The GQ library uses the security parameter to compute the value $t$, which is the number of challenge responses we need to make to reach the soundness needed by the security parameter. The library makes the assumption that the RSA exponent is always 1 larger than a factor of 8. This is the case when $E=65537$ since $65537=2^16+1$ so $65537-1$ is exactly two bytes. However for values like $E=3$ we only get $50.7$ bits of soundness when $256$ bits of soundness is desired.

func NewSignerVerifier(publicKey *rsa.PublicKey, securityParameter int) (SignerVerifier, error) {
	n, v, nBytes, vBytes, err := parsePublicKey(publicKey)
	t := securityParameter / (vBytes * 8)

https://github.com/openpubkey/openpubkey/blob/main/gq/gq.go#L136C2-L136C39

When $E=65537$ $vBytes=2$ and $t=16$. Since $E=65537$ gives us $2^{16}$ soundness per challenge response, since $2^{16 \times 16} = 2^{256}$ we have $256$ soundness. However for $E=3$ $vBytes=1$ and $t=32$, but $E=3$ gives us only $3$ soundness and this is a problem because $3^{32} \approx 2^{50.71}$.

Thus currently the library is unsafe to use RSA public keys in which the exponent E is not $65537$. This shouldn't be difficult to fix. This issue is to track this bug so that we remember to fix it.