flwr 1.22.0__py3-none-any.whl → 1.23.0__py3-none-any.whl

flwr/server/superlink/linkstate/utils.py

@@ -33,6 +33,7 @@ from flwr.common.typing import RunStatus
 # pylint: disable=E0611
 from flwr.proto.message_pb2 import Context as ProtoContext
 from flwr.proto.recorddict_pb2 import ConfigRecord as ProtoConfigRecord
+from flwr.supercore.utils import int64_to_uint64, uint64_to_int64
 
 # pylint: enable=E0611
 VALID_RUN_STATUS_TRANSITIONS = {
@@ -76,58 +77,6 @@ def generate_rand_int_from_bytes(
     return num
 
 
-def convert_uint64_to_sint64(u: int) -> int:
-    """Convert a uint64 value to a sint64 value with the same bit sequence.
-
-    Parameters
-    ----------
-    u : int
-        The unsigned 64-bit integer to convert.
-
-    Returns
-    -------
-    int
-        The signed 64-bit integer equivalent.
-
-        The signed 64-bit integer will have the same bit pattern as the
-        unsigned 64-bit integer but may have a different decimal value.
-
-        For numbers within the range [0, `sint64` max value], the decimal
-        value remains the same. However, for numbers greater than the `sint64`
-        max value, the decimal value will differ due to the wraparound caused
-        by the sign bit.
-    """
-    if u >= (1 << 63):
-        return u - (1 << 64)
-    return u
-
-
-def convert_sint64_to_uint64(s: int) -> int:
-    """Convert a sint64 value to a uint64 value with the same bit sequence.
-
-    Parameters
-    ----------
-    s : int
-        The signed 64-bit integer to convert.
-
-    Returns
-    -------
-    int
-        The unsigned 64-bit integer equivalent.
-
-        The unsigned 64-bit integer will have the same bit pattern as the
-        signed 64-bit integer but may have a different decimal value.
-
-        For negative `sint64` values, the conversion adds 2^64 to the
-        signed value to obtain the equivalent `uint64` value. For non-negative
-        `sint64` values, the decimal value remains unchanged in the `uint64`
-        representation.
-    """
-    if s < 0:
-        return s + (1 << 64)
-    return s
-
-
 def convert_uint64_values_in_dict_to_sint64(
     data_dict: dict[str, int], keys: list[str]
 ) -> None:
@@ -142,7 +91,7 @@ def convert_uint64_values_in_dict_to_sint64(
     """
     for key in keys:
         if key in data_dict:
-            data_dict[key] = convert_uint64_to_sint64(data_dict[key])
+            data_dict[key] = uint64_to_int64(data_dict[key])
 
 
 def convert_sint64_values_in_dict_to_uint64(
@@ -159,7 +108,7 @@ def convert_sint64_values_in_dict_to_uint64(
     """
     for key in keys:
         if key in data_dict:
-            data_dict[key] = convert_sint64_to_uint64(data_dict[key])
+            data_dict[key] = int64_to_uint64(data_dict[key])
 
 
 def context_to_bytes(context: Context) -> bytes:

flwr/server/superlink/serverappio/serverappio_servicer.py

@@ -316,7 +316,7 @@ class ServerAppIoServicer(serverappio_pb2_grpc.ServerAppIoServicer):
 
         ffs: Ffs = self.ffs_factory.ffs()
         if result := ffs.get(request.hash_str):
-            fab = Fab(request.hash_str, result[0])
+            fab = Fab(request.hash_str, result[0], result[1])
             return GetFabResponse(fab=fab_to_proto(fab))
 
         raise ValueError(f"Found no FAB with hash: {request.hash_str}")
@@ -343,7 +343,7 @@ class ServerAppIoServicer(serverappio_pb2_grpc.ServerAppIoServicer):
             fab = None
             if run and run.fab_hash:
                 if result := ffs.get(run.fab_hash):
-                    fab = Fab(run.fab_hash, result[0])
+                    fab = Fab(run.fab_hash, result[0], result[1])
             if run and fab and serverapp_ctxt:
                 # Update run status to STARTING
                 if state.update_run_status(run_id, RunStatus(Status.STARTING, "", "")):

flwr/server/superlink/simulation/simulationio_servicer.py

@@ -150,7 +150,7 @@ class SimulationIoServicer(simulationio_pb2_grpc.SimulationIoServicer):
             fab = None
             if run and run.fab_hash:
                 if result := ffs.get(run.fab_hash):
-                    fab = Fab(run.fab_hash, result[0])
+                    fab = Fab(run.fab_hash, result[0], result[1])
             if run and fab and serverapp_ctxt:
                 # Update run status to STARTING
                 if state.update_run_status(run_id, RunStatus(Status.STARTING, "", "")):

flwr/server/utils/validator.py

@@ -15,10 +15,9 @@
 """Validators."""
 
 
-import time
-
 from flwr.common import Message
 from flwr.common.constant import SUPERLINK_NODE_ID
+from flwr.common.date import now
 
 
 # pylint: disable-next=too-many-branches
@@ -44,7 +43,7 @@ def validate_message(message: Message, is_reply_message: bool) -> list[str]:
         validation_errors.append("`metadata.ttl` must be higher than zero")
 
     # Verify TTL and created_at time
-    current_time = time.time()
+    current_time = now().timestamp()
     if metadata.created_at + metadata.ttl <= current_time:
         validation_errors.append("Message TTL has expired")
 

flwr/server/workflow/secure_aggregation/secaggplus_workflow.py

@@ -35,8 +35,6 @@ from flwr.common import (
 )
 from flwr.common.secure_aggregation.crypto.shamir import combine_shares
 from flwr.common.secure_aggregation.crypto.symmetric_encryption import (
-    bytes_to_private_key,
-    bytes_to_public_key,
     generate_shared_key,
 )
 from flwr.common.secure_aggregation.ndarrays_arithmetic import (
@@ -56,6 +54,10 @@ from flwr.common.secure_aggregation.secaggplus_utils import pseudo_rand_gen
 from flwr.server.client_proxy import ClientProxy
 from flwr.server.compat.legacy_context import LegacyContext
 from flwr.server.grid import Grid
+from flwr.supercore.primitives.asymmetric import (
+    bytes_to_private_key,
+    bytes_to_public_key,
+)
 
 from ..constant import MAIN_CONFIGS_RECORD, MAIN_PARAMS_RECORD
 from ..constant import Key as WorkflowKey

flwr/simulation/ray_transport/ray_actor.py

@@ -24,7 +24,7 @@ import ray
 from ray import ObjectRef
 from ray.util.actor_pool import ActorPool
 
-from flwr.client.client_app import ClientApp, ClientAppException, LoadClientAppError
+from flwr.clientapp.client_app import ClientApp, ClientAppException, LoadClientAppError
 from flwr.common import Context, Message
 from flwr.common.logger import log
 

flwr/simulation/ray_transport/ray_client_proxy.py

@@ -21,8 +21,8 @@ from typing import Optional
 
 from flwr import common
 from flwr.client import ClientFnExt
-from flwr.client.client_app import ClientApp
 from flwr.client.run_info_store import DeprecatedRunInfoStore
+from flwr.clientapp.client_app import ClientApp
 from flwr.common import DEFAULT_TTL, Message, Metadata, RecordDict, now
 from flwr.common.constant import (
     NUM_PARTITIONS_KEY,

flwr/simulation/run_simulation.py

@@ -30,7 +30,7 @@ from typing import Any, Optional
 
 from flwr.cli.config_utils import load_and_validate
 from flwr.cli.utils import get_sha256_hash
-from flwr.client import ClientApp
+from flwr.clientapp import ClientApp
 from flwr.common import Context, EventType, RecordDict, event, log, now
 from flwr.common.config import get_fused_config_from_dir, parse_config_args
 from flwr.common.constant import RUN_ID_NUM_BYTES, Status
@@ -51,6 +51,7 @@ from flwr.server.superlink.linkstate.utils import generate_rand_int_from_bytes
 from flwr.simulation.ray_transport.utils import (
     enable_tf_gpu_growth as enable_gpu_growth,
 )
+from flwr.supercore.constant import FLWR_IN_MEMORY_DB_NAME
 
 
 def _replace_keys(d: Any, match: str, target: str) -> Any:
@@ -336,7 +337,7 @@ def _main_loop(
 ) -> Context:
     """Start ServerApp on a separate thread, then launch Simulation Engine."""
     # Initialize StateFactory
-    state_factory = LinkStateFactory(":flwr-in-memory-state:")
+    state_factory = LinkStateFactory(FLWR_IN_MEMORY_DB_NAME)
 
     f_stop = threading.Event()
     # A Threading event to indicate if an exception was raised in the ServerApp thread

flwr/supercore/constant.py

@@ -15,5 +15,27 @@
 """Constants for Flower infrastructure."""
 
 
+from __future__ import annotations
+
 # Top-level key in YAML config for exec plugin settings
 EXEC_PLUGIN_SECTION = "exec_plugin"
+
+# Flower in-memory Python-based database name
+FLWR_IN_MEMORY_DB_NAME = ":flwr-in-memory:"
+
+# Constants for Hub
+APP_ID_PATTERN = r"^@(?P<user>[^/]+)/(?P<app>[^/]+)$"
+PLATFORM_API_URL = "https://api.flower.ai/v1"
+
+
+class NodeStatus:
+    """Event log writer types."""
+
+    REGISTERED = "registered"
+    ONLINE = "online"
+    OFFLINE = "offline"
+    UNREGISTERED = "unregistered"
+
+    def __new__(cls) -> NodeStatus:
+        """Prevent instantiation."""
+        raise TypeError(f"{cls.__name__} cannot be instantiated.")

flwr/supercore/object_store/in_memory_object_store.py

@@ -48,9 +48,6 @@ class InMemoryObjectStore(ObjectStore):
         self.verify = verify
         self.store: dict[str, ObjectEntry] = {}
         self.lock_store = threading.RLock()
-        # Mapping the Object ID of a message to the list of descendant object IDs
-        self.msg_descendant_objects_mapping: dict[str, list[str]] = {}
-        self.lock_msg_mapping = threading.RLock()
         # Mapping each run ID to a set of object IDs that are used in that run
         self.run_objects_mapping: dict[int, set[str]] = {}
 
@@ -215,7 +212,6 @@ class InMemoryObjectStore(ObjectStore):
         """Clear the store."""
         with self.lock_store:
             self.store.clear()
-            self.msg_descendant_objects_mapping.clear()
             self.run_objects_mapping.clear()
 
     def __contains__(self, object_id: str) -> bool:

flwr/supercore/object_store/object_store_factory.py

@@ -19,15 +19,27 @@ from logging import DEBUG
 from typing import Optional
 
 from flwr.common.logger import log
+from flwr.supercore.constant import FLWR_IN_MEMORY_DB_NAME
 
 from .in_memory_object_store import InMemoryObjectStore
 from .object_store import ObjectStore
+from .sqlite_object_store import SqliteObjectStore
 
 
 class ObjectStoreFactory:
-    """Factory class that creates ObjectStore instances."""
+    """Factory class that creates ObjectStore instances.
 
-    def __init__(self) -> None:
+    Parameters
+    ----------
+    database : str (default: FLWR_IN_MEMORY_DB_NAME)
+        A string representing the path to the database file that will be opened.
+        Note that passing ":memory:" will open a connection to a database that is
+        in RAM, instead of on disk. And FLWR_IN_MEMORY_DB_NAME will create an
+        Python-based in-memory ObjectStore.
+    """
+
+    def __init__(self, database: str = FLWR_IN_MEMORY_DB_NAME) -> None:
+        self.database = database
         self.store_instance: Optional[ObjectStore] = None
 
     def store(self) -> ObjectStore:
@@ -38,7 +50,15 @@ class ObjectStoreFactory:
         ObjectStore
             An ObjectStore instance for storing objects by object_id.
         """
-        if self.store_instance is None:
-            self.store_instance = InMemoryObjectStore()
-        log(DEBUG, "Using InMemoryObjectStore")
-        return self.store_instance
+        # InMemoryObjectStore
+        if self.database == FLWR_IN_MEMORY_DB_NAME:
+            if self.store_instance is None:
+                self.store_instance = InMemoryObjectStore()
+            log(DEBUG, "Using InMemoryObjectStore")
+            return self.store_instance
+
+        # SqliteObjectStore
+        store = SqliteObjectStore(self.database)
+        store.initialize()
+        log(DEBUG, "Using SqliteObjectStore")
+        return store

flwr/supercore/object_store/sqlite_object_store.py

@@ -0,0 +1,252 @@
+# Copyright 2025 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Flower SQLite ObjectStore implementation."""
+
+
+from typing import Optional, cast
+
+from flwr.common.inflatable import (
+    get_object_id,
+    is_valid_sha256_hash,
+    iterate_object_tree,
+)
+from flwr.common.inflatable_utils import validate_object_content
+from flwr.proto.message_pb2 import ObjectTree  # pylint: disable=E0611
+from flwr.supercore.sqlite_mixin import SqliteMixin
+from flwr.supercore.utils import uint64_to_int64
+
+from .object_store import NoObjectInStoreError, ObjectStore
+
+SQL_CREATE_OBJECTS = """
+CREATE TABLE IF NOT EXISTS objects (
+    object_id               TEXT PRIMARY KEY,
+    content                 BLOB,
+    is_available            INTEGER NOT NULL CHECK (is_available IN (0,1)),
+    ref_count               INTEGER NOT NULL
+);
+"""
+SQL_CREATE_OBJECT_CHILDREN = """
+CREATE TABLE IF NOT EXISTS object_children (
+    parent_id               TEXT NOT NULL,
+    child_id                TEXT NOT NULL,
+    FOREIGN KEY (parent_id) REFERENCES objects(object_id) ON DELETE CASCADE,
+    FOREIGN KEY (child_id)  REFERENCES objects(object_id) ON DELETE CASCADE,
+    PRIMARY KEY (parent_id, child_id)
+);
+"""
+SQL_CREATE_RUN_OBJECTS = """
+CREATE TABLE IF NOT EXISTS run_objects (
+    run_id                  INTEGER NOT NULL,
+    object_id               TEXT NOT NULL,
+    FOREIGN KEY (object_id) REFERENCES objects(object_id) ON DELETE CASCADE,
+    PRIMARY KEY (run_id, object_id)
+);
+"""
+
+
+class SqliteObjectStore(ObjectStore, SqliteMixin):
+    """SQLite-based implementation of the ObjectStore interface."""
+
+    def __init__(self, database_path: str, verify: bool = True) -> None:
+        super().__init__(database_path)
+        self.verify = verify
+
+    def initialize(self, log_queries: bool = False) -> list[tuple[str]]:
+        """Connect to the DB, enable FK support, and create tables if needed."""
+        return self._ensure_initialized(
+            SQL_CREATE_OBJECTS,
+            SQL_CREATE_OBJECT_CHILDREN,
+            SQL_CREATE_RUN_OBJECTS,
+            log_queries=log_queries,
+        )
+
+    def preregister(self, run_id: int, object_tree: ObjectTree) -> list[str]:
+        """Identify and preregister missing objects in the `ObjectStore`."""
+        new_objects = []
+        for tree_node in iterate_object_tree(object_tree):
+            obj_id = tree_node.object_id
+            if not is_valid_sha256_hash(obj_id):
+                raise ValueError(f"Invalid object ID format: {obj_id}")
+
+            child_ids = [child.object_id for child in tree_node.children]
+            with self.conn:
+                row = self.conn.execute(
+                    "SELECT object_id, is_available FROM objects WHERE object_id=?",
+                    (obj_id,),
+                ).fetchone()
+                if row is None:
+                    # Insert new object
+                    self.conn.execute(
+                        "INSERT INTO objects"
+                        "(object_id, content, is_available, ref_count) "
+                        "VALUES (?, ?, ?, ?)",
+                        (obj_id, b"", 0, 0),
+                    )
+                    for cid in child_ids:
+                        self.conn.execute(
+                            "INSERT INTO object_children(parent_id, child_id) "
+                            "VALUES (?, ?)",
+                            (obj_id, cid),
+                        )
+                        self.conn.execute(
+                            "UPDATE objects SET ref_count = ref_count + 1 "
+                            "WHERE object_id = ?",
+                            (cid,),
+                        )
+                    new_objects.append(obj_id)
+                else:
+                    # Add to the list of new objects if not available
+                    if not row["is_available"]:
+                        new_objects.append(obj_id)
+
+                # Ensure run mapping
+                self.conn.execute(
+                    "INSERT OR IGNORE INTO run_objects(run_id, object_id) "
+                    "VALUES (?, ?)",
+                    (uint64_to_int64(run_id), obj_id),
+                )
+        return new_objects
+
+    def get_object_tree(self, object_id: str) -> ObjectTree:
+        """Get the object tree for a given object ID."""
+        with self.conn:
+            row = self.conn.execute(
+                "SELECT object_id FROM objects WHERE object_id=?", (object_id,)
+            ).fetchone()
+            if not row:
+                raise NoObjectInStoreError(f"Object {object_id} not found.")
+            children = self.query(
+                "SELECT child_id FROM object_children WHERE parent_id=?", (object_id,)
+            )
+
+            # Build the object trees of all children
+            try:
+                child_trees = [self.get_object_tree(ch["child_id"]) for ch in children]
+            except NoObjectInStoreError as e:
+                # Raise an error if any child object is missing
+                # This indicates an integrity issue
+                raise NoObjectInStoreError(
+                    f"Object tree for object ID '{object_id}' contains missing "
+                    "children. This may indicate a corrupted object store."
+                ) from e
+
+            # Create and return the ObjectTree for the current object
+            return ObjectTree(object_id=object_id, children=child_trees)
+
+    def put(self, object_id: str, object_content: bytes) -> None:
+        """Put an object into the store."""
+        if self.verify:
+            # Verify object_id and object_content match
+            object_id_from_content = get_object_id(object_content)
+            if object_id != object_id_from_content:
+                raise ValueError(f"Object ID {object_id} does not match content hash")
+
+            # Validate object content
+            validate_object_content(content=object_content)
+
+        with self.conn:
+            # Only allow adding the object if it has been preregistered
+            row = self.conn.execute(
+                "SELECT is_available FROM objects WHERE object_id=?", (object_id,)
+            ).fetchone()
+            if row is None:
+                raise NoObjectInStoreError(
+                    f"Object with ID '{object_id}' was not pre-registered."
+                )
+
+            # Return if object is already present in the store
+            if row["is_available"]:
+                return
+
+            # Update the object entry in the store
+            self.conn.execute(
+                "UPDATE objects SET content=?, is_available=1 WHERE object_id=?",
+                (object_content, object_id),
+            )
+
+    def get(self, object_id: str) -> Optional[bytes]:
+        """Get an object from the store."""
+        rows = self.query("SELECT content FROM objects WHERE object_id=?", (object_id,))
+        return rows[0]["content"] if rows else None
+
+    def delete(self, object_id: str) -> None:
+        """Delete an object and its unreferenced descendants from the store."""
+        with self.conn:
+            row = self.conn.execute(
+                "SELECT ref_count FROM objects WHERE object_id=?", (object_id,)
+            ).fetchone()
+
+            # If the object is not in the store, nothing to delete
+            if row is None:
+                return
+
+            # Skip deletion if there are still references
+            if row["ref_count"] > 0:
+                return
+
+            # Deleting will cascade via FK, but we need to decrement children first
+            children = self.conn.execute(
+                "SELECT child_id FROM object_children WHERE parent_id=?", (object_id,)
+            ).fetchall()
+            child_ids = [child["child_id"] for child in children]
+
+            if child_ids:
+                placeholders = ", ".join("?" for _ in child_ids)
+                query = f"""
+                    UPDATE objects SET ref_count = ref_count - 1
+                    WHERE object_id IN ({placeholders})
+                """
+                self.conn.execute(query, child_ids)
+
+            self.conn.execute("DELETE FROM objects WHERE object_id=?", (object_id,))
+
+            # Recursively clean children
+            for child_id in child_ids:
+                self.delete(child_id)
+
+    def delete_objects_in_run(self, run_id: int) -> None:
+        """Delete all objects that were registered in a specific run."""
+        run_id_sint = uint64_to_int64(run_id)
+        with self.conn:
+            objs = self.conn.execute(
+                "SELECT object_id FROM run_objects WHERE run_id=?", (run_id_sint,)
+            ).fetchall()
+            for obj in objs:
+                object_id = obj["object_id"]
+                row = self.conn.execute(
+                    "SELECT ref_count FROM objects WHERE object_id=?", (object_id,)
+                ).fetchone()
+                if row and row["ref_count"] == 0:
+                    self.delete(object_id)
+            self.conn.execute("DELETE FROM run_objects WHERE run_id=?", (run_id_sint,))
+
+    def clear(self) -> None:
+        """Clear the store."""
+        with self.conn:
+            self.conn.execute("DELETE FROM object_children;")
+            self.conn.execute("DELETE FROM run_objects;")
+            self.conn.execute("DELETE FROM objects;")
+
+    def __contains__(self, object_id: str) -> bool:
+        """Check if an object_id is in the store."""
+        row = self.conn.execute(
+            "SELECT 1 FROM objects WHERE object_id=?", (object_id,)
+        ).fetchone()
+        return row is not None
+
+    def __len__(self) -> int:
+        """Return the number of objects in the store."""
+        row = self.conn.execute("SELECT COUNT(*) AS cnt FROM objects;").fetchone()
+        return cast(int, row["cnt"])

flwr/{client/clientapp → supercore/primitives}/__init__.py

@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ==============================================================================
-"""Flower AppIO service."""
+"""Cryptographic primitives for the Flower infrastructure."""

flwr/supercore/primitives/asymmetric.py

@@ -0,0 +1,117 @@
+# Copyright 2025 Flower Labs GmbH. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ==============================================================================
+"""Asymmetric cryptography utilities."""
+
+
+from typing import cast
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import ec
+
+
+def generate_key_pairs() -> (
+    tuple[ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]
+):
+    """Generate private and public key pairs with Cryptography."""
+    private_key = ec.generate_private_key(ec.SECP384R1())
+    public_key = private_key.public_key()
+    return private_key, public_key
+
+
+def private_key_to_bytes(private_key: ec.EllipticCurvePrivateKey) -> bytes:
+    """Serialize private key to bytes."""
+    return private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption(),
+    )
+
+
+def bytes_to_private_key(private_key_bytes: bytes) -> ec.EllipticCurvePrivateKey:
+    """Deserialize private key from bytes."""
+    return cast(
+        ec.EllipticCurvePrivateKey,
+        serialization.load_pem_private_key(data=private_key_bytes, password=None),
+    )
+
+
+def public_key_to_bytes(public_key: ec.EllipticCurvePublicKey) -> bytes:
+    """Serialize public key to bytes."""
+    return public_key.public_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PublicFormat.SubjectPublicKeyInfo,
+    )
+
+
+def bytes_to_public_key(public_key_bytes: bytes) -> ec.EllipticCurvePublicKey:
+    """Deserialize public key from bytes."""
+    return cast(
+        ec.EllipticCurvePublicKey,
+        serialization.load_pem_public_key(data=public_key_bytes),
+    )
+
+
+def sign_message(private_key: ec.EllipticCurvePrivateKey, message: bytes) -> bytes:
+    """Sign a message using the provided EC private key.
+
+    Parameters
+    ----------
+    private_key : ec.EllipticCurvePrivateKey
+        The EC private key to sign the message with.
+    message : bytes
+        The message to be signed.
+
+    Returns
+    -------
+    bytes
+        The signature of the message.
+    """
+    signature = private_key.sign(message, ec.ECDSA(hashes.SHA256()))
+    return signature
+
+
+def verify_signature(
+    public_key: ec.EllipticCurvePublicKey, message: bytes, signature: bytes
+) -> bool:
+    """Verify a signature against a message using the provided EC public key.
+
+    Parameters
+    ----------
+    public_key : ec.EllipticCurvePublicKey
+        The EC public key to verify the signature.
+    message : bytes
+        The original message.
+    signature : bytes
+        The signature to verify.
+
+    Returns
+    -------
+    bool
+        True if the signature is valid, False otherwise.
+    """
+    try:
+        public_key.verify(signature, message, ec.ECDSA(hashes.SHA256()))
+        return True
+    except InvalidSignature:
+        return False
+
+
+def uses_nist_ec_curve(public_key: ec.EllipticCurvePublicKey) -> bool:
+    """Return True if the provided key uses a NIST EC curve."""
+    return isinstance(
+        public_key.curve,
+        (ec.SECP192R1, ec.SECP224R1, ec.SECP256R1, ec.SECP384R1, ec.SECP521R1),
+    )