Project

General

Profile

Bimodal Lattice Signature Scheme (BLISS) » History » Version 35

Version 34 (Andreas Steffen, 14.12.2014 11:15) → Version 35/58 (Andreas Steffen, 14.12.2014 14:29)

h1. Bimodal Lattice Signature Scheme (BLISS)

{{>toc}}

BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool.

This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.

h2. Building strongSwan with BLISS Support

If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
<pre>
wget http://download.strongswan.org/strongswan-5.2.2rc1.tar.bz2
tar xjf strongswan-5.2.2rc1.tar.bz2
cd strongswan-5.2.2rc1
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
make
sudo make install
</pre>

h2. BLISS Private Key Generation

strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows:
<pre>
pki --gen --type bliss --size 1 --debug 2 > cakey1.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 220 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 240 octets
l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)

secret key generation succeeded after 2 trials
</pre>
When generating the private key consisting of the two polynomials *s1* and *s2*, the limit for the _Nk(S)_ metric must not be exceeded. This means that often several trials are needed in order to obtain a valid BLISS private key. With the command
<pre>
pki --print --type bliss-priv --in cakey1.der

private key with:
pubkey: BLISS 128 bits strength
keyid: d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
subjkey: e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
</pre>
information on the BLISS private key is displayed.

Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format
<pre>
pki --gen --type bliss --size 4 --outform pem > cakey4.pem
secret key generation succeeded after 6 trials
</pre>
The PEM key format is printable
<pre>
cat cakey4.pem

-----BEGIN BLISS PRIVATE KEY-----
MIIFGgYLKwYBBAGCoCoFAgQDggOBAEOoiWS7mISnnPjzFJu6REHq1REYuLfillD2
VmmCWuB1NcL6GLTRFzwCMCw8KBLpyZhEAs6QlelSWVxPuBGMuQzQsmm9A3NjrV4U
655KXTkuiTpZP00qsfKuqh6EofkQ+89YK6qZNnxAeJ/mB9Dlkq9ELPjigNlZfUkd
Ky2fBJkwdKLb75WermM3tOYts0X06j7M3WX8DdVsGgIrzC57shAiD9nyhrUNHB15
b9IymR84GW4BJofKVW2GJVeUyLnh8YP33OUx6F5aEqweSbi5dGtbDbr0WmK6LmNw
dKQyv+hickbXGTWifAEktjpTApYjBBB6TZgiAW2P4T3dMq2ciQUbhCl1xWUlWF+2
iZbfFrcMb4dVrWOYbQRfvURmCkvJWsXHiijK8E+pmCDCruQg7TuRlIdXCRhSZrzY
+pLcY7mKBfyCvrmYmmCMRQQXeTDnGI/9VhHJ6icK6Mqy2BwRVFj9FmSsAHmF9gkL
hcaPlsgpLqaoK41FcJHjMbJIjWKaHkFXMQ0K943cM0ivB3EqRG68AptqH1QxkIi6
haUuQL6Nsl/tXo4VwyiVpm1faRQW5Re9L6KbEhLgnT3JeAft0zOOlHwx5myBDAxa
s8LP9H/EyzpO4uyd1eHlqZvGEmlt9lhOikLwEohWDoZIpWFKrtfzciQMOugLq4m4
n+ueVo25rvq6MRwncj0FCwlt0nAhWeP8hQYTzhgFsBeheM4OaWVRhRPQmqYFrLRZ
grvkgGIQd2IDKhjqCI7gpOi/KRG5RbnyvO4zaqLNy16Lk4exZ2iin19YQpmU613j
EVLsMoRTQl2tE+aB0GJ0BpE3u0Aqnrp6ZhCJmK8CybfYAGhV5sly59Cds7QtIw8r
6pXl7Wd0q2sMFsUnqadcCwqoeOciqU+AwvQ+X2g4eilxV6D2TkLMMBUOYi5BqNdj
a7pJAnUUMyEYvDXhMUYnjGlK3RFKHFCzCalQN0s5JLRTpLnTTy70TtvMaDJAWCwG
OShSbNqr0zGNfnCsFjuppZ+5tQd7GRCgjL2uG0CDTIKEq5vmaH1d3FOldJX2uYYA
O6QOKIThuiH3C0OgAQoLGoArsmFymtBXHxPZSjtE5SR+1YVCr4UEdGlSt2efJoxm
eBaYki03CF2pSm7EDHxbEjDC9E3AeOfUW6Iq4dTGThjGNGnnBIbpv0mSdXFzWcZU
3rwQo51EA4HBAACSCPjwAOUCAOCCCOP/gCDzxzweEOByCAACeEP1wF+DxhwBiQTw
AP/0AAQFx/z+SACPgR+ASePwOAOgAAQBwDiAV0OOCADwB0eOgAeAOORwMAPzwOQS
CBuMAQOB+Px/x+AuCeRweeADzwACPyCP+RyQhgBzwOCBwSBwOB+SeQAQCOBwACAB
0eByABwQBwQAAeCBwgAAB/wACDwNyPgeQOPwAAR+OAR+AB+COAQCBx+QeB+R+B+Q
CADjxwACPiARvwOBwQDjggcY7EEgAEHjcYAcogEHgccDjgcDg8fgAnjgAgfkgEgc
DnjgAEbAn8ArnAhAAcAkAEgADkgAD8DgkDgkcDnkcE88jkjkgjgD9ccAg8cc8jjr
kcgkABED8gAD8H/n8gAAj8AgEHj8D8D89Dfg4DAgEEAAgAj8HgkgAj8HgcHodAEk
cn8DAL8AD/g//gcDkAEH/AAD/gcDnj8AkD8AcDgErkHjAAcA9AAAAcAcEEEgAAAg
AYLoAgAEHgkDgYccgbk=
-----END BLISS PRIVATE KEY-----
</pre>
At last let's generate a BLISS-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
<pre>
pki --gen --type bliss --size 3 --debug 4 > cakey3.der

mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 380 octets
mgf1 based on sha1 is seeded with 20 octets
mgf1 generated 380 octets
l2 norm of s1||s2: 1401, Nk(S): 125552 (128626 max)

secret key generation succeeded after 1 trial
i f g a F G A
0 -1 1 11932 6730 11344 6400
1 1 0 2227 1206 9396 6244
2 -1 2 4844 496 414 4411
3 -1 0 2768 2813 1412 6619
4 0 2 3583 2753 3520 9237
5 0 2 10160 2434 9512 8688
6 0 2 8157 9071 10775 8990
7 0 0 3862 5091 211 3126
8 -1 0 3045 2278 5799 8812
9 1 0 9942 5685 3335 541
10 0 0 8236 1637 526 5000
11 0 0 8638 9 9539 10618
12 0 -2 11526 11882 8890 8976
13 -1 0 12180 11895 3538 5231
14 -2 0 6332 4243 11062 243
15 0 0 4083 4302 3400 4000
16 0 2 4545 6031 2766 1708
17 0 0 1495 4119 8792 11954
18 1 -2 5664 9450 5151 6621
19 0 0 3580 1963 11193 1552
20 -1 -2 7090 5950 10318 8445
21 0 0 5180 8190 7147 11145
22 0 -2 8455 12226 27 10533
23 0 0 810 4585 6578 3333
24 1 0 5316 9595 2034 7088
25 0 0 10072 11746 10425 9554
26 -1 0 4544 5888 7751 8402
27 0 0 9529 10638 5983 9509
28 0 0 6832 8019 5519 1124
29 1 -2 8900 2356 4475 4326
30 0 -2 4438 7452 2418 406
31 -1 -2 363 9949 6078 3369
32 0 0 6032 9713 11653 12232
33 0 0 1342 11748 11094 4727
34 -1 -2 780 9506 2687 5713
35 1 0 1114 11518 5003 1173
36 1 0 11561 8458 9766 5255
37 0 0 932 4680 7848 10211
38 0 0 4748 4235 6832 9975
39 1 2 6338 9116 1371 9287
40 0 0 9216 11714 11657 4532
41 1 -2 1100 6203 6951 9887
42 1 0 11955 9307 124 11984
43 0 0 6550 6220 9948 11200
44 1 0 10183 7920 2231 2050
45 0 0 5858 10736 11843 4851
46 1 0 4402 6459 5976 5509
47 1 2 3354 2643 9397 11716
48 1 -2 9937 3908 1174 11478
49 2 0 11688 9298 10680 1833
50 -1 2 5348 4731 12240 5286
51 0 0 4594 1469 10189 5043
52 0 2 6324 1006 6445 3268
53 0 -4 2137 2707 4158 569
54 -1 -2 340 2232 4643 9852
55 -1 0 1784 8290 9620 3129
56 1 0 7203 5610 11341 749
57 0 0 6651 12057 10851 5621
58 -1 0 383 5516 9861 2272
59 2 0 10893 8086 1452 140
60 0 0 7921 10970 6955 9293
61 1 -2 4243 10170 5305 9178
62 -1 2 3565 2730 3858 11021
63 0 0 5697 1308 7157 8076
64 0 -2 4079 5666 9079 5400
65 1 0 3653 2895 1244 11606
66 0 2 9829 6670 4713 3470
67 1 -2 11728 5737 6142 2111
68 1 -2 7403 10194 2903 2562
69 -2 0 770 9857 301 4108
70 0 -2 6771 2653 10239 2130
71 0 0 7855 4463 7362 9248
72 -1 0 10880 6688 3127 311
73 -1 2 4691 8128 533 8290
74 -1 -2 4037 3558 115 10006
75 0 0 2284 389 6473 3776
76 0 0 5390 9091 1720 7047
77 0 2 4988 1314 11101 4376
78 1 0 5858 6929 7217 3009
79 0 0 8276 9115 9758 8600
80 0 0 1719 3490 6518 2847
81 0 0 3145 16 2434 10905
82 1 0 12177 5643 1293 9983
83 0 2 8860 7027 7247 4144
84 0 -2 8029 11886 5161 8312
85 0 0 6660 8970 4777 9518
86 0 2 8940 2217 8996 6495
87 0 0 4623 2243 11869 10300
88 0 4 11841 4074 6347 3751
89 -1 0 2220 12271 2346 3966
90 0 2 11997 617 8162 8020
91 0 -2 4335 73 10232 9399
92 1 2 8016 10780 11912 11369
93 0 -2 4302 7923 717 7152
94 0 -2 8014 1252 8311 11638
95 1 0 11580 975 1679 2699
96 1 2 6246 3336 161 6745
97 -1 -4 5081 9817 11892 6259
98 0 0 4544 10997 12278 4499
99 0 2 1616 9495 12225 10213
100 -1 -2 8533 8912 6448 9929
101 0 2 8850 8093 11649 9665
102 1 -4 9776 4225 8805 9906
103 -1 0 12203 5021 12232 10353
104 1 2 1285 10557 8597 2897
105 1 0 5553 11162 5268 10387
106 -1 -2 6413 10365 11905 6694
107 0 -2 1915 8797 5109 10630
108 1 2 5668 7809 10108 689
109 0 -2 5724 6433 9119 9062
110 1 0 3193 2998 10987 4238
111 0 2 3218 6756 10221 11532
112 0 0 11475 1061 3999 2494
113 0 0 1751 10398 9032 10926
114 0 0 5049 4368 3557 9980
115 0 0 6973 10707 10291 4631
116 0 0 826 2759 8952 11976
117 -2 0 11077 1210 8027 7898
118 0 0 3361 8733 5169 237
119 0 0 9447 10875 12077 11281
120 0 0 7154 928 564 11601
121 -1 -2 5099 1695 5523 11879
122 0 -2 5533 6614 4882 7444
123 0 2 2416 2221 11163 3679
124 0 -2 683 8407 7179 11214
125 -1 0 1698 4946 8846 5627
126 0 2 11993 1197 5067 2037
127 -1 2 11131 10689 4543 8346
128 1 0 11684 12052 5700 5576
129 0 0 11081 7285 5758 2882
130 0 0 2204 10550 10764 10396
131 0 0 5413 6834 237 9705
132 0 0 3139 9589 3580 1000
133 1 0 2435 10845 11335 4375
134 0 0 5835 9461 5820 8967
135 1 2 1986 7566 6638 7219
136 1 2 12005 279 4775 854
137 0 -2 11470 3603 1399 4755
138 0 4 3665 10794 4373 10453
139 0 0 6909 8265 11931 11831
140 1 2 9201 4238 3547 9596
141 1 -2 7577 11197 9585 4684
142 0 0 8947 1967 2051 7873
143 0 -2 9195 2467 6347 7903
144 1 2 11017 8525 11401 10043
145 -1 0 1786 7054 2174 5272
146 0 0 2541 11091 10944 11808
147 0 0 1685 12142 9116 11391
148 0 -2 9324 10699 11938 1090
149 1 -2 6706 2541 7886 7480
150 1 0 10550 1341 3839 5373
151 -1 -2 4665 7629 5217 2934
152 0 2 1311 6833 4048 11099
153 1 0 11994 1783 10226 2549
154 1 0 9953 5962 11300 10712
155 0 -2 2781 11449 395 11045
156 -1 4 6768 7744 9122 6955
157 0 -2 1288 10720 7913 9198
158 0 2 3735 3959 3762 4924
159 1 2 2817 4147 6807 6198
160 0 0 2935 11500 11190 4051
161 0 2 1193 7795 11414 3350
162 -1 -2 757 3411 9464 4481
163 0 -2 3830 7004 11979 593
164 0 0 11945 57 6438 9168
165 -2 2 1844 173 7130 9844
166 1 0 1055 4376 673 559
167 1 0 665 1744 11877 9442
168 -1 0 190 3421 9077 5294
169 -1 0 5948 4923 10003 9323
170 0 -2 66 3154 7238 10273
171 1 0 3608 7307 8272 11128
172 0 -2 11068 10669 7822 12269
173 -1 -2 2289 5725 7793 11084
174 0 -2 2045 9528 5770 5250
175 0 -2 5369 1937 9741 7669
176 0 0 5495 973 32 8740
177 1 -2 187 6219 10487 11605
178 0 0 6664 3891 6930 9183
179 0 -2 8951 3731 4350 10057
180 0 -2 2119 8064 2295 14
181 0 0 5587 7068 12132 419
182 1 0 5551 9660 4283 5818
183 1 -2 58 319 9240 1724
184 0 2 9694 6238 4742 12274
185 2 2 1752 10949 7406 7643
186 0 2 4551 4296 5533 7516
187 0 0 5809 2080 4616 3169
188 0 -2 4805 9682 4940 10345
189 0 4 5232 10223 8937 9376
190 0 -2 4985 6043 7853 528
191 1 0 11937 4497 1366 6015
192 1 0 7724 7554 12130 1918
193 0 -2 2011 4752 4070 3130
194 0 0 8272 1015 1803 3973
195 -1 0 7832 7988 9436 5558
196 0 -4 8854 10413 11890 8575
197 0 0 2277 3600 263 11719
198 -1 2 2986 1000 9583 11721
199 0 2 2907 8991 11579 11775
200 0 2 7872 2207 9525 1285
201 1 0 7562 9107 2777 2830
202 -2 -2 10678 10608 9041 10880
203 0 0 656 11804 3455 2400
204 -1 -2 4799 3910 3626 6180
205 -1 0 1998 5423 2614 5813
206 0 0 2327 11665 8051 2567
207 0 0 282 6807 4478 1129
208 0 -2 7967 3811 12284 6446
209 -1 0 3169 11501 11972 11650
210 -1 0 2614 4186 5549 10021
211 1 -2 11856 11417 10104 6753
212 1 0 3692 2680 3800 12107
213 0 2 4639 5506 11526 6189
214 0 0 6373 9147 2814 9738
215 0 0 1942 1124 9011 3124
216 0 2 5163 558 11376 4381
217 0 0 11687 9612 8623 84
218 0 0 8537 3843 11615 35
219 1 0 11885 4846 3711 6409
220 0 2 9728 8703 2262 5270
221 -1 -2 4928 745 4084 3453
222 0 2 2383 5711 4946 10846
223 0 -2 2480 3190 11514 2446
224 0 2 8786 4156 10444 381
225 0 0 7294 3059 859 5500
226 0 -2 2793 4752 4311 11196
227 -1 2 9428 8892 6184 2715
228 1 0 3240 6263 8476 7279
229 0 0 2533 993 6898 5972
230 -1 2 6513 1130 623 3622
231 -1 0 2175 455 8066 855
232 1 -2 8930 11192 11277 6039
233 -1 0 10052 9546 1723 3691
234 0 0 12282 10488 5953 11501
235 1 0 966 2764 1478 7550
236 0 4 2689 4295 136 7671
237 0 0 2735 10452 7686 5468
238 -1 0 7155 3804 11767 4710
239 1 2 6875 1049 8317 1238
240 -1 -2 5800 4804 10126 7221
241 0 2 10256 8623 4292 11309
242 -1 0 9012 8378 9611 5688
243 -1 2 4014 1882 3226 12134
244 0 2 11698 2629 1993 9817
245 1 -2 9293 4184 3392 10739
246 0 2 93 852 8664 11953
247 0 2 6230 8044 8507 6969
248 -1 2 6093 7622 10297 8445
249 -1 0 10974 7821 3675 3517
250 -1 -2 4760 11952 9509 11495
251 0 -2 7410 5638 8286 2604
252 0 0 313 2955 7834 4178
253 -1 0 9733 3273 12249 11493
254 -1 0 682 9048 9531 3876
255 1 -2 2283 179 4322 9567
256 0 0 10470 1633 2290 9062
257 0 -2 11005 5584 7880 6991
258 1 -2 2732 7686 7623 8563
259 0 0 8845 9994 6380 2032
260 0 -2 9527 785 4071 4639
261 0 -2 7141 5116 474 9863
262 0 0 8896 9356 8790 4233
263 0 -2 8781 5058 11323 5758
264 -1 -2 2106 4848 5472 3773
265 0 0 10312 2028 1706 5806
266 -1 0 11587 11556 10433 7614
267 -1 0 9354 4702 4673 11174
268 1 2 4179 310 1572 9202
269 0 0 231 7881 4637 8778
270 0 0 10643 12282 3262 11823
271 0 2 4803 573 11021 12201
272 -1 0 11942 2736 1772 881
273 1 0 10172 5565 7021 1748
274 0 2 8091 902 11967 2343
275 1 0 6507 2055 1543 1125
276 0 0 8363 4684 8421 7891
277 0 2 11435 7507 3108 1495
278 1 0 1121 5376 1638 8545
279 1 2 6659 7231 2291 9356
280 2 -2 11535 5948 8451 10276
281 0 2 9996 5929 11267 11752
282 0 0 9341 11999 10535 9922
283 0 0 1156 407 2491 5743
284 1 0 10878 9742 11436 7146
285 1 0 4269 10191 6723 1057
286 0 0 3150 6385 11151 8222
287 -1 2 10602 12270 1942 11540
288 -1 0 4149 9389 5193 155
289 1 0 2220 1914 7033 2039
290 1 -2 5849 9681 7990 10354
291 0 -2 578 1167 9422 2925
292 0 2 2784 4352 1474 8850
293 0 2 2831 7803 7941 10471
294 1 -2 1505 5309 1529 10706
295 -1 -2 12152 3117 1462 5319
296 0 0 12015 10147 2163 3011
297 0 2 12204 3215 10166 351
298 -1 0 3251 7021 9039 9355
299 0 0 5488 2986 1862 5927
300 1 0 7988 280 3983 11996
301 0 -2 11691 944 6647 7206
302 0 -2 5811 8894 11593 4438
303 1 2 11242 8285 3494 3099
304 0 0 1369 3781 11946 9679
305 0 0 4923 855 11924 2443
306 0 0 10077 6525 5892 12143
307 0 0 5765 923 7601 5041
308 -1 0 11585 4403 7020 7236
309 -1 0 9508 11281 9550 8744
310 -1 2 8015 7011 6196 851
311 0 0 10282 6674 7084 1139
312 -1 0 366 5463 5297 11037
313 0 0 3271 3185 6778 10142
314 -1 0 6295 3530 2128 3092
315 -1 2 2446 9761 5698 9652
316 0 0 6414 6084 11668 2854
317 1 0 7954 11099 5621 8453
318 1 0 8505 3817 6471 8585
319 0 -2 10555 260 7709 1873
320 0 0 4679 8577 2591 3492
321 1 0 4517 10562 7356 10826
322 0 0 5129 7378 6792 11094
323 1 0 11014 1117 906 7306
324 -1 -2 8930 3044 7558 1690
325 0 -2 12034 5641 5602 3833
326 1 0 4468 8161 11613 1703
327 0 0 9452 5643 6465 759
328 -1 0 4250 1062 8885 5366
329 0 0 2562 11062 10606 12050
330 0 0 11004 5092 1145 9690
331 0 0 3971 4167 9338 10914
332 0 -2 4640 2905 8263 8180
333 -1 2 11466 11858 4479 8686
334 -2 -2 2263 10527 11374 8335
335 -1 2 8803 10486 6140 10827
336 0 0 1608 10434 277 3299
337 0 0 8846 4037 5405 10610
338 0 2 2025 9028 11374 249
339 0 0 7495 5760 9448 3603
340 0 2 15 10858 10180 53
341 0 0 2216 822 8232 10505
342 0 0 4552 6213 8198 2721
343 -1 0 8537 12065 4985 6616
344 1 0 59 1083 5343 4975
345 0 0 6820 2485 7426 8044
346 0 -2 79 3592 780 2094
347 0 2 6060 2269 1661 5628
348 -1 0 483 7927 6962 9842
349 -1 0 10399 11975 182 8453
350 1 2 10965 8081 9568 12240
351 -1 0 6177 9642 10608 1217
352 0 -2 3647 7424 6312 11588
353 0 -2 10821 5412 7478 9670
354 0 2 7993 8400 9262 9133
355 0 -2 12183 9287 5467 4145
356 1 -2 11881 11278 2062 2271
357 0 0 11023 11205 4098 9315
358 0 0 2486 1161 4531 11806
359 0 2 7820 8932 2128 6164
360 0 -2 4830 2661 6650 6782
361 0 0 1280 8451 7065 2723
362 1 -4 3505 2948 7690 10249
363 0 0 1931 604 857 11619
364 -1 0 4519 1694 1682 7386
365 1 0 7001 5943 10006 9007
366 1 0 6867 7829 3179 9453
367 0 2 6439 1013 9753 968
368 0 -2 471 7027 6703 4401
369 0 2 10693 6320 2472 5896
370 1 0 6616 5825 5027 4446
371 0 -4 2610 2936 10741 11669
372 -1 0 10505 5607 7619 11326
373 -1 0 8796 8925 6540 641
374 0 0 7862 9942 2067 7361
375 2 2 5933 11598 7281 2337
376 0 0 4397 9644 2961 575
377 0 0 11546 3667 60 496
378 0 2 10359 897 6655 9940
379 0 0 8042 11627 7627 4091
380 0 2 7229 5196 10305 4323
381 0 2 11076 8341 5590 590
382 1 -2 5915 587 3514 10997
383 0 0 4235 5733 1374 7164
384 0 -2 6883 2313 3411 910
385 2 0 5537 5149 391 10153
386 0 0 4786 9993 11959 7183
387 1 0 8660 4137 8672 1422
388 -1 0 10388 8443 6742 3136
389 -1 0 3028 4136 7848 1024
390 -1 -2 3013 9457 3424 5692
391 0 2 6434 10654 246 8185
392 -1 0 5801 5730 384 4298
393 0 0 3559 11131 6623 3040
394 0 2 6911 3462 6279 10768
395 0 0 2559 11098 1487 5746
396 0 0 6942 1081 5465 2597
397 0 0 6852 666 5872 6467
398 0 0 10873 4863 11256 4225
399 1 -2 3670 513 2689 1203
400 1 0 11066 6794 6433 4163
401 0 2 4927 11148 7593 4700
402 0 2 5570 7675 6432 9507
403 0 0 9882 11756 11480 4705
404 1 2 9553 7076 9700 2926
405 -1 2 9678 12074 7468 11797
406 0 2 3955 2530 10255 10763
407 1 0 10843 8488 12022 6421
408 0 0 2514 2611 6629 2177
409 -2 -2 1934 6748 5463 3878
410 1 -2 2677 5860 4847 11948
411 1 0 2065 8327 9459 7023
412 0 0 6908 5681 530 4705
413 0 0 10718 6791 9883 10546
414 -1 0 10338 11007 3468 2087
415 1 0 7817 625 11048 7745
416 0 0 11023 4466 10734 10811
417 0 0 6306 7136 5359 9233
418 0 0 1858 10575 2337 11205
419 0 0 1118 2777 6009 7711
420 1 0 8755 4003 5535 8938
421 -1 0 12259 1775 2505 8171
422 0 0 5186 12038 9054 9707
423 -1 0 8317 9867 2073 6580
424 0 -2 3750 7074 7221 12191
425 -1 -2 7076 6288 3318 10214
426 0 0 4066 8076 12163 3442
427 1 2 5009 366 10803 1339
428 2 0 7392 9060 4955 11591
429 -1 -4 9381 8187 9349 5579
430 0 0 6499 4642 5787 12187
431 1 2 11461 11653 3278 7917
432 1 0 8976 7597 613 6477
433 0 -2 9335 10397 6485 11019
434 0 -2 7590 5554 4787 9128
435 -1 -2 7109 7497 615 8655
436 1 2 5984 709 9806 6063
437 1 0 4451 1057 1327 2187
438 0 0 6532 2071 1809 9139
439 0 0 5657 1586 11166 5121
440 0 0 3926 7845 1167 7773
441 0 0 6347 293 1762 11582
442 0 0 12239 10323 4500 6461
443 1 -2 1977 3819 4233 7946
444 0 0 5851 9874 3996 8822
445 -1 2 3107 3834 5546 9707
446 1 0 5636 11215 11094 5276
447 -1 0 12270 4649 5 11911
448 1 -2 6452 394 1732 3872
449 -2 0 11019 764 1006 10907
450 0 -4 11659 6297 4922 4827
451 1 2 890 9098 11786 3678
452 1 2 7670 7736 2460 10669
453 0 2 2047 7505 11511 3057
454 0 0 12148 5933 9508 9426
455 0 0 5596 3895 2879 7412
456 0 2 6504 2290 4180 9071
457 1 0 8051 946 316 11380
458 0 -2 2479 10389 6976 2480
459 -1 0 10512 10125 6279 6329
460 0 0 4709 6976 7912 6808
461 0 2 6605 9934 10200 10093
462 -1 0 949 7882 3698 1544
463 1 -2 10292 3467 350 3293
464 1 0 6448 9423 1313 2345
465 0 2 692 6812 7583 6050
466 1 0 3635 4184 2733 3816
467 0 0 12067 5816 10128 11192
468 0 0 9902 8712 11275 6813
469 0 0 10938 7970 1902 7019
470 1 0 9568 4228 242 5633
471 0 0 2196 5792 6794 10300
472 0 0 4075 157 8672 2560
473 0 -4 2110 3629 9461 9122
474 -2 -2 3412 4091 7245 4018
475 0 0 11653 40 5765 10897
476 0 0 10799 728 9056 10951
477 0 0 2114 2282 3786 314
478 -1 2 817 10585 8784 10553
479 -1 0 3705 12125 8654 5792
480 0 -4 1808 8664 196 4624
481 -1 2 5841 1907 7238 7769
482 0 0 8769 9263 6687 676
483 0 0 3412 9123 9517 1111
484 -1 0 4204 49 11892 6011
485 -1 0 11196 448 3872 2642
486 0 0 651 2142 3834 6611
487 1 4 7208 10823 6626 12033
488 0 -2 8558 10995 11169 2660
489 0 0 7955 2079 1785 7697
490 1 0 5565 11081 6935 1449
491 0 2 11661 2880 10737 887
492 -1 -2 2546 3372 1543 2424
493 1 0 1667 10715 7245 11246
494 0 0 93 456 1273 2563
495 0 0 3205 2733 6176 7453
496 1 0 12191 7834 2926 12258
497 0 0 3788 5251 935 6085
498 0 0 10114 12224 8954 11395
499 0 -2 7464 568 5744 7972
500 -1 0 1992 6344 10425 3471
501 -1 0 5249 7024 675 3466
502 0 2 8334 3338 1945 4805
503 0 0 8566 837 6796 2416
504 -1 2 1905 3844 2872 1612
505 0 2 377 8680 5459 608
506 0 0 1990 7692 10261 6844
507 0 2 5170 9084 10608 4433
508 0 0 11365 3048 11553 3451
509 0 -2 12098 6095 11214 3125
510 1 -2 1431 2633 10329 5488
511 -1 -2 3846 4226 8410 4614
</pre>
Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
<pre>
S1[91] is zero - s1 is not invertible
</pre>
and another trial run is started.

h2. BLISS Root CA Certificate Generation

A self-signed BLISS CA certificate can be generated with the following command
<pre>
pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem

file content is not binary ASN.1
-----BEGIN BLISS PRIVATE KEY-----
-----END BLISS PRIVATE KEY-----

L0 - BLISSPrivateKey:
L1 - keyType:
'BLISS-IV'
L1 - public:
L1 - secret1:
L1 - secret2:

L0 - subjectPublicKeyInfo:
L1 - algorithm:
L2 - algorithmIdentifier:
L3 - algorithm:
'blissPublicKey'
L3 - parameters:
L4 - blissKeyType:
'BLISS-IV'
L1 - subjectPublicKey:

mgf1 based on sha256 is seeded with 32 octets
y1 = -859..738 (sigma2 = 71786, mean = -6.6)
y2 = -852..644 (sigma2 = 65618, mean = 2.0)
norm2(s1*c) + norm2(s2*c) = 63602, rejected
mgf1 generated 10304 octets

mgf1 based on sha256 is seeded with 32 octets
y1 = -942..726 (sigma2 = 81503, mean = -8.6)
y2 = -876..893 (sigma2 = 69883, mean = 2.4)
norm2(s1*c) + norm2(s2*c) = 66020, accepted
scalar(z1,s1*c) + scalar(z2,s2*c) = 86651, rejected
mgf1 generated 10528 octets

mgf1 based on sha256 is seeded with 32 octets
y1 = -862..785 (sigma2 = 72628, mean = -7.1)
y2 = -782..921 (sigma2 = 74618, mean = 4.1)
norm2(s1*c) + norm2(s2*c) = 64940, accepted
scalar(z1,s1*c) + scalar(z2,s2*c) = -176380, accepted

z1 = -873..780, z2d = -3..4

efficiency of Huffman coder is 3.4121 bits/tuple (1747 bits)
generated BLISS signature (6706 bits encoded in 839 bytes)

signature generation needed 3 rounds
mgf1 generated 10656 octets
</pre>
With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process usually requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.

A BLISS certificate can be displayed at any time with
<pre>
pki --print --debug 2 --in cacert4.pem

L0 - x509:
L1 - tbsCertificate:
L2 - DEFAULT v1:
L3 - version:
X.509v3
L2 - serialNumber:
L2 - signature:
L3 - algorithmIdentifier:
L4 - algorithm:
'BLISS-with-SHA512'
L2 - issuer:
'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
L2 - validity:
L3 - notBefore:
L4 - utcTime:
'Dec 13 12:01:57 UTC 2014'
L3 - notAfter:
L4 - utcTime:
'Dec 13 12:01:57 UTC 2024'
L2 - subject:
'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
L2 - subjectPublicKeyInfo:
-- > --
L0 - subjectPublicKeyInfo:
L1 - algorithm:
[ Incomplete diff, document too large... ]