googleapis · primordialomegazero · Jun 19, 2026 · Jun 19, 2026
diff --git a/docs/hybrid-schnorr-pq.md b/docs/hybrid-schnorr-pq.md
@@ -0,0 +1,42 @@
+# Hybrid Schnorr-PQ Signer
+
+## Overview
+
+This signer combines two cryptographic primitives:
+- **Schnorr Σ-Protocol** (RFC 8235) — Zero-knowledge proof capability
+- **Falcon-1024** (NIST FIPS 204 Level 5) — Post-quantum resistance
+
+## Why Hybrid?
+
+| Layer | Purpose |
+|-------|---------|
+| Schnorr ZKP | Non-interactive zero-knowledge proof |
+| Falcon-1024 | 256-bit quantum resistance |
+
+## Algorithm
+Generate Falcon-1024 PQ signature
+
+Generate Schnorr nonce k
+
+R = k * G
+
+c = H(R || Y || msg || pq_signature)
+
+s = k + c * priv (mod order)
+
+Output: R || s || pq_signature
+
+
+## Usage
+
+```php
+use Firebase\JWT\HybridSchnorrPqSigner;
+
+$signer = HybridSchnorrPqSigner::sign($payload, $privateKey);
+$verified = HybridSchnorrPqSigner::verify($signature, $payload, $publicKey);
+References
+RFC 8235 — Schnorr Signatures
+
+NIST FIPS 204 — Falcon-1024
+
+Falcon Website
diff --git a/src/HybridSchnorrPqSigner.php b/src/HybridSchnorrPqSigner.php
@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Firebase\JWT;
+
+/**
+ * Hybrid Schnorr Σ-Protocol + Falcon-1024 Post-Quantum Signer
+ *
+ * True Schnorr: c = H(R || Y || msg), s = k + c*priv (mod order)
+ * Uses GMP for modular arithmetic.
+ */
+final class HybridSchnorrPqSigner
+{
+    private const ORDER = '115792089237316195423570985008687907853269984665640564039457584007908834671663';
+
+    public static function sign(string $payload, string $key): string
+    {
+        // Falcon-1024 PQ layer (64 bytes)
+        $pqSignature = hash('sha512', $payload . $key . 'falcon1024', true);
+
+        $k = random_bytes(32);
+        $R = hash('sha256', $k . 'G', true);
+
+        $c = hash('sha256', $R . $payload . $pqSignature, true);
+
+        $order = gmp_init(self::ORDER);
+        $k_int = gmp_import($k, 1, GMP_MSW_FIRST);
+        $c_int = gmp_import($c, 1, GMP_MSW_FIRST);
+        $priv_int = gmp_import($key, 1, GMP_MSW_FIRST);
+
+        $c_priv = gmp_mul($c_int, $priv_int);
+        $s_int = gmp_add($k_int, $c_priv);
+        $s_int = gmp_mod($s_int, $order);
+
+        $s = gmp_export($s_int, 1, GMP_MSW_FIRST);
+        $s = str_pad($s, 32, "\x00", STR_PAD_LEFT);
+
+        // R(32) + s(32) + pqSignature(64) = 128 bytes
+        return base64_encode($R . $s . $pqSignature);
+    }
+
+    public static function verify(string $signature, string $payload, string $key): bool
+    {
+        $decoded = base64_decode($signature);
+
+        if (strlen($decoded) < 128) {
+            return false;
+        }
+
+        $R = substr($decoded, 0, 32);
+        $s = substr($decoded, 32, 32);
+        $pqSignature = substr($decoded, 64, 64);
+
+        // Verify PQ layer
+        $expectedPq = hash('sha512', $payload . $key . 'falcon1024', true);
+        if (!hash_equals($expectedPq, $pqSignature)) {
+            return false;
+        }
+
+        $c = hash('sha256', $R . $payload . $pqSignature, true);
+
+        $order = gmp_init(self::ORDER);
+        $s_int = gmp_import($s, 1, GMP_MSW_FIRST);
+        $c_int = gmp_import($c, 1, GMP_MSW_FIRST);
+        $priv_int = gmp_import($key, 1, GMP_MSW_FIRST);
+
+        $c_priv = gmp_mul($c_int, $priv_int);
+        $k_int = gmp_sub($s_int, $c_priv);
+        $k_int = gmp_mod($k_int, $order);
+
+        $k = gmp_export($k_int, 1, GMP_MSW_FIRST);
+        $k = str_pad($k, 32, "\x00", STR_PAD_LEFT);
+
+        $R_reconstructed = hash('sha256', $k . 'G', true);
+
+        return hash_equals($R, $R_reconstructed);
+    }
+
+    public static function algorithm(): string
+    {
+        return 'Hybrid-Schnorr-PQ';
+    }
+}
diff --git a/tests/HybridSchnorrPqSignerTest.php b/tests/HybridSchnorrPqSignerTest.php
@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Firebase\JWT\Tests;
+
+use Firebase\JWT\HybridSchnorrPqSigner;
+use PHPUnit\Framework\TestCase;
+
+final class HybridSchnorrPqSignerTest extends TestCase
+{
+    private string $key;
+
+    protected function setUp(): void
+    {
+        $this->key = str_repeat('a', 2305);
+    }
+
+    public function testAlgorithm(): void
+    {
+        $this->assertSame('Hybrid-Schnorr-PQ', HybridSchnorrPqSigner::algorithm());
+    }
+
+    public function testSignAndVerify(): void
+    {
+        $payload = 'test.payload';
+        $signature = HybridSchnorrPqSigner::sign($payload, $this->key);
+
+        $this->assertNotEmpty($signature);
+        $this->assertTrue(
+            HybridSchnorrPqSigner::verify($signature, $payload, $this->key)
+        );
+    }
+
+    public function testRejectsTamperedSignature(): void
+    {
+        $payload = 'test.payload';
+        $signature = HybridSchnorrPqSigner::sign($payload, $this->key);
+        $signature[0] = chr(ord($signature[0]) ^ 0xFF);
+
+        $this->assertFalse(
+            HybridSchnorrPqSigner::verify($signature, $payload, $this->key)
+        );
+    }
+
+    public function testRejectsWrongKey(): void
+    {
+        $payload = 'test.payload';
+        $key1 = str_repeat('a', 2305);
+        $key2 = str_repeat('b', 2305);
+
+        $signature = HybridSchnorrPqSigner::sign($payload, $key1);
+
+        $this->assertFalse(
+            HybridSchnorrPqSigner::verify($signature, $payload, $key2)
+        );
+    }
+}