Bimodal Lattice Signature Scheme (BLISS) » History » Version 2
Andreas Steffen, 12.12.2014 21:43
| 1 | 1 | Andreas Steffen | h1. Bimodal Lattice Signature Scheme (BLISS) |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 1 | Andreas Steffen | BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method and added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool. |
| 4 | 1 | Andreas Steffen | |
| 5 | 1 | Andreas Steffen | h2. BLISS Private Key Generation |
| 6 | 1 | Andreas Steffen | |
| 7 | 1 | Andreas Steffen | strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows: |
| 8 | 1 | Andreas Steffen | <pre> |
| 9 | 1 | Andreas Steffen | pki --gen --type bliss --size 1 --debug 2 > key1.der |
| 10 | 1 | Andreas Steffen | |
| 11 | 1 | Andreas Steffen | mgf1 based on sha1 is seeded with 20 octets |
| 12 | 1 | Andreas Steffen | mgf1 generated 240 octets |
| 13 | 1 | Andreas Steffen | mgf1 based on sha1 is seeded with 20 octets |
| 14 | 1 | Andreas Steffen | mgf1 generated 240 octets |
| 15 | 1 | Andreas Steffen | l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max) |
| 16 | 1 | Andreas Steffen | |
| 17 | 1 | Andreas Steffen | mgf1 based on sha1 is seeded with 20 octets |
| 18 | 1 | Andreas Steffen | mgf1 generated 220 octets |
| 19 | 1 | Andreas Steffen | mgf1 based on sha1 is seeded with 20 octets |
| 20 | 1 | Andreas Steffen | mgf1 generated 240 octets |
| 21 | 1 | Andreas Steffen | l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max) |
| 22 | 1 | Andreas Steffen | |
| 23 | 1 | Andreas Steffen | secret key generation succeeded after 2 trials |
| 24 | 1 | Andreas Steffen | </pre> |
| 25 | 2 | Andreas Steffen | When generating the private key consisting of the two polynomials *s1* and *s2*, the _Nk(S)_ metric must be fulfilled. This means that often several trials are needed in order to obtain a valid BLISS private key. |
| 26 | 1 | Andreas Steffen | |
| 27 | 1 | Andreas Steffen | With the command |
| 28 | 1 | Andreas Steffen | <pre> |
| 29 | 1 | Andreas Steffen | pki --print --type bliss-priv --in key1.der |
| 30 | 1 | Andreas Steffen | |
| 31 | 1 | Andreas Steffen | private key with: |
| 32 | 1 | Andreas Steffen | pubkey: BLISS 128 bits strength |
| 33 | 1 | Andreas Steffen | keyid: d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca |
| 34 | 1 | Andreas Steffen | subjkey: e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96 |
| 35 | 1 | Andreas Steffen | </pre> |
| 36 | 1 | Andreas Steffen | information on the BLISS private key is displayed. |
| 37 | 2 | Andreas Steffen | |
| 38 | 2 | Andreas Steffen | Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format |
| 39 | 2 | Andreas Steffen | <pre> |
| 40 | 2 | Andreas Steffen | pki --gen --type bliss --size 4 --outform pem > key4.pem |
| 41 | 2 | Andreas Steffen | secret key generation succeeded after 4 trials |
| 42 | 2 | Andreas Steffen | </pre> |
| 43 | 2 | Andreas Steffen | The PEM key format is printable |
| 44 | 2 | Andreas Steffen | <pre> |
| 45 | 2 | Andreas Steffen | cat key4.pem |
| 46 | 2 | Andreas Steffen | -----BEGIN BLISS PRIVATE KEY----- |
| 47 | 2 | Andreas Steffen | MIIFGgYLKwYBBAGCoCoFAgQDggOBACUkEElEU1wx3rTZLRp7ejCQl7beNwsiFfMs |
| 48 | 2 | Andreas Steffen | WWtH2EbLR1KxExmkc07Wp6GwEgQQVh5iHQaq0cX8aRSWUpne27elaBgfnv2lKIIY |
| 49 | 2 | Andreas Steffen | YRBechxMh7YGYVQl/8se1EeCZqqZiR7hEHyYCFogDiCM7aW8RTw0ZtbJBK37UkTR |
| 50 | 2 | Andreas Steffen | ZDoNjk9kyYEhZdoEsjGo0h5DBFLcxExk6Git+9e8xsJL4rdjLImGezgBOczbhTow |
| 51 | 2 | Andreas Steffen | migPmqQx4bi441BAIC65oIoSdQwdMmLnaHi6CAT314jGS8UG6hcTL6qO5iaoaKFA |
| 52 | 2 | Andreas Steffen | AVSX9EPRCtIxVq/IgqBKybK+bO9LWqQ1Pcn5u2KitXioNYg10YPcko0XNitUik/v |
| 53 | 2 | Andreas Steffen | VSQPW1EJ6ZJ9v/bTZZFi7QjTtKq8GoIld0Vhh1TFnfEOblOCSsi7B+TxJHAf5BkR |
| 54 | 2 | Andreas Steffen | ia1oxEN8iDA9xNL2ohzUJurdO/wCsCAstVC9HOKooqAR7EiFP7CEQwxXpxuw8Kv9 |
| 55 | 2 | Andreas Steffen | 2/0L8jy4Sq0thxlrSbtSdZGq1/gNYLqNII7oZJH0HfhpC6oMnq0t6GILZIME3Pti |
| 56 | 2 | Andreas Steffen | 9Kj9WMxZMCxOTC6Fl5IvzsCV1vHgNoB4MgUaJy6MUJyU+LdAhYmjso9rNdBah0Ku |
| 57 | 2 | Andreas Steffen | drJh1o1uS7ERUohYkJtlzky9XuS2pjwTELxpAsrPz6VM6ZXiZAZCuqF00crUoy2K |
| 58 | 2 | Andreas Steffen | yjiOpS5/4nKKEYyGez3QepLjTYzMapC7TXw7sD80H0S8BuSW+HJMFy4BWMXP5bps |
| 59 | 2 | Andreas Steffen | Chw7tFsWMa5i1oiXPUDoYlW740Zj5YwIY6e2oeBiEceU/5TkNXcbBJ4gojaKxwdz |
| 60 | 2 | Andreas Steffen | oOExefSthX91OcHhq2W0GSyZ9I+aUngseEdcYjKk2IL76kxWrdwoM95feDGY925r |
| 61 | 2 | Andreas Steffen | sRV0tpqiSKh04K1gV0wSRzT7w82lVwPwQlY9Hw1nVfVU99bzujoHSfiEFVUURFlQ |
| 62 | 2 | Andreas Steffen | jWAMBq32hwdfeghOEkLBLQYqRjWOyWSi7I1GWMJ/P7CaBiKiM096NCJiYJyUuj6l |
| 63 | 2 | Andreas Steffen | yM0gJJ0iiNNSF6oqQIQcwFOP9HTQk9DNE3AplGqrJptROtN8lvFlpnhQt6YQBHQX |
| 64 | 2 | Andreas Steffen | qAUCx47EsrN8W+m+XQKrdMOKhz3JxB+tcJOoQSsoZ1AT9eUaM5VxLoRGY3GMmG3e |
| 65 | 2 | Andreas Steffen | J3SETcNggvZlP25VgapsCInEWbnAJmPQ7ydTov8yF0EQdiiZYUQlHXvktTPpHgFP |
| 66 | 2 | Andreas Steffen | Vcc6A9TFA4HBAAQOAeOAdsAACDxyADyADyPwAOAR+CSuBxzweASQCBwRwQgCBxx+ |
| 67 | 2 | Andreas Steffen | QAQSAMAAeDwQAfyOTiST+AASOODuBx/wACQiOAASQeOACQB/9yAgOASDjyDwCQfw |
| 68 | 2 | Andreas Steffen | N+AeOAOOACPwQBwsAPwPzwMcCCCQADwSACCBx+DwQAPwASABwOOgBvwQCQDwPwAQ |
| 69 | 2 | Andreas Steffen | SBwFwOESSAef+QCT+ACPwAAeRyBsfwAAQAABgPwUAQOehweRwN+eNwDx/yDiOFyQ |
| 70 | 2 | Andreas Steffen | AOOABwEQAOBwAQOBwQDngAH9DAcg/hHoAlAE8AAfckfrgYkccA/IgAcEgY/gEIfk |
| 71 | 2 | Andreas Steffen | cHgEEEHjkgcfkjgDgYfj4AEAAAkAAgFcf8Dj/hEggADEBADjjjAgnjADogDj8/8f |
| 72 | 2 | Andreas Steffen | kjgAcAAAAEAcAA/gf/gg8cAALjkAcAEEgEYjk8AEDgcj8EAH/kEEcA7ggAADkcA8 |
| 73 | 2 | Andreas Steffen | AEkAkgAk/AAAEngEAgAAD8HkA8kEAjgA8A8YFcjoAAgD//jA8c/8cf/j8cAngAAc |
| 74 | 2 | Andreas Steffen | AHgHgkBE/nj8kcDgIAE= |
| 75 | 2 | Andreas Steffen | -----END BLISS PRIVATE KEY----- |
| 76 | 2 | Andreas Steffen | </pre> |