Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 35

Andreas Steffen, 14.12.2014 14:29

1 1 Andreas Steffen
h1. Bimodal Lattice Signature Scheme (BLISS)
2 1 Andreas Steffen
3 16 Andreas Steffen
{{>toc}}
4 16 Andreas Steffen
5 17 Andreas Steffen
BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool.
6 1 Andreas Steffen
7 17 Andreas Steffen
This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
8 7 Andreas Steffen
9 18 Andreas Steffen
h2. Building strongSwan with BLISS Support
10 18 Andreas Steffen
11 18 Andreas Steffen
If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
12 18 Andreas Steffen
<pre>
13 18 Andreas Steffen
wget http://download.strongswan.org/strongswan-5.2.2rc1.tar.bz2
14 18 Andreas Steffen
tar xjf strongswan-5.2.2rc1.tar.bz2
15 18 Andreas Steffen
cd strongswan-5.2.2rc1
16 18 Andreas Steffen
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
17 18 Andreas Steffen
make
18 18 Andreas Steffen
sudo make install
19 18 Andreas Steffen
</pre>
20 18 Andreas Steffen
21 1 Andreas Steffen
h2. BLISS Private Key Generation
22 1 Andreas Steffen
23 1 Andreas Steffen
strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows:
24 1 Andreas Steffen
<pre>
25 13 Andreas Steffen
pki --gen --type bliss --size 1 --debug 2 > cakey1.der
26 1 Andreas Steffen
27 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
28 1 Andreas Steffen
mgf1 generated 240 octets
29 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
30 1 Andreas Steffen
mgf1 generated 240 octets
31 1 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)
32 1 Andreas Steffen
33 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
34 1 Andreas Steffen
mgf1 generated 220 octets
35 1 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
36 1 Andreas Steffen
mgf1 generated 240 octets
37 1 Andreas Steffen
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)
38 1 Andreas Steffen
39 1 Andreas Steffen
secret key generation succeeded after 2 trials
40 1 Andreas Steffen
</pre>
41 9 Andreas Steffen
When generating the private key consisting of the two polynomials *s1* and *s2*, the limit for the _Nk(S)_ metric must not be exceeded. This means that often several trials are needed in order to obtain a valid BLISS private key. With the command
42 1 Andreas Steffen
<pre>
43 13 Andreas Steffen
pki --print --type bliss-priv --in cakey1.der
44 1 Andreas Steffen
45 1 Andreas Steffen
private key with:
46 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
47 1 Andreas Steffen
keyid:     d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
48 1 Andreas Steffen
subjkey:   e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
49 1 Andreas Steffen
</pre>
50 1 Andreas Steffen
information on the BLISS private key is displayed.
51 2 Andreas Steffen
52 1 Andreas Steffen
Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format
53 2 Andreas Steffen
<pre>
54 13 Andreas Steffen
pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
55 3 Andreas Steffen
secret key generation succeeded after 6 trials
56 1 Andreas Steffen
</pre>
57 1 Andreas Steffen
The PEM key format is printable
58 2 Andreas Steffen
<pre>
59 21 Andreas Steffen
cat cakey4.pem
60 3 Andreas Steffen
61 1 Andreas Steffen
-----BEGIN BLISS PRIVATE KEY-----
62 3 Andreas Steffen
MIIFGgYLKwYBBAGCoCoFAgQDggOBAEOoiWS7mISnnPjzFJu6REHq1REYuLfillD2
63 3 Andreas Steffen
VmmCWuB1NcL6GLTRFzwCMCw8KBLpyZhEAs6QlelSWVxPuBGMuQzQsmm9A3NjrV4U
64 3 Andreas Steffen
655KXTkuiTpZP00qsfKuqh6EofkQ+89YK6qZNnxAeJ/mB9Dlkq9ELPjigNlZfUkd
65 3 Andreas Steffen
Ky2fBJkwdKLb75WermM3tOYts0X06j7M3WX8DdVsGgIrzC57shAiD9nyhrUNHB15
66 3 Andreas Steffen
b9IymR84GW4BJofKVW2GJVeUyLnh8YP33OUx6F5aEqweSbi5dGtbDbr0WmK6LmNw
67 3 Andreas Steffen
dKQyv+hickbXGTWifAEktjpTApYjBBB6TZgiAW2P4T3dMq2ciQUbhCl1xWUlWF+2
68 3 Andreas Steffen
iZbfFrcMb4dVrWOYbQRfvURmCkvJWsXHiijK8E+pmCDCruQg7TuRlIdXCRhSZrzY
69 3 Andreas Steffen
+pLcY7mKBfyCvrmYmmCMRQQXeTDnGI/9VhHJ6icK6Mqy2BwRVFj9FmSsAHmF9gkL
70 3 Andreas Steffen
hcaPlsgpLqaoK41FcJHjMbJIjWKaHkFXMQ0K943cM0ivB3EqRG68AptqH1QxkIi6
71 3 Andreas Steffen
haUuQL6Nsl/tXo4VwyiVpm1faRQW5Re9L6KbEhLgnT3JeAft0zOOlHwx5myBDAxa
72 3 Andreas Steffen
s8LP9H/EyzpO4uyd1eHlqZvGEmlt9lhOikLwEohWDoZIpWFKrtfzciQMOugLq4m4
73 3 Andreas Steffen
n+ueVo25rvq6MRwncj0FCwlt0nAhWeP8hQYTzhgFsBeheM4OaWVRhRPQmqYFrLRZ
74 3 Andreas Steffen
grvkgGIQd2IDKhjqCI7gpOi/KRG5RbnyvO4zaqLNy16Lk4exZ2iin19YQpmU613j
75 3 Andreas Steffen
EVLsMoRTQl2tE+aB0GJ0BpE3u0Aqnrp6ZhCJmK8CybfYAGhV5sly59Cds7QtIw8r
76 3 Andreas Steffen
6pXl7Wd0q2sMFsUnqadcCwqoeOciqU+AwvQ+X2g4eilxV6D2TkLMMBUOYi5BqNdj
77 3 Andreas Steffen
a7pJAnUUMyEYvDXhMUYnjGlK3RFKHFCzCalQN0s5JLRTpLnTTy70TtvMaDJAWCwG
78 3 Andreas Steffen
OShSbNqr0zGNfnCsFjuppZ+5tQd7GRCgjL2uG0CDTIKEq5vmaH1d3FOldJX2uYYA
79 3 Andreas Steffen
O6QOKIThuiH3C0OgAQoLGoArsmFymtBXHxPZSjtE5SR+1YVCr4UEdGlSt2efJoxm
80 3 Andreas Steffen
eBaYki03CF2pSm7EDHxbEjDC9E3AeOfUW6Iq4dTGThjGNGnnBIbpv0mSdXFzWcZU
81 3 Andreas Steffen
3rwQo51EA4HBAACSCPjwAOUCAOCCCOP/gCDzxzweEOByCAACeEP1wF+DxhwBiQTw
82 3 Andreas Steffen
AP/0AAQFx/z+SACPgR+ASePwOAOgAAQBwDiAV0OOCADwB0eOgAeAOORwMAPzwOQS
83 3 Andreas Steffen
CBuMAQOB+Px/x+AuCeRweeADzwACPyCP+RyQhgBzwOCBwSBwOB+SeQAQCOBwACAB
84 3 Andreas Steffen
0eByABwQBwQAAeCBwgAAB/wACDwNyPgeQOPwAAR+OAR+AB+COAQCBx+QeB+R+B+Q
85 3 Andreas Steffen
CADjxwACPiARvwOBwQDjggcY7EEgAEHjcYAcogEHgccDjgcDg8fgAnjgAgfkgEgc
86 3 Andreas Steffen
DnjgAEbAn8ArnAhAAcAkAEgADkgAD8DgkDgkcDnkcE88jkjkgjgD9ccAg8cc8jjr
87 3 Andreas Steffen
kcgkABED8gAD8H/n8gAAj8AgEHj8D8D89Dfg4DAgEEAAgAj8HgkgAj8HgcHodAEk
88 3 Andreas Steffen
cn8DAL8AD/g//gcDkAEH/AAD/gcDnj8AkD8AcDgErkHjAAcA9AAAAcAcEEEgAAAg
89 3 Andreas Steffen
AYLoAgAEHgkDgYccgbk=
90 1 Andreas Steffen
-----END BLISS PRIVATE KEY-----
91 1 Andreas Steffen
</pre>
92 3 Andreas Steffen
At last let's generate a BLISS-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
93 3 Andreas Steffen
<pre>
94 13 Andreas Steffen
pki --gen --type bliss --size 3 --debug 4 > cakey3.der
95 3 Andreas Steffen
96 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
97 3 Andreas Steffen
mgf1 generated 380 octets
98 3 Andreas Steffen
mgf1 based on sha1 is seeded with 20 octets
99 3 Andreas Steffen
mgf1 generated 380 octets
100 3 Andreas Steffen
l2 norm of s1||s2: 1401, Nk(S): 125552 (128626 max)
101 3 Andreas Steffen
102 3 Andreas Steffen
secret key generation succeeded after 1 trial
103 3 Andreas Steffen
   i   f   g     a     F     G     A
104 3 Andreas Steffen
   0  -1   1 11932  6730 11344  6400
105 3 Andreas Steffen
   1   1   0  2227  1206  9396  6244
106 3 Andreas Steffen
   2  -1   2  4844   496   414  4411
107 3 Andreas Steffen
   3  -1   0  2768  2813  1412  6619
108 3 Andreas Steffen
   4   0   2  3583  2753  3520  9237
109 3 Andreas Steffen
   5   0   2 10160  2434  9512  8688
110 3 Andreas Steffen
   6   0   2  8157  9071 10775  8990
111 3 Andreas Steffen
   7   0   0  3862  5091   211  3126
112 3 Andreas Steffen
   8  -1   0  3045  2278  5799  8812
113 3 Andreas Steffen
   9   1   0  9942  5685  3335   541
114 3 Andreas Steffen
  10   0   0  8236  1637   526  5000
115 3 Andreas Steffen
  11   0   0  8638     9  9539 10618
116 3 Andreas Steffen
  12   0  -2 11526 11882  8890  8976
117 3 Andreas Steffen
  13  -1   0 12180 11895  3538  5231
118 3 Andreas Steffen
  14  -2   0  6332  4243 11062   243
119 3 Andreas Steffen
  15   0   0  4083  4302  3400  4000
120 3 Andreas Steffen
  16   0   2  4545  6031  2766  1708
121 3 Andreas Steffen
  17   0   0  1495  4119  8792 11954
122 3 Andreas Steffen
  18   1  -2  5664  9450  5151  6621
123 3 Andreas Steffen
  19   0   0  3580  1963 11193  1552
124 3 Andreas Steffen
  20  -1  -2  7090  5950 10318  8445
125 3 Andreas Steffen
  21   0   0  5180  8190  7147 11145
126 3 Andreas Steffen
  22   0  -2  8455 12226    27 10533
127 3 Andreas Steffen
  23   0   0   810  4585  6578  3333
128 3 Andreas Steffen
  24   1   0  5316  9595  2034  7088
129 3 Andreas Steffen
  25   0   0 10072 11746 10425  9554
130 3 Andreas Steffen
  26  -1   0  4544  5888  7751  8402
131 3 Andreas Steffen
  27   0   0  9529 10638  5983  9509
132 3 Andreas Steffen
  28   0   0  6832  8019  5519  1124
133 3 Andreas Steffen
  29   1  -2  8900  2356  4475  4326
134 3 Andreas Steffen
  30   0  -2  4438  7452  2418   406
135 3 Andreas Steffen
  31  -1  -2   363  9949  6078  3369
136 3 Andreas Steffen
  32   0   0  6032  9713 11653 12232
137 3 Andreas Steffen
  33   0   0  1342 11748 11094  4727
138 3 Andreas Steffen
  34  -1  -2   780  9506  2687  5713
139 3 Andreas Steffen
  35   1   0  1114 11518  5003  1173
140 3 Andreas Steffen
  36   1   0 11561  8458  9766  5255
141 3 Andreas Steffen
  37   0   0   932  4680  7848 10211
142 3 Andreas Steffen
  38   0   0  4748  4235  6832  9975
143 3 Andreas Steffen
  39   1   2  6338  9116  1371  9287
144 3 Andreas Steffen
  40   0   0  9216 11714 11657  4532
145 3 Andreas Steffen
  41   1  -2  1100  6203  6951  9887
146 3 Andreas Steffen
  42   1   0 11955  9307   124 11984
147 3 Andreas Steffen
  43   0   0  6550  6220  9948 11200
148 3 Andreas Steffen
  44   1   0 10183  7920  2231  2050
149 3 Andreas Steffen
  45   0   0  5858 10736 11843  4851
150 3 Andreas Steffen
  46   1   0  4402  6459  5976  5509
151 3 Andreas Steffen
  47   1   2  3354  2643  9397 11716
152 3 Andreas Steffen
  48   1  -2  9937  3908  1174 11478
153 3 Andreas Steffen
  49   2   0 11688  9298 10680  1833
154 3 Andreas Steffen
  50  -1   2  5348  4731 12240  5286
155 3 Andreas Steffen
  51   0   0  4594  1469 10189  5043
156 3 Andreas Steffen
  52   0   2  6324  1006  6445  3268
157 3 Andreas Steffen
  53   0  -4  2137  2707  4158   569
158 3 Andreas Steffen
  54  -1  -2   340  2232  4643  9852
159 3 Andreas Steffen
  55  -1   0  1784  8290  9620  3129
160 3 Andreas Steffen
  56   1   0  7203  5610 11341   749
161 3 Andreas Steffen
  57   0   0  6651 12057 10851  5621
162 3 Andreas Steffen
  58  -1   0   383  5516  9861  2272
163 3 Andreas Steffen
  59   2   0 10893  8086  1452   140
164 3 Andreas Steffen
  60   0   0  7921 10970  6955  9293
165 3 Andreas Steffen
  61   1  -2  4243 10170  5305  9178
166 3 Andreas Steffen
  62  -1   2  3565  2730  3858 11021
167 3 Andreas Steffen
  63   0   0  5697  1308  7157  8076
168 3 Andreas Steffen
  64   0  -2  4079  5666  9079  5400
169 3 Andreas Steffen
  65   1   0  3653  2895  1244 11606
170 3 Andreas Steffen
  66   0   2  9829  6670  4713  3470
171 3 Andreas Steffen
  67   1  -2 11728  5737  6142  2111
172 3 Andreas Steffen
  68   1  -2  7403 10194  2903  2562
173 3 Andreas Steffen
  69  -2   0   770  9857   301  4108
174 3 Andreas Steffen
  70   0  -2  6771  2653 10239  2130
175 3 Andreas Steffen
  71   0   0  7855  4463  7362  9248
176 3 Andreas Steffen
  72  -1   0 10880  6688  3127   311
177 3 Andreas Steffen
  73  -1   2  4691  8128   533  8290
178 3 Andreas Steffen
  74  -1  -2  4037  3558   115 10006
179 3 Andreas Steffen
  75   0   0  2284   389  6473  3776
180 3 Andreas Steffen
  76   0   0  5390  9091  1720  7047
181 3 Andreas Steffen
  77   0   2  4988  1314 11101  4376
182 3 Andreas Steffen
  78   1   0  5858  6929  7217  3009
183 3 Andreas Steffen
  79   0   0  8276  9115  9758  8600
184 3 Andreas Steffen
  80   0   0  1719  3490  6518  2847
185 3 Andreas Steffen
  81   0   0  3145    16  2434 10905
186 3 Andreas Steffen
  82   1   0 12177  5643  1293  9983
187 3 Andreas Steffen
  83   0   2  8860  7027  7247  4144
188 3 Andreas Steffen
  84   0  -2  8029 11886  5161  8312
189 3 Andreas Steffen
  85   0   0  6660  8970  4777  9518
190 3 Andreas Steffen
  86   0   2  8940  2217  8996  6495
191 3 Andreas Steffen
  87   0   0  4623  2243 11869 10300
192 3 Andreas Steffen
  88   0   4 11841  4074  6347  3751
193 3 Andreas Steffen
  89  -1   0  2220 12271  2346  3966
194 3 Andreas Steffen
  90   0   2 11997   617  8162  8020
195 3 Andreas Steffen
  91   0  -2  4335    73 10232  9399
196 3 Andreas Steffen
  92   1   2  8016 10780 11912 11369
197 3 Andreas Steffen
  93   0  -2  4302  7923   717  7152
198 3 Andreas Steffen
  94   0  -2  8014  1252  8311 11638
199 3 Andreas Steffen
  95   1   0 11580   975  1679  2699
200 3 Andreas Steffen
  96   1   2  6246  3336   161  6745
201 3 Andreas Steffen
  97  -1  -4  5081  9817 11892  6259
202 3 Andreas Steffen
  98   0   0  4544 10997 12278  4499
203 3 Andreas Steffen
  99   0   2  1616  9495 12225 10213
204 3 Andreas Steffen
 100  -1  -2  8533  8912  6448  9929
205 3 Andreas Steffen
 101   0   2  8850  8093 11649  9665
206 3 Andreas Steffen
 102   1  -4  9776  4225  8805  9906
207 3 Andreas Steffen
 103  -1   0 12203  5021 12232 10353
208 3 Andreas Steffen
 104   1   2  1285 10557  8597  2897
209 3 Andreas Steffen
 105   1   0  5553 11162  5268 10387
210 3 Andreas Steffen
 106  -1  -2  6413 10365 11905  6694
211 3 Andreas Steffen
 107   0  -2  1915  8797  5109 10630
212 3 Andreas Steffen
 108   1   2  5668  7809 10108   689
213 3 Andreas Steffen
 109   0  -2  5724  6433  9119  9062
214 3 Andreas Steffen
 110   1   0  3193  2998 10987  4238
215 3 Andreas Steffen
 111   0   2  3218  6756 10221 11532
216 3 Andreas Steffen
 112   0   0 11475  1061  3999  2494
217 3 Andreas Steffen
 113   0   0  1751 10398  9032 10926
218 3 Andreas Steffen
 114   0   0  5049  4368  3557  9980
219 3 Andreas Steffen
 115   0   0  6973 10707 10291  4631
220 3 Andreas Steffen
 116   0   0   826  2759  8952 11976
221 3 Andreas Steffen
 117  -2   0 11077  1210  8027  7898
222 3 Andreas Steffen
 118   0   0  3361  8733  5169   237
223 3 Andreas Steffen
 119   0   0  9447 10875 12077 11281
224 3 Andreas Steffen
 120   0   0  7154   928   564 11601
225 3 Andreas Steffen
 121  -1  -2  5099  1695  5523 11879
226 3 Andreas Steffen
 122   0  -2  5533  6614  4882  7444
227 3 Andreas Steffen
 123   0   2  2416  2221 11163  3679
228 3 Andreas Steffen
 124   0  -2   683  8407  7179 11214
229 3 Andreas Steffen
 125  -1   0  1698  4946  8846  5627
230 3 Andreas Steffen
 126   0   2 11993  1197  5067  2037
231 3 Andreas Steffen
 127  -1   2 11131 10689  4543  8346
232 3 Andreas Steffen
 128   1   0 11684 12052  5700  5576
233 3 Andreas Steffen
 129   0   0 11081  7285  5758  2882
234 3 Andreas Steffen
 130   0   0  2204 10550 10764 10396
235 3 Andreas Steffen
 131   0   0  5413  6834   237  9705
236 3 Andreas Steffen
 132   0   0  3139  9589  3580  1000
237 3 Andreas Steffen
 133   1   0  2435 10845 11335  4375
238 3 Andreas Steffen
 134   0   0  5835  9461  5820  8967
239 3 Andreas Steffen
 135   1   2  1986  7566  6638  7219
240 3 Andreas Steffen
 136   1   2 12005   279  4775   854
241 3 Andreas Steffen
 137   0  -2 11470  3603  1399  4755
242 3 Andreas Steffen
 138   0   4  3665 10794  4373 10453
243 3 Andreas Steffen
 139   0   0  6909  8265 11931 11831
244 3 Andreas Steffen
 140   1   2  9201  4238  3547  9596
245 3 Andreas Steffen
 141   1  -2  7577 11197  9585  4684
246 3 Andreas Steffen
 142   0   0  8947  1967  2051  7873
247 3 Andreas Steffen
 143   0  -2  9195  2467  6347  7903
248 3 Andreas Steffen
 144   1   2 11017  8525 11401 10043
249 3 Andreas Steffen
 145  -1   0  1786  7054  2174  5272
250 3 Andreas Steffen
 146   0   0  2541 11091 10944 11808
251 3 Andreas Steffen
 147   0   0  1685 12142  9116 11391
252 3 Andreas Steffen
 148   0  -2  9324 10699 11938  1090
253 3 Andreas Steffen
 149   1  -2  6706  2541  7886  7480
254 3 Andreas Steffen
 150   1   0 10550  1341  3839  5373
255 3 Andreas Steffen
 151  -1  -2  4665  7629  5217  2934
256 3 Andreas Steffen
 152   0   2  1311  6833  4048 11099
257 3 Andreas Steffen
 153   1   0 11994  1783 10226  2549
258 3 Andreas Steffen
 154   1   0  9953  5962 11300 10712
259 3 Andreas Steffen
 155   0  -2  2781 11449   395 11045
260 3 Andreas Steffen
 156  -1   4  6768  7744  9122  6955
261 3 Andreas Steffen
 157   0  -2  1288 10720  7913  9198
262 3 Andreas Steffen
 158   0   2  3735  3959  3762  4924
263 3 Andreas Steffen
 159   1   2  2817  4147  6807  6198
264 3 Andreas Steffen
 160   0   0  2935 11500 11190  4051
265 3 Andreas Steffen
 161   0   2  1193  7795 11414  3350
266 3 Andreas Steffen
 162  -1  -2   757  3411  9464  4481
267 3 Andreas Steffen
 163   0  -2  3830  7004 11979   593
268 3 Andreas Steffen
 164   0   0 11945    57  6438  9168
269 3 Andreas Steffen
 165  -2   2  1844   173  7130  9844
270 3 Andreas Steffen
 166   1   0  1055  4376   673   559
271 3 Andreas Steffen
 167   1   0   665  1744 11877  9442
272 3 Andreas Steffen
 168  -1   0   190  3421  9077  5294
273 3 Andreas Steffen
 169  -1   0  5948  4923 10003  9323
274 3 Andreas Steffen
 170   0  -2    66  3154  7238 10273
275 3 Andreas Steffen
 171   1   0  3608  7307  8272 11128
276 3 Andreas Steffen
 172   0  -2 11068 10669  7822 12269
277 3 Andreas Steffen
 173  -1  -2  2289  5725  7793 11084
278 3 Andreas Steffen
 174   0  -2  2045  9528  5770  5250
279 3 Andreas Steffen
 175   0  -2  5369  1937  9741  7669
280 3 Andreas Steffen
 176   0   0  5495   973    32  8740
281 3 Andreas Steffen
 177   1  -2   187  6219 10487 11605
282 3 Andreas Steffen
 178   0   0  6664  3891  6930  9183
283 3 Andreas Steffen
 179   0  -2  8951  3731  4350 10057
284 3 Andreas Steffen
 180   0  -2  2119  8064  2295    14
285 3 Andreas Steffen
 181   0   0  5587  7068 12132   419
286 3 Andreas Steffen
 182   1   0  5551  9660  4283  5818
287 3 Andreas Steffen
 183   1  -2    58   319  9240  1724
288 3 Andreas Steffen
 184   0   2  9694  6238  4742 12274
289 3 Andreas Steffen
 185   2   2  1752 10949  7406  7643
290 3 Andreas Steffen
 186   0   2  4551  4296  5533  7516
291 3 Andreas Steffen
 187   0   0  5809  2080  4616  3169
292 3 Andreas Steffen
 188   0  -2  4805  9682  4940 10345
293 3 Andreas Steffen
 189   0   4  5232 10223  8937  9376
294 3 Andreas Steffen
 190   0  -2  4985  6043  7853   528
295 3 Andreas Steffen
 191   1   0 11937  4497  1366  6015
296 3 Andreas Steffen
 192   1   0  7724  7554 12130  1918
297 3 Andreas Steffen
 193   0  -2  2011  4752  4070  3130
298 3 Andreas Steffen
 194   0   0  8272  1015  1803  3973
299 3 Andreas Steffen
 195  -1   0  7832  7988  9436  5558
300 3 Andreas Steffen
 196   0  -4  8854 10413 11890  8575
301 3 Andreas Steffen
 197   0   0  2277  3600   263 11719
302 3 Andreas Steffen
 198  -1   2  2986  1000  9583 11721
303 3 Andreas Steffen
 199   0   2  2907  8991 11579 11775
304 3 Andreas Steffen
 200   0   2  7872  2207  9525  1285
305 3 Andreas Steffen
 201   1   0  7562  9107  2777  2830
306 3 Andreas Steffen
 202  -2  -2 10678 10608  9041 10880
307 3 Andreas Steffen
 203   0   0   656 11804  3455  2400
308 3 Andreas Steffen
 204  -1  -2  4799  3910  3626  6180
309 3 Andreas Steffen
 205  -1   0  1998  5423  2614  5813
310 3 Andreas Steffen
 206   0   0  2327 11665  8051  2567
311 3 Andreas Steffen
 207   0   0   282  6807  4478  1129
312 3 Andreas Steffen
 208   0  -2  7967  3811 12284  6446
313 3 Andreas Steffen
 209  -1   0  3169 11501 11972 11650
314 3 Andreas Steffen
 210  -1   0  2614  4186  5549 10021
315 3 Andreas Steffen
 211   1  -2 11856 11417 10104  6753
316 3 Andreas Steffen
 212   1   0  3692  2680  3800 12107
317 3 Andreas Steffen
 213   0   2  4639  5506 11526  6189
318 3 Andreas Steffen
 214   0   0  6373  9147  2814  9738
319 3 Andreas Steffen
 215   0   0  1942  1124  9011  3124
320 3 Andreas Steffen
 216   0   2  5163   558 11376  4381
321 3 Andreas Steffen
 217   0   0 11687  9612  8623    84
322 3 Andreas Steffen
 218   0   0  8537  3843 11615    35
323 3 Andreas Steffen
 219   1   0 11885  4846  3711  6409
324 3 Andreas Steffen
 220   0   2  9728  8703  2262  5270
325 3 Andreas Steffen
 221  -1  -2  4928   745  4084  3453
326 3 Andreas Steffen
 222   0   2  2383  5711  4946 10846
327 3 Andreas Steffen
 223   0  -2  2480  3190 11514  2446
328 3 Andreas Steffen
 224   0   2  8786  4156 10444   381
329 3 Andreas Steffen
 225   0   0  7294  3059   859  5500
330 3 Andreas Steffen
 226   0  -2  2793  4752  4311 11196
331 3 Andreas Steffen
 227  -1   2  9428  8892  6184  2715
332 3 Andreas Steffen
 228   1   0  3240  6263  8476  7279
333 3 Andreas Steffen
 229   0   0  2533   993  6898  5972
334 3 Andreas Steffen
 230  -1   2  6513  1130   623  3622
335 3 Andreas Steffen
 231  -1   0  2175   455  8066   855
336 3 Andreas Steffen
 232   1  -2  8930 11192 11277  6039
337 3 Andreas Steffen
 233  -1   0 10052  9546  1723  3691
338 3 Andreas Steffen
 234   0   0 12282 10488  5953 11501
339 3 Andreas Steffen
 235   1   0   966  2764  1478  7550
340 3 Andreas Steffen
 236   0   4  2689  4295   136  7671
341 3 Andreas Steffen
 237   0   0  2735 10452  7686  5468
342 3 Andreas Steffen
 238  -1   0  7155  3804 11767  4710
343 3 Andreas Steffen
 239   1   2  6875  1049  8317  1238
344 3 Andreas Steffen
 240  -1  -2  5800  4804 10126  7221
345 3 Andreas Steffen
 241   0   2 10256  8623  4292 11309
346 3 Andreas Steffen
 242  -1   0  9012  8378  9611  5688
347 3 Andreas Steffen
 243  -1   2  4014  1882  3226 12134
348 3 Andreas Steffen
 244   0   2 11698  2629  1993  9817
349 3 Andreas Steffen
 245   1  -2  9293  4184  3392 10739
350 3 Andreas Steffen
 246   0   2    93   852  8664 11953
351 3 Andreas Steffen
 247   0   2  6230  8044  8507  6969
352 3 Andreas Steffen
 248  -1   2  6093  7622 10297  8445
353 3 Andreas Steffen
 249  -1   0 10974  7821  3675  3517
354 3 Andreas Steffen
 250  -1  -2  4760 11952  9509 11495
355 3 Andreas Steffen
 251   0  -2  7410  5638  8286  2604
356 3 Andreas Steffen
 252   0   0   313  2955  7834  4178
357 3 Andreas Steffen
 253  -1   0  9733  3273 12249 11493
358 3 Andreas Steffen
 254  -1   0   682  9048  9531  3876
359 3 Andreas Steffen
 255   1  -2  2283   179  4322  9567
360 3 Andreas Steffen
 256   0   0 10470  1633  2290  9062
361 3 Andreas Steffen
 257   0  -2 11005  5584  7880  6991
362 3 Andreas Steffen
 258   1  -2  2732  7686  7623  8563
363 3 Andreas Steffen
 259   0   0  8845  9994  6380  2032
364 3 Andreas Steffen
 260   0  -2  9527   785  4071  4639
365 3 Andreas Steffen
 261   0  -2  7141  5116   474  9863
366 3 Andreas Steffen
 262   0   0  8896  9356  8790  4233
367 3 Andreas Steffen
 263   0  -2  8781  5058 11323  5758
368 3 Andreas Steffen
 264  -1  -2  2106  4848  5472  3773
369 3 Andreas Steffen
 265   0   0 10312  2028  1706  5806
370 3 Andreas Steffen
 266  -1   0 11587 11556 10433  7614
371 3 Andreas Steffen
 267  -1   0  9354  4702  4673 11174
372 3 Andreas Steffen
 268   1   2  4179   310  1572  9202
373 3 Andreas Steffen
 269   0   0   231  7881  4637  8778
374 3 Andreas Steffen
 270   0   0 10643 12282  3262 11823
375 3 Andreas Steffen
 271   0   2  4803   573 11021 12201
376 3 Andreas Steffen
 272  -1   0 11942  2736  1772   881
377 3 Andreas Steffen
 273   1   0 10172  5565  7021  1748
378 3 Andreas Steffen
 274   0   2  8091   902 11967  2343
379 3 Andreas Steffen
 275   1   0  6507  2055  1543  1125
380 3 Andreas Steffen
 276   0   0  8363  4684  8421  7891
381 3 Andreas Steffen
 277   0   2 11435  7507  3108  1495
382 3 Andreas Steffen
 278   1   0  1121  5376  1638  8545
383 3 Andreas Steffen
 279   1   2  6659  7231  2291  9356
384 3 Andreas Steffen
 280   2  -2 11535  5948  8451 10276
385 3 Andreas Steffen
 281   0   2  9996  5929 11267 11752
386 3 Andreas Steffen
 282   0   0  9341 11999 10535  9922
387 3 Andreas Steffen
 283   0   0  1156   407  2491  5743
388 3 Andreas Steffen
 284   1   0 10878  9742 11436  7146
389 3 Andreas Steffen
 285   1   0  4269 10191  6723  1057
390 3 Andreas Steffen
 286   0   0  3150  6385 11151  8222
391 3 Andreas Steffen
 287  -1   2 10602 12270  1942 11540
392 3 Andreas Steffen
 288  -1   0  4149  9389  5193   155
393 3 Andreas Steffen
 289   1   0  2220  1914  7033  2039
394 3 Andreas Steffen
 290   1  -2  5849  9681  7990 10354
395 3 Andreas Steffen
 291   0  -2   578  1167  9422  2925
396 3 Andreas Steffen
 292   0   2  2784  4352  1474  8850
397 3 Andreas Steffen
 293   0   2  2831  7803  7941 10471
398 3 Andreas Steffen
 294   1  -2  1505  5309  1529 10706
399 3 Andreas Steffen
 295  -1  -2 12152  3117  1462  5319
400 3 Andreas Steffen
 296   0   0 12015 10147  2163  3011
401 3 Andreas Steffen
 297   0   2 12204  3215 10166   351
402 3 Andreas Steffen
 298  -1   0  3251  7021  9039  9355
403 3 Andreas Steffen
 299   0   0  5488  2986  1862  5927
404 3 Andreas Steffen
 300   1   0  7988   280  3983 11996
405 3 Andreas Steffen
 301   0  -2 11691   944  6647  7206
406 3 Andreas Steffen
 302   0  -2  5811  8894 11593  4438
407 3 Andreas Steffen
 303   1   2 11242  8285  3494  3099
408 3 Andreas Steffen
 304   0   0  1369  3781 11946  9679
409 3 Andreas Steffen
 305   0   0  4923   855 11924  2443
410 3 Andreas Steffen
 306   0   0 10077  6525  5892 12143
411 3 Andreas Steffen
 307   0   0  5765   923  7601  5041
412 3 Andreas Steffen
 308  -1   0 11585  4403  7020  7236
413 3 Andreas Steffen
 309  -1   0  9508 11281  9550  8744
414 3 Andreas Steffen
 310  -1   2  8015  7011  6196   851
415 3 Andreas Steffen
 311   0   0 10282  6674  7084  1139
416 3 Andreas Steffen
 312  -1   0   366  5463  5297 11037
417 3 Andreas Steffen
 313   0   0  3271  3185  6778 10142
418 3 Andreas Steffen
 314  -1   0  6295  3530  2128  3092
419 3 Andreas Steffen
 315  -1   2  2446  9761  5698  9652
420 3 Andreas Steffen
 316   0   0  6414  6084 11668  2854
421 3 Andreas Steffen
 317   1   0  7954 11099  5621  8453
422 3 Andreas Steffen
 318   1   0  8505  3817  6471  8585
423 3 Andreas Steffen
 319   0  -2 10555   260  7709  1873
424 3 Andreas Steffen
 320   0   0  4679  8577  2591  3492
425 3 Andreas Steffen
 321   1   0  4517 10562  7356 10826
426 3 Andreas Steffen
 322   0   0  5129  7378  6792 11094
427 3 Andreas Steffen
 323   1   0 11014  1117   906  7306
428 3 Andreas Steffen
 324  -1  -2  8930  3044  7558  1690
429 3 Andreas Steffen
 325   0  -2 12034  5641  5602  3833
430 3 Andreas Steffen
 326   1   0  4468  8161 11613  1703
431 3 Andreas Steffen
 327   0   0  9452  5643  6465   759
432 3 Andreas Steffen
 328  -1   0  4250  1062  8885  5366
433 3 Andreas Steffen
 329   0   0  2562 11062 10606 12050
434 3 Andreas Steffen
 330   0   0 11004  5092  1145  9690
435 3 Andreas Steffen
 331   0   0  3971  4167  9338 10914
436 3 Andreas Steffen
 332   0  -2  4640  2905  8263  8180
437 3 Andreas Steffen
 333  -1   2 11466 11858  4479  8686
438 3 Andreas Steffen
 334  -2  -2  2263 10527 11374  8335
439 3 Andreas Steffen
 335  -1   2  8803 10486  6140 10827
440 3 Andreas Steffen
 336   0   0  1608 10434   277  3299
441 3 Andreas Steffen
 337   0   0  8846  4037  5405 10610
442 3 Andreas Steffen
 338   0   2  2025  9028 11374   249
443 3 Andreas Steffen
 339   0   0  7495  5760  9448  3603
444 3 Andreas Steffen
 340   0   2    15 10858 10180    53
445 3 Andreas Steffen
 341   0   0  2216   822  8232 10505
446 3 Andreas Steffen
 342   0   0  4552  6213  8198  2721
447 3 Andreas Steffen
 343  -1   0  8537 12065  4985  6616
448 3 Andreas Steffen
 344   1   0    59  1083  5343  4975
449 3 Andreas Steffen
 345   0   0  6820  2485  7426  8044
450 3 Andreas Steffen
 346   0  -2    79  3592   780  2094
451 3 Andreas Steffen
 347   0   2  6060  2269  1661  5628
452 3 Andreas Steffen
 348  -1   0   483  7927  6962  9842
453 3 Andreas Steffen
 349  -1   0 10399 11975   182  8453
454 3 Andreas Steffen
 350   1   2 10965  8081  9568 12240
455 3 Andreas Steffen
 351  -1   0  6177  9642 10608  1217
456 3 Andreas Steffen
 352   0  -2  3647  7424  6312 11588
457 3 Andreas Steffen
 353   0  -2 10821  5412  7478  9670
458 3 Andreas Steffen
 354   0   2  7993  8400  9262  9133
459 3 Andreas Steffen
 355   0  -2 12183  9287  5467  4145
460 3 Andreas Steffen
 356   1  -2 11881 11278  2062  2271
461 3 Andreas Steffen
 357   0   0 11023 11205  4098  9315
462 3 Andreas Steffen
 358   0   0  2486  1161  4531 11806
463 3 Andreas Steffen
 359   0   2  7820  8932  2128  6164
464 3 Andreas Steffen
 360   0  -2  4830  2661  6650  6782
465 3 Andreas Steffen
 361   0   0  1280  8451  7065  2723
466 3 Andreas Steffen
 362   1  -4  3505  2948  7690 10249
467 3 Andreas Steffen
 363   0   0  1931   604   857 11619
468 3 Andreas Steffen
 364  -1   0  4519  1694  1682  7386
469 3 Andreas Steffen
 365   1   0  7001  5943 10006  9007
470 3 Andreas Steffen
 366   1   0  6867  7829  3179  9453
471 3 Andreas Steffen
 367   0   2  6439  1013  9753   968
472 3 Andreas Steffen
 368   0  -2   471  7027  6703  4401
473 3 Andreas Steffen
 369   0   2 10693  6320  2472  5896
474 3 Andreas Steffen
 370   1   0  6616  5825  5027  4446
475 3 Andreas Steffen
 371   0  -4  2610  2936 10741 11669
476 3 Andreas Steffen
 372  -1   0 10505  5607  7619 11326
477 3 Andreas Steffen
 373  -1   0  8796  8925  6540   641
478 3 Andreas Steffen
 374   0   0  7862  9942  2067  7361
479 3 Andreas Steffen
 375   2   2  5933 11598  7281  2337
480 3 Andreas Steffen
 376   0   0  4397  9644  2961   575
481 3 Andreas Steffen
 377   0   0 11546  3667    60   496
482 3 Andreas Steffen
 378   0   2 10359   897  6655  9940
483 3 Andreas Steffen
 379   0   0  8042 11627  7627  4091
484 3 Andreas Steffen
 380   0   2  7229  5196 10305  4323
485 3 Andreas Steffen
 381   0   2 11076  8341  5590   590
486 3 Andreas Steffen
 382   1  -2  5915   587  3514 10997
487 3 Andreas Steffen
 383   0   0  4235  5733  1374  7164
488 3 Andreas Steffen
 384   0  -2  6883  2313  3411   910
489 3 Andreas Steffen
 385   2   0  5537  5149   391 10153
490 3 Andreas Steffen
 386   0   0  4786  9993 11959  7183
491 3 Andreas Steffen
 387   1   0  8660  4137  8672  1422
492 3 Andreas Steffen
 388  -1   0 10388  8443  6742  3136
493 3 Andreas Steffen
 389  -1   0  3028  4136  7848  1024
494 3 Andreas Steffen
 390  -1  -2  3013  9457  3424  5692
495 3 Andreas Steffen
 391   0   2  6434 10654   246  8185
496 3 Andreas Steffen
 392  -1   0  5801  5730   384  4298
497 3 Andreas Steffen
 393   0   0  3559 11131  6623  3040
498 3 Andreas Steffen
 394   0   2  6911  3462  6279 10768
499 3 Andreas Steffen
 395   0   0  2559 11098  1487  5746
500 3 Andreas Steffen
 396   0   0  6942  1081  5465  2597
501 3 Andreas Steffen
 397   0   0  6852   666  5872  6467
502 3 Andreas Steffen
 398   0   0 10873  4863 11256  4225
503 3 Andreas Steffen
 399   1  -2  3670   513  2689  1203
504 3 Andreas Steffen
 400   1   0 11066  6794  6433  4163
505 3 Andreas Steffen
 401   0   2  4927 11148  7593  4700
506 3 Andreas Steffen
 402   0   2  5570  7675  6432  9507
507 3 Andreas Steffen
 403   0   0  9882 11756 11480  4705
508 3 Andreas Steffen
 404   1   2  9553  7076  9700  2926
509 3 Andreas Steffen
 405  -1   2  9678 12074  7468 11797
510 3 Andreas Steffen
 406   0   2  3955  2530 10255 10763
511 3 Andreas Steffen
 407   1   0 10843  8488 12022  6421
512 3 Andreas Steffen
 408   0   0  2514  2611  6629  2177
513 3 Andreas Steffen
 409  -2  -2  1934  6748  5463  3878
514 3 Andreas Steffen
 410   1  -2  2677  5860  4847 11948
515 3 Andreas Steffen
 411   1   0  2065  8327  9459  7023
516 3 Andreas Steffen
 412   0   0  6908  5681   530  4705
517 3 Andreas Steffen
 413   0   0 10718  6791  9883 10546
518 3 Andreas Steffen
 414  -1   0 10338 11007  3468  2087
519 3 Andreas Steffen
 415   1   0  7817   625 11048  7745
520 3 Andreas Steffen
 416   0   0 11023  4466 10734 10811
521 3 Andreas Steffen
 417   0   0  6306  7136  5359  9233
522 3 Andreas Steffen
 418   0   0  1858 10575  2337 11205
523 3 Andreas Steffen
 419   0   0  1118  2777  6009  7711
524 3 Andreas Steffen
 420   1   0  8755  4003  5535  8938
525 3 Andreas Steffen
 421  -1   0 12259  1775  2505  8171
526 3 Andreas Steffen
 422   0   0  5186 12038  9054  9707
527 3 Andreas Steffen
 423  -1   0  8317  9867  2073  6580
528 3 Andreas Steffen
 424   0  -2  3750  7074  7221 12191
529 3 Andreas Steffen
 425  -1  -2  7076  6288  3318 10214
530 3 Andreas Steffen
 426   0   0  4066  8076 12163  3442
531 3 Andreas Steffen
 427   1   2  5009   366 10803  1339
532 3 Andreas Steffen
 428   2   0  7392  9060  4955 11591
533 3 Andreas Steffen
 429  -1  -4  9381  8187  9349  5579
534 3 Andreas Steffen
 430   0   0  6499  4642  5787 12187
535 3 Andreas Steffen
 431   1   2 11461 11653  3278  7917
536 3 Andreas Steffen
 432   1   0  8976  7597   613  6477
537 3 Andreas Steffen
 433   0  -2  9335 10397  6485 11019
538 3 Andreas Steffen
 434   0  -2  7590  5554  4787  9128
539 3 Andreas Steffen
 435  -1  -2  7109  7497   615  8655
540 3 Andreas Steffen
 436   1   2  5984   709  9806  6063
541 3 Andreas Steffen
 437   1   0  4451  1057  1327  2187
542 3 Andreas Steffen
 438   0   0  6532  2071  1809  9139
543 3 Andreas Steffen
 439   0   0  5657  1586 11166  5121
544 3 Andreas Steffen
 440   0   0  3926  7845  1167  7773
545 3 Andreas Steffen
 441   0   0  6347   293  1762 11582
546 3 Andreas Steffen
 442   0   0 12239 10323  4500  6461
547 3 Andreas Steffen
 443   1  -2  1977  3819  4233  7946
548 3 Andreas Steffen
 444   0   0  5851  9874  3996  8822
549 3 Andreas Steffen
 445  -1   2  3107  3834  5546  9707
550 3 Andreas Steffen
 446   1   0  5636 11215 11094  5276
551 3 Andreas Steffen
 447  -1   0 12270  4649     5 11911
552 3 Andreas Steffen
 448   1  -2  6452   394  1732  3872
553 3 Andreas Steffen
 449  -2   0 11019   764  1006 10907
554 3 Andreas Steffen
 450   0  -4 11659  6297  4922  4827
555 3 Andreas Steffen
 451   1   2   890  9098 11786  3678
556 3 Andreas Steffen
 452   1   2  7670  7736  2460 10669
557 3 Andreas Steffen
 453   0   2  2047  7505 11511  3057
558 3 Andreas Steffen
 454   0   0 12148  5933  9508  9426
559 3 Andreas Steffen
 455   0   0  5596  3895  2879  7412
560 3 Andreas Steffen
 456   0   2  6504  2290  4180  9071
561 3 Andreas Steffen
 457   1   0  8051   946   316 11380
562 3 Andreas Steffen
 458   0  -2  2479 10389  6976  2480
563 3 Andreas Steffen
 459  -1   0 10512 10125  6279  6329
564 3 Andreas Steffen
 460   0   0  4709  6976  7912  6808
565 3 Andreas Steffen
 461   0   2  6605  9934 10200 10093
566 3 Andreas Steffen
 462  -1   0   949  7882  3698  1544
567 3 Andreas Steffen
 463   1  -2 10292  3467   350  3293
568 3 Andreas Steffen
 464   1   0  6448  9423  1313  2345
569 3 Andreas Steffen
 465   0   2   692  6812  7583  6050
570 3 Andreas Steffen
 466   1   0  3635  4184  2733  3816
571 3 Andreas Steffen
 467   0   0 12067  5816 10128 11192
572 3 Andreas Steffen
 468   0   0  9902  8712 11275  6813
573 3 Andreas Steffen
 469   0   0 10938  7970  1902  7019
574 3 Andreas Steffen
 470   1   0  9568  4228   242  5633
575 3 Andreas Steffen
 471   0   0  2196  5792  6794 10300
576 3 Andreas Steffen
 472   0   0  4075   157  8672  2560
577 3 Andreas Steffen
 473   0  -4  2110  3629  9461  9122
578 3 Andreas Steffen
 474  -2  -2  3412  4091  7245  4018
579 3 Andreas Steffen
 475   0   0 11653    40  5765 10897
580 3 Andreas Steffen
 476   0   0 10799   728  9056 10951
581 3 Andreas Steffen
 477   0   0  2114  2282  3786   314
582 3 Andreas Steffen
 478  -1   2   817 10585  8784 10553
583 3 Andreas Steffen
 479  -1   0  3705 12125  8654  5792
584 3 Andreas Steffen
 480   0  -4  1808  8664   196  4624
585 3 Andreas Steffen
 481  -1   2  5841  1907  7238  7769
586 3 Andreas Steffen
 482   0   0  8769  9263  6687   676
587 3 Andreas Steffen
 483   0   0  3412  9123  9517  1111
588 3 Andreas Steffen
 484  -1   0  4204    49 11892  6011
589 3 Andreas Steffen
 485  -1   0 11196   448  3872  2642
590 3 Andreas Steffen
 486   0   0   651  2142  3834  6611
591 3 Andreas Steffen
 487   1   4  7208 10823  6626 12033
592 3 Andreas Steffen
 488   0  -2  8558 10995 11169  2660
593 3 Andreas Steffen
 489   0   0  7955  2079  1785  7697
594 3 Andreas Steffen
 490   1   0  5565 11081  6935  1449
595 3 Andreas Steffen
 491   0   2 11661  2880 10737   887
596 3 Andreas Steffen
 492  -1  -2  2546  3372  1543  2424
597 3 Andreas Steffen
 493   1   0  1667 10715  7245 11246
598 3 Andreas Steffen
 494   0   0    93   456  1273  2563
599 3 Andreas Steffen
 495   0   0  3205  2733  6176  7453
600 3 Andreas Steffen
 496   1   0 12191  7834  2926 12258
601 3 Andreas Steffen
 497   0   0  3788  5251   935  6085
602 3 Andreas Steffen
 498   0   0 10114 12224  8954 11395
603 3 Andreas Steffen
 499   0  -2  7464   568  5744  7972
604 3 Andreas Steffen
 500  -1   0  1992  6344 10425  3471
605 3 Andreas Steffen
 501  -1   0  5249  7024   675  3466
606 3 Andreas Steffen
 502   0   2  8334  3338  1945  4805
607 3 Andreas Steffen
 503   0   0  8566   837  6796  2416
608 3 Andreas Steffen
 504  -1   2  1905  3844  2872  1612
609 3 Andreas Steffen
 505   0   2   377  8680  5459   608
610 3 Andreas Steffen
 506   0   0  1990  7692 10261  6844
611 3 Andreas Steffen
 507   0   2  5170  9084 10608  4433
612 3 Andreas Steffen
 508   0   0 11365  3048 11553  3451
613 3 Andreas Steffen
 509   0  -2 12098  6095 11214  3125
614 3 Andreas Steffen
 510   1  -2  1431  2633 10329  5488
615 3 Andreas Steffen
 511  -1  -2  3846  4226  8410  4614
616 3 Andreas Steffen
</pre>
617 10 Andreas Steffen
Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
618 4 Andreas Steffen
<pre>
619 4 Andreas Steffen
S1[91] is zero - s1 is not invertible
620 4 Andreas Steffen
</pre>
621 4 Andreas Steffen
and another trial run is started.
622 7 Andreas Steffen
623 10 Andreas Steffen
h2. BLISS Root CA Certificate Generation
624 7 Andreas Steffen
625 7 Andreas Steffen
A self-signed BLISS CA certificate can be generated with the following command
626 7 Andreas Steffen
<pre>
627 21 Andreas Steffen
pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem
628 7 Andreas Steffen
629 7 Andreas Steffen
  file content is not binary ASN.1
630 7 Andreas Steffen
  -----BEGIN BLISS PRIVATE KEY-----
631 7 Andreas Steffen
  -----END BLISS PRIVATE KEY-----
632 7 Andreas Steffen
633 7 Andreas Steffen
L0 - BLISSPrivateKey:
634 7 Andreas Steffen
L1 - keyType:
635 7 Andreas Steffen
  'BLISS-IV'
636 7 Andreas Steffen
L1 - public:
637 7 Andreas Steffen
L1 - secret1:
638 7 Andreas Steffen
L1 - secret2:
639 8 Andreas Steffen
640 7 Andreas Steffen
L0 - subjectPublicKeyInfo:
641 7 Andreas Steffen
L1 - algorithm:
642 7 Andreas Steffen
L2 - algorithmIdentifier:
643 7 Andreas Steffen
L3 - algorithm:
644 7 Andreas Steffen
  'blissPublicKey'
645 7 Andreas Steffen
L3 - parameters:
646 7 Andreas Steffen
L4 - blissKeyType:
647 7 Andreas Steffen
  'BLISS-IV'
648 7 Andreas Steffen
L1 - subjectPublicKey:
649 7 Andreas Steffen
650 7 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
651 11 Andreas Steffen
y1 = -859..738 (sigma2 = 71786, mean = -6.6)
652 11 Andreas Steffen
y2 = -852..644 (sigma2 = 65618, mean =  2.0)
653 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 63602, rejected
654 11 Andreas Steffen
mgf1 generated 10304 octets
655 1 Andreas Steffen
656 1 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
657 11 Andreas Steffen
y1 = -942..726 (sigma2 = 81503, mean = -8.6)
658 11 Andreas Steffen
y2 = -876..893 (sigma2 = 69883, mean =  2.4)
659 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 66020, accepted
660 11 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = 86651, rejected
661 11 Andreas Steffen
mgf1 generated 10528 octets
662 1 Andreas Steffen
663 11 Andreas Steffen
mgf1 based on sha256 is seeded with 32 octets
664 11 Andreas Steffen
y1 = -862..785 (sigma2 = 72628, mean = -7.1)
665 11 Andreas Steffen
y2 = -782..921 (sigma2 = 74618, mean =  4.1)
666 11 Andreas Steffen
norm2(s1*c) + norm2(s2*c) = 64940, accepted
667 11 Andreas Steffen
scalar(z1,s1*c) + scalar(z2,s2*c) = -176380, accepted
668 7 Andreas Steffen
669 11 Andreas Steffen
z1 = -873..780, z2d = -3..4
670 11 Andreas Steffen
671 11 Andreas Steffen
efficiency of Huffman coder is 3.4121 bits/tuple (1747 bits)
672 11 Andreas Steffen
generated BLISS signature (6706 bits encoded in 839 bytes)
673 11 Andreas Steffen
674 11 Andreas Steffen
signature generation needed 3 rounds
675 11 Andreas Steffen
mgf1 generated 10656 octets
676 10 Andreas Steffen
</pre>
677 11 Andreas Steffen
With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process usually requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
678 10 Andreas Steffen
679 10 Andreas Steffen
A BLISS certificate can be displayed at any time with
680 10 Andreas Steffen
<pre>
681 13 Andreas Steffen
pki --print --debug 2 --in cacert4.pem
682 10 Andreas Steffen
683 1 Andreas Steffen
L0 - x509:
684 10 Andreas Steffen
L1 - tbsCertificate:
685 10 Andreas Steffen
L2 - DEFAULT v1:
686 10 Andreas Steffen
L3 - version:
687 10 Andreas Steffen
  X.509v3
688 10 Andreas Steffen
L2 - serialNumber:
689 10 Andreas Steffen
L2 - signature:
690 10 Andreas Steffen
L3 - algorithmIdentifier:
691 10 Andreas Steffen
L4 - algorithm:
692 10 Andreas Steffen
  'BLISS-with-SHA512'
693 10 Andreas Steffen
L2 - issuer:
694 12 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
695 10 Andreas Steffen
L2 - validity:
696 10 Andreas Steffen
L3 - notBefore:
697 10 Andreas Steffen
L4 - utcTime:
698 11 Andreas Steffen
  'Dec 13 12:01:57 UTC 2014'
699 10 Andreas Steffen
L3 - notAfter:
700 10 Andreas Steffen
L4 - utcTime:
701 11 Andreas Steffen
  'Dec 13 12:01:57 UTC 2024'
702 10 Andreas Steffen
L2 - subject:
703 12 Andreas Steffen
  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
704 1 Andreas Steffen
L2 - subjectPublicKeyInfo:
705 1 Andreas Steffen
-- > --
706 1 Andreas Steffen
  L0 - subjectPublicKeyInfo:
707 1 Andreas Steffen
  L1 - algorithm:
708 1 Andreas Steffen
  L2 - algorithmIdentifier:
709 1 Andreas Steffen
  L3 - algorithm:
710 1 Andreas Steffen
    'blissPublicKey'
711 1 Andreas Steffen
  L3 - parameters:
712 1 Andreas Steffen
  L0 - subjectPublicKeyInfo:
713 1 Andreas Steffen
  L1 - algorithm:
714 1 Andreas Steffen
  L2 - algorithmIdentifier:
715 1 Andreas Steffen
  L3 - algorithm:
716 1 Andreas Steffen
    'blissPublicKey'
717 1 Andreas Steffen
  L3 - parameters:
718 1 Andreas Steffen
  L4 - blissKeyType:
719 1 Andreas Steffen
    'BLISS-IV'
720 1 Andreas Steffen
  L1 - subjectPublicKey:
721 1 Andreas Steffen
-- < --
722 11 Andreas Steffen
L2 - optional extensions:
723 11 Andreas Steffen
L3 - extensions:
724 11 Andreas Steffen
L4 - extension:
725 11 Andreas Steffen
L5 - extnID:
726 11 Andreas Steffen
  'basicConstraints'
727 11 Andreas Steffen
L5 - critical:
728 11 Andreas Steffen
  TRUE
729 11 Andreas Steffen
L5 - extnValue:
730 11 Andreas Steffen
L6 - basicConstraints:
731 11 Andreas Steffen
L7 - CA:
732 11 Andreas Steffen
  TRUE
733 11 Andreas Steffen
L4 - extension:
734 11 Andreas Steffen
L5 - extnID:
735 11 Andreas Steffen
  'keyUsage'
736 11 Andreas Steffen
L5 - critical:
737 11 Andreas Steffen
  TRUE
738 11 Andreas Steffen
L5 - extnValue:
739 11 Andreas Steffen
L4 - extension:
740 11 Andreas Steffen
L5 - extnID:
741 11 Andreas Steffen
  'subjectKeyIdentifier'
742 11 Andreas Steffen
L5 - critical:
743 11 Andreas Steffen
  FALSE
744 11 Andreas Steffen
L5 - extnValue:
745 11 Andreas Steffen
L6 - keyIdentifier:
746 10 Andreas Steffen
L1 - signatureAlgorithm:
747 1 Andreas Steffen
L2 - algorithmIdentifier:
748 1 Andreas Steffen
L3 - algorithm:
749 1 Andreas Steffen
  'BLISS-with-SHA512'
750 1 Andreas Steffen
L1 - signatureValue:
751 10 Andreas Steffen
752 11 Andreas Steffen
z1 = -873..780, z2d = -3..4
753 10 Andreas Steffen
754 10 Andreas Steffen
cert:      X509
755 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
756 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
757 11 Andreas Steffen
validity:  not before Dec 13 13:01:57 2014, ok
758 11 Andreas Steffen
           not after  Dec 13 13:01:57 2024, ok (expires in 3652 days)
759 11 Andreas Steffen
serial:    12:a0:ca:85:51:b9:f3:27
760 11 Andreas Steffen
flags:     CA CRLSign self-signed
761 10 Andreas Steffen
subjkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
762 10 Andreas Steffen
pubkey:    BLISS 192 bits strength
763 10 Andreas Steffen
keyid:     55:ee:7a:31:44:e5:a0:cf:b6:c9:a7:17:98:c9:60:a7:eb:d0:4e:4f
764 11 Andreas Steffen
subjkey:   37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
765 10 Andreas Steffen
</pre>
766 11 Andreas Steffen
If you are not interested in any detailed information then just creat a self-signed BLISS CA certificate with
767 10 Andreas Steffen
<pre>
768 21 Andreas Steffen
pki --self --type bliss --in cakey1.der --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 > cacert1.der
769 10 Andreas Steffen
</pre>
770 10 Andreas Steffen
and view it with
771 10 Andreas Steffen
<pre>
772 13 Andreas Steffen
pki --print --in cacert1.der
773 11 Andreas Steffen
774 10 Andreas Steffen
cert:      X509
775 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
776 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
777 11 Andreas Steffen
validity:  not before Dec 13 12:58:21 2014, ok
778 1 Andreas Steffen
           not after  Dec 13 12:58:21 2024, ok (expires in 3652 days)
779 1 Andreas Steffen
serial:    5d:06:0d:4b:69:64:84:62
780 1 Andreas Steffen
flags:     CA CRLSign self-signed
781 1 Andreas Steffen
subjkeyId: f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
782 1 Andreas Steffen
pubkey:    BLISS 128 bits strength
783 1 Andreas Steffen
keyid:     df:78:00:c4:b4:13:e7:fd:4f:05:dd:39:1a:2e:2b:c5:65:39:10:f4
784 1 Andreas Steffen
subjkey:   f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
785 1 Andreas Steffen
</pre>
786 12 Andreas Steffen
787 16 Andreas Steffen
h2. BLISS End Entity Certificate Generation
788 12 Andreas Steffen
789 12 Andreas Steffen
We are now going to generate a BLISS-I key pair for user Carol:
790 12 Andreas Steffen
<pre>
791 12 Andreas Steffen
pki --gen --type bliss --size 1 > carolKey.der
792 12 Andreas Steffen
793 12 Andreas Steffen
secret key generation succeeded after 2 trials
794 12 Andreas Steffen
</pre>
795 12 Andreas Steffen
Next we create a self-signed PKCS#10 certificate request
796 12 Andreas Steffen
<pre>
797 12 Andreas Steffen
 pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
798 12 Andreas Steffen
</pre>
799 12 Andreas Steffen
which is used as the input for the CA to create a signed end entity certificate:
800 12 Andreas Steffen
<pre>
801 13 Andreas Steffen
 pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
802 12 Andreas Steffen
</pre>
803 12 Andreas Steffen
and which has the following content
804 12 Andreas Steffen
<pre>
805 13 Andreas Steffen
pki --print --in carolCert.der
806 12 Andreas Steffen
807 12 Andreas Steffen
cert:      X509
808 12 Andreas Steffen
subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
809 12 Andreas Steffen
issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
810 12 Andreas Steffen
validity:  not before Dec 13 13:20:34 2014, ok
811 1 Andreas Steffen
           not after  Dec 12 13:20:34 2017, ok (expires in 1094 days)
812 1 Andreas Steffen
serial:    38:a9:13:10:c2:ed:ed:c3
813 1 Andreas Steffen
altNames:  carol@strongswan.org
814 1 Andreas Steffen
flags:     clientAuth
815 1 Andreas Steffen
CRL URIs:  http://crl.strongswan.org/bliss.crl
816 12 Andreas Steffen
authkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
817 12 Andreas Steffen
subjkeyId: 8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
818 12 Andreas Steffen
pubkey:    BLISS 128 bits strength
819 12 Andreas Steffen
keyid:     5b:cf:17:14:a8:d8:aa:bc:40:f3:21:95:a9:67:7d:20:af:66:4e:c2
820 12 Andreas Steffen
subjkey:   8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
821 13 Andreas Steffen
</pre>
822 13 Andreas Steffen
823 13 Andreas Steffen
h2. IKEv2 Public Key Authentication using BLISS Signatures
824 13 Andreas Steffen
825 14 Andreas Steffen
The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5rc/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
826 15 Andreas Steffen
827 15 Andreas Steffen
IKE_AUTH Request
828 14 Andreas Steffen
<pre>
829 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
830 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[IKE] establishing CHILD_SA home
831 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
832 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
833 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
834 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
835 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
836 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
837 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
838 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
839 14 Andreas Steffen
</pre>
840 15 Andreas Steffen
841 15 Andreas Steffen
IKE_AUTH Response
842 14 Andreas Steffen
<pre>
843 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
844 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
845 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #1 of 3, waiting for complete IKE message
846 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
847 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
848 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 03[ENC] received fragment #2 of 3, waiting for complete IKE message
849 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (548 bytes)
850 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
851 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
852 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
853 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
854 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
855 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
856 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
857 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
858 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
859 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
860 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   crl is valid: until Jan 11 12:36:45 2015
861 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG] certificate status is good
862 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
863 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS signature successful
864 14 Andreas Steffen
Dec 12 13:53:12 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
865 14 Andreas Steffen
</pre>
866 22 Andreas Steffen
BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
867 15 Andreas Steffen
868 15 Andreas Steffen
IKE_SA_INIT Request
869 14 Andreas Steffen
<pre>
870 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
871 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
872 14 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
873 1 Andreas Steffen
Dec 12 13:53:11 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (813 bytes)
874 1 Andreas Steffen
</pre>
875 16 Andreas Steffen
876 16 Andreas Steffen
h2. Design Details on BLISS Signatures
877 16 Andreas Steffen
878 19 Andreas Steffen
* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
879 19 Andreas Steffen
880 35 Andreas Steffen
* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
881 1 Andreas Steffen
882 35 Andreas Steffen
* Measured BLISS Signature Size*
883 33 Andreas Steffen
884 34 Andreas Steffen
  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
885 34 Andreas Steffen
  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
886 34 Andreas Steffen
  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
887 1 Andreas Steffen
  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
888 35 Andreas Steffen
889 35 Andreas Steffen
  *statistics based on a measurement set of 50 signatures, each
890 23 Andreas Steffen
891 23 Andreas Steffen
h2. ASN.1 Syntax
892 23 Andreas Steffen
893 26 Andreas Steffen
h3. Object Identifiers
894 26 Andreas Steffen
895 26 Andreas Steffen
<pre>
896 26 Andreas Steffen
id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
897 26 Andreas Steffen
898 26 Andreas Steffen
keyType { id-bliss 1 }
899 26 Andreas Steffen
900 26 Andreas Steffen
blissPublicKey { keyType 1 }
901 26 Andreas Steffen
902 26 Andreas Steffen
parameters { id-bliss 2 }
903 26 Andreas Steffen
904 26 Andreas Steffen
blissI   = { parameters 1 }
905 26 Andreas Steffen
blissII  = { parameters 2 }
906 26 Andreas Steffen
blissIII = { parameters 3 }
907 26 Andreas Steffen
blissIV  = { parameters 4 }
908 26 Andreas Steffen
909 26 Andreas Steffen
910 27 Andreas Steffen
blissSigType = { id-bliss 3 }
911 26 Andreas Steffen
912 27 Andreas Steffen
blissWithSha512 = { blissSigType 1 }
913 26 Andreas Steffen
</pre>
914 26 Andreas Steffen
915 23 Andreas Steffen
h3. BLISS Private Key
916 23 Andreas Steffen
917 23 Andreas Steffen
<pre>
918 23 Andreas Steffen
BlissPrivateKey  ::= SEQUENCE {
919 27 Andreas Steffen
    parameter OBJECT IDENTIFIER,
920 27 Andreas Steffen
    public    BIT STRING, -- A
921 27 Andreas Steffen
    secret1   BIT STRING, -- s1
922 27 Andreas Steffen
    secret2   BIT STRING  -- s2 }
923 23 Andreas Steffen
</pre>
924 23 Andreas Steffen
925 29 Andreas Steffen
As *parameter* one of the BLISS parameters OIDs *blissI* .. *blissIV* is used.
926 1 Andreas Steffen
927 28 Andreas Steffen
h3. BLISS Public Key
928 29 Andreas Steffen
929 1 Andreas Steffen
<pre>
930 28 Andreas Steffen
SubjectPublicKeyInfo  ::=  SEQUENCE  {
931 28 Andreas Steffen
    algorithm         AlgorithmIdentifier,
932 28 Andreas Steffen
    subjectPublicKey  BIT STRING  }
933 1 Andreas Steffen
934 28 Andreas Steffen
AlgorithmIdentifier  ::=  SEQUENCE  {
935 28 Andreas Steffen
    algorithm         OBJECT IDENTIFIER,
936 28 Andreas Steffen
    parameters        OBJECT IDENTIFER }
937 23 Andreas Steffen
</pre>
938 1 Andreas Steffen
939 30 Andreas Steffen
As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *blissI* .. *blissIV*. 
940 23 Andreas Steffen