Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 2

Version 1 (Andreas Steffen, 12.12.2014 21:39) → Version 2/58 (Andreas Steffen, 12.12.2014 21:43)

h1. Bimodal Lattice Signature Scheme (BLISS)

BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method and added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool.

h2. BLISS Private Key Generation

strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows:
<pre>
pki --gen --type bliss --size 1 --debug 2 > key1.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 220 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)

secret key generation succeeded after 2 trials
</pre>
When generating the private key consisting of the two polynomials *s1* s1 and *s2*, s2, the _Nk(S)_ Nk(S) metric must be fulfilled. This means that often several trials are needed in order to obtain a valid BLISS private key.

With the command
<pre>
pki --print --type bliss-priv --in key1.der

private key with:
pubkey: BLISS 128 bits strength
keyid: d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
subjkey: e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
</pre>
information on the BLISS private key is displayed.

Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format
<pre>
pki --gen --type bliss --size 4 --outform pem > key4.pem
secret key generation succeeded after 4 trials
</pre>
The PEM key format is printable
<pre>
cat key4.pem
-----BEGIN BLISS PRIVATE KEY-----
MIIFGgYLKwYBBAGCoCoFAgQDggOBACUkEElEU1wx3rTZLRp7ejCQl7beNwsiFfMs
WWtH2EbLR1KxExmkc07Wp6GwEgQQVh5iHQaq0cX8aRSWUpne27elaBgfnv2lKIIY
YRBechxMh7YGYVQl/8se1EeCZqqZiR7hEHyYCFogDiCM7aW8RTw0ZtbJBK37UkTR
ZDoNjk9kyYEhZdoEsjGo0h5DBFLcxExk6Git+9e8xsJL4rdjLImGezgBOczbhTow
migPmqQx4bi441BAIC65oIoSdQwdMmLnaHi6CAT314jGS8UG6hcTL6qO5iaoaKFA
AVSX9EPRCtIxVq/IgqBKybK+bO9LWqQ1Pcn5u2KitXioNYg10YPcko0XNitUik/v
VSQPW1EJ6ZJ9v/bTZZFi7QjTtKq8GoIld0Vhh1TFnfEOblOCSsi7B+TxJHAf5BkR
ia1oxEN8iDA9xNL2ohzUJurdO/wCsCAstVC9HOKooqAR7EiFP7CEQwxXpxuw8Kv9
2/0L8jy4Sq0thxlrSbtSdZGq1/gNYLqNII7oZJH0HfhpC6oMnq0t6GILZIME3Pti
9Kj9WMxZMCxOTC6Fl5IvzsCV1vHgNoB4MgUaJy6MUJyU+LdAhYmjso9rNdBah0Ku
drJh1o1uS7ERUohYkJtlzky9XuS2pjwTELxpAsrPz6VM6ZXiZAZCuqF00crUoy2K
yjiOpS5/4nKKEYyGez3QepLjTYzMapC7TXw7sD80H0S8BuSW+HJMFy4BWMXP5bps
Chw7tFsWMa5i1oiXPUDoYlW740Zj5YwIY6e2oeBiEceU/5TkNXcbBJ4gojaKxwdz
oOExefSthX91OcHhq2W0GSyZ9I+aUngseEdcYjKk2IL76kxWrdwoM95feDGY925r
sRV0tpqiSKh04K1gV0wSRzT7w82lVwPwQlY9Hw1nVfVU99bzujoHSfiEFVUURFlQ
jWAMBq32hwdfeghOEkLBLQYqRjWOyWSi7I1GWMJ/P7CaBiKiM096NCJiYJyUuj6l
yM0gJJ0iiNNSF6oqQIQcwFOP9HTQk9DNE3AplGqrJptROtN8lvFlpnhQt6YQBHQX
qAUCx47EsrN8W+m+XQKrdMOKhz3JxB+tcJOoQSsoZ1AT9eUaM5VxLoRGY3GMmG3e
J3SETcNggvZlP25VgapsCInEWbnAJmPQ7ydTov8yF0EQdiiZYUQlHXvktTPpHgFP
Vcc6A9TFA4HBAAQOAeOAdsAACDxyADyADyPwAOAR+CSuBxzweASQCBwRwQgCBxx+
QAQSAMAAeDwQAfyOTiST+AASOODuBx/wACQiOAASQeOACQB/9yAgOASDjyDwCQfw
N+AeOAOOACPwQBwsAPwPzwMcCCCQADwSACCBx+DwQAPwASABwOOgBvwQCQDwPwAQ
SBwFwOESSAef+QCT+ACPwAAeRyBsfwAAQAABgPwUAQOehweRwN+eNwDx/yDiOFyQ
AOOABwEQAOBwAQOBwQDngAH9DAcg/hHoAlAE8AAfckfrgYkccA/IgAcEgY/gEIfk
cHgEEEHjkgcfkjgDgYfj4AEAAAkAAgFcf8Dj/hEggADEBADjjjAgnjADogDj8/8f
kjgAcAAAAEAcAA/gf/gg8cAALjkAcAEEgEYjk8AEDgcj8EAH/kEEcA7ggAADkcA8
AEkAkgAk/AAAEngEAgAAD8HkA8kEAjgA8A8YFcjoAAgD//jA8c/8cf/j8cAngAAc
AHgHgkBE/nj8kcDgIAE=
-----END BLISS PRIVATE KEY-----
</pre>