Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 1

Version 1/58 - Next » - Current version
Andreas Steffen, 12.12.2014 21:39


Bimodal Lattice Signature Scheme (BLISS)

BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper Lattice Signatures and Bimodal Gaussians by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan 5.2.2 release we offer BLISS as an IKEv2 public key authentication method and added full BLISS key and certificate generation support to the strongSwan pki tool.

BLISS Private Key Generation

strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the pki tool a private BLISS key can be generated as follows:

pki --gen --type bliss --size 1 --debug 2 > key1.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 220 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)

secret key generation succeeded after 2 trials

When generating the private key consisting of the two polynomials s1 and s2, the Nk(S) metric must be fulfilled. This means that often several trials are needed in order to obtain a valid BLISS private key.

With the command

pki --print --type bliss-priv --in key1.der

private key with:
pubkey:    BLISS 128 bits strength
keyid:     d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
subjkey:   e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96

information on the BLISS private key is displayed.