Version 36 - History - Bimodal Lattice Signature Scheme (BLISS) - strongSwan

Bimodal Lattice Signature Scheme (BLISS) » History » Version 36

Andreas Steffen, 04.01.2015 08:44

-Andreas Steffen
+h1. Bimodal Lattice Signature Scheme (BLISS)
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+BLISS is a post-quantum signature scheme based on the CRYPTO 2013 paper "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 by Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. Starting with the strongSwan [[5.2.2]] release we offer BLISS as an IKEv2 public key authentication method. We also added full BLISS key and certificate generation support to the strongSwan [[IpsecPki|pki]] tool.
 Andreas Steffen
-Andreas Steffen
+This seamless integration into the strongSwan framework was made possible by the new libstrongswan "bliss plugin":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libstrongswan/plugins/bliss completely written in the C programming language without the use of any external libraries and which implements the libstrongswan "public_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/public_key.h and "private_key_t":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/credentials/keys/private_key.h interfaces.
 Andreas Steffen
-Andreas Steffen
+h2. Building strongSwan with BLISS Support
 Andreas Steffen
-Andreas Steffen
+If you want to play around with BLISS keys and signatures using the strongSwan [[IpsecPki|pki]] tool please follow the quick software installation HOWTO:
-Andreas Steffen
+<pre>
-Andreas Steffen
+wget http://download.strongswan.org/strongswan-5.2.2rc1.tar.bz2
-Andreas Steffen
+tar xjf strongswan-5.2.2rc1.tar.bz2
-Andreas Steffen
+cd strongswan-5.2.2rc1
-Andreas Steffen
+./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-bliss
-Andreas Steffen
+make
-Andreas Steffen
+sudo make install
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. BLISS Private Key Generation
 Andreas Steffen
-Andreas Steffen
+strongSwan currently supports the BLISS-I, BLISS-III, and BLISS-IV schemes with a cryptographic strength of 128 bits, 160 bits and 192 bits, respectively. Using the [[IpsecPki|pki]] tool a private BLISS key can be generated as follows:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 1 --debug 2 > cakey1.der
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 240 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 240 octets
-Andreas Steffen
+l2 norm of s1||s2: 771, Nk(S): 47150 (46479 max)
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 220 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 240 octets
-Andreas Steffen
+l2 norm of s1||s2: 771, Nk(S): 43332 (46479 max)
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 2 trials
-Andreas Steffen
+</pre>
-Andreas Steffen
+When generating the private key consisting of the two polynomials *s1* and *s2*, the limit for the _Nk(S)_ metric must not be exceeded. This means that often several trials are needed in order to obtain a valid BLISS private key. With the command
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --type bliss-priv --in cakey1.der
 Andreas Steffen
-Andreas Steffen
+private key with:
-Andreas Steffen
+pubkey:    BLISS 128 bits strength
-Andreas Steffen
+keyid:     d1:a3:fb:04:8d:1b:86:4f:fa:a7:d8:45:ec:e3:e3:ec:ef:7b:85:ca
-Andreas Steffen
+subjkey:   e3:fc:6b:59:9a:ee:81:d5:10:3a:58:9f:e2:99:f7:7f:5c:3b:1c:96
-Andreas Steffen
+</pre>
-Andreas Steffen
+information on the BLISS private key is displayed.
 Andreas Steffen
-Andreas Steffen
+Let's now generate a BLISS-IV key with 192 bit cryptographic strength in base64-encoded PEM format
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 4 --outform pem  > cakey4.pem
-Andreas Steffen
+secret key generation succeeded after 6 trials
-Andreas Steffen
+</pre>
-Andreas Steffen
+The PEM key format is printable
-Andreas Steffen
+<pre>
-Andreas Steffen
+cat cakey4.pem
 Andreas Steffen
-Andreas Steffen
+-----BEGIN BLISS PRIVATE KEY-----
-Andreas Steffen
+MIIFGgYLKwYBBAGCoCoFAgQDggOBAEOoiWS7mISnnPjzFJu6REHq1REYuLfillD2
-Andreas Steffen
+VmmCWuB1NcL6GLTRFzwCMCw8KBLpyZhEAs6QlelSWVxPuBGMuQzQsmm9A3NjrV4U
-Andreas Steffen
+KXTkuiTpZP00qsfKuqh6EofkQ+89YK6qZNnxAeJ/mB9Dlkq9ELPjigNlZfUkd
-Andreas Steffen
+Ky2fBJkwdKLb75WermM3tOYts0X06j7M3WX8DdVsGgIrzC57shAiD9nyhrUNHB15
-Andreas Steffen
+b9IymR84GW4BJofKVW2GJVeUyLnh8YP33OUx6F5aEqweSbi5dGtbDbr0WmK6LmNw
-Andreas Steffen
+dKQyv+hickbXGTWifAEktjpTApYjBBB6TZgiAW2P4T3dMq2ciQUbhCl1xWUlWF+2
-Andreas Steffen
+iZbfFrcMb4dVrWOYbQRfvURmCkvJWsXHiijK8E+pmCDCruQg7TuRlIdXCRhSZrzY
-Andreas Steffen
++pLcY7mKBfyCvrmYmmCMRQQXeTDnGI/9VhHJ6icK6Mqy2BwRVFj9FmSsAHmF9gkL
-Andreas Steffen
+hcaPlsgpLqaoK41FcJHjMbJIjWKaHkFXMQ0K943cM0ivB3EqRG68AptqH1QxkIi6
-Andreas Steffen
+haUuQL6Nsl/tXo4VwyiVpm1faRQW5Re9L6KbEhLgnT3JeAft0zOOlHwx5myBDAxa
-Andreas Steffen
+s8LP9H/EyzpO4uyd1eHlqZvGEmlt9lhOikLwEohWDoZIpWFKrtfzciQMOugLq4m4
-Andreas Steffen
+n+ueVo25rvq6MRwncj0FCwlt0nAhWeP8hQYTzhgFsBeheM4OaWVRhRPQmqYFrLRZ
-Andreas Steffen
+grvkgGIQd2IDKhjqCI7gpOi/KRG5RbnyvO4zaqLNy16Lk4exZ2iin19YQpmU613j
-Andreas Steffen
+EVLsMoRTQl2tE+aB0GJ0BpE3u0Aqnrp6ZhCJmK8CybfYAGhV5sly59Cds7QtIw8r
-Andreas Steffen
+pXl7Wd0q2sMFsUnqadcCwqoeOciqU+AwvQ+X2g4eilxV6D2TkLMMBUOYi5BqNdj
-Andreas Steffen
+a7pJAnUUMyEYvDXhMUYnjGlK3RFKHFCzCalQN0s5JLRTpLnTTy70TtvMaDJAWCwG
-Andreas Steffen
+OShSbNqr0zGNfnCsFjuppZ+5tQd7GRCgjL2uG0CDTIKEq5vmaH1d3FOldJX2uYYA
-Andreas Steffen
+O6QOKIThuiH3C0OgAQoLGoArsmFymtBXHxPZSjtE5SR+1YVCr4UEdGlSt2efJoxm
-Andreas Steffen
+eBaYki03CF2pSm7EDHxbEjDC9E3AeOfUW6Iq4dTGThjGNGnnBIbpv0mSdXFzWcZU
-Andreas Steffen
+rwQo51EA4HBAACSCPjwAOUCAOCCCOP/gCDzxzweEOByCAACeEP1wF+DxhwBiQTw
-Andreas Steffen
+AP/0AAQFx/z+SACPgR+ASePwOAOgAAQBwDiAV0OOCADwB0eOgAeAOORwMAPzwOQS
-Andreas Steffen
+CBuMAQOB+Px/x+AuCeRweeADzwACPyCP+RyQhgBzwOCBwSBwOB+SeQAQCOBwACAB
-Andreas Steffen
+eByABwQBwQAAeCBwgAAB/wACDwNyPgeQOPwAAR+OAR+AB+COAQCBx+QeB+R+B+Q
-Andreas Steffen
+CADjxwACPiARvwOBwQDjggcY7EEgAEHjcYAcogEHgccDjgcDg8fgAnjgAgfkgEgc
-Andreas Steffen
+DnjgAEbAn8ArnAhAAcAkAEgADkgAD8DgkDgkcDnkcE88jkjkgjgD9ccAg8cc8jjr
-Andreas Steffen
+kcgkABED8gAD8H/n8gAAj8AgEHj8D8D89Dfg4DAgEEAAgAj8HgkgAj8HgcHodAEk
-Andreas Steffen
+cn8DAL8AD/g//gcDkAEH/AAD/gcDnj8AkD8AcDgErkHjAAcA9AAAAcAcEEEgAAAg
-Andreas Steffen
+AYLoAgAEHgkDgYccgbk=
-Andreas Steffen
+-----END BLISS PRIVATE KEY-----
-Andreas Steffen
+</pre>
-Andreas Steffen
+At last let's generate a BLISS-III key with a cryptographic strength of 160 bits with the highest debug level enabled:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 3 --debug 4 > cakey3.der
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 380 octets
-Andreas Steffen
+mgf1 based on sha1 is seeded with 20 octets
-Andreas Steffen
+mgf1 generated 380 octets
-Andreas Steffen
+l2 norm of s1||s2: 1401, Nk(S): 125552 (128626 max)
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 1 trial
-Andreas Steffen
+   i   f   g     a     F     G     A
-Andreas Steffen
+-1   1 11932  6730 11344  6400
-Andreas Steffen
+1   0  2227  1206  9396  6244
-Andreas Steffen
+-1   2  4844   496   414  4411
-Andreas Steffen
+-1   0  2768  2813  1412  6619
-Andreas Steffen
+0   2  3583  2753  3520  9237
-Andreas Steffen
+0   2 10160  2434  9512  8688
-Andreas Steffen
+0   2  8157  9071 10775  8990
-Andreas Steffen
+0   0  3862  5091   211  3126
-Andreas Steffen
+-1   0  3045  2278  5799  8812
-Andreas Steffen
+1   0  9942  5685  3335   541
-Andreas Steffen
+0   0  8236  1637   526  5000
-Andreas Steffen
+0   0  8638     9  9539 10618
-Andreas Steffen
+0  -2 11526 11882  8890  8976
-Andreas Steffen
+-1   0 12180 11895  3538  5231
-Andreas Steffen
+-2   0  6332  4243 11062   243
-Andreas Steffen
+0   0  4083  4302  3400  4000
-Andreas Steffen
+0   2  4545  6031  2766  1708
-Andreas Steffen
+0   0  1495  4119  8792 11954
-Andreas Steffen
+1  -2  5664  9450  5151  6621
-Andreas Steffen
+0   0  3580  1963 11193  1552
-Andreas Steffen
+-1  -2  7090  5950 10318  8445
-Andreas Steffen
+0   0  5180  8190  7147 11145
-Andreas Steffen
+0  -2  8455 12226    27 10533
-Andreas Steffen
+0   0   810  4585  6578  3333
-Andreas Steffen
+1   0  5316  9595  2034  7088
-Andreas Steffen
+0   0 10072 11746 10425  9554
-Andreas Steffen
+-1   0  4544  5888  7751  8402
-Andreas Steffen
+0   0  9529 10638  5983  9509
-Andreas Steffen
+0   0  6832  8019  5519  1124
-Andreas Steffen
+1  -2  8900  2356  4475  4326
-Andreas Steffen
+0  -2  4438  7452  2418   406
-Andreas Steffen
+-1  -2   363  9949  6078  3369
-Andreas Steffen
+0   0  6032  9713 11653 12232
-Andreas Steffen
+0   0  1342 11748 11094  4727
-Andreas Steffen
+-1  -2   780  9506  2687  5713
-Andreas Steffen
+1   0  1114 11518  5003  1173
-Andreas Steffen
+1   0 11561  8458  9766  5255
-Andreas Steffen
+0   0   932  4680  7848 10211
-Andreas Steffen
+0   0  4748  4235  6832  9975
-Andreas Steffen
+1   2  6338  9116  1371  9287
-Andreas Steffen
+0   0  9216 11714 11657  4532
-Andreas Steffen
+1  -2  1100  6203  6951  9887
-Andreas Steffen
+1   0 11955  9307   124 11984
-Andreas Steffen
+0   0  6550  6220  9948 11200
-Andreas Steffen
+1   0 10183  7920  2231  2050
-Andreas Steffen
+0   0  5858 10736 11843  4851
-Andreas Steffen
+1   0  4402  6459  5976  5509
-Andreas Steffen
+1   2  3354  2643  9397 11716
-Andreas Steffen
+1  -2  9937  3908  1174 11478
-Andreas Steffen
+2   0 11688  9298 10680  1833
-Andreas Steffen
+-1   2  5348  4731 12240  5286
-Andreas Steffen
+0   0  4594  1469 10189  5043
-Andreas Steffen
+0   2  6324  1006  6445  3268
-Andreas Steffen
+0  -4  2137  2707  4158   569
-Andreas Steffen
+-1  -2   340  2232  4643  9852
-Andreas Steffen
+-1   0  1784  8290  9620  3129
-Andreas Steffen
+1   0  7203  5610 11341   749
-Andreas Steffen
+0   0  6651 12057 10851  5621
-Andreas Steffen
+-1   0   383  5516  9861  2272
-Andreas Steffen
+2   0 10893  8086  1452   140
-Andreas Steffen
+0   0  7921 10970  6955  9293
-Andreas Steffen
+1  -2  4243 10170  5305  9178
-Andreas Steffen
+-1   2  3565  2730  3858 11021
-Andreas Steffen
+0   0  5697  1308  7157  8076
-Andreas Steffen
+0  -2  4079  5666  9079  5400
-Andreas Steffen
+1   0  3653  2895  1244 11606
-Andreas Steffen
+0   2  9829  6670  4713  3470
-Andreas Steffen
+1  -2 11728  5737  6142  2111
-Andreas Steffen
+1  -2  7403 10194  2903  2562
-Andreas Steffen
+-2   0   770  9857   301  4108
-Andreas Steffen
+0  -2  6771  2653 10239  2130
-Andreas Steffen
+0   0  7855  4463  7362  9248
-Andreas Steffen
+-1   0 10880  6688  3127   311
-Andreas Steffen
+-1   2  4691  8128   533  8290
-Andreas Steffen
+-1  -2  4037  3558   115 10006
-Andreas Steffen
+0   0  2284   389  6473  3776
-Andreas Steffen
+0   0  5390  9091  1720  7047
-Andreas Steffen
+0   2  4988  1314 11101  4376
-Andreas Steffen
+1   0  5858  6929  7217  3009
-Andreas Steffen
+0   0  8276  9115  9758  8600
-Andreas Steffen
+0   0  1719  3490  6518  2847
-Andreas Steffen
+0   0  3145    16  2434 10905
-Andreas Steffen
+1   0 12177  5643  1293  9983
-Andreas Steffen
+0   2  8860  7027  7247  4144
-Andreas Steffen
+0  -2  8029 11886  5161  8312
-Andreas Steffen
+0   0  6660  8970  4777  9518
-Andreas Steffen
+0   2  8940  2217  8996  6495
-Andreas Steffen
+0   0  4623  2243 11869 10300
-Andreas Steffen
+0   4 11841  4074  6347  3751
-Andreas Steffen
+-1   0  2220 12271  2346  3966
-Andreas Steffen
+0   2 11997   617  8162  8020
-Andreas Steffen
+0  -2  4335    73 10232  9399
-Andreas Steffen
+1   2  8016 10780 11912 11369
-Andreas Steffen
+0  -2  4302  7923   717  7152
-Andreas Steffen
+0  -2  8014  1252  8311 11638
-Andreas Steffen
+1   0 11580   975  1679  2699
-Andreas Steffen
+1   2  6246  3336   161  6745
-Andreas Steffen
+-1  -4  5081  9817 11892  6259
-Andreas Steffen
+0   0  4544 10997 12278  4499
-Andreas Steffen
+0   2  1616  9495 12225 10213
-Andreas Steffen
+-1  -2  8533  8912  6448  9929
-Andreas Steffen
+0   2  8850  8093 11649  9665
-Andreas Steffen
+1  -4  9776  4225  8805  9906
-Andreas Steffen
+-1   0 12203  5021 12232 10353
-Andreas Steffen
+1   2  1285 10557  8597  2897
-Andreas Steffen
+1   0  5553 11162  5268 10387
-Andreas Steffen
+-1  -2  6413 10365 11905  6694
-Andreas Steffen
+0  -2  1915  8797  5109 10630
-Andreas Steffen
+1   2  5668  7809 10108   689
-Andreas Steffen
+0  -2  5724  6433  9119  9062
-Andreas Steffen
+1   0  3193  2998 10987  4238
-Andreas Steffen
+0   2  3218  6756 10221 11532
-Andreas Steffen
+0   0 11475  1061  3999  2494
-Andreas Steffen
+0   0  1751 10398  9032 10926
-Andreas Steffen
+0   0  5049  4368  3557  9980
-Andreas Steffen
+0   0  6973 10707 10291  4631
-Andreas Steffen
+0   0   826  2759  8952 11976
-Andreas Steffen
+-2   0 11077  1210  8027  7898
-Andreas Steffen
+0   0  3361  8733  5169   237
-Andreas Steffen
+0   0  9447 10875 12077 11281
-Andreas Steffen
+0   0  7154   928   564 11601
-Andreas Steffen
+-1  -2  5099  1695  5523 11879
-Andreas Steffen
+0  -2  5533  6614  4882  7444
-Andreas Steffen
+0   2  2416  2221 11163  3679
-Andreas Steffen
+0  -2   683  8407  7179 11214
-Andreas Steffen
+-1   0  1698  4946  8846  5627
-Andreas Steffen
+0   2 11993  1197  5067  2037
-Andreas Steffen
+-1   2 11131 10689  4543  8346
-Andreas Steffen
+1   0 11684 12052  5700  5576
-Andreas Steffen
+0   0 11081  7285  5758  2882
-Andreas Steffen
+0   0  2204 10550 10764 10396
-Andreas Steffen
+0   0  5413  6834   237  9705
-Andreas Steffen
+0   0  3139  9589  3580  1000
-Andreas Steffen
+1   0  2435 10845 11335  4375
-Andreas Steffen
+0   0  5835  9461  5820  8967
-Andreas Steffen
+1   2  1986  7566  6638  7219
-Andreas Steffen
+1   2 12005   279  4775   854
-Andreas Steffen
+0  -2 11470  3603  1399  4755
-Andreas Steffen
+0   4  3665 10794  4373 10453
-Andreas Steffen
+0   0  6909  8265 11931 11831
-Andreas Steffen
+1   2  9201  4238  3547  9596
-Andreas Steffen
+1  -2  7577 11197  9585  4684
-Andreas Steffen
+0   0  8947  1967  2051  7873
-Andreas Steffen
+0  -2  9195  2467  6347  7903
-Andreas Steffen
+1   2 11017  8525 11401 10043
-Andreas Steffen
+-1   0  1786  7054  2174  5272
-Andreas Steffen
+0   0  2541 11091 10944 11808
-Andreas Steffen
+0   0  1685 12142  9116 11391
-Andreas Steffen
+0  -2  9324 10699 11938  1090
-Andreas Steffen
+1  -2  6706  2541  7886  7480
-Andreas Steffen
+1   0 10550  1341  3839  5373
-Andreas Steffen
+-1  -2  4665  7629  5217  2934
-Andreas Steffen
+0   2  1311  6833  4048 11099
-Andreas Steffen
+1   0 11994  1783 10226  2549
-Andreas Steffen
+1   0  9953  5962 11300 10712
-Andreas Steffen
+0  -2  2781 11449   395 11045
-Andreas Steffen
+-1   4  6768  7744  9122  6955
-Andreas Steffen
+0  -2  1288 10720  7913  9198
-Andreas Steffen
+0   2  3735  3959  3762  4924
-Andreas Steffen
+1   2  2817  4147  6807  6198
-Andreas Steffen
+0   0  2935 11500 11190  4051
-Andreas Steffen
+0   2  1193  7795 11414  3350
-Andreas Steffen
+-1  -2   757  3411  9464  4481
-Andreas Steffen
+0  -2  3830  7004 11979   593
-Andreas Steffen
+0   0 11945    57  6438  9168
-Andreas Steffen
+-2   2  1844   173  7130  9844
-Andreas Steffen
+1   0  1055  4376   673   559
-Andreas Steffen
+1   0   665  1744 11877  9442
-Andreas Steffen
+-1   0   190  3421  9077  5294
-Andreas Steffen
+-1   0  5948  4923 10003  9323
-Andreas Steffen
+0  -2    66  3154  7238 10273
-Andreas Steffen
+1   0  3608  7307  8272 11128
-Andreas Steffen
+0  -2 11068 10669  7822 12269
-Andreas Steffen
+-1  -2  2289  5725  7793 11084
-Andreas Steffen
+0  -2  2045  9528  5770  5250
-Andreas Steffen
+0  -2  5369  1937  9741  7669
-Andreas Steffen
+0   0  5495   973    32  8740
-Andreas Steffen
+1  -2   187  6219 10487 11605
-Andreas Steffen
+0   0  6664  3891  6930  9183
-Andreas Steffen
+0  -2  8951  3731  4350 10057
-Andreas Steffen
+0  -2  2119  8064  2295    14
-Andreas Steffen
+0   0  5587  7068 12132   419
-Andreas Steffen
+1   0  5551  9660  4283  5818
-Andreas Steffen
+1  -2    58   319  9240  1724
-Andreas Steffen
+0   2  9694  6238  4742 12274
-Andreas Steffen
+2   2  1752 10949  7406  7643
-Andreas Steffen
+0   2  4551  4296  5533  7516
-Andreas Steffen
+0   0  5809  2080  4616  3169
-Andreas Steffen
+0  -2  4805  9682  4940 10345
-Andreas Steffen
+0   4  5232 10223  8937  9376
-Andreas Steffen
+0  -2  4985  6043  7853   528
-Andreas Steffen
+1   0 11937  4497  1366  6015
-Andreas Steffen
+1   0  7724  7554 12130  1918
-Andreas Steffen
+0  -2  2011  4752  4070  3130
-Andreas Steffen
+0   0  8272  1015  1803  3973
-Andreas Steffen
+-1   0  7832  7988  9436  5558
-Andreas Steffen
+0  -4  8854 10413 11890  8575
-Andreas Steffen
+0   0  2277  3600   263 11719
-Andreas Steffen
+-1   2  2986  1000  9583 11721
-Andreas Steffen
+0   2  2907  8991 11579 11775
-Andreas Steffen
+0   2  7872  2207  9525  1285
-Andreas Steffen
+1   0  7562  9107  2777  2830
-Andreas Steffen
+-2  -2 10678 10608  9041 10880
-Andreas Steffen
+0   0   656 11804  3455  2400
-Andreas Steffen
+-1  -2  4799  3910  3626  6180
-Andreas Steffen
+-1   0  1998  5423  2614  5813
-Andreas Steffen
+0   0  2327 11665  8051  2567
-Andreas Steffen
+0   0   282  6807  4478  1129
-Andreas Steffen
+0  -2  7967  3811 12284  6446
-Andreas Steffen
+-1   0  3169 11501 11972 11650
-Andreas Steffen
+-1   0  2614  4186  5549 10021
-Andreas Steffen
+1  -2 11856 11417 10104  6753
-Andreas Steffen
+1   0  3692  2680  3800 12107
-Andreas Steffen
+0   2  4639  5506 11526  6189
-Andreas Steffen
+0   0  6373  9147  2814  9738
-Andreas Steffen
+0   0  1942  1124  9011  3124
-Andreas Steffen
+0   2  5163   558 11376  4381
-Andreas Steffen
+0   0 11687  9612  8623    84
-Andreas Steffen
+0   0  8537  3843 11615    35
-Andreas Steffen
+1   0 11885  4846  3711  6409
-Andreas Steffen
+0   2  9728  8703  2262  5270
-Andreas Steffen
+-1  -2  4928   745  4084  3453
-Andreas Steffen
+0   2  2383  5711  4946 10846
-Andreas Steffen
+0  -2  2480  3190 11514  2446
-Andreas Steffen
+0   2  8786  4156 10444   381
-Andreas Steffen
+0   0  7294  3059   859  5500
-Andreas Steffen
+0  -2  2793  4752  4311 11196
-Andreas Steffen
+-1   2  9428  8892  6184  2715
-Andreas Steffen
+1   0  3240  6263  8476  7279
-Andreas Steffen
+0   0  2533   993  6898  5972
-Andreas Steffen
+-1   2  6513  1130   623  3622
-Andreas Steffen
+-1   0  2175   455  8066   855
-Andreas Steffen
+1  -2  8930 11192 11277  6039
-Andreas Steffen
+-1   0 10052  9546  1723  3691
-Andreas Steffen
+0   0 12282 10488  5953 11501
-Andreas Steffen
+1   0   966  2764  1478  7550
-Andreas Steffen
+0   4  2689  4295   136  7671
-Andreas Steffen
+0   0  2735 10452  7686  5468
-Andreas Steffen
+-1   0  7155  3804 11767  4710
-Andreas Steffen
+1   2  6875  1049  8317  1238
-Andreas Steffen
+-1  -2  5800  4804 10126  7221
-Andreas Steffen
+0   2 10256  8623  4292 11309
-Andreas Steffen
+-1   0  9012  8378  9611  5688
-Andreas Steffen
+-1   2  4014  1882  3226 12134
-Andreas Steffen
+0   2 11698  2629  1993  9817
-Andreas Steffen
+1  -2  9293  4184  3392 10739
-Andreas Steffen
+0   2    93   852  8664 11953
-Andreas Steffen
+0   2  6230  8044  8507  6969
-Andreas Steffen
+-1   2  6093  7622 10297  8445
-Andreas Steffen
+-1   0 10974  7821  3675  3517
-Andreas Steffen
+-1  -2  4760 11952  9509 11495
-Andreas Steffen
+0  -2  7410  5638  8286  2604
-Andreas Steffen
+0   0   313  2955  7834  4178
-Andreas Steffen
+-1   0  9733  3273 12249 11493
-Andreas Steffen
+-1   0   682  9048  9531  3876
-Andreas Steffen
+1  -2  2283   179  4322  9567
-Andreas Steffen
+0   0 10470  1633  2290  9062
-Andreas Steffen
+0  -2 11005  5584  7880  6991
-Andreas Steffen
+1  -2  2732  7686  7623  8563
-Andreas Steffen
+0   0  8845  9994  6380  2032
-Andreas Steffen
+0  -2  9527   785  4071  4639
-Andreas Steffen
+0  -2  7141  5116   474  9863
-Andreas Steffen
+0   0  8896  9356  8790  4233
-Andreas Steffen
+0  -2  8781  5058 11323  5758
-Andreas Steffen
+-1  -2  2106  4848  5472  3773
-Andreas Steffen
+0   0 10312  2028  1706  5806
-Andreas Steffen
+-1   0 11587 11556 10433  7614
-Andreas Steffen
+-1   0  9354  4702  4673 11174
-Andreas Steffen
+1   2  4179   310  1572  9202
-Andreas Steffen
+0   0   231  7881  4637  8778
-Andreas Steffen
+0   0 10643 12282  3262 11823
-Andreas Steffen
+0   2  4803   573 11021 12201
-Andreas Steffen
+-1   0 11942  2736  1772   881
-Andreas Steffen
+1   0 10172  5565  7021  1748
-Andreas Steffen
+0   2  8091   902 11967  2343
-Andreas Steffen
+1   0  6507  2055  1543  1125
-Andreas Steffen
+0   0  8363  4684  8421  7891
-Andreas Steffen
+0   2 11435  7507  3108  1495
-Andreas Steffen
+1   0  1121  5376  1638  8545
-Andreas Steffen
+1   2  6659  7231  2291  9356
-Andreas Steffen
+2  -2 11535  5948  8451 10276
-Andreas Steffen
+0   2  9996  5929 11267 11752
-Andreas Steffen
+0   0  9341 11999 10535  9922
-Andreas Steffen
+0   0  1156   407  2491  5743
-Andreas Steffen
+1   0 10878  9742 11436  7146
-Andreas Steffen
+1   0  4269 10191  6723  1057
-Andreas Steffen
+0   0  3150  6385 11151  8222
-Andreas Steffen
+-1   2 10602 12270  1942 11540
-Andreas Steffen
+-1   0  4149  9389  5193   155
-Andreas Steffen
+1   0  2220  1914  7033  2039
-Andreas Steffen
+1  -2  5849  9681  7990 10354
-Andreas Steffen
+0  -2   578  1167  9422  2925
-Andreas Steffen
+0   2  2784  4352  1474  8850
-Andreas Steffen
+0   2  2831  7803  7941 10471
-Andreas Steffen
+1  -2  1505  5309  1529 10706
-Andreas Steffen
+-1  -2 12152  3117  1462  5319
-Andreas Steffen
+0   0 12015 10147  2163  3011
-Andreas Steffen
+0   2 12204  3215 10166   351
-Andreas Steffen
+-1   0  3251  7021  9039  9355
-Andreas Steffen
+0   0  5488  2986  1862  5927
-Andreas Steffen
+1   0  7988   280  3983 11996
-Andreas Steffen
+0  -2 11691   944  6647  7206
-Andreas Steffen
+0  -2  5811  8894 11593  4438
-Andreas Steffen
+1   2 11242  8285  3494  3099
-Andreas Steffen
+0   0  1369  3781 11946  9679
-Andreas Steffen
+0   0  4923   855 11924  2443
-Andreas Steffen
+0   0 10077  6525  5892 12143
-Andreas Steffen
+0   0  5765   923  7601  5041
-Andreas Steffen
+-1   0 11585  4403  7020  7236
-Andreas Steffen
+-1   0  9508 11281  9550  8744
-Andreas Steffen
+-1   2  8015  7011  6196   851
-Andreas Steffen
+0   0 10282  6674  7084  1139
-Andreas Steffen
+-1   0   366  5463  5297 11037
-Andreas Steffen
+0   0  3271  3185  6778 10142
-Andreas Steffen
+-1   0  6295  3530  2128  3092
-Andreas Steffen
+-1   2  2446  9761  5698  9652
-Andreas Steffen
+0   0  6414  6084 11668  2854
-Andreas Steffen
+1   0  7954 11099  5621  8453
-Andreas Steffen
+1   0  8505  3817  6471  8585
-Andreas Steffen
+0  -2 10555   260  7709  1873
-Andreas Steffen
+0   0  4679  8577  2591  3492
-Andreas Steffen
+1   0  4517 10562  7356 10826
-Andreas Steffen
+0   0  5129  7378  6792 11094
-Andreas Steffen
+1   0 11014  1117   906  7306
-Andreas Steffen
+-1  -2  8930  3044  7558  1690
-Andreas Steffen
+0  -2 12034  5641  5602  3833
-Andreas Steffen
+1   0  4468  8161 11613  1703
-Andreas Steffen
+0   0  9452  5643  6465   759
-Andreas Steffen
+-1   0  4250  1062  8885  5366
-Andreas Steffen
+0   0  2562 11062 10606 12050
-Andreas Steffen
+0   0 11004  5092  1145  9690
-Andreas Steffen
+0   0  3971  4167  9338 10914
-Andreas Steffen
+0  -2  4640  2905  8263  8180
-Andreas Steffen
+-1   2 11466 11858  4479  8686
-Andreas Steffen
+-2  -2  2263 10527 11374  8335
-Andreas Steffen
+-1   2  8803 10486  6140 10827
-Andreas Steffen
+0   0  1608 10434   277  3299
-Andreas Steffen
+0   0  8846  4037  5405 10610
-Andreas Steffen
+0   2  2025  9028 11374   249
-Andreas Steffen
+0   0  7495  5760  9448  3603
-Andreas Steffen
+0   2    15 10858 10180    53
-Andreas Steffen
+0   0  2216   822  8232 10505
-Andreas Steffen
+0   0  4552  6213  8198  2721
-Andreas Steffen
+-1   0  8537 12065  4985  6616
-Andreas Steffen
+1   0    59  1083  5343  4975
-Andreas Steffen
+0   0  6820  2485  7426  8044
-Andreas Steffen
+0  -2    79  3592   780  2094
-Andreas Steffen
+0   2  6060  2269  1661  5628
-Andreas Steffen
+-1   0   483  7927  6962  9842
-Andreas Steffen
+-1   0 10399 11975   182  8453
-Andreas Steffen
+1   2 10965  8081  9568 12240
-Andreas Steffen
+-1   0  6177  9642 10608  1217
-Andreas Steffen
+0  -2  3647  7424  6312 11588
-Andreas Steffen
+0  -2 10821  5412  7478  9670
-Andreas Steffen
+0   2  7993  8400  9262  9133
-Andreas Steffen
+0  -2 12183  9287  5467  4145
-Andreas Steffen
+1  -2 11881 11278  2062  2271
-Andreas Steffen
+0   0 11023 11205  4098  9315
-Andreas Steffen
+0   0  2486  1161  4531 11806
-Andreas Steffen
+0   2  7820  8932  2128  6164
-Andreas Steffen
+0  -2  4830  2661  6650  6782
-Andreas Steffen
+0   0  1280  8451  7065  2723
-Andreas Steffen
+1  -4  3505  2948  7690 10249
-Andreas Steffen
+0   0  1931   604   857 11619
-Andreas Steffen
+-1   0  4519  1694  1682  7386
-Andreas Steffen
+1   0  7001  5943 10006  9007
-Andreas Steffen
+1   0  6867  7829  3179  9453
-Andreas Steffen
+0   2  6439  1013  9753   968
-Andreas Steffen
+0  -2   471  7027  6703  4401
-Andreas Steffen
+0   2 10693  6320  2472  5896
-Andreas Steffen
+1   0  6616  5825  5027  4446
-Andreas Steffen
+0  -4  2610  2936 10741 11669
-Andreas Steffen
+-1   0 10505  5607  7619 11326
-Andreas Steffen
+-1   0  8796  8925  6540   641
-Andreas Steffen
+0   0  7862  9942  2067  7361
-Andreas Steffen
+2   2  5933 11598  7281  2337
-Andreas Steffen
+0   0  4397  9644  2961   575
-Andreas Steffen
+0   0 11546  3667    60   496
-Andreas Steffen
+0   2 10359   897  6655  9940
-Andreas Steffen
+0   0  8042 11627  7627  4091
-Andreas Steffen
+0   2  7229  5196 10305  4323
-Andreas Steffen
+0   2 11076  8341  5590   590
-Andreas Steffen
+1  -2  5915   587  3514 10997
-Andreas Steffen
+0   0  4235  5733  1374  7164
-Andreas Steffen
+0  -2  6883  2313  3411   910
-Andreas Steffen
+2   0  5537  5149   391 10153
-Andreas Steffen
+0   0  4786  9993 11959  7183
-Andreas Steffen
+1   0  8660  4137  8672  1422
-Andreas Steffen
+-1   0 10388  8443  6742  3136
-Andreas Steffen
+-1   0  3028  4136  7848  1024
-Andreas Steffen
+-1  -2  3013  9457  3424  5692
-Andreas Steffen
+0   2  6434 10654   246  8185
-Andreas Steffen
+-1   0  5801  5730   384  4298
-Andreas Steffen
+0   0  3559 11131  6623  3040
-Andreas Steffen
+0   2  6911  3462  6279 10768
-Andreas Steffen
+0   0  2559 11098  1487  5746
-Andreas Steffen
+0   0  6942  1081  5465  2597
-Andreas Steffen
+0   0  6852   666  5872  6467
-Andreas Steffen
+0   0 10873  4863 11256  4225
-Andreas Steffen
+1  -2  3670   513  2689  1203
-Andreas Steffen
+1   0 11066  6794  6433  4163
-Andreas Steffen
+0   2  4927 11148  7593  4700
-Andreas Steffen
+0   2  5570  7675  6432  9507
-Andreas Steffen
+0   0  9882 11756 11480  4705
-Andreas Steffen
+1   2  9553  7076  9700  2926
-Andreas Steffen
+-1   2  9678 12074  7468 11797
-Andreas Steffen
+0   2  3955  2530 10255 10763
-Andreas Steffen
+1   0 10843  8488 12022  6421
-Andreas Steffen
+0   0  2514  2611  6629  2177
-Andreas Steffen
+-2  -2  1934  6748  5463  3878
-Andreas Steffen
+1  -2  2677  5860  4847 11948
-Andreas Steffen
+1   0  2065  8327  9459  7023
-Andreas Steffen
+0   0  6908  5681   530  4705
-Andreas Steffen
+0   0 10718  6791  9883 10546
-Andreas Steffen
+-1   0 10338 11007  3468  2087
-Andreas Steffen
+1   0  7817   625 11048  7745
-Andreas Steffen
+0   0 11023  4466 10734 10811
-Andreas Steffen
+0   0  6306  7136  5359  9233
-Andreas Steffen
+0   0  1858 10575  2337 11205
-Andreas Steffen
+0   0  1118  2777  6009  7711
-Andreas Steffen
+1   0  8755  4003  5535  8938
-Andreas Steffen
+-1   0 12259  1775  2505  8171
-Andreas Steffen
+0   0  5186 12038  9054  9707
-Andreas Steffen
+-1   0  8317  9867  2073  6580
-Andreas Steffen
+0  -2  3750  7074  7221 12191
-Andreas Steffen
+-1  -2  7076  6288  3318 10214
-Andreas Steffen
+0   0  4066  8076 12163  3442
-Andreas Steffen
+1   2  5009   366 10803  1339
-Andreas Steffen
+2   0  7392  9060  4955 11591
-Andreas Steffen
+-1  -4  9381  8187  9349  5579
-Andreas Steffen
+0   0  6499  4642  5787 12187
-Andreas Steffen
+1   2 11461 11653  3278  7917
-Andreas Steffen
+1   0  8976  7597   613  6477
-Andreas Steffen
+0  -2  9335 10397  6485 11019
-Andreas Steffen
+0  -2  7590  5554  4787  9128
-Andreas Steffen
+-1  -2  7109  7497   615  8655
-Andreas Steffen
+1   2  5984   709  9806  6063
-Andreas Steffen
+1   0  4451  1057  1327  2187
-Andreas Steffen
+0   0  6532  2071  1809  9139
-Andreas Steffen
+0   0  5657  1586 11166  5121
-Andreas Steffen
+0   0  3926  7845  1167  7773
-Andreas Steffen
+0   0  6347   293  1762 11582
-Andreas Steffen
+0   0 12239 10323  4500  6461
-Andreas Steffen
+1  -2  1977  3819  4233  7946
-Andreas Steffen
+0   0  5851  9874  3996  8822
-Andreas Steffen
+-1   2  3107  3834  5546  9707
-Andreas Steffen
+1   0  5636 11215 11094  5276
-Andreas Steffen
+-1   0 12270  4649     5 11911
-Andreas Steffen
+1  -2  6452   394  1732  3872
-Andreas Steffen
+-2   0 11019   764  1006 10907
-Andreas Steffen
+0  -4 11659  6297  4922  4827
-Andreas Steffen
+1   2   890  9098 11786  3678
-Andreas Steffen
+1   2  7670  7736  2460 10669
-Andreas Steffen
+0   2  2047  7505 11511  3057
-Andreas Steffen
+0   0 12148  5933  9508  9426
-Andreas Steffen
+0   0  5596  3895  2879  7412
-Andreas Steffen
+0   2  6504  2290  4180  9071
-Andreas Steffen
+1   0  8051   946   316 11380
-Andreas Steffen
+0  -2  2479 10389  6976  2480
-Andreas Steffen
+-1   0 10512 10125  6279  6329
-Andreas Steffen
+0   0  4709  6976  7912  6808
-Andreas Steffen
+0   2  6605  9934 10200 10093
-Andreas Steffen
+-1   0   949  7882  3698  1544
-Andreas Steffen
+1  -2 10292  3467   350  3293
-Andreas Steffen
+1   0  6448  9423  1313  2345
-Andreas Steffen
+0   2   692  6812  7583  6050
-Andreas Steffen
+1   0  3635  4184  2733  3816
-Andreas Steffen
+0   0 12067  5816 10128 11192
-Andreas Steffen
+0   0  9902  8712 11275  6813
-Andreas Steffen
+0   0 10938  7970  1902  7019
-Andreas Steffen
+1   0  9568  4228   242  5633
-Andreas Steffen
+0   0  2196  5792  6794 10300
-Andreas Steffen
+0   0  4075   157  8672  2560
-Andreas Steffen
+0  -4  2110  3629  9461  9122
-Andreas Steffen
+-2  -2  3412  4091  7245  4018
-Andreas Steffen
+0   0 11653    40  5765 10897
-Andreas Steffen
+0   0 10799   728  9056 10951
-Andreas Steffen
+0   0  2114  2282  3786   314
-Andreas Steffen
+-1   2   817 10585  8784 10553
-Andreas Steffen
+-1   0  3705 12125  8654  5792
-Andreas Steffen
+0  -4  1808  8664   196  4624
-Andreas Steffen
+-1   2  5841  1907  7238  7769
-Andreas Steffen
+0   0  8769  9263  6687   676
-Andreas Steffen
+0   0  3412  9123  9517  1111
-Andreas Steffen
+-1   0  4204    49 11892  6011
-Andreas Steffen
+-1   0 11196   448  3872  2642
-Andreas Steffen
+0   0   651  2142  3834  6611
-Andreas Steffen
+1   4  7208 10823  6626 12033
-Andreas Steffen
+0  -2  8558 10995 11169  2660
-Andreas Steffen
+0   0  7955  2079  1785  7697
-Andreas Steffen
+1   0  5565 11081  6935  1449
-Andreas Steffen
+0   2 11661  2880 10737   887
-Andreas Steffen
+-1  -2  2546  3372  1543  2424
-Andreas Steffen
+1   0  1667 10715  7245 11246
-Andreas Steffen
+0   0    93   456  1273  2563
-Andreas Steffen
+0   0  3205  2733  6176  7453
-Andreas Steffen
+1   0 12191  7834  2926 12258
-Andreas Steffen
+0   0  3788  5251   935  6085
-Andreas Steffen
+0   0 10114 12224  8954 11395
-Andreas Steffen
+0  -2  7464   568  5744  7972
-Andreas Steffen
+-1   0  1992  6344 10425  3471
-Andreas Steffen
+-1   0  5249  7024   675  3466
-Andreas Steffen
+0   2  8334  3338  1945  4805
-Andreas Steffen
+0   0  8566   837  6796  2416
-Andreas Steffen
+-1   2  1905  3844  2872  1612
-Andreas Steffen
+0   2   377  8680  5459   608
-Andreas Steffen
+0   0  1990  7692 10261  6844
-Andreas Steffen
+0   2  5170  9084 10608  4433
-Andreas Steffen
+0   0 11365  3048 11553  3451
-Andreas Steffen
+0  -2 12098  6095 11214  3125
-Andreas Steffen
+1  -2  1431  2633 10329  5488
-Andreas Steffen
+-1  -2  3846  4226  8410  4614
-Andreas Steffen
+</pre>
-Andreas Steffen
+Shown are the 512 small coefficients of the private keys *f* = *s1* and *g* = 2 * *s2* + 1 as well as their Number Theoretic Transforms (NTT) *F* and *G*, respectively. The BLISS public key *A* is computed as the component-wise inverse of *F* * *G* and the reverse NTT gives *a* = 1/(*f* * *g*) mod q with the 14 bit modulus q = 12289. Sometime it happens that *F* * *G* is not invertible, so that the following debug message is output
-Andreas Steffen
+<pre>
-Andreas Steffen
+S1[91] is zero - s1 is not invertible
-Andreas Steffen
+</pre>
-Andreas Steffen
+and another trial run is started.
 Andreas Steffen
-Andreas Steffen
+h2. BLISS Root CA Certificate Generation
 Andreas Steffen
-Andreas Steffen
+A self-signed BLISS CA certificate can be generated with the following command
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --self --type bliss --in cakey4.pem --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 --debug 2 --outform pem > cacert4.pem
 Andreas Steffen
-Andreas Steffen
+  file content is not binary ASN.1
-Andreas Steffen
+  -----BEGIN BLISS PRIVATE KEY-----
-Andreas Steffen
+  -----END BLISS PRIVATE KEY-----
 Andreas Steffen
-Andreas Steffen
+L0 - BLISSPrivateKey:
-Andreas Steffen
+L1 - keyType:
-Andreas Steffen
+  'BLISS-IV'
-Andreas Steffen
+L1 - public:
-Andreas Steffen
+L1 - secret1:
-Andreas Steffen
+L1 - secret2:
 Andreas Steffen
-Andreas Steffen
+L0 - subjectPublicKeyInfo:
-Andreas Steffen
+L1 - algorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'blissPublicKey'
-Andreas Steffen
+L3 - parameters:
-Andreas Steffen
+L4 - blissKeyType:
-Andreas Steffen
+  'BLISS-IV'
-Andreas Steffen
+L1 - subjectPublicKey:
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha256 is seeded with 32 octets
-Andreas Steffen
+y1 = -859..738 (sigma2 = 71786, mean = -6.6)
-Andreas Steffen
+y2 = -852..644 (sigma2 = 65618, mean =  2.0)
-Andreas Steffen
+norm2(s1*c) + norm2(s2*c) = 63602, rejected
-Andreas Steffen
+mgf1 generated 10304 octets
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha256 is seeded with 32 octets
-Andreas Steffen
+y1 = -942..726 (sigma2 = 81503, mean = -8.6)
-Andreas Steffen
+y2 = -876..893 (sigma2 = 69883, mean =  2.4)
-Andreas Steffen
+norm2(s1*c) + norm2(s2*c) = 66020, accepted
-Andreas Steffen
+scalar(z1,s1*c) + scalar(z2,s2*c) = 86651, rejected
-Andreas Steffen
+mgf1 generated 10528 octets
 Andreas Steffen
-Andreas Steffen
+mgf1 based on sha256 is seeded with 32 octets
-Andreas Steffen
+y1 = -862..785 (sigma2 = 72628, mean = -7.1)
-Andreas Steffen
+y2 = -782..921 (sigma2 = 74618, mean =  4.1)
-Andreas Steffen
+norm2(s1*c) + norm2(s2*c) = 64940, accepted
-Andreas Steffen
+scalar(z1,s1*c) + scalar(z2,s2*c) = -176380, accepted
 Andreas Steffen
-Andreas Steffen
+z1 = -873..780, z2d = -3..4
 Andreas Steffen
-Andreas Steffen
+efficiency of Huffman coder is 3.4121 bits/tuple (1747 bits)
-Andreas Steffen
+generated BLISS signature (6706 bits encoded in 839 bytes)
 Andreas Steffen
-Andreas Steffen
+signature generation needed 3 rounds
-Andreas Steffen
+mgf1 generated 10656 octets
-Andreas Steffen
+</pre>
-Andreas Steffen
+With a debug level of 2 you get quite a lot of debug information. Starting from the top, the automatic conversion from PEM to DER format is shown, followed by the ASN.1 encoding of the BLISS private key from which the BLISS public key is extracted. Then in order to generate the BLISS certificate signature, two vectors *y1* and *y2* with 512 random numbers tightly following a Gaussian probability distribution using rejection sampling are generated. This process usually requires several rounds and a lot of random bits are used. The BLISS signature finally consists of the random vectors *z1* and *z2* as well as the sparse challenge vector *c*.
 Andreas Steffen
-Andreas Steffen
+A BLISS certificate can be displayed at any time with
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --debug 2 --in cacert4.pem
 Andreas Steffen
-Andreas Steffen
+L0 - x509:
-Andreas Steffen
+L1 - tbsCertificate:
-Andreas Steffen
+L2 - DEFAULT v1:
-Andreas Steffen
+L3 - version:
-Andreas Steffen
+  X.509v3
-Andreas Steffen
+L2 - serialNumber:
-Andreas Steffen
+L2 - signature:
-Andreas Steffen
+L3 - algorithmIdentifier:
-Andreas Steffen
+L4 - algorithm:
-Andreas Steffen
+  'BLISS-with-SHA512'
-Andreas Steffen
+L2 - issuer:
-Andreas Steffen
+  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
-Andreas Steffen
+L2 - validity:
-Andreas Steffen
+L3 - notBefore:
-Andreas Steffen
+L4 - utcTime:
-Andreas Steffen
+  'Dec 13 12:01:57 UTC 2014'
-Andreas Steffen
+L3 - notAfter:
-Andreas Steffen
+L4 - utcTime:
-Andreas Steffen
+  'Dec 13 12:01:57 UTC 2024'
-Andreas Steffen
+L2 - subject:
-Andreas Steffen
+  'C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA'
-Andreas Steffen
+L2 - subjectPublicKeyInfo:
-Andreas Steffen
+-- > --
-Andreas Steffen
+  L0 - subjectPublicKeyInfo:
-Andreas Steffen
+  L1 - algorithm:
-Andreas Steffen
+  L2 - algorithmIdentifier:
-Andreas Steffen
+  L3 - algorithm:
-Andreas Steffen
+    'blissPublicKey'
-Andreas Steffen
+  L3 - parameters:
-Andreas Steffen
+  L0 - subjectPublicKeyInfo:
-Andreas Steffen
+  L1 - algorithm:
-Andreas Steffen
+  L2 - algorithmIdentifier:
-Andreas Steffen
+  L3 - algorithm:
-Andreas Steffen
+    'blissPublicKey'
-Andreas Steffen
+  L3 - parameters:
-Andreas Steffen
+  L4 - blissKeyType:
-Andreas Steffen
+    'BLISS-IV'
-Andreas Steffen
+  L1 - subjectPublicKey:
-Andreas Steffen
+-- < --
-Andreas Steffen
+L2 - optional extensions:
-Andreas Steffen
+L3 - extensions:
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'basicConstraints'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L6 - basicConstraints:
-Andreas Steffen
+L7 - CA:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'keyUsage'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  TRUE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L4 - extension:
-Andreas Steffen
+L5 - extnID:
-Andreas Steffen
+  'subjectKeyIdentifier'
-Andreas Steffen
+L5 - critical:
-Andreas Steffen
+  FALSE
-Andreas Steffen
+L5 - extnValue:
-Andreas Steffen
+L6 - keyIdentifier:
-Andreas Steffen
+L1 - signatureAlgorithm:
-Andreas Steffen
+L2 - algorithmIdentifier:
-Andreas Steffen
+L3 - algorithm:
-Andreas Steffen
+  'BLISS-with-SHA512'
-Andreas Steffen
+L1 - signatureValue:
 Andreas Steffen
-Andreas Steffen
+z1 = -873..780, z2d = -3..4
 Andreas Steffen
-Andreas Steffen
+cert:      X509
-Andreas Steffen
+subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+validity:  not before Dec 13 13:01:57 2014, ok
-Andreas Steffen
+           not after  Dec 13 13:01:57 2024, ok (expires in 3652 days)
-Andreas Steffen
+serial:    12:a0:ca:85:51:b9:f3:27
-Andreas Steffen
+flags:     CA CRLSign self-signed
-Andreas Steffen
+subjkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
-Andreas Steffen
+pubkey:    BLISS 192 bits strength
-Andreas Steffen
+keyid:     55:ee:7a:31:44:e5:a0:cf:b6:c9:a7:17:98:c9:60:a7:eb:d0:4e:4f
-Andreas Steffen
+subjkey:   37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
-Andreas Steffen
+</pre>
-Andreas Steffen
+If you are not interested in any detailed information then just creat a self-signed BLISS CA certificate with
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --self --type bliss --in cakey1.der --ca --dn "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA" --lifetime 3653 > cacert1.der
-Andreas Steffen
+</pre>
-Andreas Steffen
+and view it with
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --in cacert1.der
 Andreas Steffen
-Andreas Steffen
+cert:      X509
-Andreas Steffen
+subject:  "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+validity:  not before Dec 13 12:58:21 2014, ok
-Andreas Steffen
+           not after  Dec 13 12:58:21 2024, ok (expires in 3652 days)
-Andreas Steffen
+serial:    5d:06:0d:4b:69:64:84:62
-Andreas Steffen
+flags:     CA CRLSign self-signed
-Andreas Steffen
+subjkeyId: f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
-Andreas Steffen
+pubkey:    BLISS 128 bits strength
-Andreas Steffen
+keyid:     df:78:00:c4:b4:13:e7:fd:4f:05:dd:39:1a:2e:2b:c5:65:39:10:f4
-Andreas Steffen
+subjkey:   f3:60:55:bc:0b:49:c4:8a:a6:38:cc:ad:72:67:e5:91:7c:b8:a4:f5
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. BLISS End Entity Certificate Generation
 Andreas Steffen
-Andreas Steffen
+We are now going to generate a BLISS-I key pair for user Carol:
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --gen --type bliss --size 1 > carolKey.der
 Andreas Steffen
-Andreas Steffen
+secret key generation succeeded after 2 trials
-Andreas Steffen
+</pre>
-Andreas Steffen
+Next we create a self-signed PKCS#10 certificate request
-Andreas Steffen
+<pre>
-Andreas Steffen
+ pki --req --type bliss --in carolKey.der --dn "C=CH, O=strongSwan Project, CN=carol@strongswan.org" --san carol@strongswan.org > carolReq.der
-Andreas Steffen
+</pre>
-Andreas Steffen
+which is used as the input for the CA to create a signed end entity certificate:
-Andreas Steffen
+<pre>
-Andreas Steffen
+ pki --issue --type pkcs10 --in carolReq.der --cacert cacert4.pem --cakey cakey4.pem --crl http://crl.strongswan.org/bliss.crl --flag clientAuth > carolCert.der
-Andreas Steffen
+</pre>
-Andreas Steffen
+and which has the following content
-Andreas Steffen
+<pre>
-Andreas Steffen
+pki --print --in carolCert.der
 Andreas Steffen
-Andreas Steffen
+cert:      X509
-Andreas Steffen
+subject:  "C=CH, O=strongSwan Project, CN=carol@strongswan.org"
-Andreas Steffen
+issuer:   "C=CH, O=strongSwan Project, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+validity:  not before Dec 13 13:20:34 2014, ok
-Andreas Steffen
+           not after  Dec 12 13:20:34 2017, ok (expires in 1094 days)
-Andreas Steffen
+serial:    38:a9:13:10:c2:ed:ed:c3
-Andreas Steffen
+altNames:  carol@strongswan.org
-Andreas Steffen
+flags:     clientAuth
-Andreas Steffen
+CRL URIs:  http://crl.strongswan.org/bliss.crl
-Andreas Steffen
+authkeyId: 37:f4:9e:f8:b7:50:ed:d4:29:16:72:58:b4:b1:f1:f5:46:c9:54:71
-Andreas Steffen
+subjkeyId: 8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
-Andreas Steffen
+pubkey:    BLISS 128 bits strength
-Andreas Steffen
+keyid:     5b:cf:17:14:a8:d8:aa:bc:40:f3:21:95:a9:67:7d:20:af:66:4e:c2
-Andreas Steffen
+subjkey:   8b:a3:c5:11:00:bb:84:55:dd:b8:4b:20:04:d9:58:77:57:ba:d8:3c
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. IKEv2 Public Key Authentication using BLISS Signatures
 Andreas Steffen
-Andreas Steffen
+The "ikev2/rw-ntru-bliss":http://www.strongswan.org/uml/testresults5/ikev2/rw-ntru-bliss/ strongSwan remote-access VPN scenario shows the practical use of IKEv2 public key authentication based on BLISS signatures. The larger size of the BLISS signatures and certificates compared to RSA is not a problem because IKEv2 Message Fragmentation ("RFC 7383":http://tools.ietf.org/html/rfc7383) is being used:
 Andreas Steffen
-Andreas Steffen
+IKE_AUTH Request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=BLISS I, CN=carol@strongswan.org"
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[IKE] establishing CHILD_SA home
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[ENC] splitting IKE message with length of 3232 bytes into 3 fragments
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[ENC] generating IKE_AUTH request 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1460 bytes)
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 13[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (452 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+IKE_AUTH Response
-Andreas Steffen
+<pre>
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[ENC] received fragment #1 of 3, waiting for complete IKE message
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1460 bytes)
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 03[ENC] received fragment #2 of 3, waiting for complete IKE message
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (548 bytes)
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ EF ]
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[ENC] received fragment #3 of 3, reassembling fragmented IKE message
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=BLISS IV, CN=moon.strongswan.org"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan_bliss.crl' ...
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan BLISS Root CA"
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   crl is valid: until Jan 11 12:36:45 2015
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG] certificate status is good
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[CFG]   reached self-signed root ca with a path length of 0
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[IKE] authentication of 'moon.strongswan.org' with BLISS signature successful
-Andreas Steffen
+Dec 12 13:53:12 carol charon: 15[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
-Andreas Steffen
+</pre>
-Andreas Steffen
+BTW- the key exchange method used is [[NTRU|NTRU Encryption]] so that the strongSwan IPsec connection setup is not vulnerable to quantum computer based key attacks:
 Andreas Steffen
-Andreas Steffen
+IKE_SA_INIT Request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 12[LIB] 128 bit optimum NTRU parameter set ees439ep1 selected
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
-Andreas Steffen
+Dec 12 13:53:11 carol charon: 12[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (813 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Design Details on BLISS Signatures
 Andreas Steffen
-Andreas Steffen
+* For Gaussian sampling we are using a Bernoulli Sampler as described in "Lattice Signatures and Bimodal Gaussians":https://eprint.iacr.org/2013/383 but currently not a Cumulative Distribution Table (CDT). This means the Gaussian rejection sampling currently requires a lot of random material which is produced using the "MGF1":https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/src/libstrongswan/crypto/mgf1/mgf1.h Mask Generation Function ("RFC 2437":http://tools.ietf.org/html/rfc2437#section-10.2.1) seeded by a true random source. The hash function used with MGF1 is currently SHA-1 for cryptographic strengths up to 160 bits, and SHA-256 for strengths up to 256 bits but we think about generally switching to SHA-512 since that hash function is used for the random oracle used by the BLISS signature anyway and SHA-512 performance is usually superior to SHA-256 on 64 bit platforms.
 Andreas Steffen
-Andreas Steffen
+* In order to minimize the BLISS signature size, a set of [[BlissHuffmanCodes|Huffman Codes]] is used to encode the tuples (abs(z1[i]) >> 8, z2d[i]), with i = 0 .. 511. The sign and lower 8 bits of z1[i] are encoded using a fixed 9 bit field as described by Thomas Pöppelmann, Léo Ducas and Tim Güneysu in "Enhanced Lattice-Based Signatures on Reconfigurable Hardware":http://eprint.iacr.org/2014/254.pdf.
 Andreas Steffen
-Andreas Steffen
+* Measured BLISS Signature Size*
 Andreas Steffen
-Andreas Steffen
+  |Scheme    |Bit-packed  |Partially Huffman-coded     |Compression Rates        |
-Andreas Steffen
+  |BLISS-I   |>.7375 bits |>.5718 .. 5793 .. 5884 bits |>.22.5 .. 21.4 .. 20.2 % |
-Andreas Steffen
+  |BLISS-III |>.7950 bits |>.6093 .. 6167 .. 6255 bits |>.23.4 .. 22.4 .. 21.3 % |
-Andreas Steffen
+  |BLISS-IV  |>.8543 bits |>.6644 .. 6725 .. 6784 bits |>.22.3 .. 21.3 .. 20.6 % |
 Andreas Steffen
-Andreas Steffen
+  *statistics based on a measurement set of 50 signatures, each
 Andreas Steffen
-Andreas Steffen
+h2. ASN.1 Syntax
 Andreas Steffen
-Andreas Steffen
+h3. Object Identifiers
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+id-bliss { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) ita(36906) bliss(5) }
 Andreas Steffen
-Andreas Steffen
+keyType { id-bliss 1 }
 Andreas Steffen
-Andreas Steffen
+blissPublicKey { keyType 1 }
 Andreas Steffen
-Andreas Steffen
+parameters { id-bliss 2 }
 Andreas Steffen
-Andreas Steffen
+blissI   = { parameters 1 }
-Andreas Steffen
+blissII  = { parameters 2 }
-Andreas Steffen
+blissIII = { parameters 3 }
-Andreas Steffen
+blissIV  = { parameters 4 }
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+blissSigType = { id-bliss 3 }
 Andreas Steffen
-Andreas Steffen
+blissWithSha512 = { blissSigType 1 }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. BLISS Private Key
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+BlissPrivateKey  ::= SEQUENCE {
-Andreas Steffen
+    parameter OBJECT IDENTIFIER,
-Andreas Steffen
+    public    BIT STRING, -- A
-Andreas Steffen
+    secret1   BIT STRING, -- s1
-Andreas Steffen
+    secret2   BIT STRING  -- s2 }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+As *parameter* one of the BLISS parameters OIDs *blissI* .. *blissIV* is used.
 Andreas Steffen
-Andreas Steffen
+h3. BLISS Public Key
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
-Andreas Steffen
+    algorithm         AlgorithmIdentifier,
-Andreas Steffen
+    subjectPublicKey  BIT STRING  }
 Andreas Steffen
-Andreas Steffen
+AlgorithmIdentifier  ::=  SEQUENCE  {
-Andreas Steffen
+    algorithm         OBJECT IDENTIFIER,
-Andreas Steffen
+    parameters        OBJECT IDENTIFER }
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+As *algorithm* the *blissPublicKey* OID is used and *parameters* indicates one of the BLISS parameter OIDs *blissI* .. *blissIV*.
 Andreas Steffen

Project

General

Profile

strongSwan

Bimodal Lattice Signature Scheme (BLISS) » History » Version 36