Bimodal Lattice Signature Scheme (BLISS) » History » Version 1
Bimodal Lattice Signature Scheme (BLISS)¶
BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper Lattice Signatures and Bimodal Gaussians by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan 5.2.2 release we offer BLISS as an IKEv2 public key authentication method and added full BLISS key and certificate generation support to the strongSwan pki tool.
BLISS Private Key Generation¶
strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the pki tool a private BLISS key can be generated as follows:
pki --gen --type bliss --size 1 --debug 2 > key1.der mgf1 based on sha1 is seeded with 20 octets mgf1 generated 240 octets mgf1 based on sha1 is seeded with 20 octets mgf1 generated 240 octets l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max) mgf1 based on sha1 is seeded with 20 octets mgf1 generated 220 octets mgf1 based on sha1 is seeded with 20 octets mgf1 generated 240 octets l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max) secret key generation succeeded after 2 trials
When generating the private key consisting of the two polynomials s1 and s2, the Nk(S) metric must be fulfilled. This means that often several trials are needed in order to obtain a valid BLISS private key.
With the command
pki --print --type bliss-priv --in key1.der private key with: pubkey: BLISS 128 bits strength keyid: d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca subjkey: e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
information on the BLISS private key is displayed.