IAIK JCE is a provider for the Java Cryptography Extension that, according to the vendor, "supplements the security functionality of the default JDK". It is a commercial product developed by Stiftung Secure Information and Communication Technologies: https://jce.iaik.tugraz.at/about-us/ The way that some of the computations involved in the signature generation are carried out introduces a side channel that leaks timing information about the ephemeral number k. Full details about the vulnerability are available here: http://sbudella.altervista.org/blog/20200521-iaik-timing.html Giuseppe Cocomazzi http://sbudella.altervista.org