Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 15

« Previous - Version 15/58 (diff) - Next » - Current version
Andreas Steffen, 13.12.2014 14:23


Bimodal Lattice Signature Scheme (BLISS)

BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper Lattice Signatures and Bimodal Gaussians by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan 5.2.2 release we offer BLISS as an IKEv2 public key authentication method and added full BLISS key and certificate generation support to the strongSwan pki tool.

BLISS Private Key Generation

strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the pki tool a private BLISS key can be generated as follows:

pki --gen --type bliss --size 1 --debug 2 > cakey1.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 220 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)

secret key generation succeeded after 2 trials

When generating the private key consisting of the two polynomials s1 and s2, the limit for the Nk(S) metric must not be exceeded. This means that often several trials are needed in order to obtain a valid BLISS private key. With the command
pki --print --type bliss-priv --in cakey1.der

private key with:
pubkey:    BLISS 128 bits strength
keyid:     d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
subjkey:   e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96

information on the BLISS private key is displayed.

Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format

pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
secret key generation succeeded after 6 trials

The PEM key format is printable
cat key4.pem

-----BEGIN BLISS PRIVATE KEY-----
MIIFGgYLKwYBBAGCoCoFAgQDggOBAEOoiWS7mISnnPjzFJu6REHq1REYuLfillD2
VmmCWuB1NcL6GLTRFzwCMCw8KBLpyZhEAs6QlelSWVxPuBGMuQzQsmm9A3NjrV4U
655KXTkuiTpZP00qsfKuqh6EofkQ+89YK6qZNnxAeJ/mB9Dlkq9ELPjigNlZfUkd
Ky2fBJkwdKLb75WermM3tOYts0X06j7M3WX8DdVsGgIrzC57shAiD9nyhrUNHB15
b9IymR84GW4BJofKVW2GJVeUyLnh8YP33OUx6F5aEqweSbi5dGtbDbr0WmK6LmNw
dKQyv+hickbXGTWifAEktjpTApYjBBB6TZgiAW2P4T3dMq2ciQUbhCl1xWUlWF+2
iZbfFrcMb4dVrWOYbQRfvURmCkvJWsXHiijK8E+pmCDCruQg7TuRlIdXCRhSZrzY
+pLcY7mKBfyCvrmYmmCMRQQXeTDnGI/9VhHJ6icK6Mqy2BwRVFj9FmSsAHmF9gkL
hcaPlsgpLqaoK41FcJHjMbJIjWKaHkFXMQ0K943cM0ivB3EqRG68AptqH1QxkIi6
haUuQL6Nsl/tXo4VwyiVpm1faRQW5Re9L6KbEhLgnT3JeAft0zOOlHwx5myBDAxa
s8LP9H/EyzpO4uyd1eHlqZvGEmlt9lhOikLwEohWDoZIpWFKrtfzciQMOugLq4m4
n+ueVo25rvq6MRwncj0FCwlt0nAhWeP8hQYTzhgFsBeheM4OaWVRhRPQmqYFrLRZ
grvkgGIQd2IDKhjqCI7gpOi/KRG5RbnyvO4zaqLNy16Lk4exZ2iin19YQpmU613j
EVLsMoRTQl2tE+aB0GJ0BpE3u0Aqnrp6ZhCJmK8CybfYAGhV5sly59Cds7QtIw8r
6pXl7Wd0q2sMFsUnqadcCwqoeOciqU+AwvQ+X2g4eilxV6D2TkLMMBUOYi5BqNdj
a7pJAnUUMyEYvDXhMUYnjGlK3RFKHFCzCalQN0s5JLRTpLnTTy70TtvMaDJAWCwG
OShSbNqr0zGNfnCsFjuppZ+5tQd7GRCgjL2uG0CDTIKEq5vmaH1d3FOldJX2uYYA
O6QOKIThuiH3C0OgAQoLGoArsmFymtBXHxPZSjtE5SR+1YVCr4UEdGlSt2efJoxm
eBaYki03CF2pSm7EDHxbEjDC9E3AeOfUW6Iq4dTGThjGNGnnBIbpv0mSdXFzWcZU
3rwQo51EA4HBAACSCPjwAOUCAOCCCOP/gCDzxzweEOByCAACeEP1wF+DxhwBiQTw
AP/0AAQFx/z+SACPgR+ASePwOAOgAAQBwDiAV0OOCADwB0eOgAeAOORwMAPzwOQS
CBuMAQOB+Px/x+AuCeRweeADzwACPyCP+RyQhgBzwOCBwSBwOB+SeQAQCOBwACAB
0eByABwQBwQAAeCBwgAAB/wACDwNyPgeQOPwAAR+OAR+AB+COAQCBx+QeB+R+B+Q
CADjxwACPiARvwOBwQDjggcY7EEgAEHjcYAcogEHgccDjgcDg8fgAnjgAgfkgEgc
DnjgAEbAn8ArnAhAAcAkAEgADkgAD8DgkDgkcDnkcE88jkjkgjgD9ccAg8cc8jjr
kcgkABED8gAD8H/n8gAAj8AgEHj8D8D89Dfg4DAgEEAAgAj8HgkgAj8HgcHodAEk
cn8DAL8AD/g//gcDkAEH/AAD/gcDnj8AkD8AcDgErkHjAAcA9AAAAcAcEEEgAAAg
AYLoAgAEHgkDgYccgbk=
-----END BLISS PRIVATE KEY-----

At last let's generate a BLISS-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
pki --gen --type bliss --size 3 --debug 4 > cakey3.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 380 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 380 octets
l2 norm of s1||s2: 1401, Nk(S): 125552 (128626 max)

secret key generation succeeded after 1 trial
   i   f   g     a     F     G     A
   0  -1   1 11932  6730 11344  6400
   1   1   0  2227  1206  9396  6244
   2  -1   2  4844   496   414  4411
   3  -1   0  2768  2813  1412  6619
   4   0   2  3583  2753  3520  9237
   5   0   2 10160  2434  9512  8688
   6   0   2  8157  9071 10775  8990
   7   0   0  3862  5091   211  3126
   8  -1   0  3045  2278  5799  8812
   9   1   0  9942  5685  3335   541
  10   0   0  8236  1637   526  5000
  11   0   0  8638     9  9539 10618
  12   0  -2 11526 11882  8890  8976
  13  -1   0 12180 11895  3538  5231
  14  -2   0  6332  4243 11062   243
  15   0   0  4083  4302  3400  4000
  16   0   2  4545  6031  2766  1708
  17   0   0  1495  4119  8792 11954
  18   1  -2  5664  9450  5151  6621
  19   0   0  3580  1963 11193  1552
  20  -1  -2  7090  5950 10318  8445
  21   0   0  5180  8190  7147 11145
  22   0  -2  8455 12226    27 10533
  23   0   0   810  4585  6578  3333
  24   1   0  5316  9595  2034  7088
  25   0   0 10072 11746 10425  9554
  26  -1   0  4544  5888  7751  8402
  27   0   0  9529 10638  5983  9509
  28   0   0  6832  8019  5519  1124
  29   1  -2  8900  2356  4475  4326
  30   0  -2  4438  7452  2418   406
  31  -1  -2   363  9949  6078  3369
  32   0   0  6032  9713 11653 12232
  33   0   0  1342 11748 11094  4727
  34  -1  -2   780  9506  2687  5713
  35   1   0  1114 11518  5003  1173
  36   1   0 11561  8458  9766  5255
  37   0   0   932  4680  7848 10211
  38   0   0  4748  4235  6832  9975
  39   1   2  6338  9116  1371  9287
  40   0   0  9216 11714 11657  4532
  41   1  -2  1100  6203  6951  9887
  42   1   0 11955  9307   124 11984
  43   0   0  6550  6220  9948 11200
  44   1   0 10183  7920  2231  2050
  45   0   0  5858 10736 11843  4851
  46   1   0  4402  6459  5976  5509
  47   1   2  3354  2643  9397 11716
  48   1  -2  9937  3908  1174 11478
  49   2   0 11688  9298 10680  1833
  50  -1   2  5348  4731 12240  5286
  51   0   0  4594  1469 10189  5043
  52   0   2  6324  1006  6445  3268
  53   0  -4  2137  2707  4158   569
  54  -1  -2   340  2232  4643  9852
  55  -1   0  1784  8290  9620  3129
  56   1   0  7203  5610 11341   749
  57   0   0  6651 12057 10851  5621
  58  -1   0   383  5516  9861  2272
  59   2   0 10893  8086  1452   140
  60   0   0  7921 10970  6955  9293
  61   1  -2  4243 10170  5305  9178
  62  -1   2  3565  2730  3858 11021
  63   0   0  5697  1308  7157  8076
  64   0  -2  4079  5666  9079  5400
  65   1   0  3653  2895  1244 11606
  66   0   2  9829  6670  4713  3470
  67   1  -2 11728  5737  6142  2111
  68   1  -2  7403 10194  2903  2562
  69  -2   0   770  9857   301  4108
  70   0  -2  6771  2653 10239  2130
  71   0   0  7855  4463  7362  9248
  72  -1   0 10880  6688  3127   311
  73  -1   2  4691  8128   533  8290
  74  -1  -2  4037  3558   115 10006
  75   0   0  2284   389  6473  3776
  76   0   0  5390  9091  1720  7047
  77   0   2  4988  1314 11101  4376
  78   1   0  5858  6929  7217  3009
  79   0   0  8276  9115  9758  8600
  80   0   0  1719  3490  6518  2847
  81   0   0  3145    16  2434 10905
  82   1   0 12177  5643  1293  9983
  83   0   2  8860  7027  7247  4144
  84   0  -2  8029 11886  5161  8312
  85   0   0  6660  8970  4777  9518
  86   0   2  8940  2217  8996  6495
  87   0   0  4623  2243 11869 10300
  88   0   4 11841  4074  6347  3751
  89  -1   0  2220 12271  2346  3966
  90   0   2 11997   617  8162  8020
  91   0  -2  4335    73 10232  9399
  92   1   2  8016 10780 11912 11369
  93   0  -2  4302  7923   717  7152
  94   0  -2  8014  1252  8311 11638
  95   1   0 11580   975  1679  2699
  96   1   2  6246  3336   161  6745
  97  -1  -4  5081  9817 11892  6259
  98   0   0  4544 10997 12278  4499
  99   0   2  1616  9495 12225 10213
 100  -1  -2  8533  8912  6448  9929
 101   0   2  8850  8093 11649  9665
 102   1  -4  9776  4225  8805  9906
 103  -1   0 12203  5021 12232 10353
 104   1   2  1285 10557  8597  2897
 105   1   0  5553 11162  5268 10387
 106  -1  -2  6413 10365 11905  6694
 107   0  -2  1915  8797  5109 10630
 108   1   2  5668  7809 10108   689
 109   0  -2  5724  6433  9119  9062
 110   1   0  3193  2998 10987  4238
 111   0   2  3218  6756 10221 11532
 112   0   0 11475  1061  3999  2494
 113   0   0  1751 10398  9032 10926
 114   0   0  5049  4368  3557  9980
 115   0   0  6973 10707 10291  4631
 116   0   0   826  2759  8952 11976
 117  -2   0 11077  1210  8027  7898
 118   0   0  3361  8733  5169   237
 119   0   0  9447 10875 12077 11281
 120   0   0  7154   928   564 11601
 121  -1  -2  5099  1695  5523 11879
 122   0  -2  5533  6614  4882  7444
 123   0   2  2416  2221 11163  3679
 124   0  -2   683  8407  7179 11214
 125  -1   0  1698  4946  8846  5627
 126   0   2 11993  1197  5067  2037
 127  -1   2 11131 10689  4543  8346
 128   1   0 11684 12052  5700  5576
 129   0   0 11081  7285  5758  2882
 130   0   0  2204 10550 10764 10396
 131   0   0  5413  6834   237  9705
 132   0   0  3139  9589  3580  1000
 133   1   0  2435 10845 11335  4375
 134   0   0  5835  9461  5820  8967
 135   1   2  1986  7566  6638  7219
 136   1   2 12005   279  4775   854
 137   0  -2 11470  3603  1399  4755
 138   0   4  3665 10794  4373 10453
 139   0   0  6909  8265 11931 11831
 140   1   2  9201  4238  3547  9596
 141   1  -2  7577 11197  9585  4684
 142   0   0  8947  1967  2051  7873
 143   0  -2  9195  2467  6347  7903
 144   1   2 11017  8525 11401 10043
 145  -1   0  1786  7054  2174  5272
 146   0   0  2541 11091 10944 11808
 147   0   0  1685 12142  9116 11391
 148   0  -2  9324 10699 11938  1090
 149   1  -2  6706  2541  7886  7480
 150   1   0 10550  1341  3839  5373
 151  -1  -2  4665  7629  5217  2934
 152   0   2  1311  6833  4048 11099
 153   1   0 11994  1783 10226  2549
 154   1   0  9953  5962 11300 10712
 155   0  -2  2781 11449   395 11045
 156  -1   4  6768  7744  9122  6955
 157   0  -2  1288 10720  7913  9198
 158   0   2  3735  3959  3762  4924
 159   1   2  2817  4147  6807  6198
 160   0   0  2935 11500 11190  4051
 161   0   2  1193  7795 11414  3350
 162  -1  -2   757  3411  9464  4481
 163   0  -2  3830  7004 11979   593
 164   0   0 11945    57  6438  9168
 165  -2   2  1844   173  7130  9844
 166   1   0  1055  4376   673   559
 167   1   0   665  1744 11877  9442
 168  -1   0   190  3421  9077  5294
 169  -1   0  5948  4923 10003  9323
 170   0  -2    66  3154  7238 10273
 171   1   0  3608  7307  8272 11128
 172   0  -2 11068 10669  7822 12269
 173  -1  -2  2289  5725  7793 11084
 174   0  -2  2045  9528  5770  5250
 175   0  -2  5369  1937  9741  7669
 176   0   0  5495   973    32  8740
 177   1  -2   187  6219 10487 11605
 178   0   0  6664  3891  6930  9183
 179   0  -2  8951  3731  4350 10057
 180   0  -2  2119  8064  2295    14
 181   0   0  5587  7068 12132   419
 182   1   0  5551  9660  4283  5818
 183   1  -2    58   319  9240  1724
 184   0   2  9694  6238  4742 12274
 185   2   2  1752 10949  7406  7643
 186   0   2  4551  4296  5533  7516
 187   0   0  5809  2080  4616  3169
 188   0  -2  4805  9682  4940 10345
 189   0   4  5232 10223  8937  9376
 190   0  -2  4985  6043  7853   528
 191   1   0 11937  4497  1366  6015
 192   1   0  7724  7554 12130  1918
 193   0  -2  2011  4752  4070  3130
 194   0   0  8272  1015  1803  3973
 195  -1   0  7832  7988  9436  5558
 196   0  -4  8854 10413 11890  8575
 197   0   0  2277  3600   263 11719
 198  -1   2  2986  1000  9583 11721
 199   0   2  2907  8991 11579 11775
 200   0   2  7872  2207  9525  1285
 201   1   0  7562  9107  2777  2830
 202  -2  -2 10678 10608  9041 10880
 203   0   0   656 11804  3455  2400
 204  -1  -2  4799  3910  3626  6180
 205  -1   0  1998  5423  2614  5813
 206   0   0  2327 11665  8051  2567
 207   0   0   282  6807  4478  1129
 208   0  -2  7967  3811 12284  6446
 209  -1   0  3169 11501 11972 11650
 210  -1   0  2614  4186  5549 10021
 211   1  -2 11856 11417 10104  6753
 212   1   0  3692  2680  3800 12107
 213   0   2  4639  5506 11526  6189
 214   0   0  6373  9147  2814  9738
 215   0   0  1942  1124  9011  3124
 216   0   2  5163   558 11376  4381
 217   0   0 11687  9612  8623    84
 218   0   0  8537  3843 11615    35
 219   1   0 11885  4846  3711  6409
 220   0   2  9728  8703  2262  5270
 221  -1  -2  4928   745  4084  3453
 222   0   2  2383  5711  4946 10846
 223   0  -2  2480  3190 11514  2446
 224   0   2  8786  4156 10444   381
 225   0   0  7294  3059   859  5500
 226   0  -2  2793  4752  4311 11196
 227  -1   2  9428  8892  6184  2715
 228   1   0  3240  6263  8476  7279
 229   0   0  2533   993  6898  5972
 230  -1   2  6513  1130   623  3622
 231  -1   0  2175   455  8066   855
 232   1  -2  8930 11192 11277  6039
 233  -1   0 10052  9546  1723  3691
 234   0   0 12282 10488  5953 11501
 235   1   0   966  2764  1478  7550
 236   0   4  2689  4295   136  7671
 237   0   0  2735 10452  7686  5468
 238  -1   0  7155  3804 11767  4710
 239   1   2  6875  1049  8317  1238
 240  -1  -2  5800  4804 10126  7221
 241   0   2 10256  8623  4292 11309
 242  -1   0  9012  8378  9611  5688
 243  -1   2  4014  1882  3226 12134
 244   0   2 11698  2629  1993  9817
 245   1  -2  9293  4184  3392 10739
 246   0   2    93   852  8664 11953
 247   0   2  6230  8044  8507  6969
 248  -1   2  6093  7622 10297  8445
 249  -1   0 10974  7821  3675  3517
 250  -1  -2  4760 11952  9509 11495
 251   0  -2  7410  5638  8286  2604
 252   0   0   313  2955  7834  4178
 253  -1   0  9733  3273 12249 11493
 254  -1   0   682  9048  9531  3876
 255   1  -2  2283   179  4322  9567
 256   0   0 10470  1633  2290  9062
 257   0  -2 11005  5584  7880  6991
 258   1  -2  2732  7686  7623  8563
 259   0   0  8845  9994  6380  2032
 260   0  -2  9527   785  4071  4639
 261   0  -2  7141  5116   474  9863
 262   0   0  8896  9356  8790  4233
 263   0  -2  8781  5058 11323  5758
 264  -1  -2  2106  4848  5472  3773
 265   0   0 10312  2028  1706  5806
 266  -1   0 11587 11556 10433  7614
 267  -1   0  9354  4702  4673 11174
 268   1   2  4179   310  1572  9202
 269   0   0   231  7881  4637  8778
 270   0   0 10643 12282  3262 11823
 271   0   2  4803   573 11021 12201
 272  -1   0 11942  2736  1772   881
 273   1   0 10172  5565  7021  1748
 274   0   2  8091   902 11967  2343
 275   1   0  6507  2055  1543  1125
 276   0   0  8363  4684  8421  7891
 277   0   2 11435  7507  3108  1495
 278   1   0  1121  5376  1638  8545
 279   1   2  6659  7231  2291  9356
 280   2  -2 11535  5948  8451 10276
 281   0   2  9996  5929 11267 11752
 282   0   0  9341 11999 10535  9922
 283   0   0  1156   407  2491  5743
 284   1   0 10878  9742 11436  7146
 285   1   0  4269 10191  6723  1057
 286   0   0  3150  6385 11151  8222
 287  -1   2 10602 12270  1942 11540
 288  -1   0  4149  9389  5193   155
 289   1   0  2220  1914  7033  2039
 290   1  -2  5849  9681  7990 10354
 291   0  -2   578  1167  9422  2925
 292   0   2  2784  4352  1474  8850
 293   0   2  2831  7803  7941 10471
 294   1  -2  1505  5309  1529 10706
 295  -1  -2 12152  3117  1462  5319
 296   0   0 12015 10147  2163  3011
 297   0   2 12204  3215 10166   351
 298  -1   0  3251  7021  9039  9355
 299   0   0  5488  2986  1862  5927
 300   1   0  7988   280  3983 11996
 301   0  -2 11691   944  6647  7206
 302   0  -2  5811  8894 11593  4438
 303   1   2 11242  8285  3494  3099
 304   0   0  1369  3781 11946  9679
 305   0   0  4923   855 11924  2443
 306   0   0 10077  6525  5892 12143
 307   0   0  5765   923  7601  5041
 308  -1   0 11585  4403  7020  7236
 309  -1   0  9508 11281  9550  8744
 310  -1   2  8015  7011  6196   851
 311   0   0 10282  6674  7084  1139
 312  -1   0   366  5463  5297 11037
 313   0   0  3271  3185  6778 10142
 314  -1   0  6295  3530  2128  3092
 315  -1   2  2446  9761  5698  9652
 316   0   0  6414  6084 11668  2854
 317   1   0  7954 11099  5621  8453
 318   1   0  8505  3817  6471  8585
 319   0  -2 10555   260  7709  1873
 320   0   0  4679  8577  2591  3492
 321   1   0  4517 10562  7356 10826
 322   0   0  5129  7378  6792 11094
 323   1   0 11014  1117   906  7306
 324  -1  -2  8930  3044  7558  1690
 325   0  -2 12034  5641  5602  3833
 326   1   0  4468  8161 11613  1703
 327   0   0  9452  5643  6465   759
 328  -1   0  4250  1062  8885  5366
 329   0   0  2562 11062 10606 12050
 330   0   0 11004  5092  1145  9690
 331   0   0  3971  4167  9338 10914
 332   0  -2  4640  2905  8263  8180
 333  -1   2 11466 11858  4479  8686
 334  -2  -2  2263 10527 11374  8335
 335  -1   2  8803 10486  6140 10827
 336   0   0  1608 10434   277  3299
 337   0   0  8846  4037  5405 10610
 338   0   2  2025  9028 11374   249
 339   0   0  7495  5760  9448  3603
 340   0   2    15 10858 10180    53
 341   0   0  2216   822  8232 10505
 342   0   0  4552  6213  8198  2721
 343  -1   0  8537 12065  4985  6616
 344   1   0    59  1083  5343  4975
 345   0   0  6820  2485  7426  8044
 346   0  -2    79  3592   780  2094
 347   0   2  6060  2269  1661  5628
 348  -1   0   483  7927  6962  9842
 349  -1   0 10399 11975   182  8453
 350   1   2 10965  8081  9568 12240
 351  -1   0  6177  9642 10608  1217
 352   0  -2  3647  7424  6312 11588
 353   0  -2 10821  5412  7478  9670
 354   0   2  7993  8400  9262  9133
 355   0  -2 12183  9287  5467  4145
 356   1  -2 11881 11278  2062  2271
 357   0   0 11023 11205  4098  9315
 358   0   0  2486  1161  4531 11806
 359   0   2  7820  8932  2128  6164
 360   0  -2  4830  2661  6650  6782
 361   0   0  1280  8451  7065  2723
 362   1  -4  3505  2948  7690 10249
 363   0   0  1931   604   857 11619
 364  -1   0  4519  1694  1682  7386
 365   1   0  7001  5943 10006  9007
 366   1   0  6867  7829  3179  9453
 367   0   2  6439  1013  9753   968
 368   0  -2   471  7027  6703  4401
 369   0   2 10693  6320  2472  5896
 370   1   0  6616  5825  5027  4446
 371   0  -4  2610  2936 10741 11669
 372  -1   0 10505  5607  7619 11326
 373  -1   0  8796  8925  6540   641
 374   0   0  7862  9942  2067  7361
 375   2   2  5933 11598  7281  2337
 376   0   0  4397  9644  2961   575
 377   0   0 11546  3667    60   496
 378   0   2 10359   897  6655  9940
 379   0   0  8042 11627  7627  4091
 380   0   2  7229  5196 10305  4323
 381   0   2 11076  8341  5590   590
 382   1  -2  5915   587  3514 10997
 383   0   0  4235  5733  1374  7164
 384   0  -2  6883  2313  3411   910
 385   2   0  5537  5149   391 10153
 386   0   0  4786  9993 11959  7183
 387   1   0  8660  4137  8672  1422
 388  -1   0 10388  8443  6742  3136
 389  -1   0  3028  4136  7848  1024
 390  -1  -2  3013  9457  3424  5692
 391   0   2  6434 10654   246  8185
 392  -1   0  5801  5730   384  4298
 393   0   0  3559 11131  6623  3040
 394   0   2  6911  3462  6279 10768
 395   0   0  2559 11098  1487  5746
 396   0   0  6942  1081  5465  2597
 397   0   0  6852   666  5872  6467
 398   0   0 10873  4863 11256  4225
 399   1  -2  3670   513  2689  1203
 400   1   0 11066  6794  6433  4163
 401   0   2  4927 11148  7593  4700
 402   0   2  5570  7675  6432  9507
 403   0   0  9882 11756 11480  4705
 404   1   2  9553  7076  9700  2926
 405  -1   2  9678 12074  7468 11797
 406   0   2  3955  2530 10255 10763
 407   1   0 10843  8488 12022  6421
 408   0   0  2514  2611  6629  2177
 409  -2  -2  1934  6748  5463  3878
 410   1  -2  2677  5860  4847 11948
 411   1   0  2065  8327  9459  7023
 412   0   0  6908  5681   530  4705
 413   0   0 10718  6791  9883 10546
 414  -1   0 10338 11007  3468  2087
 415   1   0  7817   625 11048  7745
 416   0   0 11023  4466 10734 10811
 417   0   0  6306  7136  5359  9233
 418   0   0  1858 10575  2337 11205
 419   0   0  1118  2777  6009  7711
 420   1   0  8755  4003  5535  8938
 421  -1   0 12259  1775  2505  8171
 422   0   0  5186 12038  9054  9707
 423  -1   0  8317  9867  2073  6580
 424   0  -2  3750  7074  7221 12191
 425  -1  -2  7076  6288  3318 10214
 426   0   0  4066  8076 12163  3442
 427   1   2  5009   366 10803  1339
 428   2   0  7392  9060  4955 11591
 429  -1  -4  9381  8187  9349  5579
 430   0   0  6499  4642  5787 12187
 431   1   2 11461 11653  3278  7917
 432   1   0  8976  7597   613  6477
 433   0  -2  9335 10397  6485 11019
 434   0  -2  7590  5554  4787  9128
 435  -1  -2  7109  7497   615  8655
 436   1   2  5984   709  9806  6063
 437   1   0  4451  1057  1327  2187
 438   0   0  6532  2071  1809  9139
 439   0   0  5657  1586 11166  5121
 440   0   0  3926  7845  1167  7773
 441   0   0  6347   293  1762 11582
 442   0   0 12239 10323  4500  6461
 443   1  -2  1977  3819  4233  7946
 444   0   0  5851  9874  3996  8822
 445  -1   2  3107  3834  5546  9707
 446   1   0  5636 11215 11094  5276
 447  -1   0 12270  4649     5 11911
 448   1  -2  6452   394  1732  3872
 449  -2   0 11019   764  1006 10907
 450   0  -4 11659  6297  4922  4827
 451   1   2   890  9098 11786  3678
 452   1   2  7670  7736  2460 10669
 453   0   2  2047  7505 11511  3057
 454   0   0 12148  5933  9508  9426
 455   0   0  5596  3895  2879  7412
 456   0   2  6504  2290  4180  9071
 457   1   0  8051   946   316 11380
 458   0  -2  2479 10389  6976  2480
 459  -1   0 10512 10125  6279  6329
 460   0   0  4709  6976  7912  6808
 461   0   2  6605  9934 10200 10093
 462  -1   0   949  7882  3698  1544
 463   1  -2 10292  3467   350  3293
 464   1   0  6448  9423  1313  2345
 465   0   2   692  6812  7583  6050
 466   1   0  3635  4184  2733  3816
 467   0   0 12067  5816 10128 11192
 468   0   0  9902  8712 11275  6813
 469   0   0 10938  7970  1902  7019
 470   1   0  9568  4228   242  5633
 471   0   0  2196  5792  6794 10300
 472   0   0  4075   157  8672  2560
 473   0  -4  2110  3629  9461  9122
 474  -2  -2  3412  4091  7245  4018
 475   0   0 11653    40  5765 10897
 476   0   0 10799   728  9056 10951
 477   0   0  2114  2282  3786   314
 478  -1   2   817 10585  8784 10553
 479  -1   0  3705 12125  8654  5792
 480   0  -4  1808  8664   196  4624
 481  -1   2  5841  1907  7238  7769
 482   0   0  8769  9263  6687   676
 483   0   0  3412  9123  9517  1111
 484  -1   0  4204    49 11892  6011
 485  -1   0 11196   448  3872  2642
 486   0   0   651  2142  3834  6611
 487   1   4  7208 10823  6626 12033
 488   0  -2  8558 10995 11169  2660
 489   0   0  7955  2079  1785  7697
 490   1   0  5565 11081  6935  1449
 491   0   2 11661  2880 10737   887
 492  -1  -2  2546  3372  1543  2424
 493   1   0  1667 10715  7245 11246
 494   0   0    93   456  1273  2563
 495   0   0  3205  2733  6176  7453
 496   1   0 12191  7834  2926 12258
 497   0   0  3788  5251   935  6085
 498   0   0 10114 12224  8954 11395
 499   0  -2  7464   568  5744  7972
 500  -1   0  1992  6344 10425  3471
 501  -1   0  5249  7024   675  3466
 502   0   2  8334  3338  1945  4805
 503   0   0  8566   837  6796  2416
 504  -1   2  1905  3844  2872  1612
 505   0   2   377  8680  5459   608
 506   0   0  1990  7692 10261  6844
 507   0   2  5170  9084 10608  4433
 508   0   0 11365  3048 11553  3451
 509   0  -2 12098  6095 11214  3125
 510   1  -2  1431  2633 10329  5488
 511  -1  -2  3846  4226  8410  4614

Shown are the 512 small coefficients of the private keys f = s1 and g = 2 * s2 + 1 as well as their Number Theoretic Transforms (NTT) F and G, respectively. The BLISS public key A is computed as the component-wise inverse of F * G and the reverse NTT gives a = 1/(f * g) mod q with the 14 bit modulus q = 12289. Sometime it happens that F * G is not invertible, so that the following debug message is output
S1[91] is zero - s1 is not invertible

and another trial run is started.

BLISS Root CA Certificate Generation

A self-signed BLISS CA certificate can be generated with the following command

pki --self --type bliss --in key4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem

  file content is not binary ASN.1
  -----BEGIN BLISS PRIVATE KEY-----
  -----END BLISS PRIVATE KEY-----

L0 - BLISSPrivateKey:
L1 - keyType:
  'BLISS-IV'
L1 - public:
L1 - secret1:
L1 - secret2:

L0 - subjectPublicKeyInfo:
L1 - algorithm:
L2 - algorithmIdentifier:
L3 - algorithm:
  'blissPublicKey'
L3 - parameters:
L4 - blissKeyType:
  'BLISS-IV'
L1 - subjectPublicKey:

mgf1 based on sha256 is seeded with 32 octets
y1 = -859..738 (sigma2 = 71786, mean = -6.6)
y2 = -852..644 (sigma2 = 65618, mean =  2.0)
norm2(s1*c) + norm2(s2*c) = 63602, rejected
mgf1 generated 10304 octets

mgf1 based on sha256 is seeded with 32 octets
y1 = -942..726 (sigma2 = 81503, mean = -8.6)
y2 = -876..893 (sigma2 = 69883, mean =  2.4)
norm2(s1*c) + norm2(s2*c) = 66020, accepted
scalar(z1,s1*c) + scalar(z2,s2*c) = 86651, rejected
mgf1 generated 10528 octets

mgf1 based on sha256 is seeded with 32 octets
y1 = -862..785 (sigma2 = 72628, mean = -7.1)
y2 = -782..921 (sigma2 = 74618, mean =  4.1)
norm2(s1*c) + norm2(s2*c) = 64940, accepted
scalar(z1,s1*c) + scalar(z2,s2*c) = -176380, accepted

z1 = -873..780, z2d = -3..4

efficiency of Huffman coder is 3.4121 bits/tuple (1747 bits)
generated BLISS signature (6706 bits encoded in 839 bytes)

signature generation needed 3 rounds
mgf1 generated 10656 octets

With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors y1 and y2 with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process usually requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors z1 and z2 as well as the sparse challenge vector c.

A BLISS certificate can be displayed at any time with

pki --print --debug 2 --in cacert4.pem

L0 - x509:
L1 - tbsCertificate:
L2 - DEFAULT v1:
L3 - version:
  X.509v3
L2 - serialNumber:
L2 - signature:
L3 - algorithmIdentifier:
L4 - algorithm:
  'BLISS-with-SHA512'
L2 - issuer:
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
L2 - validity:
L3 - notBefore:
L4 - utcTime:
  'Dec 13 12:01:57 UTC 2014'
L3 - notAfter:
L4 - utcTime:
  'Dec 13 12:01:57 UTC 2024'
L2 - subject:
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
L2 - subjectPublicKeyInfo:
-- > --
  L0 - subjectPublicKeyInfo:
  L1 - algorithm:
  L2 - algorithmIdentifier:
  L3 - algorithm:
    'blissPublicKey'
  L3 - parameters:
  L0 - subjectPublicKeyInfo:
  L1 - algorithm:
  L2 - algorithmIdentifier:
  L3 - algorithm:
    'blissPublicKey'
  L3 - parameters:
  L4 - blissKeyType:
    'BLISS-IV'
  L1 - subjectPublicKey:
-- < --
L2 - optional extensions:
L3 - extensions:
L4 - extension:
L5 - extnID:
  'basicConstraints'
L5 - critical:
  TRUE
L5 - extnValue:
L6 - basicConstraints:
L7 - CA:
  TRUE
L4 - extension:
L5 - extnID:
  'keyUsage'
L5 - critical:
  TRUE
L5 - extnValue:
L4 - extension:
L5 - extnID:
  'subjectKeyIdentifier'
L5 - critical:
  FALSE
L5 - extnValue:
L6 - keyIdentifier:
L1 - signatureAlgorithm:
L2 - algorithmIdentifier:
L3 - algorithm:
  'BLISS-with-SHA512'
L1 - signatureValue:

z1 = -873..780, z2d = -3..4

cert:      X509
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" 
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" 
validity:  not before Dec 13 13:01:57 2014, ok
           not after  Dec 13 13:01:57 2024, ok (expires in 3652 days)
serial:    12:a0:ca:85:51:b9:f3:27
flags:     CA CRLSign self-signed
subjkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
pubkey:    BLISS 192 bits strength
keyid:     55:ee:7a:31:44:e5:a0:cf:b6:c9:a7:17:98:c9:60:a7:eb:d0:4e:4f
subjkey:   37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71

If you are not interested in any detailed information then just creat a self-signed BLISS CA certificate with
pki --self --type bliss --in key1.der --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 > cacert1.der

and view it with
pki --print --in cacert1.der

cert:      X509
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" 
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" 
validity:  not before Dec 13 12:58:21 2014, ok
           not after  Dec 13 12:58:21 2024, ok (expires in 3652 days)
serial:    5d:06:0d:4b:69:64:84:62
flags:     CA CRLSign self-signed
subjkeyId: f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
pubkey:    BLISS 128 bits strength
keyid:     df:78:00:c4:b4:13:e7:fd:4f:05:dd:39:1a:2e:2b:c5:65:39:10:f4
subjkey:   f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5

BLISS End Entity Certificates

We are now going to generate a BLISS-I key pair for user Carol:

pki --gen --type bliss --size 1 > carolKey.der

secret key generation succeeded after 2 trials

Next we create a self-signed PKCS#10 certificate request
 pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der

which is used as the input for the CA to create a signed end entity certificate:
 pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der

and which has the following content
pki --print --in carolCert.der

cert:      X509
subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org" 
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" 
validity:  not before Dec 13 13:20:34 2014, ok
           not after  Dec 12 13:20:34 2017, ok (expires in 1094 days)
serial:    38:a9:13:10:c2:ed:ed:c3
altNames:  carol@strongswan.org
flags:     clientAuth
CRL URIs:  http://crl.strongswan.org/bliss.crl
authkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
subjkeyId: 8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
pubkey:    BLISS 128 bits strength
keyid:     5b:cf:17:14:a8:d8:aa:bc:40:f3:21:95:a9:67:7d:20:af:66:4e:c2
subjkey:   8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c

IKEv2 Public Key Authentication using BLISS Signatures

The ikev2/rw-ntru-bliss strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation (RFC 7383) is being used:

IKE_AUTH Request

Dec 12 13:53:11 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org" 
Dec 12 13:53:11 carol charon: 13[IKE] establishing CHILD_SA home
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Dec 12 13:53:11 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)

IKE_AUTH Response

Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #1 of 3, waiting for complete IKE message
Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #2 of 3, waiting for complete IKE message
Dec 12 13:53:12 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (548 bytes)
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
Dec 12 13:53:12 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Dec 12 13:53:12 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org" 
Dec 12 13:53:12 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org" 
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA" 
Dec 12 13:53:12 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org" 
Dec 12 13:53:12 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA" 
Dec 12 13:53:12 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA" 
Dec 12 13:53:12 carol charon: 15[CFG]   crl is valid: until Jan 11 12:36:45 2015
Dec 12 13:53:12 carol charon: 15[CFG] certificate status is good
Dec 12 13:53:12 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
Dec 12 13:53:12 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS signature successful
Dec 12 13:53:12 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]

BTW- the key exchange method used is NTRU encryption so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:

IKE_SA_INIT Request

Dec 12 13:53:11 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
Dec 12 13:53:11 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
Dec 12 13:53:11 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
Dec 12 13:53:11 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (813 bytes)