Some changes are made to fix the issue:

"iotaledger#63 Potential for race condition in signing.java". The changes are related
to a problem of race condition in Signing class when using the object
of type ICurl.

jota/src/main/java/jota/utils/Signing.java

@@ -57,6 +57,7 @@ public int[] key(final int[] inSeed, final int index, int security) throws Argum
             }
         }
 
+        ICurl curl = this.getICurlObject(SpongeFactory.Mode.KERL);
         curl.reset();
         curl.absorb(seed, 0, seed.length);
         // seed[0..HASH_LENGTH] contains subseed
@@ -97,6 +98,7 @@ public int[] signatureFragment(int[] normalizedBundleFragment, int[] keyFragment
 
     public int[] address(int[] digests) {
         int[] address = new int[HASH_LENGTH];
+        ICurl curl = this.getICurlObject(SpongeFactory.Mode.KERL);
         curl.reset()
                 .absorb(digests)
                 .squeeze(address);
@@ -109,6 +111,7 @@ public int[] digests(int[] key) {
         int[] digests = new int[security * HASH_LENGTH];
         int[] keyFragment = new int[KEY_LENGTH];
 
+        ICurl curl = this.getICurlObject(SpongeFactory.Mode.KERL);
         for (int i = 0; i < Math.floor(key.length / KEY_LENGTH); i++) {
             System.arraycopy(key, i * KEY_LENGTH, keyFragment, 0, KEY_LENGTH);
 
@@ -129,7 +132,7 @@ public int[] digests(int[] key) {
 
     public int[] digest(int[] normalizedBundleFragment, int[] signatureFragment) {
         curl.reset();
-        ICurl jCurl = SpongeFactory.create(SpongeFactory.Mode.KERL);
+        ICurl jCurl = this.getICurlObject(SpongeFactory.Mode.KERL);
         int[] buffer = new int[HASH_LENGTH];
 
         for (int i = 0; i < 27; i++) {
@@ -196,5 +199,9 @@ public Boolean validateSignatures(String expectedAddress, String[] signatureFrag
 
         return (expectedAddress.equals(address));
     }
+
+    private ICurl getICurlObject(SpongeFactory.Mode mode) {
+    	return SpongeFactory.create(mode);
+    }
 }