyAndMask()).build();
	}
	return publicKeyNodes[0];
	}

	/**
	* Generate a WOTS+ signature on a message without the corresponding
	* authentication path
	*
	* @param messageDigest
	* Message digest of length n.
	* @param otsHashAddress
	* OTS hash address.
	* @return XMSS signature.
	*/
	protected WOTSPlusSignature wotsSign(byte[] messageDigest, OTSHashAddress otsHashAddress) {
	if (messageDigest.length != params.getDigestSize()) {
	throw new IllegalArgumentException("size of messageDigest needs to be equal to size of digest");
	}
	if (otsHashAddress == null) {
	throw new NullPointerException("otsHashAddress == null");
	}
	/* (re)initialize WOTS+ instance */
	wotsPlus.importKeys(getWOTSPlusSecretKey(otsHashAddress), getPublicSeed());
	/* create WOTS+ signature */
	return wotsPlus.sign(messageDigest, otsHashAddress);
	}

	/**
	* Compute a root node from a tree signature.
	*
	* @param messageDigest
	* Message digest.
	* @param signature
	* XMSS signature.
	* @return Root node calculated from signature.
	*/
	protected XMSSNode getRootNodeFromSignature(byte[] messageDigest, XMSSReducedSignature signature,
	OTSHashAddress otsHashAddress) {
	if (messageDigest.length != params.getDigestSize()) {
	throw new IllegalArgumentException("size of messageDigest needs to be equal to size of digest");
	}
	if (signature == null) {
	throw new NullPointerException("signature == null");
	}
	if (otsHashAddress == null) {
	throw new NullPointerException("otsHashAddress == null");
	}

	/* prepare adresses */
	LTreeAddress lTreeAddress = (LTreeAddress) new LTreeAddress.Builder()
	.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
	.withLTreeAddress(otsHashAddress.getOTSAddress()).build();
	HashTreeAddress hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
	.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
	.withTreeIndex(otsHashAddress.getOTSAddress()).build();
	/*
	* calculate WOTS+ public key and compress to obtain original leaf hash
	*/
	WOTSPlusPublicKeyParameters wotsPlusPK = wotsPlus.getPublicKeyFromSignature(messageDigest,
	signature.getWOTSPlusSignature(), otsHashAddress);
	XMSSNode[] node = new XMSSNode[2];
	node[0] = lTree(wotsPlusPK, lTreeAddress);

	for (int k = 0; k < params.getHeight(); k++) {
	hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
	.withLayerAddress(hashTreeAddress.getLayerAddress())
	.withTreeAddress(hashTreeAddress.getTreeAddress()).withTreeHeight(k)
	.withTreeIndex(hashTreeAddress.getTreeIndex()).withKeyAndMask(hashTreeAddress.getKeyAndMask())
	.build();
	if (Math.floor(privateKey.getIndex() / (1 << k)) % 2 == 0) {
	hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
	.withLayerAddress(hashTreeAddress.getLayerAddress())
	.withTreeAddress(hashTreeAddress.getTreeAddress())
	.withTreeHeight(hashTreeAddress.getTreeHeight())
	.withTreeIndex(hashTreeAddress.getTreeIndex() / 2)
	.withKeyAndMask(hashTreeAddress.getKeyAndMask()).build();
	node[1] = randomizeHash(node[0], signature.getAuthPath().get(k), hashTreeAddress);
	node[1] = new XMSSNode(node[1].getHeight() + 1, node[1].getValue());
	} else {
	hashTreeAddress = (HashTreeAddress) new HashTreeAddress.Builder()
	.withLayerAddress(hashTreeAddress.getLayerAddress())
	.withTreeAddress(hashTreeAddress.getTreeAddress())
	.withTreeHeight(hashTreeAddress.getTreeHeight())
	.withTreeIndex((hashTreeAddress.getTreeIndex() - 1) / 2)
	.withKeyAndMask(hashTreeAddress.getKeyAndMask()).build();
	node[1] = randomizeHash(signature.getAuthPath().get(k), node[0], hashTreeAddress);
	node[1] = new XMSSNode(node[1].getHeight() + 1, node[1].getValue());
	}
	node[0] = node[1];
	}
	return node[0];
	}

	/**
	* Derive WOTS+ secret key for specific index as in XMSS ref impl Andreas
	* Huelsing.
	*
	* @param otsHashAddress
	* @return WOTS+ secret key at index.
	*/
	protected byte[] getWOTSPlusSecretKey(OTSHashAddress otsHashAddress) {
	otsHashAddress = (OTSHashAddress) new OTSHashAddress.Builder()
	.withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
	.withOTSAddress(otsHashAddress.getOTSAddress()).build();
	return khf.PRF(privateKey.getSecretKeySeed(), otsHashAddress.toByteArray());
	}

	/**
	* Getter XMSS params.
	*
	* @return XMSS params.
	*/
	public XMSSParameters getParams() {
	return params;
	}

	/**
	* Getter WOTS+.
	*
	* @return WOTS+ instance.
	*/
	protected WOTSPlus getWOTSPlus() {
	return wotsPlus;
	}

	protected KeyedHashFunctions getKhf() {
	return khf;
	}

	/**
	* Getter XMSS root.
	*
	* @return Root of binary tree.
	*/
	public byte[] getRoot() {
	return privateKey.getRoot();
	}

	protected void setRoot(byte[] root) {
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
	.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
	.withPublicSeed(getPublicSeed()).withRoot(root).withBDSState(privateKey.getBDSState()).build();
	publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(root).withPublicSeed(getPublicSeed())
	.build();
	} catch (ParseException ex) {
	/* should not be possible */
	ex.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	}

	/**
	* Getter XMSS index.
	*
	* @return Index.
	*/
	public int getIndex() {
	return privateKey.getIndex();
	}

	protected void setIndex(int index) {
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(index)
	.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
	.withPublicSeed(privateKey.getPublicSeed()).withRoot(privateKey.getRoot())
	.withBDSState(privateKey.getBDSState()).build();
	} catch (ParseException ex) {
	/* should not happen */
	ex.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	}

	/**
	* Getter XMSS public seed.
	*
	* @return Public seed.
	*/
	public byte[] getPublicSeed() {
	return privateKey.getPublicSeed();
	}

	protected void setPublicSeed(byte[] publicSeed) {
	try {
	privateKey = new XMSSPrivateKeyParameters.Builder(params).withIndex(privateKey.getIndex())
	.withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
	.withPublicSeed(publicSeed).withRoot(getRoot()).withBDSState(privateKey.getBDSState()).build();
	publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(getRoot()).withPublicSeed(publicSeed)
	.build();
	} catch (ParseException ex) {
	/* should not happen */
	ex.printStackTrace();
	} catch (ClassNotFoundException e) {
	/* should not be possible */
	e.printStackTrace();
	} catch (IOException e) {
	/* should not be possible */
	e.printStackTrace();
	}
	wotsPlus.importKeys(new byte[params.getDigestSize()], publicSeed);
	}

	protected BDS getBDSState() {
	return privateKey.getBDSState();
	}
	}